(expandedPath string)
| 104 | } |
| 105 | |
| 106 | func isBlockedFile(expandedPath string) (bool, string) { |
| 107 | homeDir := os.Getenv("HOME") |
| 108 | if homeDir == "" { |
| 109 | homeDir = os.Getenv("USERPROFILE") |
| 110 | } |
| 111 | |
| 112 | cleanPath := filepath.Clean(expandedPath) |
| 113 | baseName := filepath.Base(cleanPath) |
| 114 | |
| 115 | exactPaths := []struct { |
| 116 | path string |
| 117 | reason string |
| 118 | }{ |
| 119 | {filepath.Join(homeDir, ".aws", "credentials"), "AWS credentials file"}, |
| 120 | {filepath.Join(homeDir, ".git-credentials"), "Git credentials file"}, |
| 121 | {filepath.Join(homeDir, ".netrc"), "netrc credentials file"}, |
| 122 | {filepath.Join(homeDir, ".pgpass"), "PostgreSQL password file"}, |
| 123 | {filepath.Join(homeDir, ".my.cnf"), "MySQL credentials file"}, |
| 124 | {filepath.Join(homeDir, ".kube", "config"), "Kubernetes config file"}, |
| 125 | {"/etc/shadow", "system password file"}, |
| 126 | {"/etc/sudoers", "system sudoers file"}, |
| 127 | } |
| 128 | |
| 129 | for _, ep := range exactPaths { |
| 130 | if cleanPath == ep.path { |
| 131 | return true, ep.reason |
| 132 | } |
| 133 | } |
| 134 | |
| 135 | dirPrefixes := []struct { |
| 136 | prefix string |
| 137 | reason string |
| 138 | }{ |
| 139 | {filepath.Join(homeDir, ".gnupg") + string(filepath.Separator), "GPG directory"}, |
| 140 | {filepath.Join(homeDir, ".password-store") + string(filepath.Separator), "password store directory"}, |
| 141 | {"/etc/sudoers.d/", "system sudoers directory"}, |
| 142 | {"/Library/Keychains/", "macOS keychain directory"}, |
| 143 | {filepath.Join(homeDir, "Library", "Keychains") + string(filepath.Separator), "macOS keychain directory"}, |
| 144 | } |
| 145 | |
| 146 | for _, dp := range dirPrefixes { |
| 147 | if strings.HasPrefix(cleanPath, dp.prefix) { |
| 148 | return true, dp.reason |
| 149 | } |
| 150 | } |
| 151 | |
| 152 | if strings.Contains(cleanPath, filepath.Join(homeDir, ".secrets")) { |
| 153 | return true, "secrets directory" |
| 154 | } |
| 155 | |
| 156 | if localAppData := os.Getenv("LOCALAPPDATA"); localAppData != "" { |
| 157 | credPath := filepath.Join(localAppData, "Microsoft", "Credentials") |
| 158 | if strings.HasPrefix(cleanPath, credPath) { |
| 159 | return true, "Windows credentials" |
| 160 | } |
| 161 | } |
| 162 | if appData := os.Getenv("APPDATA"); appData != "" { |
| 163 | credPath := filepath.Join(appData, "Microsoft", "Credentials") |
no test coverage detected