You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
If a data source supports 'line of code', then the line of code value should be calculated and reported in results regardless of which data source is selected (e.g. filesystem, git).
Actual Behavior
The line of code value is not consistently reported in results, depending upon which data source is used.
When scanning with the 'git' data source, the line of code values are present for all findings, however when scanning with the 'filesystem' data source, line of code values are missing for approximately 50% (5 out of 10) samples.
This behaviour appears to be dependant upon the custom detector's regular expression pattern configured. An explicit pattern which returns the same raw secret type for each finding, returns line of code values (albeit inaccurately) for most, whereas a slightly more broad pattern did not produce any line numbers when using the filesystem data source.
Steps to Reproduce
Create a file with multiple instances (at least two) of the exact same secret, one after another. The secret must contain the exact same value, and type.
Scan the file with TruffleHog configured with 'git' data source
Scan the file with TruffleHog configured with 'fileystem' data source, against the same file
The results will not consistently have line of code values present
Environment
OS: All
Version: v3.68.0
Additional Context
This behaviour was identified while analysing the root cause of #2502 and was noticed that changing data sources produce results which are inconsistent with one another. There is more documentation on that issue, and sample files which produce the inconsistent output and their results here:
Please review the Community Note before submitting
TruffleHog Version
v3.4.3 to present
Trace Output
N/A
Expected Behavior
If a data source supports 'line of code', then the line of code value should be calculated and reported in results regardless of which data source is selected (e.g. filesystem, git).
Actual Behavior
The line of code value is not consistently reported in results, depending upon which data source is used.
When scanning with the 'git' data source, the line of code values are present for all findings, however when scanning with the 'filesystem' data source, line of code values are missing for approximately 50% (5 out of 10) samples.
This behaviour appears to be dependant upon the custom detector's regular expression pattern configured. An explicit pattern which returns the same raw secret type for each finding, returns line of code values (albeit inaccurately) for most, whereas a slightly more broad pattern did not produce any line numbers when using the filesystem data source.
Steps to Reproduce
Environment
Additional Context
This behaviour was identified while analysing the root cause of #2502 and was noticed that changing data sources produce results which are inconsistent with one another. There is more documentation on that issue, and sample files which produce the inconsistent output and their results here:
References
The text was updated successfully, but these errors were encountered: