#!/bin/bash # # 🔒 ROA2WEB Commit Message Hook # Validates commit messages and warns about potential security issues # # Installation: # cp security/git_hooks/commit-msg .git/hooks/commit-msg # chmod +x .git/hooks/commit-msg # set -e commit_msg_file="$1" commit_msg=$(cat "$commit_msg_file") # Colors RED='\033[0;31m' YELLOW='\033[1;33m' GREEN='\033[0;32m' NC='\033[0m' echo -e "${GREEN}🔒 ROA2WEB Commit Message Check${NC}" # Patterns that might indicate accidental secret commits SUSPICIOUS_COMMIT_PATTERNS=( "password" "secret" "credential" "token" "key" "auth" "config" "env" ) # Check for suspicious patterns in commit message violations=0 for pattern in "${SUSPICIOUS_COMMIT_PATTERNS[@]}"; do if echo "$commit_msg" | grep -qi "$pattern"; then echo -e "${YELLOW}⚠️ WARNING: Commit message contains potentially sensitive keyword: '$pattern'${NC}" echo -e "${YELLOW} Make sure you're not accidentally committing secrets${NC}" violations=$((violations + 1)) fi done # Check commit message quality if [[ ${#commit_msg} -lt 10 ]]; then echo -e "${YELLOW}⚠️ WARNING: Very short commit message${NC}" fi if [[ $violations -gt 0 ]]; then echo -e "${YELLOW}" echo "⚠️ $violations potential security-related keywords found in commit message" echo "Please double-check that you're not committing sensitive information" echo -e "${NC}" fi echo -e "${GREEN}✅ Commit message check completed${NC}" exit 0