fix: filepaths with git anywhere in them being erroneously excluded #828
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This fix addresses an issue where the default exclude aimed to exclude
.git
folders is erroneously excluding any file paths withgit
in them.For example, given a path like
src/git-client/main.go
orclient-git/main.go
the current implementation fails to scan that directory. This causesgosec
to error withNo packages found
when a folder being scanned only contains.go
files in these erroneously matched paths.I verified this by using regexpal.com and the strings
src/git-client/main.go
andclient-git/main.go
mentioned above. The existing exclude.git
compiles to([\\/])?.git([\\/])?
which causes the problem as the.
isnt escaped. The fixed\\.git/
compiles to([\\/])?\.git\/([\\/])?
which escapes the leading.
and adds the protection of the required trailing/
indicating that it's a directory. This prevents file paths likesrc/.git-client/main.go
from being excluded while leaving the behavior originally desired in #485 intact.