itknowhowcentral Logo
Popular:
  1. Home
  2. Explain Git Hooks for Security- Telisma - Single Project Mode

Use Case - Why do we need these hooks


Whenever we engage with git or any public or private repository, we by mistakenly end up sharing sensitive information (access. Access token. SSH key) on these repository.

Use Case: a AWS key was by mistakenly put together on GitHub. And because of which the hackers got those keys and they have created EC2 instance 140 EC2 instance for Bitcoin mining.

 

 

What these hooks will do?

  • they can be installed on the developer's workstation to prevent them.

 

 

How this happens?

  • They will employ a regex method, which is a regular expression method, to filter the data. 
  • All of the sensitive information should be removed.
  • Using 3rd Party tool- Talisman 

 

What Talisman can do

  • Talisman will help you install hook to your repository As pre-commit hook post come post pre push hook.
  • What exactly they will do when there is any sensitive information. If you try to do a commit/push it will do a scan behind the scene and it will give you a report and it will not allow you.
    • Talisman ensure potential secret or sensitive information, do not leave the developer's workstation.
    • Talisman validates the outgoing change for things that look suspicious, such as SSH key token, private key,etc.. It works on Pattern Matching 

 

Talisman normally do/validate

  • Encoded Values
  • Check file content
  • Check file size
  • Do Entropy
  • Validate Credit card Number
  • Check file name

 

 

 

 

Install Talisman at your system

01 Single Project Installation

  • Talisman will be present on single Git Repository
  • Go to Official GitHub (See Here)
    • Scroll down to see installation instruction

 

     Install  Talisman at local

  • curl https://thoughtworks.github.io/talisman/install.sh > ~\install-talisman.sh
    • Installed at C:\Users\Win10\install-talisman.BAT
  • Give a execute permission to this particular script.
    • chmod +x ~/install-talisman.sh

 

 

    01 A. Set up pre-commit hook -  Single Project

  • Go to your Branch working directory first & Install the Hook
  • Now test Our Hooks
    • Create a directory with files having secured information and try to commit
    • instead of commit i got a talisman report and blocking my commit

 

     Solution

  • Either go and delete these files, ignore these files, or if you want that talisman should bypass this files, then you can ignore these files into talisman.
    • By Pass these files
      • Go to base directory
      • Copy check we got above
      • Create an hidden file and open in VI editor
          • in insert mode - Paste copied checksum into this file in VI editor
          • save and Quit
      • Do commit again
        • We simply by pass and commit are done

 

 01 B.  Set up pre-push hook -  Single Project

Use Case - Lets agree that whatever the developer wants to do on his local system it's totally fine. But the developer should not push any sensitive information into a remote repository on his local system. He can commit (we already commuted in previous hook) but not able to push

as long as he or she is working on his local system, it's completely fine, but he or she should not be able to push changes to the remote repository.

 

 

Install PrePush Hook

~/install-talisman.sh

 

 

Remove .talisman.rc file we created during commit hook

 

Now try to push your changes

we got the same telisman report and block pushing

 

 

 

 

02 Global Installation (See Here)

Related Question