-
Notifications
You must be signed in to change notification settings - Fork 1.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update gitparse logic #1486
Update gitparse logic #1486
Conversation
e46ff90
to
a169ddc
Compare
Thanks for taking this on @rgmz! Looping in @bill-rich to have a look as well. |
e55a5fe
to
761b111
Compare
@rgmz thanks for taking a crack at this issue! At a glance this looks like some high quality stuff. I'll put some eyes on it this afternoon.
Thanks for being so thorough with your testing! Would you mind letting us know your results? Also feel free to ping us when you remove the draft label. In the meantime I'll start reviewing some of this |
This is great! The context awareness for each line looks like it'll solve most of the hacky bits used before. |
I ran this against all the repositories listed in the description and none of them panicked, which would suggest that the logic covers many possibilities. I wouldn't be surprised if this still has some edge cases, however, I haven't found any yet. trufflehog/pkg/gitparse/gitparse.go Lines 396 to 402 in 1d63ddc
Tracking |
1d63ddc
to
cd8ed15
Compare
@rgmz amazing work Richard! I just have one comment that is worth addressing, otherwise I think this PR is good to go. Thanks for adding thorough unit tests and reporting your integration test. Super high quality PR 🙇🏻 🥳 🎈 |
6681fc5
to
a0dfea1
Compare
I replaced the panic with some basic logging + recovery logic. However,
|
Did some tests against large repos and the findings match the existing version. Performance also seems on par, so things look good on both of those fronts. |
@rgmz Woof, that panic looks gnarly and hard to gain anything from that trace since it looks like it's cgo. This just started popping up after the error logging? |
This comment was marked as resolved.
This comment was marked as resolved.
It seems that Go really dislikes Give it a try locally and let me know if you can reproduce this. $ go test -count=1 -timeout 30s -run ^TestMaxDiffSize$ github.com/trufflesecurity/trufflehog/v3/pkg/gitparse |
2a983ff
to
7e6c850
Compare
9588405
to
317313e
Compare
317313e
to
e882bf9
Compare
Hey @rgmz
I'm not seeing any panics! Nice job. Top-level variables used in test files sound unstable-ish so I'm glad you figured out a fix. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Great work @rgmz!!!
This fixes #1457.
It's a first-pass rewrite of
gitparse.go
and could undoubtedly use some changes. Feedback is welcome.At the very least, it needs better error-handling for unhandled edge cases. I plan to run trufflehog against different large repositories to see if there are any issues.
This should correctly parse all of the following scenarios. For the sake of keeping these diagrams simple and legible, "end" represents either a new commit or diff, or the end of the input.
To-dos:
/cc @zricethezav