-
-
Notifications
You must be signed in to change notification settings - Fork 1.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Detect NoGit scan appends source folder in the Fingerprint #1287
Comments
@uandrei thanks for opening this. Looks like the fingerprint path should be checked in this block too Lines 580 to 584 in e63b657
edit: ehm, actually that's a different issue. I reread the issue and understand now. Definitely need to look into this |
@zricethezav if you're happy, I would like to contribute to the repository with a PR to try and fix this issue. I've been looking for a solution and I think I've found a fix that works well when scans are run both locally and on build servers with and without the |
@zricethezav I'll try to explain where I think the issue is and how that can be fixed. To me it seems that the root issue is down to how the Lines 21 to 22 in 8d23afd
This means that when the Lines 369 to 370 in 8d23afd
My proposal is to update the Replace this: Lines 63 to 66 in 8d23afd
With this, as I've done in my fork:
The benefits of this change:
|
Describe the bug
When running detect --no-git with the source parameter (-s), the path provided in the source parameter is added to the Fingerprint which means that the fingerprints in the .gitleaksignore file need to have the full path in there too. This issue mostly manifests when running gitleaks on a build server and the source parameter is needed to ensure that the correct folder is scanned.
To Reproduce
gitleaks detect --verbose --no-git
- Expected Success - Actual Success - no secrets found (due tot he fingerprint in the .gitleaksignore file)gitleaks detect -s=c:\temp\gitleaks --verbose --no-git
- Expected Success - Actual Failed - the Fingerprint is now shown asFingerprint: c:\temp\gitleaks\Program.cs:generic-api-key:1
Screenshots
Basic Info (please complete the following information):
Additional context
Add any other context about the problem here.
cc @zricethezav
The text was updated successfully, but these errors were encountered: