Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: Support for more kinds of binary headers #1

Merged
merged 1 commit into from
Feb 19, 2022
Merged

fix: Support for more kinds of binary headers #1

merged 1 commit into from
Feb 19, 2022

Conversation

k0ral
Copy link

@k0ral k0ral commented Feb 4, 2022

On my side, git log produces the following output for binary files:

diff --git a/static/bgfooter.png b/static/bgfooter.png
new file mode 100644
index 000000000..9ce5bdd90
Binary files /dev/null and b/static/bgfooter.png differ

(Example taken from celery/celery@d6e4683.)

go-gitdiff currently fails to parse such headers. This change is meant to fix that.

@k0ral k0ral mentioned this pull request Feb 4, 2022
Closed
@k0ral k0ral force-pushed the master branch 2 times, most recently from abac1eb to b92baca Compare February 8, 2022 21:39
@zricethezav zricethezav self-assigned this Feb 19, 2022
@zricethezav zricethezav self-requested a review February 19, 2022 13:54
zricethezav
zricethezav reviewed Feb 19, 2022
View reviewed changes
gitdiff/binary.go
@@ -56,7 +59,9 @@ func (p *parser) ParseBinaryMarker() (isBinary bool, hasData bool, err error) {
case "Binary files differ\n":
case "Files differ\n":
default:
return false, false, nil
if !binaryRegexp.MatchString(p.Line(0)) {
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm wondering if we should optimize this to strings.Contains(p.Line(0), "Binary files") instead of using a regex. Gitleaks really shouldn't be inspecting any binary data.

Or perhaps maybe func (p *parser) ParseBinaryFragments(f *File) (n int, err error) { should always return false, false, nil.

WDYT @k0ral?

@weineran might you have thoughts on this?

Copy link
Author

@k0ral k0ral Feb 19, 2022
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm wondering if we should optimize this to strings.Contains(p.Line(0), "Binary files")

This sounds quite lax to me, how confident are we that the string "Binary files" can't appear anywhere else in a diff ?
Also, I realize now that MatchString is actually a "contains" rather than a "exactly matches", so for optimization sake, I guess we should enclose the pattern with ^$ to allow an early return, shouldn't we ?

Or perhaps maybe func (p *parser) ParseBinaryFragments(f *File) (n int, err error) { should always return false, false, nil.

Not sure I understand your proposal, as types don't match in your sentence :) . Did you mean:

  • ParseBinaryMarker should always return false, false, nil ?
  • or ParseBinaryFragments should always return 0, nil ?

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ParseBinaryMarker should always return false, false, nil ?

Whoops, this is what I meant. Good catch 😉

I guess we should enclose the pattern with ^$ to allow an early return, shouldn't we ?

That makes sense to me

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If parseBinaryMarker always returned false, false, nil, then:

  • f.IsBinary would always be false
  • ... which would essentially treat all files as non-binary
  • ... which would be incorrect, right ? :)

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You're catching me before having some caffeine in my system! ☕

If parseBinaryMarker always returned false, false, nil, then:
... which would be incorrect, right ? :)

You are right, that would be incorrect. What we are aiming for is if a binary file has been detected, treat that file as if it has no data. In other words, gitleaks should never scan binary files (for now). However, that logic might be better for another PR as this PR is a fix.

I think once I guess we should enclose the pattern with ^$ to allow an early return, shouldn't we ? has been added these changes look good to me.

Copy link
Author

@k0ral k0ral Feb 19, 2022
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull-request has been updated to add ^$.

@zricethezav
Copy link

LGTM now. Thanks for the contribution @k0ral!

@zricethezav zricethezav merged commit 464ab5f into gitleaks:master Feb 19, 2022
zricethezav pushed a commit that referenced this pull request Aug 16, 2022
@dustin-decker
wait the zombies (#1)
bef745d 
* wait the zombies

* close the reader

* defer order

* partially update tests
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@zricethezav zricethezav zricethezav left review comments

Assignees

@zricethezav zricethezav

Labels
None yet
Projects
None yet
Milestone
No milestone
2 participants
@k0ral @zricethezav