Skip to content

SQL Password pattern #3149

SQL Password pattern

SQL Password pattern #3149

Workflow file for this run

# This workflow performs static analysis and checks coding style
name: Static analysis and code style
on:
push:
branches: [ main ]
pull_request:
branches: [ main ]
permissions:
contents: read
jobs:
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
checkers:
runs-on: ubuntu-latest
steps:
# # # MUST be full history to check git workflow
- name: Harden Runner
uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
with:
egress-policy: audit
- name: Checkout
id: code_checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
fetch-depth: 0
ref: ${{ github.event.pull_request.head.sha }}
# # # integrity for train diagram match
- name: Check ml_config.json and ml_model.onnx integrity
if: ${{ always() && steps.code_checkout.conclusion == 'success' }}
run: |
md5sum --binary credsweeper/ml_model/ml_config.json | grep 3a4bfcd6f3ea74461b158d4ec073cc06
md5sum --binary credsweeper/ml_model/ml_model.onnx | grep 9725b166e07e60f94929fea986f84ae2
# # # line ending
- name: Check for text file ending
if: ${{ always() && steps.code_checkout.conclusion == 'success' }}
run: |
n=0
for f in $(find . -type f -not -wholename '*/.*' -a -not -wholename '*/tests/samples/*' -a -not -wholename '*/corpus/*' -a -not -wholename '*.json'); do
n=$(( 1 + ${n} ))
filetype=$(file ${f})
if echo "${filetype}" | grep -q '.*text.*'; then
echo "CHECK:'${filetype}'"
lastbyte=$(hexdump -v -e '/1 "%02X\n"' ${f} | tail -1)
echo "Last byte is '${lastbyte}'"
if [ "0A" != "${lastbyte}" ]; then
echo "File ${f} has inappropriate line ending"
tail -1 ${f} | hexdump -C
else
n=$(( ${n} - 1 ))
fi
else
echo "SKIP:'${filetype}'"
n=$(( ${n} - 1 ))
fi
done
exit ${n}
# # # Python setup
- name: Set up Python
if: ${{ always() && steps.code_checkout.conclusion == 'success' }}
id: setup_python
uses: actions/setup-python@65d7f2d534ac1bc67fcd62888c5f4f3d2cb2b236 # v4.7.1
with:
python-version: "3.12"
- name: Install CredSweeper and auxiliary packages
id: setup_credsweeper
if: ${{ always() && steps.setup_python.conclusion == 'success' }}
run: |
python --version #dbg
python -m pip install --upgrade pip
pip install --requirement requirements.txt
pip list #dbg
# # # pylint
- name: Analysing the code with pylint and minimum Python version 3.8
if: ${{ always() && steps.setup_credsweeper.conclusion == 'success' }}
run: pylint --py-version=3.8 --errors-only credsweeper
- name: Analysing the code with pylint and minimum Python version 3.9
if: ${{ always() && steps.setup_credsweeper.conclusion == 'success' }}
run: pylint --py-version=3.9 --errors-only credsweeper
- name: Analysing the code with pylint and minimum Python version 3.10
if: ${{ always() && steps.setup_credsweeper.conclusion == 'success' }}
run: pylint --py-version=3.10 --errors-only credsweeper
- name: Analysing the code with pylint and minimum Python version 3.11
if: ${{ always() && steps.setup_credsweeper.conclusion == 'success' }}
run: pylint --py-version=3.11 --errors-only credsweeper
- name: Analysing the code with pylint and minimum Python version 3.12
if: ${{ always() && steps.setup_credsweeper.conclusion == 'success' }}
run: pylint --py-version=3.12 --errors-only credsweeper
# # # mypy
- name: Analysing the code with mypy and minimum Python version 3.8
if: ${{ always() && steps.setup_credsweeper.conclusion == 'success' }}
run: |
mypy --config-file .mypy.ini --python-version=3.8 credsweeper
- name: Analysing the code with mypy and minimum Python version 3.9
if: ${{ always() && steps.setup_credsweeper.conclusion == 'success' }}
run: |
mypy --config-file .mypy.ini --python-version=3.9 credsweeper
- name: Analysing the code with mypy and minimum Python version 3.10
if: ${{ always() && steps.setup_credsweeper.conclusion == 'success' }}
run: |
mypy --config-file .mypy.ini --python-version=3.10 credsweeper
- name: Analysing the code with mypy and minimum Python version 3.11
if: ${{ always() && steps.setup_credsweeper.conclusion == 'success' }}
run: |
mypy --config-file .mypy.ini --python-version=3.11 credsweeper
- name: Analysing the code with mypy and minimum Python version 3.12
if: ${{ always() && steps.setup_credsweeper.conclusion == 'success' }}
run: |
mypy --config-file .mypy.ini --python-version=3.12 credsweeper
# # # documentation
- name: Analysing the code with pylint for NEW missed docstrings of classes or functions
if: ${{ always() && steps.setup_credsweeper.conclusion == 'success' }}
run: |
pylint --disable=E,R,W,C0114,C0103,C0303,C0412,C0413,C0415,C0200,C0201,C0325 --verbose credsweeper
# # # Documentation check
- name: Test for creation sphinx documentations
if: ${{ always() && steps.setup_credsweeper.conclusion == 'success' }}
run: |
cd docs
pip install --requirement requirements.txt
make html
cd source
python -m sphinx -T -E -b html -d _build/doctrees -D language=en . ./_html
# # # yapf
- name: Check project style
if: ${{ always() && steps.setup_credsweeper.conclusion == 'success' }}
run: |
for f in credsweeper tests docs experiment; do
yapf --style .style.yapf --recursive --in-place --parallel $f
done
if [ 0 -ne $(git ls-files -m | wc -l) ]; then
git diff
echo "<- difference how to apply the style"
exit 1
fi
# # # flake8
- name: Analysing the code with flake8
id: test_flake8
if: ${{ always() && steps.setup_credsweeper.conclusion == 'success' }}
run: |
ERRCNT=$(flake8 credsweeper --count --exit-zero --output-file=flake8.txt)
if ! [ 0 -eq ${ERRCNT} ] ; then
echo "flake8 found '${ERRCNT}' failures:"
cat flake8.txt
exit 1
fi
- name: FLAKE 8 reports
if: ${{ failure() && steps.test_flake8.conclusion == 'failure' }}
uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
with:
name: flake8_report
path: flake8.txt
# # # Banner crc32
- name: Setup crc32 tool
id: setup_crc32
if: ${{ always() && steps.setup_credsweeper.conclusion == 'success' }}
run: sudo apt-get update && sudo apt-get install libarchive-zip-perl && crc32 /etc/fstab
- name: Banner and version check
if: ${{ always() && steps.setup_crc32.conclusion == 'success' }}
continue-on-error: true
run: |
crc32_int=0
for f in $(find credsweeper -iregex '.*\.\(py\|json\|yaml\|txt\|onnx\)$'); do
file_crc32_hex=$(crc32 $f)
file_crc32_int=$((16#${file_crc32_hex}))
crc32_int=$(( ${crc32_int} ^ ${file_crc32_int} ))
done
version_with_crc="$(python -m credsweeper --version | head -1) crc32:$(printf '%x' ${crc32_int})"
echo "version_with_crc = '${version_with_crc}'"
banner=$(python -m credsweeper --banner | head -1)
echo "banner = '${banner}'"
if ! [ -n "${version_with_crc}" ] && [ -n "${banner}" ] && [ "${version_with_crc}" == "${banner}" ]; then
echo "'${version_with_crc}' != '${banner}'"
exit 1
fi
# # # SECURITY.md check
- name: SECURITY.md check
if: ${{ always() && steps.setup_credsweeper.conclusion == 'success' }}
run: |
# get actual version (major.minor) from credsweeper package
V=$(python -c "from packaging.version import Version as V; import credsweeper; v=V(credsweeper.__version__); print(f'{v.major}.{v.minor}');")
# check whether current version exists in the file
if ! grep $V SECURITY.md; then
echo $V
cat --number SECURITY.md
exit 1
fi
# # # from https://github.com/step-security-bot/CredSweeper/commit/dbc01f2709c56f69e2d8fd717156385f42b7bbf5
- name: Dependency Review
if: ${{ 'push' != github.event_name }}
uses: actions/dependency-review-action@3b139cfc5fae8b618d3eae3675e383bb1769c019 # v4.5.0
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #