With an empty repository, tartufo pre-commit raises an exception. tartufo scan-local-repo does not raise an exception.
To Reproduce
$ git init test2
Initialized empty Git repository in /private/tmp/test2/.git/
$ cd test2
$ echo OnVybD48OnVybD48c21kOnZvaWNlPiszMi4yMDAwMDAwMDwvc21kOnZvaWNlPjwvc21kOmlzc3VlckluZm8 > secret.txt
$ git add secret.txt
$ tartufo --entropy pre-commit
Traceback (most recent call last):
File "/Users/mevzek/.local/bin/tartufo", line 8, in <module>
sys.exit(main())
File "/Users/mevzek/.local/pipx/venvs/tartufo/lib/python3.9/site-packages/click/core.py", line 1130, in __call__
return self.main(*args, **kwargs)
File "/Users/mevzek/.local/pipx/venvs/tartufo/lib/python3.9/site-packages/click/core.py", line 1055, in main
rv = self.invoke(ctx)
File "/Users/mevzek/.local/pipx/venvs/tartufo/lib/python3.9/site-packages/click/core.py", line 1657, in invoke
return _process_result(sub_ctx.command.invoke(sub_ctx))
File "/Users/mevzek/.local/pipx/venvs/tartufo/lib/python3.9/site-packages/click/core.py", line 1404, in invoke
return ctx.invoke(self.callback, **ctx.params)
File "/Users/mevzek/.local/pipx/venvs/tartufo/lib/python3.9/site-packages/click/core.py", line 760, in invoke
return __callback(*args, **kwargs)
File "/Users/mevzek/.local/pipx/venvs/tartufo/lib/python3.9/site-packages/click/decorators.py", line 38, in new_func
return f(get_current_context().obj, *args, **kwargs)
File "/Users/mevzek/.local/pipx/venvs/tartufo/lib/python3.9/site-packages/click/decorators.py", line 26, in new_func
return f(get_current_context(), *args, **kwargs)
File "/Users/mevzek/.local/pipx/venvs/tartufo/lib/python3.9/site-packages/tartufo/commands/pre_commit.py", line 28, in main
util.process_issues(str(repo_path), scanner, options)
File "/Users/mevzek/.local/pipx/venvs/tartufo/lib/python3.9/site-packages/tartufo/util.py", line 253, in process_issues
echo_result(options, scan, repo_path, output_dir)
File "/Users/mevzek/.local/pipx/venvs/tartufo/lib/python3.9/site-packages/tartufo/util.py", line 104, in echo_result
for issue in scanner.scan():
File "/Users/mevzek/.local/pipx/venvs/tartufo/lib/python3.9/site-packages/tartufo/scanner.py", line 571, in scan
for chunk in self.chunks: # pylint: disable=too-many-nested-blocks
File "/Users/mevzek/.local/pipx/venvs/tartufo/lib/python3.9/site-packages/tartufo/scanner.py", line 908, in chunks
diff_index = self._repo.diff("HEAD")
File "/Users/mevzek/.local/pipx/venvs/tartufo/lib/python3.9/site-packages/pygit2/repository.py", line 543, in diff
a = self.__whatever_to_tree_or_blob(a)
File "/Users/mevzek/.local/pipx/venvs/tartufo/lib/python3.9/site-packages/pygit2/repository.py", line 464, in __whatever_to_tree_or_blob
obj = self.revparse_single(obj)
KeyError: 'HEAD'
The problem seems to be in pygit2 but tartufo should protect against that.
Doing the commit and then running tartufo scan-local-repo then works (no exception, secret detected):
🐛 Bug Report
With an empty repository,
tartufo pre-commit
raises an exception.tartufo scan-local-repo
does not raise an exception.To Reproduce
The problem seems to be in
pygit2
buttartufo
should protect against that.Doing the commit and then running
tartufo scan-local-repo
then works (no exception, secret detected):Expected Behavior
tartufo pre-commit
should work even for first commit in repositoryCode Example
Maybe related to #284
Environment