From 8b8897097310748b5146f3a83a7a2006840ea281 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Web=E3=82=A2=E3=83=97=E3=83=AA=E3=81=AE=E9=96=8B=E7=99=BA?= =?UTF-8?q?=E8=80=85?= Date: Mon, 2 Feb 2026 09:59:31 +0900 Subject: [PATCH] Update api_key_detect.py --- api_key_detect.py | 98 ++++++++++++++++++----------------------------- 1 file changed, 37 insertions(+), 61 deletions(-) diff --git a/api_key_detect.py b/api_key_detect.py index 68f8d72..fa2c838 100644 --- a/api_key_detect.py +++ b/api_key_detect.py @@ -1,79 +1,55 @@ -import sys, os, re, itertools +import os, re, itertools ignored = ['.git', 'node_modules', 'bower_components', '.sass-cache', '.png', '.ico', '.mov'] api_key_min_entropy_ratio = 0.5 api_key_min_length = 7 def pairwise(iterable): - "s -> (s0,s1), (s1,s2), (s2, s3), ..." a, b = itertools.tee(iterable) next(b, None) - return itertools.izip(a, b) + return zip(a, b) def token_is_api_key(token): - """ - Returns True if the token is an API key or password. - """ - if len(token) < api_key_min_length: - return (False, '') - entropy = 0 - for a, b in pairwise(list(token)): - if not ((str.islower(a) and str.islower(b)) or (str.isupper(a) and\ - str.isupper(b)) or (str.isdigit(a) and str.isdigit(b))): - entropy += 1 - return (float(entropy) / len(token) > api_key_min_entropy_ratio, float(entropy) / len(token)) + if len(token) < api_key_min_length: + return (False, '') + entropy = 0 + for a, b in pairwise(list(token)): + if not ((a.islower() and b.islower()) or (a.isupper() and b.isupper()) or (a.isdigit() and b.isdigit())): + entropy += 1 + return (float(entropy) / len(token) > api_key_min_entropy_ratio, float(entropy) / len(token)) def line_contains_api_key(line): - """ - Returns True if any token in the line contains an API key or password. - """ - for token in re.findall(r"[\w]+", line): - result = token_is_api_key(token) - if result[0]: - return (True, result[1]) - return (False, '') + for token in re.findall(r"[\w]+", line): + result = token_is_api_key(token) + if result[0]: + return (True, result[1]) + return (False, '') def scan_file(path_to_file): - """ - Prints out lines in the specified file that probably contain an API key or - password. - """ - f = open(path_to_file) - number = 1 - for line in f: - result = line_contains_api_key(line) - if result[0]: - print '\033[1m' + path_to_file + ' : Line ' + str(number) + ' : Entropy ' + str(result[1]) + '\033[0m' - print line - number += 1 + with open(path_to_file, encoding='utf-8') as f: + for number, line in enumerate(f, 1): + result = line_contains_api_key(line) + if result[0]: + print('\033[1m' + path_to_file + ' : Line ' + str(number) + ' : Entropy ' + str(result[1]) + '\033[0m') + print(line) def scan_dir(path): - """ - Recursively walks through the specified directory and scans each file. - Ignores hidden files and files matching the ignore list. - """ - for dirpath, _, filenames in os.walk(path): - for name in filenames: - if name[0] == '.': - # ignore hidden files - continue - fullpath = os.path.join(dirpath, name) - skip = False - for ignore in ignored: - if ignore in fullpath: - skip = True - if not skip: - scan_file(fullpath) + for dirpath, _, filenames in os.walk(path): + for name in filenames: + if name[0] == '.': + continue + fullpath = os.path.join(dirpath, name) + if any(ignore in fullpath for ignore in ignored): + continue + scan_file(fullpath) if __name__ == "__main__": - if len(sys.argv) == 1: - print 'Please specify path.' - sys.exit(0) - - path = str(sys.argv[1]) - print 'Scanning directory: ' + path - print 'Ignoring: ' + str(ignored) - print 'For tokens with minimum entropy ratio: ' + str(api_key_min_entropy_ratio) - - scan_dir(path) - \ No newline at end of file + import sys + if len(sys.argv) == 1: + print('Please specify path.') + sys.exit(0) + path = sys.argv[1] + print('Scanning directory: ' + path) + print('Ignoring: ' + str(ignored)) + print('For tokens with minimum entropy ratio: ' + str(api_key_min_entropy_ratio)) + scan_dir(path)