diff --git a/git-secrets b/git-secrets index 11be153..4f53a89 100755 --- a/git-secrets +++ b/git-secrets @@ -13,7 +13,7 @@ # permissions and limitations under the License. NONGIT_OK=1 OPTIONS_SPEC="\ -git secrets --scan [-r|--recursive] [--cached] [--no-index] [--untracked] [...] +git secrets --scan [-r|--recursive] [--cached] [--name-only] [--no-index] [--untracked] [...] git secrets --scan-history git secrets --install [-f|--force] [] git secrets --list [--global] @@ -32,6 +32,7 @@ aws-provider Secret provider that outputs credentials found in an ini file register-aws Adds common AWS patterns to the git config and scans for ~/.aws/credentials r,recursive --scan scans directories recursively cached --scan scans searches blobs registered in the index file +name-only --scan shows only file names that contain secrets, not the secrets themselves no-index --scan searches files in the current directory that is not managed by Git untracked In addition to searching in the tracked files in the working tree, --scan also in untracked files f,force --install overwrites hooks if the hook already exists @@ -84,6 +85,7 @@ scan() { local files=("${@}") options="" [ "${SCAN_CACHED}" == 1 ] && options+="--cached" [ "${SCAN_UNTRACKED}" == 1 ] && options+=" --untracked" + [ "${SCAN_NAME_ONLY}" == 1 ] && options+=" --name-only" [ "${SCAN_NO_INDEX}" == 1 ] && options+=" --no-index" # Scan using git-grep if there are no files or if git options are applied. if [ ${#files[@]} -eq 0 ] || [ ! -z "${options}" ]; then @@ -205,7 +207,7 @@ install_hook() { echo "#!/usr/bin/env bash" > "${dest}" echo "git secrets --${cmd} -- \"\$@\"" >> "${dest}" chmod +x "${dest}" - say "$(tput setaf 2)✓$(tput sgr 0) Installed ${hook} hook to ${dest}" + [[ $(type -P say) ]] && say "$(tput setaf 2)✓$(tput sgr 0) Installed ${hook} hook to ${dest}" } install_all_hooks() { @@ -269,7 +271,7 @@ assert_option_for_command() { } declare COMMAND="$1" FORCE=0 RECURSIVE=0 LITERAL=0 GLOBAL=0 ALLOWED=0 -declare SCAN_CACHED=0 SCAN_NO_INDEX=0 SCAN_UNTRACKED=0 +declare SCAN_CACHED=0 SCAN_NAME_ONLY=0 SCAN_NO_INDEX=0 SCAN_UNTRACKED=0 # Shift off the command name shift 1 @@ -295,6 +297,10 @@ while [ "$#" -ne 0 ]; do assert_option_for_command "--scan" "--cached" SCAN_CACHED=1 ;; + --name-only) + assert_option_for_command "--scan" "--name-only" + SCAN_NAME_ONLY=1 + ;; --no-index) assert_option_for_command "--scan" "--no-index" SCAN_NO_INDEX=1 diff --git a/test/git-secrets.bats b/test/git-secrets.bats index b7a5b1c..be51e2c 100644 --- a/test/git-secrets.bats +++ b/test/git-secrets.bats @@ -72,6 +72,18 @@ load test_helper [ $status -eq 1 ] } +@test "Scans all files displaying file name only - pass" { + setup_good_repo + repo_run git-secrets --scan --name-only + [ $status -eq 0 ] +} + +@test "Scans all files displaying file name only - fail" { + setup_bad_repo + repo_run git-secrets --scan --name-only + [ $status -eq 1 ] +} + @test "Scans recursively" { setup_bad_repo mkdir -p $TEST_REPO/foo/bar/baz @@ -350,6 +362,11 @@ load test_helper [ $status -eq 1 ] } +@test "--name-only can only be used with --scan" { + repo_run git-secrets --list --name-only + [ $status -eq 1 ] +} + @test "--no-index can only be used with --scan" { repo_run git-secrets --list --no-index [ $status -eq 1 ]