New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix --since_commit parameter #108
Comments
What was the issue? |
if you pass a hash to the if |
My understanding is What was buggy? |
You can check the example here, But before we continue, I want to clarify if I'm understanding the For example, we have a few commit hashes
And I run truffleHog with parameter If I run it with the current code, with the |
after |
Yes, so changing |
You haven't answered my question, which is, what exactly isn't working? right now after |
yes they evaluate to True, but since you have |
I don't think Try running the following code: >>> for i in range(10):
... if i > 5:
... continue
... print(i)
...
0
1
2
3
4
5 |
True, that is the output I get after running your code.
try this, this compares the output between using
break
based on the example above, I think |
But that's not what's happening. Here's the exact code snippet if commitHash == since_commit:
since_commit_reached = True
if since_commit and since_commit_reached:
prev_commit = curr_commit
continue since_commit_reached is set to True once, but it stays true. And that forces the second if statement to continue to evaluate True. |
FWIW,
|
@fahrishb @milo-minderbinder does this work now? I seem to be having problems if I scan the second newest commit, it doesn't seem to find anything in the newest commit until I make another commit. So it appears to skip the first commit it finds. |
I've stumbled upon this same issue when playing around with I would expect to see both secrets on the first call, also both secrets on the second call and just the entropy secret on the third call. That it the expected behavior, right? (env) lufte@lufte-thinkpad:~/projects/test-repo$ git init
Initialized empty Git repository in /home/lufte/projects/test-repo/.git/
(env) lufte@lufte-thinkpad:~/projects/test-repo$ cat no_secret
#!/usr/bin
echo normal file
(env) lufte@lufte-thinkpad:~/projects/test-repo$ git add no_secret && git commit -m "normal file"
[master (root-commit) c5bd51f] normal file
1 file changed, 3 insertions(+)
create mode 100644 no_secret
(env) lufte@lufte-thinkpad:~/projects/test-repo$ trufflehog --regex .
(env) lufte@lufte-thinkpad:~/projects/test-repo$ cat id_rsa
-----BEGIN RSA PRIVATE KEY-----
111111111111111111111111111111
-----END RSA PRIVATE KEY-----
(env) lufte@lufte-thinkpad:~/projects/test-repo$ git add id_rsa && git commit -m "secret ssh key"
[master 5e4bc66] secret ssh key
1 file changed, 3 insertions(+)
create mode 100644 id_rsa
(env) lufte@lufte-thinkpad:~/projects/test-repo$ trufflehog --regex .
~~~~~~~~~~~~~~~~~~~~~
Reason: RSA private key
Date: 2019-02-04 13:29:01
Hash: 5e4bc66c275d087dea6b828100058ac55b92cbf2
Filepath: id_rsa
Branch: origin/master
Commit: secret ssh key
-----BEGIN RSA PRIVATE KEY-----
~~~~~~~~~~~~~~~~~~~~~
(env) lufte@lufte-thinkpad:~/projects/test-repo$ cat secret
4reZuwh+q03FNsn21YfZEEnEIg+8GP+EJmTR0nYRDdZEyPxbor/WWCcBdTSAuRaivYZPJdBb0eLP
(env) lufte@lufte-thinkpad:~/projects/test-repo$ git add secret && git commit -m "add secret"
[master 43024a0] add secret
1 file changed, 1 insertion(+)
create mode 100644 secret
(env) lufte@lufte-thinkpad:~/projects/test-repo$ trufflehog --regex .
~~~~~~~~~~~~~~~~~~~~~
Reason: High Entropy
Date: 2019-02-04 13:29:25
Hash: 43024a0653cb890debe493f8efb0bc7afad4245d
Filepath: secret
Branch: origin/master
Commit: add secret
@@ -1 +0,0 @@
-4reZuwh+q03FNsn21YfZEEnEIg+8GP+EJmTR0nYRDdZEyPxbor/WWCcBdTSAuRaivYZPJdBb0eLP
~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~
Reason: RSA private key
Date: 2019-02-04 13:29:01
Hash: 5e4bc66c275d087dea6b828100058ac55b92cbf2
Filepath: id_rsa
Branch: origin/master
Commit: secret ssh key
-----BEGIN RSA PRIVATE KEY-----
~~~~~~~~~~~~~~~~~~~~~
(env) lufte@lufte-thinkpad:~/projects/test-repo$ git log
commit 43024a0653cb890debe493f8efb0bc7afad4245d (HEAD -> master)
Author: lufte <javierayres@gmail.com>
Date: Mon Feb 4 13:29:25 2019 -0300
add secret
commit 5e4bc66c275d087dea6b828100058ac55b92cbf2
Author: lufte <javierayres@gmail.com>
Date: Mon Feb 4 13:29:01 2019 -0300
secret ssh key
commit c5bd51f0e6aa43a8696143a569c784ed5fa352e6
Author: lufte <javierayres@gmail.com>
Date: Mon Feb 4 13:28:35 2019 -0300
normal file
(env) lufte@lufte-thinkpad:~/projects/test-repo$ trufflehog --regex --since_commit=c5bd51f0e6aa43a8696143a569c784ed5fa352e6 .
~~~~~~~~~~~~~~~~~~~~~
Reason: High Entropy
Date: 2019-02-04 13:29:25
Hash: 43024a0653cb890debe493f8efb0bc7afad4245d
Filepath: secret
Branch: origin/master
Commit: add secret
@@ -1 +0,0 @@
-4reZuwh+q03FNsn21YfZEEnEIg+8GP+EJmTR0nYRDdZEyPxbor/WWCcBdTSAuRaivYZPJdBb0eLP
~~~~~~~~~~~~~~~~~~~~~
(env) lufte@lufte-thinkpad:~/projects/test-repo$ trufflehog --regex --since_commit=5e4bc66c275d087dea6b828100058ac55b92cbf2 .
(env) lufte@lufte-thinkpad:~/projects/test-repo$ trufflehog --regex --since_commit=43024a0653cb890debe493f8efb0bc7afad4245d . |
Yeah since_commit appears to be quite buggy that you need |
Should we implement a since_commit similar feature with the date-time to the commit? It could be --since-date and we could limit the iteration on each branch with the datetime token. |
any idea on when will this be fixed? cheers |
the same happens here! |
Trufflehog's --since_commit option doesn't seem to work properly (see trufflesecurity/trufflehog#108). Instead, search for secrets only in the current feature branch's commits by using the --branch and --max_depth options. Semantically, this ought to be the same as using --since_commit.
As described in trufflesecurity#108 the --since_commit parameter didn't stop at the given commit.
…108) Bumps [github.com/aws/aws-sdk-go-v2/service/sts](https://github.com/aws/aws-sdk-go-v2) from 1.16.1 to 1.16.2. - [Release notes](https://github.com/aws/aws-sdk-go-v2/releases) - [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/CHANGELOG.md) - [Commits](aws/aws-sdk-go-v2@v1.16.1...service/efs/v1.16.2) --- updated-dependencies: - dependency-name: github.com/aws/aws-sdk-go-v2/service/sts dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Hi, how can I contribute to this project?
I was running truffleHog and using the
--since_commit
parameter, however it was buggy and did not work as expected. I made a very small change, and it worked as expected. Do you accept PRs or should I just tell you the change so you can verify it?The text was updated successfully, but these errors were encountered: