trufflehog icon indicating copy to clipboard operation
trufflehog copied to clipboard

Published 20 hours ago verified publisher icon trufflesecurity

Trufflehog Git-based Scanning in Git Worktrees Fails

Open d0nut-rh opened this issue 3 years ago • 1 comments

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment

TruffleHog Version

trufflehog 3.13.0

Trace Output

{"level":"debug","msg":"running version 3.13.0","time":"2022-09-27T12:32:47-06:00"}
{"level":"debug","msg":"running version 3.13.0","time":"2022-09-27T12:32:48-06:00"}
{"level":"debug","msg":"running with up to 1 workers","time":"2022-09-27T12:32:48-06:00"}
{"level":"debug","msg":"loaded 2 decoders","time":"2022-09-27T12:32:48-06:00"}
{"level":"debug","msg":"loaded 724 detectors total, 724 with verification enabled. 0 with verification disabled","time":"2022-09-27T12:32:48-06:00"}
{"level":"debug","msg":"Git repo local path: /Users/<USER>/<REPOSITORY>","time":"2022-09-27T12:32:48-06:00"}
{"error":"unable to resolve base ref: object not found","level":"fatal","msg":"could not scan repo","time":"2022-09-27T12:32:48-06:00"}

Expected Behavior

Trufflehog should scan each commit since the provided commit.

Actual Behavior

An error was thrown

Steps to Reproduce

  1. Start with a git repository with existing commits in the history
  2. Create a git worktree based on this repository (git worktree add ../my_worktree)
  3. Navigate to this git worktree (cd ../my_worktree)
  4. Run trufflehog with trufflehog git --only-verified --json --since-commit=$(git merge-base origin/master HEAD) file:$(pwd)
  5. Observe the following error
{"error":"unable to resolve base ref: object not found","level":"fatal","msg":"could not scan repo","time":"2022-09-27T12:32:48-06:00"}

Environment

  • OS: OSX
  • Version 12.6

Additional Context

After digging into this issue to identify what is causing the failure, it appears that go-git does not have full support for git worktrees.

References

  • go-git issue related to missing git worktree support: go-git/go-git/issues/394

d0nut-rh avatar Sep 27 '22 18:09 d0nut-rh

Thanks for the detailed report. @bill-rich could you have a look at this?

dustin-decker avatar Sep 29 '22 15:09 dustin-decker