search

oracle / ocifs

ocifs provides a POSIX-compatible API wrapping Oracle Cloud Infrastructure's (OCI) Object Storage. ocifs is a python library that relies on the fsspec framework.
https://ocifs.readthedocs.io/en/latest/
Universal Permissive License v1.0
16 stars 9 forks source link

Add pre-commit hooks for ocids, copyright and secrets #15

Closed liudmylaru closed 1 year ago

liudmylaru commented 1 year ago

Description

Added 3 pre-commit hooks:

  1. copyright check - this was moved from bitbucket repository and trimmed to be "script" type instead of "python". This check is taken from samples repo now (created by this PR https://github.com/oracle-samples/oci-data-science-ai-samples/pull/323)
  2. secrets - used gitleaks, but expanded with custom solution for generic secret
  3. ocids - used gitleaks, special rule added with regex, which recognize real ocids

Jira: https://jira.oci.oraclecorp.com/browse/ODSC-42791 (more details about chosen solution in comments in this ticket)

Validation

Created virtual environment is project folder, installed pre-commit, made changes in project file - added password and ocid. Output (expected):

(venv) (base) lrudenka@lrudenka-mac ocifs % git add . && git commit -m test
trim trailing whitespace.................................................Passed
fix end of files.........................................................Passed
check docstring is first.................................................Failed
- hook id: check-docstring-first
- exit code: 1

ocifs/core.py:36: Module docstring appears after code (code seen on line 6).

check yaml...........................................(no files to check)Skipped
check for added large files..............................................Passed
black....................................................................Passed
Detect hardcoded secrets.................................................Failed
- hook id: gitleaks
- exit code: 1

○
    │╲
    │ ○
    ○ ░
    ░    gitleaks

Finding:     password = "REDACTED""
Secret:      REDACTED
RuleID:      generic-secret
Entropy:     3.277613
File:        ocifs/core.py
Line:        38
Fingerprint: ocifs/core.py:generic-secret:38

Finding:     "REDACTED"
Secret:      REDACTED
RuleID:      ocid
Entropy:     4.663069
File:        ocifs/core.py
Line:        36
Fingerprint: ocifs/core.py:ocid:36

2:00PM INF 1 commits scanned.
2:00PM INF scan completed in 68.9ms
2:00PM WRN leaks found: 2

check-copyright..........................................................Failed
- hook id: check-copyright
- exit code: 1

ocifs/core.py: Copyright text missing or incomplete.

(venv) (base) lrudenka@lrudenka-mac ocifs %