git-diff-check

module

v0.6.0 Latest Latest Go to latest Published: Jun 18, 2020 License: MIT

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/ONSdigital/git-diff-check

Links

Open Source Insights

README ¶

Git Diff Check

A simple library for checking git diff output for potentially sensitive information

Pre-commit hook

Requires git 2.9+

A pre-commit hook script is provided for convenience that uses this library to test changes before you commit.

From binary
From source

From Binary

For Mac OS

Run the installer:

$ curl -L https://raw.githubusercontent.com/ONSdigital/git-diff-check/master/install.sh | sh

For other platforms

Download the latest release for your platform
Create (if not already) a folder to store global git hooks (e.g. ${HOME}/.githooks)
Unzip the release and place the pre-commit script in the global hooks folder (ensure it's executable)
Configure git to use the hooks:

$ git config --global core.hooksPath <path-to-global-hooks-folder>

From Source

(requires Go 1.11+)

$ go get github.com/ONSdigital/git-diff-check
# or ..
$ cd ${GOPATH}
$ git clone https://github.com/ONSdigital/git-diff-check.git src/github.com/ONSdigital/git-diff-check

Then build:

$ cd ${GOPATH}/src/github.com/ONSdigital/git-diff-check
$ go build -o pre-commit cmd/pre-commit/main.go

Then follow the steps in From Binary (other platforms) using your compiled binary in place of a downloaded one

Usage

Once installed, the binary will run each time you use git commit.

If it finds things it thinks could be sensitive it will flag a warning and stop the commit proceeding, e.g.:

$ git add questionableCode.py
$ git commit
Running precommit diff check
WARNING! Potential sensitive data found:
Found in (questionableCode.py)
    > [line] Possible AWS Access Key (line 6)

If you're VERY SURE these files are ok, rerun commit with --no-verify

NB Currently if you update the pre-commit script in your templates, you will need to manually re-copy it into each repo that uses it.

Experimental Entropy Checking

By default, the pre-commit tool won't use entropy checking on patch strings. If you wish to enable this functionality, please set the DC_ENTROPY_EXPERIMENT environment variable.

$ export DC_ENTROPY_EXPERIMENT=1

License

Released under MIT license, see LICENSE for details.

Directories ¶

Path	Synopsis
cmd
pre-commit
diffcheck Package diffcheck provides functions for checking a git diff for potentially sensitive information.	Package diffcheck provides functions for checking a git diff for potentially sensitive information.
entropy Package entropy contains functions for checking the entropy of given data	Package entropy contains functions for checking the entropy of given data
rule Package rule contains the configurations for the available rulesets.	Package rule contains the configurations for the available rulesets.

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL