Whitespace cleanup to get in sync with AniNIX/Uniglot hooks

2022-11-20 20:03:01 -06:00
parent a43cb4b6bb
commit a34c96df6b
96 changed files with 713 additions and 400 deletions
--- a/precommit-hooks/find-passwords-in-files
+++ b/precommit-hooks/find-passwords-in-files
@@ -0,0 +1,28 @@
+#!/bin/bash
+
+# Ignore Ansibilized templates.
+saferegex='\s+}}"?\s*$'
+# Ignore comments
+saferegex="$saferegex"'|^[a-z,A-Z,0-9,_,-,/,.]+:\s*;|^[a-z,A-Z,0-9,_,-,/,.]+:\s*#|^[a-z,A-Z,0-9,_,-,/,.]+:\s*//'
+# Ignore binary file matches.
+saferegex="$saferegex"'|binary\ file\ matches'
+# AniNIX Constructs
+saferegex="$saferegex"'|password.aninix.net|aur.list'
+# Web constructs
+saferegex="$saferegex"'|.css:|.html:|.md:|htdocs|htpasswd'
+# Ignore template text to set policy
+saferegex="$saferegex"'|_LENGTH|Set new|attempt|pwdchange'
+# haveibeenpwned is referenced in comments
+saferegex="$saferegex"'|haveibeenpwned'
+# Unset variables.
+saferegex="$saferegex"'|\s+=\s*$|\s+yes$|\s+no$'
+# Ignore LDAP attributes
+saferegex="$saferegex"'|pwpolicies|pwdLastSuccess|pwdAttribute|pwdMaxAge|pwdExpireWarning|pwdInHistory|pwdCheckQuality|pwdMaxFailure|pwdLockout|pwdLockoutDuration|pwdGraceAuthNLimit|pwdFailureCountInterval|pwdMustChange|pwdMinLength|pwdAllowUserChange|pwdSafeModify|pwdChangedTime|pwdPolicy|last changed their password on|/root/.ldappass'
+
+egrep -ir 'secret|password|pw|passphrase' roles/*/{files,templates} 2>&1 | egrep -v "$saferegex"
+if [ $? -ne 1 ]; then
+    echo
+    echo If these are false positives, you need to add the signature to the whitelist in $0.
+    echo Otherwise, convert any files above to templates and encode the passphrase into your vault.
+    exit 1;
+fi