Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Tartufo does not detect secrets in filenames (in the name of the files) #188

Closed
pmevzek-godaddy opened this issue Apr 23, 2021 · 1 comment 路 Fixed by #259
Closed

Tartufo does not detect secrets in filenames (in the name of the files) #188

pmevzek-godaddy opened this issue Apr 23, 2021 · 1 comment 路 Fixed by #259
Assignees
@sushantmimani
Labels
bug Something isn't working
Milestone
Version 3.0

Comments

@pmevzek-godaddy
Copy link

馃悰 Bug Report

It may happen that a secret, like an API key is just a filename or part of a filename.
Voluntarily or involuntarily (bad output, etc.)
This secret is not seen by tartufo.

To Reproduce

Same string is used as a secret inside a file and as a filename. Tartufo sees the secret string
only inside the content of the file, not as the filename.

$ git init test
$ cd test
$ git commit --allow-empty --allow-empty-message -m 'Start'
$ echo "This is a secret: ef55191bd917afe4f2b488c5323c9ab4" > secret.txt
$ touch ef55191bd917afe4f2b488c5323c9ab4.txt
$ git add *
$ git --no-pager diff --cached
diff --git a/ef55191bd917afe4f2b488c5323c9ab4.txt b/ef55191bd917afe4f2b488c5323c9ab4.txt
new file mode 100644
index 0000000..e69de29
diff --git a/secret.txt b/secret.txt
new file mode 100644
index 0000000..d98668e
--- /dev/null
+++ b/secret.txt
@@ -0,0 +1 @@
+This is a secret: ef55191bd917afe4f2b488c5323c9ab4
$ tartufo --json --entropy --regex pre-commit  | jq .
{
  "scan_time": "2021-04-23T17:11:35.828653",
  "project_path": "/private/tmp/test",
  "output_dir": null,
  "excluded_paths": [],
  "excluded_signatures": [],
  "found_issues": [
    {
      "file_path": "secret.txt",
      "matched_string": "ef55191bd917afe4f2b488c5323c9ab4",
      "signature": "c00592a980a844cf229a6c0a5bfec004f1798d9b426021fa97dffde4299558ec",
      "issue_type": "High Entropy",
      "issue_detail": null,
      "diff": "@@ -0,0 +1 @@\n+This is a secret: ef55191bd917afe4f2b488c5323c9ab4\n"
    }
  ]
}
$ git restore --staged secret.txt
$ rm secret.txt
$ git --no-pager diff --cached
diff --git a/ef55191bd917afe4f2b488c5323c9ab4.txt b/ef55191bd917afe4f2b488c5323c9ab4.txt
new file mode 100644
index 0000000..e69de29
$ tartufo --json --entropy --regex pre-commit  | jq .
{
  "scan_time": "2021-04-23T17:12:10.242407",
  "project_path": "/private/tmp/test",
  "output_dir": null,
  "excluded_paths": [],
  "excluded_signatures": [],
  "found_issues": []
}

Expected Behavior

Tartufo should report problems for filenames exactly as for file contents.
Same for directory names of course.

Code Example

See above.

Environment

$ tartufo --version
tartufo, version 2.4.0
@pmevzek-godaddy pmevzek-godaddy added the bug Something isn't working label Apr 23, 2021
@tarkatronic tarkatronic added this to the Version 3.0 milestone Oct 15, 2021
@sushantmimani sushantmimani self-assigned this Oct 28, 2021
@sushantmimani sushantmimani mentioned this issue Nov 2, 2021
Merged
15 tasks
@tarkatronic tarkatronic linked a pull request Nov 4, 2021 that will close this issue
Add a new "--scan-filename/--no-scan-filename" flag #259
Merged
15 tasks
@tarkatronic
Copy link
Contributor

Fixed in #259

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@sushantmimani sushantmimani

Labels
bug Something isn't working
Projects
None yet
Milestone
Version 3.0
Development

Successfully merging a pull request may close this issue.

Add a new "--scan-filename/--no-scan-filename" flag sushantmimani/tartufo
3 participants
@tarkatronic @sushantmimani @pmevzek-godaddy