Push Rules : Prohibited Content & Prohibited Keys
Content Prohibited via Regex
Using Push Rules, allow regex for prohibited content, just as you do with prohibited file names. For instance, block use of the
exec function in
php files with something like
/exec\s?(/. And it might be a good idea to limit rules by filetype or only when there is also a filename regex match, because the same string is harmless in many other files. Admittedly, this functionality may be better suited to a build system, however, the push rules are better suited to smaller projects that don't have or require a build system.
Along the same lines, it would be nice to set certain keys/passwords should not be allowed to be pushed. like a Paypal API key, a database password, etc. I imagine this is similar in functionality to creating Personal Access Tokens. You can give the key a recognizable name, but you can never view/retrieve/modify the key once created. Logistically, this may be difficult to implement. You can't store the key as a hash, because you need to be able to compare the original string to the file content. So, perhaps encrypt them with a project-specific key?