From fe8cb635ac69b475c13bebadbde926cd4a6082b3 Mon Sep 17 00:00:00 2001
From: csg01123119 <csg01123119@alibaba-inc.com>
Date: Thu, 14 Sep 2023 16:46:00 +0800
Subject: [PATCH] chore: optimize ak check

---
 .husky/pre-commit      |  1 +
 package-lock.json      | 20 +++++++++++++++--
 package.json           |  5 +----
 task/detect-secrets.js | 50 ++++++++++++++++++++++++++++++++----------
 4 files changed, 59 insertions(+), 17 deletions(-)

diff --git a/.husky/pre-commit b/.husky/pre-commit
index 57757f4ed..5284468c8 100755
--- a/.husky/pre-commit
+++ b/.husky/pre-commit
@@ -1,4 +1,5 @@
 #!/bin/sh
 . "$(dirname "$0")/_/husky.sh"
 
+node task/detect-secrets
 npm run lint-staged
diff --git a/package-lock.json b/package-lock.json
index 3e7ab4e9b..6bbf0ab3a 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -1,12 +1,12 @@
 {
   "name": "ali-oss",
-  "version": "6.18.0",
+  "version": "6.18.1",
   "lockfileVersion": 2,
   "requires": true,
   "packages": {
     "": {
       "name": "ali-oss",
-      "version": "6.18.0",
+      "version": "6.18.1",
       "license": "MIT",
       "dependencies": {
         "address": "^1.2.2",
@@ -85,6 +85,7 @@
         "prettier": "^3.0.0",
         "promise-polyfill": "^6.0.2",
         "puppeteer": "19.0.0",
+        "readline-sync": "^1.4.10",
         "semantic-release": "^21.1.1",
         "should": "^11.0.0",
         "sinon": "^15.2.0",
@@ -16725,6 +16726,15 @@
         "node": ">=8.10.0"
       }
     },
+    "node_modules/readline-sync": {
+      "version": "1.4.10",
+      "resolved": "https://registry.npmjs.org/readline-sync/-/readline-sync-1.4.10.tgz",
+      "integrity": "sha512-gNva8/6UAe8QYepIQH/jQ2qn91Qj0B9sYjMBBs3QOB8F2CXcKgLxQaJRP76sWVRQt+QU+8fAkCbCvjjMFu7Ycw==",
+      "dev": true,
+      "engines": {
+        "node": ">= 0.8.0"
+      }
+    },
     "node_modules/redent": {
       "version": "3.0.0",
       "resolved": "https://registry.npmjs.org/redent/-/redent-3.0.0.tgz",
@@ -31984,6 +31994,12 @@
         "picomatch": "^2.2.1"
       }
     },
+    "readline-sync": {
+      "version": "1.4.10",
+      "resolved": "https://registry.npmjs.org/readline-sync/-/readline-sync-1.4.10.tgz",
+      "integrity": "sha512-gNva8/6UAe8QYepIQH/jQ2qn91Qj0B9sYjMBBs3QOB8F2CXcKgLxQaJRP76sWVRQt+QU+8fAkCbCvjjMFu7Ycw==",
+      "dev": true
+    },
     "redent": {
       "version": "3.0.0",
       "resolved": "https://registry.npmjs.org/redent/-/redent-3.0.0.tgz",
diff --git a/package.json b/package.json
index 95d37804f..331bf51d9 100644
--- a/package.json
+++ b/package.json
@@ -31,7 +31,6 @@
     "publish-to-cdn": "node publish.js",
     "snyk-protect": "snyk-protect",
     "lint-staged": "lint-staged",
-    "detect-secrets": "node task/detect-secrets",
     "tsc": "npm run tsc:clean && npm run tsc:build",
     "tsc:build": "tsc -b tsconfig.json tsconfig-cjs.json",
     "tsc:watch": "tsc -b tsconfig.json tsconfig-cjs.json --watch",
@@ -120,6 +119,7 @@
     "prettier": "^3.0.0",
     "promise-polyfill": "^6.0.2",
     "puppeteer": "19.0.0",
+    "readline-sync": "^1.4.10",
     "semantic-release": "^21.1.1",
     "should": "^11.0.0",
     "sinon": "^15.2.0",
@@ -157,9 +157,6 @@
   },
   "snyk": true,
   "lint-staged": {
-    "**/!(dist)/*": [
-      "npm run detect-secrets --"
-    ],
     "**/*.{js,ts}": [
       "eslint --cache --fix --ext .js,.ts",
       "prettier --write",
diff --git a/task/detect-secrets.js b/task/detect-secrets.js
index 5207bfa48..792c6ef6e 100644
--- a/task/detect-secrets.js
+++ b/task/detect-secrets.js
@@ -1,15 +1,43 @@
+const process = require('process');
 const fs = require('fs');
-const files = process.argv.slice(2);
-const reg = /['"]LT([A-Za-z0-9+/=]{14}|LT[A-Za-z0-9+/=]{22}|LT[A-Za-z0-9+/=]{28})['"]/;
-files.forEach((val, index) => {
-  try {
-    const data = fs.readFileSync(val, 'utf8');
-    if (reg.test(data)) {
-      console.error("Don't push accessKeyId/accessKeySecret to repo! ------ File: " + val);
-      process.exit(-1);
+const readline = require('readline-sync');
+
+const { execSync } = require('child_process');
+
+const getCommandValue = command => {
+  return execSync(command).toString('utf8').trim();
+};
+
+const whiteFiles = ['package-lock.json'];
+// Get the list of file names to be submitted
+const filenames = getCommandValue('git diff --cached --name-only')
+  .split('\n')
+  .filter(item => !!item && !whiteFiles.some(wh => wh === item));
+if (filenames.length === 0) {
+  console.error('No files to submit');
+  process.exit(-1);
+}
+
+const list = [];
+filenames.forEach(file => {
+  if (fs.existsSync(file)) {
+    const txt = fs.readFileSync(file).toString('utf-8');
+    const reg = /([0-9a-z+=]{16}|[0-9a-z+=]{24}|[0-9a-z+=]{30})/gi;
+    const res = txt.match(reg);
+    if (res) {
+      const whiteList = ['peerDependencies', 'hasInstallScript'];
+      const aks = res.filter(item => !whiteList.some(wh => wh === item));
+      if (aks.length > 0) {
+        list.push(file); // Check if the code contains AK
+        aks.forEach(item => console.log(item));
+      }
     }
-  } catch (err) {
-    console.error('file error ----' + val);
-    process.exit(-1);
   }
 });
+if (list.length > 0) {
+  console.error('Please check if AK is included in the following files\n');
+  list.forEach(item => console.error(item + '\n'));
+
+  const input = readline.question(`Do you want to continue submitting？（y|n）`);
+  if (/n/i.test(input)) process.exit(-1);
+}