Scan commit metadata #2713
Merged
Scan commit metadata #2713
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
rosecodym
reviewed
Apr 22, 2024
| // Scan the commit metadata. | ||
| // See https://github.com/trufflesecurity/trufflehog/issues/2683 | ||
| var ( | ||
| metadata = s.sourceMetadataFunc("", email, fullHash, when, remoteURL, 0) |
There was a problem hiding this comment.
Can we use a magic constant filename to signal to users that the chunk came from commit metadata? I'm a little worried that a missing filename might confuse people.
There was a problem hiding this comment.
We could do something obvious like COMMIT. I will mention that empty filename is currently how this is handled elsewhere, e.g., comments
There was a problem hiding this comment.
Ah, if this isn't a new approach I'm less concerned about it, but it still seems like if it's low-hanging fruit we might as well grab it while we're here. I'll leave the decision on fruit height up to you.
rgmz
force-pushed
the
feat/scan-commit-metadata
branch
3 times, most recently
from
6de32aa
to
76d5cb5
Compare
rgmz
force-pushed
the
feat/scan-commit-metadata
branch
from
76d5cb5
to
e4f4af8
Compare
rgmz
commented
Apr 23, 2024
| @@ -22,7 +22,7 @@ import ( | |||
|
|
|||
| const ( | |||
| // defaultDateFormat is the standard date format for git. | |||
| defaultDateFormat = "Mon Jan 02 15:04:05 2006 -0700" | |||
| defaultDateFormat = "Mon Jan 2 15:04:05 2006 -0700" | |||
There was a problem hiding this comment.
I believe this is a bug as git log appears to use d and not dd formatting. It's unclear if or how frequently this failure occurred, as the logging in isDateLine/isAuthorDateLine was level 2.
rosecodym
approved these changes
Apr 23, 2024
| // Scan the commit metadata. | ||
| // See https://github.com/trufflesecurity/trufflehog/issues/2683 | ||
| var ( | ||
| metadata = s.sourceMetadataFunc("", email, fullHash, when, remoteURL, 0) |
There was a problem hiding this comment.
Ah, if this isn't a new approach I'm less concerned about it, but it still seems like if it's low-hanging fruit we might as well grab it while we're here. I'll leave the decision on fruit height up to you.
|
Linting issues seem to be carried over from #2643. https://github.com/trufflesecurity/trufflehog/actions/runs/8802614804 |
|
@rosecodym Any idea what might be causing the Edit: perhaps a slight mishap causing the commit to have a |
|
@rgmz should we revert this until we can figure out what's going on? |
|
Perhaps. The specific error seems to be caused by the test logic (commit + - + file); it's unclear whether that's indicative of an actual issue. trufflehog/pkg/sources/git/git_test.go Lines 249 to 251 in 81a9c81 I think it's caused by the commit metadata being sent, which is introducing new chunks that aren't accounted for. trufflehog/pkg/sources/git/git_test.go Lines 182 to 184 in 81a9c81 |
|
Ok, I'm going to revert. Thanks for catching this so early! |
rosecodym
added a commit
that referenced
this pull request
Apr 25, 2024
This reverts commit 81a9c81.
rosecodym
added a commit
that referenced
this pull request
Apr 25, 2024
rosecodym
pushed a commit
that referenced
this pull request
Apr 29, 2024
This is a follow-up to #2713 that fixes the strange test error. As suspected, the failure was caused by additional diffs not being included in the test's expected data.
haraldh
added a commit
to matter-labs/vault-auth-tee
that referenced
this pull request
May 6, 2024
[](https://renovatebot.com) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [trufflesecurity/trufflehog](https://togithub.com/trufflesecurity/trufflehog) | action | minor | `v3.74.0` -> `v3.75.0` | --- ### Release Notes <details> <summary>trufflesecurity/trufflehog (trufflesecurity/trufflehog)</summary> ### [`v3.75.0`](https://togithub.com/trufflesecurity/trufflehog/releases/tag/v3.75.0) [Compare Source](https://togithub.com/trufflesecurity/trufflehog/compare/v3.74.0...v3.75.0) #### What's Changed - \[chore] - update buffer metrics by [@​ahrav](https://togithub.com/ahrav) in [trufflesecurity/trufflehog#2737 - fix(deps): update module github.com/aws/aws-sdk-go to v1.51.28 by [@​renovate](https://togithub.com/renovate) in [trufflesecurity/trufflehog#2741 - chore(deps): update golangci/golangci-lint-action action to v5 by [@​renovate](https://togithub.com/renovate) in [trufflesecurity/trufflehog#2744 - Scan commit metadata by [@​rgmz](https://togithub.com/rgmz) in [trufflesecurity/trufflehog#2713 - Fix SQL Server detector tests by [@​rosecodym](https://togithub.com/rosecodym) in [trufflesecurity/trufflehog#2716 - Revert "Scan commit metadata" by [@​rosecodym](https://togithub.com/rosecodym) in [trufflesecurity/trufflehog#2747 - \[bug] - Refactor newDiff constructor to avoid double initialization of contentWriter by [@​ahrav](https://togithub.com/ahrav) in [trufflesecurity/trufflehog#2742 - \[chore] - update buffered file writer metric by [@​ahrav](https://togithub.com/ahrav) in [trufflesecurity/trufflehog#2740 - \[refactor] - lazy buffer retrieval by [@​ahrav](https://togithub.com/ahrav) in [trufflesecurity/trufflehog#2745 - \[chore] Remove broken test by [@​mcastorina](https://togithub.com/mcastorina) in [trufflesecurity/trufflehog#2748 - \[bug] - fix buffer size metric by [@​ahrav](https://togithub.com/ahrav) in [trufflesecurity/trufflehog#2749 - \[bug] - Fix the metric for buffered file writer writes by [@​ahrav](https://togithub.com/ahrav) in [trufflesecurity/trufflehog#2750 - fix(deps): update module github.com/aws/aws-sdk-go to v1.51.29 by [@​renovate](https://togithub.com/renovate) in [trufflesecurity/trufflehog#2751 - update integration logos by [@​dustin-decker](https://togithub.com/dustin-decker) in [trufflesecurity/trufflehog#2752 - fix(deps): update module github.com/aws/aws-sdk-go to v1.51.30 by [@​renovate](https://togithub.com/renovate) in [trufflesecurity/trufflehog#2756 - \[chore] - add additional binary extension by [@​ahrav](https://togithub.com/ahrav) in [trufflesecurity/trufflehog#2760 - pkg: fix function names in comment by [@​mountcount](https://togithub.com/mountcount) in [trufflesecurity/trufflehog#2761 - \[chore] - ignore pbix and vsdx files by [@​ahrav](https://togithub.com/ahrav) in [trufflesecurity/trufflehog#2762 - fix(deps): update module github.com/aws/aws-sdk-go to v1.51.31 by [@​renovate](https://togithub.com/renovate) in [trufflesecurity/trufflehog#2763 - Scan commit metadata by [@​rgmz](https://togithub.com/rgmz) in [trufflesecurity/trufflehog#2754 - \[bug] - Correctly set metrics for enumerated orgs by [@​ahrav](https://togithub.com/ahrav) in [trufflesecurity/trufflehog#2757 - \[chore ] -Update ignore extensions by [@​ahrav](https://togithub.com/ahrav) in [trufflesecurity/trufflehog#2764 - \[chore] Add some happy path logs to GitLab by [@​mcastorina](https://togithub.com/mcastorina) in [trufflesecurity/trufflehog#2765 - Fix Git source test by [@​rgmz](https://togithub.com/rgmz) in [trufflesecurity/trufflehog#2767 - \[feat] - buffered file reader by [@​ahrav](https://togithub.com/ahrav) in [trufflesecurity/trufflehog#2731 - \[feat] - Add ReadFrom method to BufferedFileWriter by [@​ahrav](https://togithub.com/ahrav) in [trufflesecurity/trufflehog#2759 - fix(deps): update module google.golang.org/protobuf to v1.34.0 by [@​renovate](https://togithub.com/renovate) in [trufflesecurity/trufflehog#2766 - \[bug] - Improve BufferedFileReader Close Behavior by [@​ahrav](https://togithub.com/ahrav) in [trufflesecurity/trufflehog#2768 - fixes calendly api key regex by [@​ankushgoel27](https://togithub.com/ankushgoel27) in [trufflesecurity/trufflehog#2368 - Expose detector-specific false positive logic by [@​rosecodym](https://togithub.com/rosecodym) in [trufflesecurity/trufflehog#2743 - Detector-Fix: Reintroduce Cloudflareglobalapikey by [@​ankushgoel27](https://togithub.com/ankushgoel27) in [trufflesecurity/trufflehog#2101 - Detector-Competition-Fix - fixed the alchemy detector regex by [@​ankushgoel27](https://togithub.com/ankushgoel27) in [trufflesecurity/trufflehog#1821 - fix(deps): update module github.com/aws/aws-sdk-go to v1.51.32 by [@​renovate](https://togithub.com/renovate) in [trufflesecurity/trufflehog#2769 - fix(deps): update module google.golang.org/api to v0.177.0 by [@​renovate](https://togithub.com/renovate) in [trufflesecurity/trufflehog#2770 - \[chore] - update imports by [@​ahrav](https://togithub.com/ahrav) in [trufflesecurity/trufflehog#2772 - adds build version to finished scanning log by [@​zricethezav](https://togithub.com/zricethezav) in [trufflesecurity/trufflehog#2773 - Update rabbitmq.go regex detect amqps protocol by [@​NikhilPanwar](https://togithub.com/NikhilPanwar) in [trufflesecurity/trufflehog#2609 - fix for infinite recursion in Postman var sub by [@​zricethezav](https://togithub.com/zricethezav) in [trufflesecurity/trufflehog#2780 #### New Contributors - [@​mountcount](https://togithub.com/mountcount) made their first contribution in [trufflesecurity/trufflehog#2761 **Full Changelog**: trufflesecurity/trufflehog@v3.74.0...v3.75.0 </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/matter-labs/vault-auth-tee). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4zMzEuMCIsInVwZGF0ZWRJblZlciI6IjM3LjMzMS4wIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119-->
](https://renovatebot.com){kind=link}
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description:
This fixes #2683. It scans the commit author, committer (which is typically
GitHub <noreply@github.com>for GitHub, but can be different), and message.Admittedly, this implementation is a bit of guess-work and may not be the best way.
Checklist:
make test-community)?make lintthis requires golangci-lint)?