search

SAP / credential-digger

A Github scanning tool that identifies hardcoded credentials while filtering the false positive data through machine learning models :lock:
Apache License 2.0
325 stars 49 forks source link

Added branch name to export csv #327

Closed wassafshahzad closed 1 month ago

wassafshahzad commented 1 month ago

Description

Added branch name is to discoveries model so that it can be exported to csv later on.

Linked Issues

closes #324

CSV FIle after branch name addition

report-polymer_traders (5).csv

pep8speaks commented 1 month ago

Hello @wassafshahzad! Thanks for updating this PR.

Line 1264:80: E501 line too long (82 > 79 characters)

Line 161:80: E501 line too long (80 > 79 characters)

Comment last updated at 2024-10-12 21:25:40 UTC
cla-assistant[bot] commented 1 month ago

CLA assistant check
All committers have signed the CLA.

marcorosa commented 1 month ago

Hi @wassafshahzad Thank you for taking the time to submit your pull request.

We appreciate your effort to contribute to the project. However, after reviewing the changes, we’ve decided not to merge it at this time for a couple of reasons.

  1. Breaking Change: Your pull request introduces a new attribute (branch_name) in the database schema. This change would be a breaking change for our users, potentially causing numerous issues for those with existing deployments. Since the new feature is only a minor enhancement, we don't believe the benefit outweighs the disruption it could cause to our users.
  2. Conceptual Flaw: There is an issue with how the branch_name is being fetched. The current approach relies on the order given to the branches with the call branches = repo.remotes.origin.fetch(), which can be misleading. Credential Digger employs a greedy scanning strategy to avoid scanning the same commit multiple times. Consequently, the branch_name assigned to a commit could be the first listed, even if the commit appears in multiple branches or has been merged and later forked. For example, this commit from Credential Digger repository should appear in the following branches: 
    develop 
fix/arguments-cli 
main 
dependabot/pip/develop/hyperscan-0.7.7 
dependabot/pip/develop/pytest-approx-eq-8.2.1 
dependabot/pip/develop/pytest-approx-eq-8.3.1 
dependabot/pip/develop/rich-approx-eq-13.8 
dependabot/pip/develop/rich-approx-eq-13.9 
dependabot/pip/develop/tensorflow-2.16.2 
dependabot/pip/develop/tensorflow-2.17.0 
(and probably others)

    How can we definitively pick only one branch?

  3. Incomplete Implementation: The current implementation addresses only one scan function (the standard scan function) without considering others that could be compatible (e.g., scan_snapshot)

Thanks again for your effort and understanding.