Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

No feature parity in detection between pre-commit and scan-local-repo for tartufo v3, contrary to v2 #350

Open
pmevzek-godaddy opened this issue Apr 13, 2022 · 2 comments
Open

No feature parity in detection between pre-commit and scan-local-repo for tartufo v3, contrary to v2 #350

pmevzek-godaddy opened this issue Apr 13, 2022 · 2 comments
Labels
bug Something isn't working

Comments

@pmevzek-godaddy
Copy link

🐛 Bug Report

My expectation is that pre-commit on a given commit and scan-local-repo just after the commit is added returns the same results.
If pre-commit says "all clear", and the commit is added, if I run scan-local-repo just after, it shouldn't flag as a problem the exact same commit that pre-commit was happy with.

However that does not seem the case, pre-commit lets a commit go through that is right after flagged by scan-local-repo.

To Reproduce

$ git init test3
Initialized empty Git repository in /private/tmp/test3/.git/
$ cd test3
$ git commit --allow-empty -m 'Start'
[main (root-commit) 42f5966] Start
$ tartufo --version
tartufo, version 3.1.3
$ echo OnVybD48c21kOnZvaWNlPiszMi4yMDAwMDAwMDwvc21kOnZvaWNlPjwvc21kOmlzc3VlckluZm8 > secret.txt
$ git add secret.txt
$ tartufo --entropy pre-commit
Time: 2022-04-13T14:53:40.109393
All clear. No secrets detected.
$ git commit -m 'Secret added'
[main 15032bb] Secret added
 1 file changed, 1 insertion(+)
 create mode 100644 secret.txt
$ tartufo --entropy scan-local-repo .
~~~~~~~~~~~~~~~~~~~~~
Reason: High Entropy
Filepath: secret.txt
Signature: ca29177c396aa5465f41495af1e486d666308b51b7dab52228730624466cbc25
Commit time: 2022-04-13 14:55:08
Commit message: Secret added

Commit hash: 15032bb925d8650ebd15fe8d5f3a2f8b76327168
Branch: main
diff --git a/secret.txt b/secret.txt
new file mode 100644
index 0000000..049ae76
--- /dev/null
+++ b/secret.txt
@@ -0,0 +1 @@
+OnVybD48c21kOnZvaWNlPiszMi4yMDAwMDAwMDwvc21kOnZvaWNlPjwvc21kOmlzc3VlckluZm8

Switching tartufo back to some 2.x versions make it work correctly, so something changed between versions 2 and 3.

$ pipx inject tartufo 'tartufo<3'
  injected package tartufo into venv tartufo
done! ✨ 🌟 ✨
$ pipx inject tartufo 'click<8'
  injected package click into venv tartufo
done! ✨ 🌟 ✨
$ tartufo --version
tartufo, version 2.10.1
$ git init test4
$ cd test4/
$ git commit --allow-empty -m 'Start'
[main (root-commit) 6340e72] Start
$ echo OnVybD48c21kOnZvaWNlPiszMi4yMDAwMDAwMDwvc21kOnZvaWNlPjwvc21kOmlzc3VlckluZm8 > secret.txt
$ git add secret.txt
$  tartufo --entropy pre-commit
~~~~~~~~~~~~~~~~~~~~~
Reason: High Entropy
Filepath: secret.txt
Signature: ca29177c396aa5465f41495af1e486d666308b51b7dab52228730624466cbc25
@@ -0,0 +1 @@
+OnVybD48c21kOnZvaWNlPiszMi4yMDAwMDAwMDwvc21kOnZvaWNlPjwvc21kOmlzc3VlckluZm8

~~~~~~~~~~~~~~~~~~~~~

Expected Behavior

Tartufo v3 should behave here like tartufo v2 and detect the problem at pre-commit step.

Code Example

N/A

Environment

See above. Python 3.9, tartufo 3.1.3 and 2.10.1 as comparison.
@pmevzek-godaddy pmevzek-godaddy added the bug Something isn't working label Apr 13, 2022
@pmevzek-godaddy
Copy link
Author

May be a duplicate of #331

@rbailey-godaddy rbailey-godaddy mentioned this issue Apr 28, 2022
Merged
15 tasks
@sushantmimani
Copy link
Contributor

Hi @pmevzek-godaddy . This has been fixed in v3.1.4

$  tartufo --version
tartufo, version 3.1.4
$  git init tartufo-test
Initialized empty Git repository in /Users/smimani/GoDaddy/tartufo-test/.git/
$  cd tartufo-test
$  git commit --allow-empty -m 'Start'
[master (root-commit) d7bfc27] Start
$  echo OnVybD48c21kOnZvaWNlPiszMi4yMDAwMDAwMDwvc21kOnZvaWNlPjwvc21kOmlzc3VlckluZm8 > secret.txt
$  git add secret.txt
$  tartufo --entropy pre-commit
~~~~~~~~~~~~~~~~~~~~~
Reason: High Entropy
Filepath: secret.txt
Signature: ca29177c396aa5465f41495af1e486d666308b51b7dab52228730624466cbc25
diff --git a/secret.txt b/secret.txt
new file mode 100644
index 0000000..049ae76
--- /dev/null
+++ b/secret.txt
@@ -0,0 +1 @@
+OnVybD48c21kOnZvaWNlPiszMi4yMDAwMDAwMDwvc21kOnZvaWNlPjwvc21kOmlzc3VlckluZm8

~~~~~~~~~~~~~~~~~~~~~
$  git commit -m 'Secret added'                                                                                                                                                                       1 ↵
[master cca4b62] Secret added
 1 file changed, 1 insertion(+)
 create mode 100644 secret.txt
$  tartufo --entropy scan-local-repo .
~~~~~~~~~~~~~~~~~~~~~
Reason: High Entropy
Filepath: secret.txt
Signature: ca29177c396aa5465f41495af1e486d666308b51b7dab52228730624466cbc25
Commit time: 2022-05-31 16:56:28
Commit message: Secret added

Commit hash: cca4b62db10e413edf6945c9082930076d7a5b02
Branch: master
diff --git a/secret.txt b/secret.txt
new file mode 100644
index 0000000..049ae76
--- /dev/null
+++ b/secret.txt
@@ -0,0 +1 @@
+OnVybD48c21kOnZvaWNlPiszMi4yMDAwMDAwMDwvc21kOnZvaWNlPjwvc21kOmlzc3VlckluZm8

~~~~~~~~~~~~~~~~~~~~~

@sushantmimani sushantmimani mentioned this issue May 31, 2022
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@sushantmimani @pmevzek-godaddy