Installation¶

Currently CredSweeper requires the following prerequisites:

Python version 3.8, 3.9, 3.10, 3.11

Note

We recommend to use credsweeper in a separate virtual enviroment. Some heave dependencies as Tensorflow might create a conflict with other dependencies othervise

Via pip¶

pip install credsweeper

Note

If you didn’t installed git, you may encounter the following error:

...

All git commands will error until this is rectified.

This initial warning can be silenced or aggravated in the future by setting the
$GIT_PYTHON_REFRESH environment variable. Use one of the following values:
    - quiet|q|silence|s|none|n|0: for no warning or exception
    - warn|w|warning|1: for a printed warning
    - error|e|raise|r|2: for a raised exception

Example:
    export GIT_PYTHON_REFRESH=quiet

If so, please install git.

sudo apt install git

Note

Allows to use ML model classifier to validate credential candidates, but requires setup of additional packages: numpy, scikit-learn and tensorflow.

Via git clone (dev install)¶

git clone https://github.com/Samsung/CredSweeper.git
cd CredSweeper
# Annotate "numpy", "scikit-learn" and "tensorflow" if you don't want to use the ML validation feature.
pip install -qr requirements.txt

Pre-commit git hook¶

Install CredSweeper into system and copy pre-commit file in your .git/hooks repo.

Note

CredSweeper must be available in current python environment.

Note

pre-commit file context:

#!/usr/bin/env python
import io
import subprocess
import sys

from credsweeper import CredSweeper
from credsweeper.common.constants import DiffRowType
from credsweeper.file_handler.patch_provider import PatchProvider


def main() -> int:
    command = ["git", "diff", "--cached"]
    with subprocess.Popen(command, stdout=subprocess.PIPE, stderr=subprocess.PIPE) as pipe:
        _stdout, _stderr = pipe.communicate()
        if pipe.returncode:
            print(str(_stdout), flush=True)
            print(str(_stderr), flush=True)
            print(f"{command} EXIT CODE:{pipe.returncode}", flush=True)
            return 1

    patch = io.BytesIO(_stdout)
    added = PatchProvider([patch], change_type=DiffRowType.ADDED)
    deleted = PatchProvider([patch], change_type=DiffRowType.DELETED)

    credsweeper = CredSweeper()

    if credsweeper.run(content_provider=deleted):
        print(f"CREDENTIALS FOUND IN DELETED CONTENT", flush=True)
        # return 1  # <<< UNCOMMENT THE LINE IF YOU WANT TO MANAGE DELETED CREDENTIALS

    if credsweeper.run(content_provider=added):
        print(f"CREDENTIALS FOUND IN ADDED CONTENT", flush=True)
        return 1

    return 0


if __name__ == "__main__":
    sys.exit(main())