trufflehog icon indicating copy to clipboard operation
trufflehog copied to clipboard

Published 20 hours ago verified publisher icon trufflesecurity

max-depth=0 scans entire repo

Open gracenng opened this issue 3 years ago • 1 comments

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment

TruffleHog Version

trufflehog 3.14.0

Expected Behavior

I expect that --max-depth=0 would basically not run trufflehog. If --max-depth=1 scans 1 commit, --max-depth=0 should scan 0 commits.

Actual Behavior

The entire repo gets scanned. (which might happen because of this conditional in the code where only non-zero max-depth is ack'ed)

Steps to Reproduce

  1. Make a repo in which the first commit is dirty, the second is clean.
  2. trufflehog git <repo> --max-depth 1 should come back clean
  3. trufflehog git <repo> --max-depth 0 would return creds from 2 commits ago

Environment

zsh 5.8

gracenng avatar Oct 14 '22 23:10 gracenng

If truffle-folks think it's just fixing the conditional, I'd gladly make a PR

gracenng avatar Oct 14 '22 23:10 gracenng

I do not believe this is a bug.

It is idiomatic for commandline tools such as TruffleHog, where there is an option allowing to limit the capability using an integer value, to use 0 to represent 'unlimited' or 'infinity' style behaviour. Changing the behaviour such that TruffleHog would terminate with zero results on inputting 0 as a max-depth would, in my mind, create more confusion than it would solve.

However, because in this instance 0 wouldn't achieve anything more than the default behaviour of not using the argument, perhaps a better solution would be to warn users when arguments are being ignored?

0x736E avatar Sep 15 '23 13:09 0x736E

I do not believe this is a bug.

It is idiomatic for commandline tools such as TruffleHog, where there is an option allowing to limit the capability using an integer value, to use 0 to represent 'unlimited' or 'infinity' style behaviour.

@0x736E is right. Our use of 0 is conventional. It doesn't make sense exposing an option value that tells the tool to do nothing.

zricethezav avatar Jan 22 '24 22:01 zricethezav