No findings when filename contains spaces

Bearer / bearer

Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.

https://docs.bearer.com

Other

1.98k stars 98 forks source link

No findings when filename contains spaces #1693

Open andreasbrett opened 1 week ago

andreasbrett commented 1 week ago

Description & Reproduction

When duplicating a file that produces findings and giving that file a name containing spaces, bearer will not have findings for the file.

Expected Behavior

Findings should not be affected by the filename.

Actual Behavior

Possible Fix

Your Environment

Operating System and version:
Output of 'bearer version':
```
bearer version: 1.46.1
sha: xxx
```

elsapet commented 6 days ago

Hi @andreasbrett - thanks for raising this.

I am unable to reproduce the issue on my side, and it is unlikely to be related to the filename, because Bearer will scan a files regardless of spaces in their filenames.

To help me investigate further, could you share the full command you are using to run the scan? Does the issue persist even when using the --force flag (to rule out any caching weirdness), and/or when scanning just that single file?

andreasbrett commented 6 days ago

@elsapet I got this for a diff scan in a merge request in GitLab. When I tried to reproduce it without any complications added (no git, no diff), bearer indeed picked up the file with spaces.

Digging deeper I found that this is only when running bearer in diff mode (with and without --force). If the diff only contains the file with spaces, bearer will return with couldn't find any files to scan in the specified directory, for diff scans this can mean the compared branches were identical.