Richard Gomez
Richard Gomez
Interesting, I didn't realize that such a race was possible. The underlying `go-github` repository implements its own rate limit handling, so it seemed highly unlikely that `rateLimitResumeTime` would be updated...
I think it's entirely from #2041.
> After some discussion w/ @mcastorina the fact we are holding the lock while sleeping is raising some alarm 🔔s Yeah, that's why I used the (admittedly awkward) explicit unlocks...
This is caused by two faulty assumptions: 1. that Gist URLs only contain one path segment 2. that Gists wouldn't be scanned directly via the `--repo` flag https://github.com/trufflesecurity/trufflehog/blob/55b3c1c0ec497fa0f274168b9868b4a47c734cd2/pkg/sources/github/github.go#L429-L437 An obvious...
I think they are different enough that it would make sense. There's a lot of awkward code around mingling repositories and gists.
Out of curiosity, does this occur if you run `trufflehog filesystem . --allow-verification-overlap`? It may be a similar issue as #2515; if not, I could try to modify the script...
Ah, I took a look at your repo and noticed that your key ("AKIAIOSFODNN7EXAMPLE") is an obvious false-positive. This results in it being filtered by the false-positive check. https://github.com/trufflesecurity/trufflehog/blob/becce51335f98090b9729b00a740aed3bac16664/pkg/detectors/aws/aws.go#L231-L235 https://github.com/trufflesecurity/trufflehog/blob/becce51335f98090b9729b00a740aed3bac16664/pkg/detectors/words.txt#L22...
Hmm, strange. What do you see if you run the following commands ([based on this branch](https://github.com/trufflesecurity/trufflehog/compare/main...rgmz:trufflehog:debug/aws-logging))? (This will print the ID/Secret/account number, so don't run it somewhere that it can...
> I took an active AWS IAM cred, put it into the code, and modified the secret access key slightly to see if it would trigger. It did not. I...
I do worry about the impact of having too many decoders. At a minimum, having something like ahocorasick might be more efficient than checking `regexp.Match()` against each chunk. > One...