macOS's grep is not compatible gnu grep #32

Open
n0ts opened this Issue Aug 2, 2016 · 8 comments

Projects

None yet

2 participants

@n0ts
n0ts commented Aug 2, 2016 edited

macOS's grep (BSD grep 2.5.1-FreeBSD) is not compatible gnu grep.
So, commit-msg hook is always ERROR.

git secrets --commit_msg_hook -- foo.txt
test1.txt:1:test1

[ERROR] Matched one or more prohibited patterns

Possible mitigations:
- Mark false positives as allowed using: git config --add secrets.allowed ...
- Mark false positives as allowed by adding regular expressions to .gitallowed at repository's root directory
- List your configured patterns: git config --get-all secrets.patterns
- List your configured allowed patterns: git config --get-all secrets.allowed
- List your configured allowed patterns in .gitallowed at repository's root directory
- Use --no-verify if this is a one-time false positive
@n0ts n0ts changed the title from macOS's grep is not compatible to macOS's grep is not compatible gnu grep Aug 2, 2016
@mtdowling
Contributor

The tests for git-secrets works both on my mac and on Travis, so I haven't run into this issue.

Can you give an example of a regex that doesn't work on both?

@n0ts
n0ts commented Sep 30, 2016

@mtdowling Thanks. Sorry for late reply. Hmm, I tried more times, I also working...

@n0ts n0ts closed this Sep 30, 2016
@n0ts n0ts reopened this Sep 30, 2016
@n0ts
n0ts commented Sep 30, 2016

@mtdowling I use gnu grep 2.25 via homebrew (brew install --with-default-names grep).

$ grep --version
grep (GNU grep) 2.25
Packaged by Homebrew
Copyright (C) 2016 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Written by Mike Haertel and others, see <http://git.sv.gnu.org/cgit/grep.git/tree/AUTHORS>.

My gitconfig grep and secret is below.

[pager]
  grep = false

[secrets]
  providers = git secrets --aws-provider
  patterns = [A-Z0-9]{20}
  patterns = (\"|')?(AWS|aws|Aws)?_?(SECRET|secret|Secret)?_?(ACCESS|access|Access)?_?(KEY|key|Key)(\"|')?\\s*(:|=>|=)\\s*(\"|')?[A-Za-z0-9/\\+=]{40}(\"|')?
  patterns = (\"|')?(AWS|aws|Aws)?_?(ACCOUNT|account|Account)_?(ID|id|Id)?(\"|')?\\s*(:|=>|=)\\s*(\"|')?[0-9]{4}\\-?[0-9]{4}\\-?[0-9]{4}(\"|')?
  allowed = AKIAIOSFODNN7EXAMPLE
  allowed = wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY

So I create new files into the git repository.
When I commit new files got a below error.

$ git init .
$ touch hoge_{1..10}
$ git add hoge_*
$ git commit -m "test" .
fatal: ambiguous argument 'hoge_1 hoge_10 hoge_2 hoge_3 hoge_4 hoge_5 hoge_6 hoge_7 hoge_8 hoge_9': unknown revision or path not in the working tree.
Use '--' to separate paths from revisions, like this:
'git <command> [<revision>...] -- [<file>...]'

I think that git-secret regular patterns is not compatible gnu grep.

$ git grep -nwHEI --cached "[A-Z0-9]{20}|("|')?(AWS|aws|Aws)?_?(SECRET|secret|Secret)?_?(ACCESS|access|Access)?_?(KEY|key|Key)("|')?\s*(:|=>|=)\s*("|')?[A-Za-z0-9/\+=]{40}("|')?|("|')?(AWS|aws|Aws)?_?(ACCOUNT|account|Account)_?(ID|id|Id)?("|')?\s*(:|=>|=)\s*("|')?[0-9]{4}\-?[0-9]{4}\-?[0-9]{4}("|')?|AKIAJYEVZ2UZKEDU3B2A|6U4Iwm/0u9aNPyIFA\+KYRkPZi42LDQMhAw9zlPNn" hoge_1 hoge_10 hoge_2 hoge_3 hoge_4 hoge_5 hoge_6 hoge_7 hoge_8 hoge_9
bash: syntax error near unexpected token `)'
@n0ts
n0ts commented Oct 26, 2016

@mtdowling What is status this issue? Thanks.

@mtdowling
Contributor

What version of git-secrets are you using? Can you try updating to the latest version? The ambiguous argument error looks unrelated to the regular expression that's being used.

As for the second, bash syntax error, that looks to be caused by not escaping the regex properly.

@n0ts
n0ts commented Oct 27, 2016

I use git-scretes 1.2.1.

@mtdowling
Contributor

I've been unable to reproduce this so far. What version of git are you using?

@n0ts
n0ts commented Nov 2, 2016

Thanks, Now I use git 2.10.1,

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment