-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathestimate_push_protection_rate.py
More file actions
executable file
·67 lines (50 loc) · 2.19 KB
/
estimate_push_protection_rate.py
File metadata and controls
executable file
·67 lines (50 loc) · 2.19 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
#!/usr/bin/env python3
"""Estimate how many secrets would have been detected in a list of existing secret detections, and a list of which patterns have push protection now."""
import argparse
import json
from datetime import datetime, timezone
def add_args(parser: argparse.ArgumentParser) -> None:
"""Add command line arguments to the parser."""
parser.add_argument(
"secrets_file",
type=str,
help="Path to the file containing the list of secrets",
)
parser.add_argument(
"patterns_file",
type=str,
help="Path to the file containing the list of patterns with push protection",
)
def main() -> None:
"""Command line entry point."""
parser = argparse.ArgumentParser(
description="Estimate push protection rate for secrets"
)
add_args(parser)
args = parser.parse_args()
with open(args.patterns_file, "r") as f:
patterns: set = {line.strip() for line in f if line.strip()}
with open(args.secrets_file, "r") as f:
secrets = json.load(f)
total_secrets = len(secrets)
protected_secrets = [secret for secret in secrets if secret.get("secret_type") in patterns]
print(f"Total secrets: {total_secrets}")
print(f"Protected secrets: {len(protected_secrets)}")
if total_secrets > 0:
protection_rate = (len(protected_secrets) / total_secrets) * 100
print(f"Estimated push protection rate: {protection_rate:.2f}%")
else:
print("No secrets found to evaluate.")
# now evaluate how often we'd expect to block pushes, using the `first_commit_date` field
# that's in ISO format with a Z suffix
now = datetime.now(timezone.utc)
# find the oldest blocked commit
earliest_blocked_commit_date = min([
datetime.fromisoformat(secret["first_commit_date"].replace("Z", "+00:00"))
for secret in protected_secrets
])
blocking_timespan = now - earliest_blocked_commit_date
rate = len(protected_secrets) / blocking_timespan.days if blocking_timespan.days > 0 else len(protected_secrets)
print(f"Estimated secrets blocked per day since {earliest_blocked_commit_date.date()}: {rate:.2f}")
if __name__ == "__main__":
main()