tea/browsertrix
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
1b1819ba5a
browsertrix/scripts/check_passwords.py
Ilya Kreymer a9ab17fc61
publish helm chart on release (fixes #1114) (#1117) (#1123) 
- no longer using :latest by default in values.yaml, instead updating version with each release
- set chart version to match app version in Chart.yaml
- update version in helm chart and values.yaml as part of update-version.sh script
- update test.yaml and local-config.yaml to enable using :latest tag images
- ci: add ci script for packaging current helm chart
- docs: updates docs to indicate deploying directly from GitHub release
- docs: add script to fill in latest version for 'VERSION' using custom script
- chart: set local_service_port to 30870 by default, but use only if no ingress.
- default values.yaml set up for local deployment, local-config.yaml contains additional commented out examples
- ci draft: add deployment info to draft with helm install command for current version
- test: fix password check test
2023-08-30 12:02:02 -07:00

58 lines
2.3 KiB
Python
Raw Blame History

"A small dirty script to check that none of the password config options have been set to real passwords"
from collections.abc import Generator
import yaml
from yaml.parser import ParserError
from yaml.scanner import ScannerError
from yaml.constructor import ConstructorError
import sys
ALLOWED_PASSWORDS = ["PassW0rd!", "password", "PASSWORD@", "PASSW0RD!", "PASSWORD!"]
def key_finder(d: dict, key: str = "password", top_level = None) -> Generator:
"""This recursive function yields all the keys in {d} that _contains_ the string {key}
:param dict d: The dictionary to dive through
:param str key: The phrase we are going to match keys against
:return: A generator that creates tuples containing Optional[top_level_key], key, value
:rtype Union[tuple[str, str], tuple[str, str, str]]
"""
if d is None:
return {}
for k, v in d.items():
if isinstance(v, dict):
if top_level is None:
yield from key_finder(v, key, k) # Pass the top level name into the recursive descent
else:
yield from key_finder(v, key, top_level) # name isn't the top level key
if key in str(k): # Sometimes yaml gets parsed with key True
if top_level is None:
yield k, v # Key is already top level
else:
yield top_level, k, v # Use the top level name
WE_DUN_GOOFED: bool = False
changed_files = sys.argv[1:] # Ignore filename of this script
for file in changed_files:
with open(file, 'r') as f:
try:
yml = yaml.safe_load(f)
gen = key_finder(yml)
for password_keys in gen:
if password_keys[-1] not in ALLOWED_PASSWORDS:
if len(password_keys) == 2:
print(f"top level key '{password_keys[0]}' in {file} contains a real password!")
else:
print(f"top level key '{password_keys[0]}' with subkey '{password_keys[1]}' in {file} contains a real password!")
WE_DUN_GOOFED = True
except (ScannerError, ParserError):
print(f"Couldn't parse yaml file for: {file}")
pass
except ConstructorError:
print(f"Couldn't construct yaml file: {file}")
pass
if WE_DUN_GOOFED:
exit(1)
Reference in New Issue View Git Blame Copy Permalink