New pre commit hook #3
Conversation
pspandler
left a comment
pspandler
left a comment
There was a problem hiding this comment.
Just cosmetic stuff and standardisation needed for now - fixing this and adding comments will help.
.githooks/pre-commit
Outdated
| #!/bin/bash | ||
| #set -x | ||
| PREFIX="pre-commit:" | ||
| RESULTS_FILE=tfsec-scan-output.txt |
There was a problem hiding this comment.
Quote your variables please.
Also, it would help if there were some useful comments - reading comments aids understanding.
.githooks/pre-commit
Outdated
| initialise() { | ||
| mkdir -p $TFSEC_WORKING_DIR | ||
| mkdir -p $TFSEC_RESULTS_DIR | ||
| rm $TFSEC_WORKING_DIR/* 2> /dev/null |
There was a problem hiding this comment.
Remove stray space.
Why are you redirecting STDERR to /dev/null?
There was a problem hiding this comment.
ok. Redirecting as it gives an error if this is run for the first time
There was a problem hiding this comment.
Righto, maybe you could:
- see if the directory exists
- if yes, delete it & recreate it
- if no, create it
.githooks/pre-commit
Outdated
| #set -x | ||
| PREFIX="pre-commit:" | ||
| RESULTS_FILE=tfsec-scan-output.txt | ||
| TFSEC_RESULTS_DIR=/tmp/tfsec-results |
.githooks/pre-commit
Outdated
| PREFIX="pre-commit:" | ||
| RESULTS_FILE=tfsec-scan-output.txt | ||
| TFSEC_RESULTS_DIR=/tmp/tfsec-results | ||
| TFSEC_WORKING_DIR=/tmp/tfsec-files |
.githooks/pre-commit
Outdated
| mkdir -p $TFSEC_WORKING_DIR | ||
| mkdir -p $TFSEC_RESULTS_DIR | ||
| rm $TFSEC_WORKING_DIR/* 2> /dev/null | ||
| rm $TFSEC_RESULTS_DIR/* 2> /dev/null |
.githooks/pre-commit
Outdated
| initialise; | ||
| populateGlobalVars; | ||
|
|
||
| if [ "$TERRAFORM_FILES_STAGED" = "yes" ]; then |
There was a problem hiding this comment.
Are you using [ ] or [[ ]]..?
I think [[ ]] is safer, but I can't remember why.
.githooks/pre-commit
Outdated
| copyTerraformFilesToBeScanned; | ||
|
|
||
| #Do the latest tfsec scan on the files that have been staged | ||
| if ! tfsec $TFSEC_WORKING_DIR --no-colour --out $TFSEC_RESULTS_DIR/$RESULTS_FILE; then |
.githooks/pre-commit
Outdated
| if [ "$ALLOW_TFSEC_ISSUES" = "yes" ] | ||
| then | ||
| #Check that the file added is exactly the same as the latest tfsec issues. They must be identical in order for the commit to be allowed through | ||
| diffResult=$(diff $TFSEC_RESULTS_DIR/$RESULTS_FILE $TFSEC_WORKING_DIR/$RESULTS_FILE) |
.githooks/pre-commit
Outdated
| diffResult=$(diff $TFSEC_RESULTS_DIR/$RESULTS_FILE $TFSEC_WORKING_DIR/$RESULTS_FILE) | ||
| if [ $? -eq 0 ] | ||
| then | ||
| informUserThatWeAllowCommitThroughDespiteTfsecIssues; |
There was a problem hiding this comment.
Not a fan of Camel case function names.
Also, could they be shorter?
.githooks/pre-commit
Outdated
| exit 1 | ||
| fi | ||
| else | ||
| informUserThatWeDenyCommitBecauseOutstandingTfSecIssues; |
No description provided.