File tree Expand file tree Collapse file tree
Expand file tree Collapse file tree Original file line number Diff line number Diff line change 1+ #! /bin/bash
2+
3+ # Pre-commit hook to prevent sensitive data leaks
4+
5+ set -e
6+
7+ RED=' \033[0;31m'
8+ GREEN=' \033[0;32m'
9+ NC=' \033[0m'
10+
11+ echo " 🔍 Checking for sensitive files..."
12+
13+ # Critical patterns to block
14+ blocked_patterns=(
15+ " canary-.*/"
16+ " node[0-9]+/"
17+ " cluster-lock\.json"
18+ " validator_keys/"
19+ " keystore-.*\.(json|txt)"
20+ " charon-enr-private-key"
21+ " .*private.*key"
22+ )
23+
24+ found_issues=0
25+ for file in $( git diff --cached --name-only) ; do
26+ for pattern in " ${blocked_patterns[@]} " ; do
27+ if echo " $file " | grep -qE " $pattern " ; then
28+ echo -e " ${RED} ❌ BLOCKED: $file (matched: $pattern )${NC} "
29+ found_issues=1
30+ fi
31+ done
32+ done
33+
34+ if [ $found_issues -eq 0 ]; then
35+ echo -e " ${GREEN} ✅ No sensitive files detected${NC} "
36+ else
37+ echo -e " ${RED} Remove sensitive files before committing!${NC} "
38+ exit 1
39+ fi
Original file line number Diff line number Diff line change 1313.charon
1414prometheus /prometheus.yml
1515commit-boost /config.toml
16+
17+ # Cluster data and keys
18+ ** /canary- * /
19+ ** /node [0-9 ]* /
20+ ** /cluster-lock.json
21+ ** /validator_keys /
22+ ** /keystore- * .json
23+ ** /keystore- * .txt
24+ ** /charon-enr-private-key
You can’t perform that action at this time.
0 commit comments