Comments (4)
One possible fix is to change the NewGitDiffCmd
function to call the parser like:
errCh := make(chan error)
go listenForStdErr(stderr, errCh)
gitdiffFiles, err := gitdiff.Parse(stdout, errCh)
and change the Parse
to accept the error channel, and change the on-error return
to now send the error to the error channel + return.
Unfortunately, this is a backwards-incompatible change for the go-gitdiff command.
from gitleaks.
Along with this, it looks like the DetectGit
function's case err, open := <-errCh
can cause the function to hang unless the d.Sema
is dealt with.
from gitleaks.
@groboclown thanks for bringing up this issue. Do you have a repo I can test with?
from gitleaks.
@zricethezav Unfortunately, I have not been able to trace the actions that lead to this behavior. I was seeing it with a complicated private repository. If I could find the way to generate it, it would also lead to a better bug report to the Git folks.
from gitleaks.
Related Issues (20)
- Gitleaks detection is inconsistent in large files HOT 6
- Generic-api-key has a lot of FN
- hang on futex
- Gitleaks on kubernetes
- Exit code 1, even after successfull execution HOT 2
- Baseline is ignored when using the --redact argument
- Support Hubspot Private App Access Tokens and Developer API keys
- Add gradles verification-metadata.xml to the global allowlist HOT 2
- GitLeaks does not detect Discord Bot Tokens in source code HOT 1
- I'm integrating gitleaks as a precommit commit hooks but it is not working
- Invalid --log-opts disregards git log exit code and silently does nothing at all HOT 1
- Should you use --mirror argument when scanning a repository for secrets HOT 1
- Scan for broken git repo HOT 2
- Declare API keys with checksums
- Make `secretGroup` more resilient
- Gitleaks returns exit code 0 when a sequence of invalid flags is passed HOT 1
- ubi8/python 3.12 emits RuntimeWarning for tarfile
- OpenAI API Key rule is missing keys HOT 2
- square-access-token Rule matches for Docker Image Digest (False Positives) HOT 1
- Gitleaks Regex Overreach: Private Key Detection Captures Excessive Unrelated Content HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from gitleaks.