Closed rgmz closed 1 week ago
Please review the Community Note before submitting
HEAD
When using TruffleHog with a bare repository, the handleBinary function fails:
handleBinary
$ git clone git@github.com:rgmz/example.git --mirror $ trufflehog git file:///tmp/example.git/ --bare π·ππ· TruffleHog. Unearth your secrets. π·ππ· 2024-06-23T17:52:37-04:00 info-0 trufflehog.git Using concurrency {"concurrency": 20} 2024-06-23T17:52:37-04:00 info-0 trufflehog running source {"with_units": true} 2024-06-23T17:52:37-04:00 info-0 trufflehog scanning repo {"unit": "/tmp/example.git/", "unit_kind": "dir", "path": "/tmp/example.git/"} 2024-06-23T17:52:41-04:00 error trufflehog waiting for command failed {"unit": "/tmp/example.git/", "unit_kind": "dir", "error": "error waiting for command: command=/usr/bin/git -C /tmp/example.git/.git cat-file blob 8faab40266603974595b3cbdc14d245a007fa104:example_binary.exe, stderr=fatal: cannot change to '/tmp/example.git/.git': No such file or directory\n, commit=8faab40266603974595b3cbdc14d245a007fa104: exit status 128"}
This is caused by gitDir being hard-coded as path + .git, which doesn't exist for bare repositories.
gitDir
path + .git
https://github.com/trufflesecurity/trufflehog/blob/de19a39f2cc6a103a4e207b780716d46e77de732/pkg/sources/git/git.go#L1224 https://github.com/trufflesecurity/trufflehog/blob/de19a39f2cc6a103a4e207b780716d46e77de732/pkg/sources/git/git.go#L562
Please review the Community Note before submitting
TruffleHog Version
HEAD
Description
When using TruffleHog with a bare repository, the
handleBinaryfunction fails:This is caused by
gitDirbeing hard-coded aspath + .git, which doesn't exist for bare repositories.https://github.com/trufflesecurity/trufflehog/blob/de19a39f2cc6a103a4e207b780716d46e77de732/pkg/sources/git/git.go#L1224 https://github.com/trufflesecurity/trufflehog/blob/de19a39f2cc6a103a4e207b780716d46e77de732/pkg/sources/git/git.go#L562