search

praetorian-inc / noseyparker

Nosey Parker is a command-line program that finds secrets and sensitive information in textual data and Git history.
Apache License 2.0
1.66k stars 79 forks source link

[Bug] `--ignore` flag doesn't works for git url and local directory input #178

Closed bugbaba closed 5 months ago

bugbaba commented 5 months ago

Hi Team,

Describe the bug The --ignore flag for scan module doesn't works for git url and local directory input.

To Reproduce With git-url: Log: https://gist.github.com/bugbaba/ff514ed795731e12b0c3a87031ca801e

noseyparker scan --ignore noseyparker_exclude.txt --git-url https://github.com/bugbaba/noseyparker_test -v -v -v

With same repo cloned locally: Log: https://gist.github.com/bugbaba/0cfd2a1e5603ae1b68710aef7ac11e78

noseyparker scan --ignore noseyparker_exclude.txt noseyparker_test/ -v -v -v

Expected behavior The file passed with --ignore flag should be parsed and the files mentioned in it should not be scanned.

Actual behavior The ignore file contains cdk.json that should be ignore and shouldn't be searched. But still findings are found in the file. The file passed with --ignore flag is not even parsed for git-url input. For the local directory input the file is parsed but still its failing to avoid the files specified.

Screenshots image image

Output of noseyparker --version

noseyparker 0.18.0-dev

Build Configuration:

    Build Timestamp:    2024-04-22T06:19:23.665917778Z

    Commit Timestamp:   2024-04-19T17:51:15.000000000-04:00
    Commit Branch:      main
    Commit SHA:         4d9faba40eaabb9999fd85779e323d24a3e3f6cf

    Cargo Features:     disable_trace,log,release
    Debug:              false
    Optimization:       3
    Target Triple:      x86_64-unknown-linux-gnu

Build System:

    OS:                 Ubuntu
    OS Version:         Linux 22.04 Ubuntu

    CPU Vendor:         AuthenticAMD
    CPU Brand:          AMD EPYC 7B13
    CPU Cores:          8

    rustc Version:      1.77.2
    rustc Channel:      stable
    rustc Host Triple:  x86_64-unknown-linux-gnu
    rustc Commit Date:  2024-04-09
    rustc Commit SHA:   25ef9e3d85d934b27d9dada2f9dd52b1dc63bb04
    rustc LLVM Version: 17.0

-- Best Regards, @bugbaba

bradlarsen commented 5 months ago

@bugbaba Thanks for the detailed report. Would you also share what's in the noseyparker_exclude.txt file that you are using?

bugbaba commented 5 months ago

Hi @bradlarsen, Thank you for looking into this. I currently only have cdk.json in it as I am trying to understand and make this work.

bradlarsen commented 5 months ago

@bugbaba Oh, I see. I think what you are encountering here is the impact of #17: in Nosey Parker currently, the path-based ignore rules are not used at all when scanning history in Git repositories.

bugbaba commented 5 months ago

Sorry, I should have checked the open issues.

bradlarsen commented 5 months ago

Sorry, I should have checked the open issues.

No problem! I appreciate the detailed bug report regardless!