Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fixed since_commit and tests #219

Merged
merged 3 commits into from
Jan 30, 2021
Merged

Fixed since_commit and tests #219

merged 3 commits into from
Jan 30, 2021

Conversation

dmrickert
Copy link

Fixes broken since_commit referenced in #218

The break is also obvious if you look at the git log and the hashes the since_commit tests were looking for. There was a commit that should've been found sooner, and it should've been found in all 3 current branches.

@cristianbriscaru
Copy link

Any progress on this?
We are experiencing the same issue

@dxa4481
Copy link
Collaborator

dxa4481 commented Sep 16, 2020

I'll try to take a look this weekend

@dxa4481 dxa4481 merged commit 288f35e into trufflesecurity:dev Jan 30, 2021
dxa4481 added a commit that referenced this pull request Jan 30, 2021
@dxa4481 @davidje13 @dmrickert
fixing since commit (#243)
a2d99f0 
* Add allow list for known secrets (#223)

* Include allow list

* Make newlines in allow list flexible

* Allow literals as well as regex in allow list

* Fix flexible newline regex

* Escape ALL THE THINGS

* Detect "\<cr>" and "\<lf>", simplify newline regex, allow diff chars after newlines

- re.escape also puts `\` in front of `<cr>` and `<lf>`, so account for that in the replacement.
- simplify newline replacement regex (and make slightly more flexible)
- detect leading + / - at start of diff lines

* changing wording a little

* Fixed since_commit and tests (#219)

* Fixed since_commit and tests

* Updated testing comment

Co-authored-by: Dylan Ayrey <dxa4481@rit.edu>

Co-authored-by: David Evans <davidje13@users.noreply.github.com>
Co-authored-by: Doug Rickert <dmrickert@gmail.com>
@salimane
Copy link

@dxa4481 a new release on pip would be welcomed

@dxa4481
Copy link
Collaborator

dxa4481 commented Feb 22, 2021

Hey @salimane I cut a release on February 4th, 2.2.1, are you having issues with that release?

@salimane
Copy link

0f223225d6efc8c64504d9381eececb06b14c0e6 is the last commit on https://github.com/dxa4481/truffleHog

If I run the following command

truffleHog --regex --entropy=False --since_commit=0f223225d6efc8c64504d9381eececb06b14c0e6 https://github.com/dxa4481/truffleHog

I will expect no warnings but it still scans the full commit history.

@dxa4481
Copy link
Collaborator

dxa4481 commented Feb 22, 2021

@salimane so trufflehog scans all branches, and looks for the since_commit in each branch it scans. Since the latest commit (in dev) isn't in the other branches, it still does a full scan of those https://github.com/dxa4481/truffleHog/blob/dev/truffleHog/truffleHog.py#L339

To get around this you can provide the branch flag to keep it only scanning a single branch.

I think that's it. Let me know if you find anything else wonky with it.

@salimane
Copy link

@dxa4481 thanks. I have added the branch flag and it worked.

@dxa4481 dxa4481 mentioned this pull request Feb 22, 2021
Closed
@D-Kalinin D-Kalinin mentioned this pull request Mar 4, 2021
Closed
anubhavaron pushed a commit to anubhavaron/truffleHog that referenced this pull request Mar 22, 2021
@dmrickert @dxa4481
Fixed since_commit and tests (trufflesecurity#219)
ba057d7 
* Fixed since_commit and tests

* Updated testing comment

Co-authored-by: Dylan Ayrey <dxa4481@rit.edu>
anubhavaron pushed a commit to anubhavaron/truffleHog that referenced this pull request Mar 22, 2021
@dmrickert @dxa4481
Fixed since_commit and tests (trufflesecurity#219)
2ff2dec 
* Fixed since_commit and tests

* Updated testing comment

Co-authored-by: Dylan Ayrey <dxa4481@rit.edu>
anubhavaron pushed a commit to anubhavaron/truffleHog that referenced this pull request Mar 22, 2021
@dmrickert @dxa4481
Fixed since_commit and tests (trufflesecurity#219)
16c8557 
* Fixed since_commit and tests

* Updated testing comment

Co-authored-by: Dylan Ayrey <dxa4481@rit.edu>
@edplato edplato mentioned this pull request Jun 30, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@dmrickert @cristianbriscaru @dxa4481 @salimane