Presence of 'line of code' values are inconsistently presented in results, depending upon the data source configured #2504
Labels
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
{{ message }}
Please review the Community Note before submitting
TruffleHog Version
v3.4.3 to present
Trace Output
N/A
Expected Behavior
If a data source supports 'line of code', then the line of code value should be calculated and reported in results regardless of which data source is selected (e.g. filesystem, git).
Actual Behavior
The line of code value is not consistently reported in results, depending upon which data source is used.
When scanning with the 'git' data source, the line of code values are present for all findings, however when scanning with the 'filesystem' data source, line of code values are missing for approximately 50% (5 out of 10) samples.
This behaviour appears to be dependant upon the custom detector's regular expression pattern configured. An explicit pattern which returns the same raw secret type for each finding, returns line of code values (albeit inaccurately) for most, whereas a slightly more broad pattern did not produce any line numbers when using the filesystem data source.
Steps to Reproduce
Environment
Additional Context
This behaviour was identified while analysing the root cause of #2502 and was noticed that changing data sources produce results which are inconsistent with one another. There is more documentation on that issue, and sample files which produce the inconsistent output and their results here:
References
The text was updated successfully, but these errors were encountered: