trufflehog icon indicating copy to clipboard operation
trufflehog copied to clipboard

Published 20 hours ago verified publisher icon trufflesecurity

Partially revert #2253

Open rgmz opened this issue 1 year ago • 2 comments

Description:

An optimization introduced in PR #2253 inadvertently broke scanning of nested zip archives.

Based on my testing, this fixes #2378. The changes to pkg/sources/git/git.go might also need to be reverted. https://github.com/trufflesecurity/trufflehog/pull/2253/files#diff-c2efdfa2e124674a8eaf026fee883e72f19914e765c7a99b72e4ead288bd1104

Alternatively, it's possible that this could be fixed by writing nested archives to disk instead of memory.

Checklist:

  • [ ] Tests passing (make test-community)?
  • [ ] Lint passing (make lint this requires golangci-lint)?

rgmz avatar Feb 09 '24 17:02 rgmz

@ahrav How does this mesh with the #2253 changes?

bill-rich avatar Feb 10 '24 17:02 bill-rich

@ahrav How does this mesh with the #2253 changes?

I would've hoped it wouldn't affect it, but it appears it might. We might want to consider using our buffered file writer if we are writing large amount of data to memory otherwise we'll end up with OOM issues again.

ahrav avatar Feb 11 '24 19:02 ahrav