Extend the JSON spec to allow for searching for body of modified files.

[jandre]

Currently, only file names are searched and filtered to try to find dangerous files. It'd be great if you could in git-deny-patterns.json specify a search that looks for items in the body of checked in files, such as "-----BEGIN RSA PRIVATE KEY-----" etc

[zuBux]

I could help with that but I'm trying to think other examples (besides -----BEGIN RSA PRIVATE KEY-----) where this feature could be useful. Any ideas?

[mikepqr]

See the appendix of this paper for a long list of great examples, with robust regexes ready to go:

https://www.ndss-symposium.org/ndss-paper/how-bad-can-it-git-characterizing-secret-leakage-in-public-github-repositories/

(As discussed here https://blog.acolyer.org/2019/04/08/how-bad-can-it-git-characterizing-secret-leakage-in-public-github-repositories/)