24 lines
688 B
Bash
Executable File
24 lines
688 B
Bash
Executable File
#!/usr/bin/env bash
|
|
set -euo pipefail
|
|
|
|
ROOT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")/../.." && pwd)"
|
|
cd "$ROOT_DIR"
|
|
|
|
PATTERN='(Token[[:space:]]+[A-Za-z0-9._-]{20,}|eyJ[A-Za-z0-9_-]{10,}\.[A-Za-z0-9_-]{10,}\.[A-Za-z0-9_-]{10,}|\b[a-fA-F0-9]{40,}\b)'
|
|
|
|
MATCHES="$(rg -n --no-heading -S "$PATTERN" \
|
|
iphone WekoutThotViewer SharedCore \
|
|
--glob '!**/*.xcodeproj/**' \
|
|
--glob '!**/Tests/**' \
|
|
--glob '!**/*.md' \
|
|
--glob '!**/.build/**' || true)"
|
|
|
|
if [[ -n "$MATCHES" ]]; then
|
|
echo "Potential hardcoded token(s) detected:" >&2
|
|
echo "$MATCHES" >&2
|
|
echo "If a match is intentional, redact it or move it to secure runtime configuration." >&2
|
|
exit 1
|
|
fi
|
|
|
|
echo "Token scan passed."
|