From cafa07f2e5f99b3d61022233f941afbdc38e8e2d Mon Sep 17 00:00:00 2001 From: Bill Rich Date: Mon, 18 Apr 2022 21:43:13 -0700 Subject: [PATCH 1/7] Log explanation of non-zero exit with found results --- main.go | 1 + 1 file changed, 1 insertion(+) diff --git a/main.go b/main.go index 2cb747d7d72e..ed9299a9ead9 100644 --- a/main.go +++ b/main.go @@ -241,6 +241,7 @@ func run(state overseer.State) { } if foundResults { + logrus.Debug("exiting with non-zero code because results found") os.Exit(1) } } From 7aa21c2f9780c5eb72fe46e1a437343518cfa0c3 Mon Sep 17 00:00:00 2001 From: Bill Rich Date: Mon, 18 Apr 2022 21:56:33 -0700 Subject: [PATCH 2/7] Change exit code and add documentation --- README.md | 4 ++++ main.go | 4 ++-- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index b56806c701ad..0004f29cbdc2 100644 --- a/README.md +++ b/README.md @@ -138,6 +138,10 @@ For example, to scan a `git` repository, start with $ trufflehog git https://github.com/trufflesecurity/trufflehog.git ``` +Exit Codes: +- 0: No errors and no results were found. +- 1: An error was encountered. Sources may not have completed scans. +- 183: No errors were encountered, but results were found. #### Scanning an organization diff --git a/main.go b/main.go index ed9299a9ead9..2a0dfec4e65e 100644 --- a/main.go +++ b/main.go @@ -241,8 +241,8 @@ func run(state overseer.State) { } if foundResults { - logrus.Debug("exiting with non-zero code because results found") - os.Exit(1) + logrus.Debug("exiting with code 183 because results found") + os.Exit(183) } } From acffa16219d351fb460de9fd5a00bf2e72d66ac1 Mon Sep 17 00:00:00 2001 From: Bill Rich Date: Wed, 20 Apr 2022 15:12:12 -0700 Subject: [PATCH 3/7] Adjust exit code handling --- go.mod | 2 +- go.sum | 4 ++-- main.go | 3 ++- 3 files changed, 5 insertions(+), 4 deletions(-) diff --git a/go.mod b/go.mod index 1b102b4c3aa4..4442b295566d 100644 --- a/go.mod +++ b/go.mod @@ -2,7 +2,7 @@ module github.com/trufflesecurity/trufflehog/v3 go 1.17 -replace github.com/jpillora/overseer => github.com/trufflesecurity/overseer v1.1.7-custom4 +replace github.com/jpillora/overseer => github.com/trufflesecurity/overseer v1.1.7-custom4.0.20220420215654-a2df0f76bbb2 replace github.com/zricethezav/gitleaks/v8 => github.com/trufflesecurity/gitleaks/v8 v8.6.1-custom1 diff --git a/go.sum b/go.sum index 766bb112213e..69b1b058c85c 100644 --- a/go.sum +++ b/go.sum @@ -449,8 +449,8 @@ github.com/tailscale/depaware v0.0.0-20210622194025-720c4b409502 h1:34icjjmqJ2HP github.com/tailscale/depaware v0.0.0-20210622194025-720c4b409502/go.mod h1:p9lPsd+cx33L3H9nNoecRRxPssFKUwwI50I3pZ0yT+8= github.com/trufflesecurity/gitleaks/v8 v8.6.1-custom1 h1:HJPy+ciKU82lFPK0cxXJ4BYvCIANCQp29zhjU2T1UXo= github.com/trufflesecurity/gitleaks/v8 v8.6.1-custom1/go.mod h1:TxBuxH8eB/1la8Mc7I6j/ZZYNG/mHGpoi09N2oHx5nQ= -github.com/trufflesecurity/overseer v1.1.7-custom4 h1:5ed5+2+N3ZaW7oc4n7PIjkybGHUZmdCH9iAztB/2+Cc= -github.com/trufflesecurity/overseer v1.1.7-custom4/go.mod h1:nT9w37AiO1Nop2VhVhNfzAFaPjthvxgpDV3XKsxYkcI= +github.com/trufflesecurity/overseer v1.1.7-custom4.0.20220420215654-a2df0f76bbb2 h1:Do51lolWCgMwtgk4spQkqJelcCGDOCnzkiGwD//++Vw= +github.com/trufflesecurity/overseer v1.1.7-custom4.0.20220420215654-a2df0f76bbb2/go.mod h1:nT9w37AiO1Nop2VhVhNfzAFaPjthvxgpDV3XKsxYkcI= github.com/xanzy/go-gitlab v0.60.0 h1:HaIlc14k4t9eJjAhY0Gmq2fBHgKd1MthBn3+vzDtsbA= github.com/xanzy/go-gitlab v0.60.0/go.mod h1:F0QEXwmqiBUxCgJm8fE9S+1veX4XC9Z4cfaAbqwk4YM= github.com/xanzy/ssh-agent v0.3.0 h1:wUMzuKtKilRgBAD1sUb8gOwwRr2FGoBVumcjoOACClI= diff --git a/main.go b/main.go index 2a0dfec4e65e..058e642ddbde 100644 --- a/main.go +++ b/main.go @@ -42,6 +42,7 @@ var ( // rules = cli.Flag("rules", "Path to file with custom rules.").String() printAvgDetectorTime = cli.Flag("print-avg-detector-time", "Print the average time spent on each detector.").Bool() noUpdate = cli.Flag("no-update", "Don't check for updates.").Bool() + fail = cli.Flag("fail", "Exit with code 183 if results are found.").Bool() gitScan = cli.Command("git", "Find credentials in git repositories.") gitScanURI = gitScan.Arg("uri", "Git repository URL. https:// or file:// schema expected.").Required().String() @@ -240,7 +241,7 @@ func run(state overseer.State) { printAverageDetectorTime(e) } - if foundResults { + if foundResults && *fail { logrus.Debug("exiting with code 183 because results found") os.Exit(183) } From 9f53240c534ad07a4807891b9e2a0b77ed46cb78 Mon Sep 17 00:00:00 2001 From: bill-rich Date: Wed, 20 Apr 2022 15:51:53 -0700 Subject: [PATCH 4/7] Make action fail on found results --- action.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/action.yml b/action.yml index 284afa633528..62eb7d1c6a47 100644 --- a/action.yml +++ b/action.yml @@ -25,3 +25,4 @@ runs: - ${{ inputs.base }} - --branch - ${{ inputs.head }} + - --fail From dcb487b285729676d0e3149b3f620ef8974f9ffc Mon Sep 17 00:00:00 2001 From: bill-rich Date: Wed, 20 Apr 2022 23:34:20 -0700 Subject: [PATCH 5/7] Use new overseer --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 4442b295566d..e8fd4c3f0f31 100644 --- a/go.mod +++ b/go.mod @@ -2,7 +2,7 @@ module github.com/trufflesecurity/trufflehog/v3 go 1.17 -replace github.com/jpillora/overseer => github.com/trufflesecurity/overseer v1.1.7-custom4.0.20220420215654-a2df0f76bbb2 +replace github.com/jpillora/overseer => github.com/trufflesecurity/overseer v1.1.7-custom5 replace github.com/zricethezav/gitleaks/v8 => github.com/trufflesecurity/gitleaks/v8 v8.6.1-custom1 diff --git a/go.sum b/go.sum index 69b1b058c85c..1ccd79e3d6b5 100644 --- a/go.sum +++ b/go.sum @@ -449,8 +449,8 @@ github.com/tailscale/depaware v0.0.0-20210622194025-720c4b409502 h1:34icjjmqJ2HP github.com/tailscale/depaware v0.0.0-20210622194025-720c4b409502/go.mod h1:p9lPsd+cx33L3H9nNoecRRxPssFKUwwI50I3pZ0yT+8= github.com/trufflesecurity/gitleaks/v8 v8.6.1-custom1 h1:HJPy+ciKU82lFPK0cxXJ4BYvCIANCQp29zhjU2T1UXo= github.com/trufflesecurity/gitleaks/v8 v8.6.1-custom1/go.mod h1:TxBuxH8eB/1la8Mc7I6j/ZZYNG/mHGpoi09N2oHx5nQ= -github.com/trufflesecurity/overseer v1.1.7-custom4.0.20220420215654-a2df0f76bbb2 h1:Do51lolWCgMwtgk4spQkqJelcCGDOCnzkiGwD//++Vw= -github.com/trufflesecurity/overseer v1.1.7-custom4.0.20220420215654-a2df0f76bbb2/go.mod h1:nT9w37AiO1Nop2VhVhNfzAFaPjthvxgpDV3XKsxYkcI= +github.com/trufflesecurity/overseer v1.1.7-custom5 h1:xu+Fg6fkSRifUPzUCl7N8HmobJ6WGOkIApGnM7mJS6w= +github.com/trufflesecurity/overseer v1.1.7-custom5/go.mod h1:nT9w37AiO1Nop2VhVhNfzAFaPjthvxgpDV3XKsxYkcI= github.com/xanzy/go-gitlab v0.60.0 h1:HaIlc14k4t9eJjAhY0Gmq2fBHgKd1MthBn3+vzDtsbA= github.com/xanzy/go-gitlab v0.60.0/go.mod h1:F0QEXwmqiBUxCgJm8fE9S+1veX4XC9Z4cfaAbqwk4YM= github.com/xanzy/ssh-agent v0.3.0 h1:wUMzuKtKilRgBAD1sUb8gOwwRr2FGoBVumcjoOACClI= From 3fd40780873f209262840df51b20faa322b8dc23 Mon Sep 17 00:00:00 2001 From: bill-rich Date: Wed, 20 Apr 2022 23:37:57 -0700 Subject: [PATCH 6/7] Improve wording --- main.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/main.go b/main.go index 058e642ddbde..a5e45314f033 100644 --- a/main.go +++ b/main.go @@ -242,7 +242,7 @@ func run(state overseer.State) { } if foundResults && *fail { - logrus.Debug("exiting with code 183 because results found") + logrus.Debug("exiting with code 183 because results were found") os.Exit(183) } } From fde60ca83fd7c0687c68847226b1d6f2e7a88400 Mon Sep 17 00:00:00 2001 From: Bill Rich Date: Thu, 21 Apr 2022 10:04:02 -0700 Subject: [PATCH 7/7] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 0004f29cbdc2..56c0b29ec13a 100644 --- a/README.md +++ b/README.md @@ -141,7 +141,7 @@ $ trufflehog git https://github.com/trufflesecurity/trufflehog.git Exit Codes: - 0: No errors and no results were found. - 1: An error was encountered. Sources may not have completed scans. -- 183: No errors were encountered, but results were found. +- 183: No errors were encountered, but results were found. Will only be returned if `--fail` flag is used. #### Scanning an organization