GitLeaks making Error with "Invalid revision range"

[tarunkant]

Hello, I would like to report an issue where GitLeaks CI fails with the error Invalid revision range.

Reproduction steps:

1. Create a PR with a commit to a target branch that runs GitLeaks on PRs
2. Instantly, create a new commit on the source branch
3. Notice the GitLeaks CI check fails on the 1st commit with similar to below details:

[...]
7:30AM DBG executing: /usr/bin/git -C . log -p -U0 --no-merges --first-parent a833a[...]^..ea4e0[...]
7:30AM ERR [git] fatal: Invalid revision range a833a[...]^..ea4e0[...][27](https://github.com/xxxxx#step:5:28)
7:30AM DBG 0 commits scanned. Note: this number might be smaller than expected due to commits with no additions
7:30AM ERR git error encountered, see logs
7:30AM WRN partial scan completed in 60.2ms
7:30AM WRN no leaks found in partial scan
[...]

This issue seems like a race-condition to me where the GitLeaks initiated on the 1st commit but also got the details of the latest commit but git log does not have the details about the latest commit.

Root Cause: I also did some analysis: 1st commit: a833a --> Initiated the GitLeaks CI --> Fails with Invalid revision range error 2nd commit: ea4e0 (note that this commit should be instantly after the 1st commit so that GitLeaks gets confused) --> Initiated the GitLeaks CI --> Pass (obv if no leak found)

Now notice, GitLeaks on the 1st commit has the Invalid revision range error, and looking in detail you will find out that it also has the commit address of the 2nd commit. How is that possible?

cc/ @weineran @zricethezav

Thanks!

[lukasmrtvy]

Related https://github.com/gitleaks/gitleaks-action/pull/113 ?

[tarunkant]

Yes, kind of similar to #113.