Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Secret finding is not detected when Read operation returns both n > 0 bytes and EOF #1400

Open
dbrisson21 opened this issue May 3, 2024 · 0 comments
Open

Secret finding is not detected when Read operation returns both n > 0 bytes and EOF #1400

dbrisson21 opened this issue May 3, 2024 · 0 comments
Labels
bug Something isn't working

Comments

@dbrisson21
Copy link

Describe the bug
I have observed a scenario where a secret string is not properly detected if the Read() operation returns n > 0 bytes and the EOF flag.

Additional information:
According to the golang v1.22.2 documentation:

a Reader returning a non-zero number of bytes at the end of the input stream may return either err == EOF or err == nil.

The documentation also states that:
Callers should always process the n > 0 bytes returned before considering the error err.

To Reproduce
I have implemented the following unit test to help reproducing the issue :

package detect

import (
	"fmt"
	"io"
	"strings"
	"testing"

	"github.com/stretchr/testify/assert"
)

type mockRead func(secret []byte) (int, error)

func (m mockRead) Read(secret []byte) (int, error) {
	return m(secret)
}

// TestDetectReader tests the DetectReader function.
func TestDetectReader(t *testing.T) {
	var detector *Detector
	var secret = "AKIAIRYLJVKMPEXAMPLE"

	testString := strings.NewReader(secret)
	tests := []struct {
		name          string
		reader        io.Reader
		bufSize       int
		findingsCount int
	}{
		{
			name:          "Test case - Reader returns n > 0 bytes and nil error",
			bufSize:       10,
			findingsCount: 1,
			reader:        testString,
		},
		{
			name:          "Test case - Reader returns n > 0 bytes and io.EOF error", // this test case is failing with the current implementation
			bufSize:       10,
			findingsCount: 1,
			reader: mockRead(func(secret []byte) (int, error) {
				return 20, io.EOF
			}),
		},
	}

	for _, test := range tests {
		fmt.Printf("Running test case: %v\n", test.name)
		detector, _ = NewDetectorDefaultConfig()
		findings, _ := detector.DetectReader(test.reader, test.bufSize)
		assert.Equal(t, test.findingsCount, len(findings))
	}
}

Expected behavior
I am expecting the secret to be detected in both of these scenarios:

  • n > 0 bytes returned, err == nil
  • n > 0 bytes returned, err == io.EOF

Screenshots
N/A

Basic Info (please complete the following information):

  • OS: Sonoma 14.3.1 Darwin Kernel Version 23.3.0
  • Gitleaks Version: v8.18.2

Additional context

cc @zricethezav
@dbrisson21 dbrisson21 added the bug Something isn't working label May 3, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@dbrisson21