Skip to content

Commit ef4cbf0

Browse files
authored
Security checks (#348)
1 parent 6ee0051 commit ef4cbf0

2 files changed

Lines changed: 48 additions & 0 deletions

File tree

.githooks/pre-commit

Lines changed: 39 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,39 @@
1+
#!/bin/bash
2+
3+
# Pre-commit hook to prevent sensitive data leaks
4+
5+
set -e
6+
7+
RED='\033[0;31m'
8+
GREEN='\033[0;32m'
9+
NC='\033[0m'
10+
11+
echo "🔍 Checking for sensitive files..."
12+
13+
# Critical patterns to block
14+
blocked_patterns=(
15+
"canary-.*/"
16+
"node[0-9]+/"
17+
"cluster-lock\.json"
18+
"validator_keys/"
19+
"keystore-.*\.(json|txt)"
20+
"charon-enr-private-key"
21+
".*private.*key"
22+
)
23+
24+
found_issues=0
25+
for file in $(git diff --cached --name-only); do
26+
for pattern in "${blocked_patterns[@]}"; do
27+
if echo "$file" | grep -qE "$pattern"; then
28+
echo -e "${RED}❌ BLOCKED: $file (matched: $pattern)${NC}"
29+
found_issues=1
30+
fi
31+
done
32+
done
33+
34+
if [ $found_issues -eq 0 ]; then
35+
echo -e "${GREEN}✅ No sensitive files detected${NC}"
36+
else
37+
echo -e "${RED}Remove sensitive files before committing!${NC}"
38+
exit 1
39+
fi

.gitignore

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -13,3 +13,12 @@ data/
1313
.charon
1414
prometheus/prometheus.yml
1515
commit-boost/config.toml
16+
17+
# Cluster data and keys
18+
**/canary-*/
19+
**/node[0-9]*/
20+
**/cluster-lock.json
21+
**/validator_keys/
22+
**/keystore-*.json
23+
**/keystore-*.txt
24+
**/charon-enr-private-key

0 commit comments

Comments
 (0)