trufflehog icon indicating copy to clipboard operation
trufflehog copied to clipboard
verified publisher icon trufflesecurity

trufflehog fails to parse localized timestamp

Open svenXY opened this issue 1 year ago • 14 comments

TruffleHog Version

trufflehog 3.82.5

Expected Behavior

trufflehog should parse localized timestamps correctly

Actual Behavior

2024-09-26T09:46:14+02:00	error	trufflehog	failed to parse commit date	
{"source_manager_worker_id": "wAMwt", "unit": "./my_repo_dir", "unit_kind": "dir", 
"repo": "[email protected]:/some/repo.git", "commit": "3ec15209b4d1c854258f7d9ebb05cbbfbc3562fb", "latestState": "AuthorDateLine", 
"error": "parsing time \"Mo Sep 28 07:59:21 2020 +0000\" as \"Mon Jan 2 15:04:05 2006 -0700\": cannot parse \"Mo Sep 28 07:59:21 2020 +0000\" as \"Mon\""}

This is a german localized timestamp. trufflehog then reports found issues as following:

Found unverified result 🐷🔑❓
[...]
Line: 23
Repository: ...
Timestamp: 0001-01-01 00:00:00 +0000

Environment

  • OS: macOS
  • Version 14.7

Additional Context

my LANG is at de_DE.UTF-8, however, setting this to C or en_US.UTF-8 changes nothing.

I ran this against a local repo with trufflehog git file://./my_repo_diras well as against its remote on gitlab with identical results

However, running tools like git, lazygit or tig locally work fine, e.g.

LANG=C git show 3ec15209b4d1c854258f7d9ebb05cbbfbc3562fb

commit 3ec15209b4d1c854258f7d9ebb05cbbfbc3562fb
Author: Me <[email protected]>
Date:   Mon Sep 28 09:59:21 2020

same with LANG set to en_US.UTF-8 or similar.

Maybe I'm forgetting to configure something here, but if so, I failed to find documentation or other issues regarding this.

svenXY avatar Sep 26 '24 07:09 svenXY 

git cat-file -p 3ec15209b4d1c854258f7d9ebb05cbbfbc3562fb

tree 27a3ef59079f6673bd5286e554b5647dfe4a314e
author H., Sven - D010101 <[email protected]> 1601279961 +0000
committer H., Sven - D010101 <[email protected]> 1601279961 +0000

git does not have an locale either it seems

svenXY avatar Sep 30 '24 11:09 svenXY

Same issue here

TimatGDC avatar Oct 04 '24 08:10 TimatGDC

Hi,

I'm not a go developer, but I downloaded the code and ran the tests and it also fails there:

[...]
?   	github.com/trufflesecurity/trufflehog/v3/pkg/tui/sources/gitlab	[no test files]
--- FAIL: TestSource_Scan (0.09s)
    git_test.go:29: failed to access secret: failed to access secret version: rpc error: code = Unauthenticated desc = transport: per-RPC creds failed due to error: auth: "invalid_grant" "Bad Request"
2024-11-25T10:04:04+01:00	info-0	context	scanning repo	{"repo": "https://github.com/dustin-decker/secretsandstuff.git"}
2024-11-25T10:04:04+01:00	error	context	failed to parse commit date	{"repo": "https://github.com/dustin-decker/secretsandstuff.git", "commit": "70001020fab32b1fcf2f1f0e5c66424eae649826", "latestState": "AuthorDateLine", "error": "parsing time \"Mo M\\xc3\\xa4r 15 23:27:16 2021 -0700\" as \"Mon Jan 2 15:04:05 2006 -0700\": cannot parse \"Mo M\\xc3\\xa4r 15 23:27:16 2021 -0700\" as \"Mon\""}
2024-11-25T10:04:04+01:00	error	context	failed to parse commit date	{"repo": "https://github.com/dustin-decker/secretsandstuff.git", "commit": "a6f8aa55736d4a85be31a0048a4607396898647a", "latestState": "AuthorDateLine", "error": "parsing time \"Do Jun 25 21:56:35 2020 -0700\" as \"Mon Jan 2 15:04:05 2006 -0700\": cannot parse \"Do Jun 25 21:56:35 2020 -0700\" as \"Mon\""}

svenXY avatar Nov 25 '24 09:11 svenXY

I am also facing this issue

sebfie avatar Jan 28 '25 09:01 sebfie

I am also facing this issue

Grindaizar avatar Feb 12 '25 14:02 Grindaizar

by using docker it works docker run -it -v "$PWD:/pwd" trufflesecurity/trufflehog:latest git

Grindaizar avatar Feb 12 '25 14:02 Grindaizar

What is your system language and timezone? It looks to be related to that.

I'm guessing that docker doesn't inherit the system settings, and would probably default to English/UTC.

rgmz avatar Feb 12 '25 15:02 rgmz

Darwin Kernel Version 24.3.0

sudo systemsetup -gettimezone Time Zone: Europe/Paris

Grindaizar avatar Feb 12 '25 15:02 Grindaizar

What is your system language and timezone? It looks to be related to that.

While I agree that is is probably related to language settings, setting a different language via environment variables does not help as I already mentioned in the original post

svenXY avatar Feb 19 '25 10:02 svenXY

Same issue, and it seems no one in this team cares about it?

dkkb avatar Apr 25 '25 07:04 dkkb

I agree with @rgmz that this might be related to the system’s time or locale settings. I’ve reported it to our Sources team for a deeper investigation.

kashifkhan0771 avatar Apr 25 '25 07:04 kashifkhan0771

Chiming in here to say that it's more comprehensive to set LC_ALL=C or LC_ALL=en_US.UTF-8. LC_ALL is the environment variable you'd use to cover everything.

camgunz avatar Apr 29 '25 10:04 camgunz

LC_ALL=en_US.UTF-8 trufflehog git file://./loca_repo has the same issue, as has it with LC_ALL=C

To me it seems like trufflehog just ignores all these environment variables

svenXY avatar May 02 '25 06:05 svenXY

by using docker it works docker run -it -v "$PWD:/pwd" trufflesecurity/trufflehog:latest git

Don't forget to point to the directory in question, which I did. This works fine for me: docker run --rm -v "$PWD:/pwd" trufflesecurity/trufflehog:latest git file:///pwd. This also makes it so that the container is removed after running by using --rm.

emilknievel avatar Oct 07 '25 16:10 emilknievel