From 4998221d7eacdc63e43dae20178d5c9815571b1e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bj=C3=B6rn=20Sundling?= Date: Fri, 29 Jul 2022 14:05:03 +0200 Subject: [PATCH 1/2] Added Write-SecretStatus and guide to run it in Posh-git --- Docs/Help/Write-SecretStatus.md | 58 ++++++++++++++++++++++++++++ Source/PSSecretScanner.psd1 | 3 +- Source/Public/Find-Secret.ps1 | 58 +++++++++++++++------------- Source/Public/Write-SecretStatus.ps1 | 17 ++++++++ 4 files changed, 108 insertions(+), 28 deletions(-) create mode 100644 Docs/Help/Write-SecretStatus.md create mode 100644 Source/Public/Write-SecretStatus.ps1 diff --git a/Docs/Help/Write-SecretStatus.md b/Docs/Help/Write-SecretStatus.md new file mode 100644 index 0000000..258b018 --- /dev/null +++ b/Docs/Help/Write-SecretStatus.md @@ -0,0 +1,58 @@ +--- +external help file: PSSecretScanner-help.xml +Module Name: PSSecretScanner +online version: +schema: 2.0.0 +--- + +# Write-SecretStatus + +## SYNOPSIS + +This command is created to get a quick and easy way of having secrets found shown in your prompt function. +You can use it side by side with [posh-git](https://github.com/dahlbyk/posh-git), or as a stand alone function. + +## SYNTAX + +```PowerShell +Write-SecretStatus +``` + +## DESCRIPTION + +This command is created to get a quick and easy way of having secrets found shown in your prompt function. +You can use it side by side with [posh-git](https://github.com/dahlbyk/posh-git), or as a stand alone function. + +--- + +To add output to your default prompt, create or edit your prompt function and add `Write-SecretStatus` where you want it to show. + +--- + +To add this to your posh-git prompt add the following to your `$PROFILE` script **after the `Import-Module posh-git` statement!** + +```PowerShell +$GitPromptSettings.DefaultPromptBeforeSuffix.Text = ' $(Write-SecretStatus)' +# You may also change the default white console output colour by running +$GitPromptSettings.DefaultPromptBeforeSuffix.ForegroundColor = 'LightBlue' # or any other colour of choice.. +``` + +--- + +You _may_ also add this to your oh-my-posh thing, but I don't use it and have no idea how that works. + +## EXAMPLES + +## PARAMETERS + +## INPUTS + +### None + +## OUTPUTS + +### System.Object + +## NOTES + +## RELATED LINKS diff --git a/Source/PSSecretScanner.psd1 b/Source/PSSecretScanner.psd1 index 6ceff9d..298efb9 100644 --- a/Source/PSSecretScanner.psd1 +++ b/Source/PSSecretScanner.psd1 @@ -71,7 +71,8 @@ PowerShellVersion = '5.1' # Functions to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no functions to export. FunctionsToExport = @( 'Find-Secret', - 'New-PSSSConfig' + 'New-PSSSConfig', + 'Write-SecretStatus' ) # Cmdlets to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no cmdlets to export. diff --git a/Source/Public/Find-Secret.ps1 b/Source/Public/Find-Secret.ps1 index a9abcd8..4fd7d8d 100644 --- a/Source/Public/Find-Secret.ps1 +++ b/Source/Public/Find-Secret.ps1 @@ -60,40 +60,44 @@ function Find-Secret { } } + if ($ScanFiles.Count -ge 1) { + Write-Verbose "Scanning files:`n$($ScanFiles.FullName -join ""`n"")" - Write-Verbose "Scanning files:`n$($ScanFiles.FullName -join ""`n"")" + $Res = $Config['regexes'].Keys | ForEach-Object { + $RegexName = $_ + $Pattern = ($Config['regexes'])."$RegexName" - $Res = $Config['regexes'].Keys | ForEach-Object { - $RegexName = $_ - $Pattern = ($Config['regexes'])."$RegexName" + Write-Verbose "Performing $RegexName scan`nPattern '$Pattern'`n" - Write-Verbose "Performing $RegexName scan`nPattern '$Pattern'`n" - - Get-Item $ScanFiles.FullName | Select-String -Pattern $Pattern - } - - if (-not [string]::IsNullOrEmpty($Excludelist)) { - [string[]]$Exclusions = GetExclusions $Excludelist - Write-Verbose "Using excludelist $Excludelist. Found $($Exclusions.Count) exlude strings." + Get-Item $ScanFiles.FullName | Select-String -Pattern $Pattern + } + + if (-not [string]::IsNullOrEmpty($Excludelist)) { + [string[]]$Exclusions = GetExclusions $Excludelist + Write-Verbose "Using excludelist $Excludelist. Found $($Exclusions.Count) exlude strings." - $Res = $Res | Where-Object { - "$($_.Path);$($_.LineNumber);$($_.Line)" -notin $Exclusions + $Res = $Res | Where-Object { + "$($_.Path);$($_.LineNumber);$($_.Line)" -notin $Exclusions + } } - } - - $Result = "Found $($Res.Count) strings.`n" + + $Result = "Found $($Res.Count) strings.`n" - if ($res.Count -gt 0) { - $Result += "Path`tLine`tLineNumber`tPattern`n" - foreach ($line in $res) { - $Result += "$($line.Path)`t$($line.Line)`t$($line.LineNumber)`t$($line.Pattern)`n" + if ($res.Count -gt 0) { + $Result += "Path`tLine`tLineNumber`tPattern`n" + foreach ($line in $res) { + $Result += "$($line.Path)`t$($line.Line)`t$($line.LineNumber)`t$($line.Pattern)`n" + } } } - - switch ($OutputPreference) { - 'Output' { Write-Output $Result } - 'Warning' { Write-Warning $Result } - 'Error' { Write-Error $Result } - 'Object' { $res } + else { + $Result = 'Found no files to scan' + $res = @() } + switch ($OutputPreference) { + 'Output' { Write-Output $Result } + 'Warning' { Write-Warning $Result } + 'Error' { Write-Error $Result } + 'Object' { $res } + } } diff --git a/Source/Public/Write-SecretStatus.ps1 b/Source/Public/Write-SecretStatus.ps1 new file mode 100644 index 0000000..25f5ad0 --- /dev/null +++ b/Source/Public/Write-SecretStatus.ps1 @@ -0,0 +1,17 @@ +function Write-SecretStatus { + param ( + [switch]$Chatty + ) + + try { + [array]$IsGit = (git status *>&1).ToString() + if ( $IsGit[0] -eq 'fatal: not a git repository (or any of the parent directories): .git' ) { + break + } + else { + $SecretsCount = (Find-Secret -Recursive:$false -OutputPreference Object).Count + Write-Output "[$SecretsCount]" + } + } + catch {} +} \ No newline at end of file From 0a29b52d856fad7347f4e1e4e2e036406ab09834 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bj=C3=B6rn=20Sundling?= Date: Fri, 29 Jul 2022 14:05:03 +0200 Subject: [PATCH 2/2] Added Write-SecretStatus and guide to run it in Posh-git --- Docs/Help/Write-SecretStatus.md | 58 ++++++++++++++++++++++++++++ README.md | 1 + Source/PSSecretScanner.psd1 | 3 +- Source/Public/Find-Secret.ps1 | 58 +++++++++++++++------------- Source/Public/Write-SecretStatus.ps1 | 15 +++++++ 5 files changed, 107 insertions(+), 28 deletions(-) create mode 100644 Docs/Help/Write-SecretStatus.md create mode 100644 Source/Public/Write-SecretStatus.ps1 diff --git a/Docs/Help/Write-SecretStatus.md b/Docs/Help/Write-SecretStatus.md new file mode 100644 index 0000000..258b018 --- /dev/null +++ b/Docs/Help/Write-SecretStatus.md @@ -0,0 +1,58 @@ +--- +external help file: PSSecretScanner-help.xml +Module Name: PSSecretScanner +online version: +schema: 2.0.0 +--- + +# Write-SecretStatus + +## SYNOPSIS + +This command is created to get a quick and easy way of having secrets found shown in your prompt function. +You can use it side by side with [posh-git](https://github.com/dahlbyk/posh-git), or as a stand alone function. + +## SYNTAX + +```PowerShell +Write-SecretStatus +``` + +## DESCRIPTION + +This command is created to get a quick and easy way of having secrets found shown in your prompt function. +You can use it side by side with [posh-git](https://github.com/dahlbyk/posh-git), or as a stand alone function. + +--- + +To add output to your default prompt, create or edit your prompt function and add `Write-SecretStatus` where you want it to show. + +--- + +To add this to your posh-git prompt add the following to your `$PROFILE` script **after the `Import-Module posh-git` statement!** + +```PowerShell +$GitPromptSettings.DefaultPromptBeforeSuffix.Text = ' $(Write-SecretStatus)' +# You may also change the default white console output colour by running +$GitPromptSettings.DefaultPromptBeforeSuffix.ForegroundColor = 'LightBlue' # or any other colour of choice.. +``` + +--- + +You _may_ also add this to your oh-my-posh thing, but I don't use it and have no idea how that works. + +## EXAMPLES + +## PARAMETERS + +## INPUTS + +### None + +## OUTPUTS + +### System.Object + +## NOTES + +## RELATED LINKS diff --git a/README.md b/README.md index 2b56731..ca4ab9d 100644 --- a/README.md +++ b/README.md @@ -56,6 +56,7 @@ Yes, even keeping it simple there are stuff I might want to add some day, or if - 2022-07-29 - Change from Get-ChildItem to Get-Item which is marginaly faster. (2 seconds/10000 objects) - Add boolean-Recurse parameter defaulted to $true to support non recursive scans ([#18](https://github.com/bjompen/PSSecretScanner/issues/18)) + - Added Write-SecretStatur to add to posh-git profile. - 2022-07-28 - Added `-File` parameter ([#12](https://github.com/bjompen/PSSecretScanner/issues/12)) - Changed the **firebaseio** pattern to make scanning faster. diff --git a/Source/PSSecretScanner.psd1 b/Source/PSSecretScanner.psd1 index 6ceff9d..298efb9 100644 --- a/Source/PSSecretScanner.psd1 +++ b/Source/PSSecretScanner.psd1 @@ -71,7 +71,8 @@ PowerShellVersion = '5.1' # Functions to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no functions to export. FunctionsToExport = @( 'Find-Secret', - 'New-PSSSConfig' + 'New-PSSSConfig', + 'Write-SecretStatus' ) # Cmdlets to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no cmdlets to export. diff --git a/Source/Public/Find-Secret.ps1 b/Source/Public/Find-Secret.ps1 index a9abcd8..4fd7d8d 100644 --- a/Source/Public/Find-Secret.ps1 +++ b/Source/Public/Find-Secret.ps1 @@ -60,40 +60,44 @@ function Find-Secret { } } + if ($ScanFiles.Count -ge 1) { + Write-Verbose "Scanning files:`n$($ScanFiles.FullName -join ""`n"")" - Write-Verbose "Scanning files:`n$($ScanFiles.FullName -join ""`n"")" + $Res = $Config['regexes'].Keys | ForEach-Object { + $RegexName = $_ + $Pattern = ($Config['regexes'])."$RegexName" - $Res = $Config['regexes'].Keys | ForEach-Object { - $RegexName = $_ - $Pattern = ($Config['regexes'])."$RegexName" + Write-Verbose "Performing $RegexName scan`nPattern '$Pattern'`n" - Write-Verbose "Performing $RegexName scan`nPattern '$Pattern'`n" - - Get-Item $ScanFiles.FullName | Select-String -Pattern $Pattern - } - - if (-not [string]::IsNullOrEmpty($Excludelist)) { - [string[]]$Exclusions = GetExclusions $Excludelist - Write-Verbose "Using excludelist $Excludelist. Found $($Exclusions.Count) exlude strings." + Get-Item $ScanFiles.FullName | Select-String -Pattern $Pattern + } + + if (-not [string]::IsNullOrEmpty($Excludelist)) { + [string[]]$Exclusions = GetExclusions $Excludelist + Write-Verbose "Using excludelist $Excludelist. Found $($Exclusions.Count) exlude strings." - $Res = $Res | Where-Object { - "$($_.Path);$($_.LineNumber);$($_.Line)" -notin $Exclusions + $Res = $Res | Where-Object { + "$($_.Path);$($_.LineNumber);$($_.Line)" -notin $Exclusions + } } - } - - $Result = "Found $($Res.Count) strings.`n" + + $Result = "Found $($Res.Count) strings.`n" - if ($res.Count -gt 0) { - $Result += "Path`tLine`tLineNumber`tPattern`n" - foreach ($line in $res) { - $Result += "$($line.Path)`t$($line.Line)`t$($line.LineNumber)`t$($line.Pattern)`n" + if ($res.Count -gt 0) { + $Result += "Path`tLine`tLineNumber`tPattern`n" + foreach ($line in $res) { + $Result += "$($line.Path)`t$($line.Line)`t$($line.LineNumber)`t$($line.Pattern)`n" + } } } - - switch ($OutputPreference) { - 'Output' { Write-Output $Result } - 'Warning' { Write-Warning $Result } - 'Error' { Write-Error $Result } - 'Object' { $res } + else { + $Result = 'Found no files to scan' + $res = @() } + switch ($OutputPreference) { + 'Output' { Write-Output $Result } + 'Warning' { Write-Warning $Result } + 'Error' { Write-Error $Result } + 'Object' { $res } + } } diff --git a/Source/Public/Write-SecretStatus.ps1 b/Source/Public/Write-SecretStatus.ps1 new file mode 100644 index 0000000..c968f6f --- /dev/null +++ b/Source/Public/Write-SecretStatus.ps1 @@ -0,0 +1,15 @@ +function Write-SecretStatus { + param () + + try { + [array]$IsGit = (git status *>&1).ToString() + if ( $IsGit[0] -eq 'fatal: not a git repository (or any of the parent directories): .git' ) { + break + } + else { + $SecretsCount = (Find-Secret -Recursive:$false -OutputPreference Object).Count + Write-Output "[$SecretsCount]" + } + } + catch {} +} \ No newline at end of file