File size: 1,907 Bytes
3334467 | 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 | #!/usr/bin/env python3
import argparse
import re
from pathlib import Path
FORBIDDEN = [
("/picassox", re.compile(r"/picassox")),
("intelligent-cpfs", re.compile(r"intelligent-cpfs")),
("intern_beauty", re.compile(r"intern_beauty")),
("10.70.2.17", re.compile(r"10\.70\.2\.17")),
("/Users/whynotmeitu", re.compile(r"/Users/whynotmeitu")),
("/opt/tiger", re.compile(r"/opt/tiger")),
("PointVIS", re.compile(r"PointVIS")),
("hf token", re.compile(r"hf_[A-Za-z0-9]{20,}")),
("path_to_", re.compile(r"path_to_")),
("your-repo", re.compile(r"your-repo")),
("PATH_TO_", re.compile(r"PATH_TO_")),
("v137", re.compile(r"v137")),
]
SKIP_FILES = {
Path("scripts/check_release.py"),
Path(".gitignore"),
}
def main():
parser = argparse.ArgumentParser(description="Check release tree for private paths and secrets.")
parser.add_argument("root", nargs="?", default=".")
args = parser.parse_args()
root = Path(args.root).resolve()
bad = []
for path in root.rglob("*"):
if not path.is_file():
continue
if any(part in {".git", "__pycache__", ".cache"} for part in path.parts):
continue
rel_path = path.relative_to(root)
if rel_path in SKIP_FILES:
continue
if path.suffix.lower() in {".png", ".jpg", ".jpeg", ".bin", ".pt", ".pth", ".model"}:
continue
text = path.read_text(encoding="utf-8", errors="ignore")
for i, line in enumerate(text.splitlines(), 1):
for label, pattern in FORBIDDEN:
if pattern.search(line):
bad.append(f"{rel_path}:{i}: [{label}] {line[:180]}")
break
if bad:
print("Release check failed:")
print("\n".join(bad))
raise SystemExit(1)
print(f"Release check passed: {root}")
if __name__ == "__main__":
main()
|