@@ -166,36 +166,51 @@ while read local_ref local_sha remote_ref remote_sha; do
166166 continue
167167 fi
168168
169+ # Use strings for binary files, grep directly for text files.
170+ # This correctly extracts printable strings from WASM, .lockb, etc.
171+ is_binary=false
172+ if grep -qI ' ' " $file " 2> /dev/null; then
173+ is_binary=false
174+ else
175+ is_binary=true
176+ fi
177+
178+ if [ " $is_binary " = true ]; then
179+ file_text=$( strings " $file " 2> /dev/null)
180+ else
181+ file_text=$( cat " $file " 2> /dev/null)
182+ fi
183+
169184 # Check for hardcoded user paths.
170- if grep -E ' (/Users/[^/\s]+/|/home/[^/\s]+/|C:\\Users\\[^\\]+\\)' " $file " 2> /dev/null | grep -q . ; then
185+ if echo " $file_text " | grep -qE ' (/Users/[^/\s]+/|/home/[^/\s]+/|C:\\Users\\[^\\]+\\)' ; then
171186 printf " ${RED} ✗ BLOCKED: Hardcoded personal path found in: %s${NC} \n" " $file "
172- grep -n -E ' (/Users/[^/\s]+/|/home/[^/\s]+/|C:\\Users\\[^\\]+\\)' " $file " | head -3
187+ echo " $file_text " | grep -nE ' (/Users/[^/\s]+/|/home/[^/\s]+/|C:\\Users\\[^\\]+\\)' | head -3
173188 ERRORS=$(( ERRORS + 1 ))
174189 fi
175190
176191 # Check for Socket API keys.
177- if grep -E ' sktsec_[a-zA-Z0-9_-]+' " $file " 2> /dev/null | grep -v " $ALLOWED_PUBLIC_KEY " | grep -v ' your_api_key_here' | grep -v ' SOCKET_SECURITY_API_KEY=' | grep -v ' fake-token' | grep -v ' test-token' | grep -q . ; then
192+ if echo " $file_text " | grep -E ' sktsec_[a-zA-Z0-9_-]+' | grep -v " $ALLOWED_PUBLIC_KEY " | grep -v ' your_api_key_here' | grep -v ' SOCKET_SECURITY_API_KEY=' | grep -v ' fake-token' | grep -v ' test-token' | grep -q . ; then
178193 printf " ${RED} ✗ BLOCKED: Real API key detected in: %s${NC} \n" " $file "
179- grep -n ' sktsec_' " $file " | grep -v " $ALLOWED_PUBLIC_KEY " | grep -v ' your_api_key_here' | grep -v ' fake-token' | grep -v ' test-token' | head -3
194+ echo " $file_text " | grep -n ' sktsec_' | grep -v " $ALLOWED_PUBLIC_KEY " | grep -v ' your_api_key_here' | grep -v ' fake-token' | grep -v ' test-token' | head -3
180195 ERRORS=$(( ERRORS + 1 ))
181196 fi
182197
183198 # Check for AWS keys.
184- if grep -iE ' (aws_access_key|aws_secret|AKIA[0-9A-Z]{16})' " $file " 2> /dev/null | grep -q . ; then
199+ if echo " $file_text " | grep -iqE ' (aws_access_key|aws_secret|AKIA[0-9A-Z]{16})' ; then
185200 printf " ${RED} ✗ BLOCKED: Potential AWS credentials found in: %s${NC} \n" " $file "
186- grep -n -iE ' (aws_access_key|aws_secret|AKIA[0-9A-Z]{16})' " $file " | head -3
201+ echo " $file_text " | grep -niE ' (aws_access_key|aws_secret|AKIA[0-9A-Z]{16})' | head -3
187202 ERRORS=$(( ERRORS + 1 ))
188203 fi
189204
190205 # Check for GitHub tokens.
191- if grep -E ' gh[ps]_[a-zA-Z0-9]{36}' " $file " 2> /dev/null | grep -q . ; then
206+ if echo " $file_text " | grep -qE ' gh[ps]_[a-zA-Z0-9]{36}' ; then
192207 printf " ${RED} ✗ BLOCKED: Potential GitHub token found in: %s${NC} \n" " $file "
193- grep -n -E ' gh[ps]_[a-zA-Z0-9]{36}' " $file " | head -3
208+ echo " $file_text " | grep -nE ' gh[ps]_[a-zA-Z0-9]{36}' | head -3
194209 ERRORS=$(( ERRORS + 1 ))
195210 fi
196211
197212 # Check for private keys.
198- if grep -E ' -----BEGIN (RSA |EC |DSA )?PRIVATE KEY-----' " $file " 2> /dev/null | grep -q . ; then
213+ if echo " $file_text " | grep -qE ' -----BEGIN (RSA |EC |DSA )?PRIVATE KEY-----' ; then
199214 printf " ${RED} ✗ BLOCKED: Private key found in: %s${NC} \n" " $file "
200215 ERRORS=$(( ERRORS + 1 ))
201216 fi
0 commit comments