[feat] - tmp file diffs #2306
Merged
[feat] - tmp file diffs #2306
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
ahrav
force-pushed
the
feat-tmp-file-diffs
branch
2 times, most recently
from
2119161 to
a2897d9
Compare
ahrav
force-pushed
the
feat-tmp-file-diffs
branch
from
a2897d9 to
f2f13b2
Compare
mcastorina
reviewed
Jan 16, 2024
pkg/gitparse/gitparse.go
Outdated
Comment on lines
73
to
74
| // write handles writing diff data to either an in-memory buffer or a file, depending on the size. | ||
| func (d *Diff) write(ctx context.Context, p []byte) error { |
There was a problem hiding this comment.
Nit (optional): This is more of an architectural suggestion -- I think it would be nice to implement the in-memory / file switch buffer as it's own package and use it in the Diff struct, similar to how DiskBufferReader is its own import. We could also add tests to show the switching works without the "business logic" of diff parsing.
There was a problem hiding this comment.
Moved it to its own pkg.
ahrav
commented
Jan 17, 2024
| } | ||
|
|
||
| // Len returns the length of the storage. | ||
| func (d *Diff) Len() int { return d.contentWriter.Len() } |
There was a problem hiding this comment.
These methods probably can be removed, but I was trying to avoid reaching into the contentWriter directly. This is also exported since we need access to this in the git source. Open to changing it if we feel these are providing any additional encapsulation.
There was a problem hiding this comment.
Do you want to guard them behind the state like ReadCloser()? I find it a bit surprising that some of the read methods are guarded and some aren't.
There was a problem hiding this comment.
I like that idea. Will guard them.
ahrav
commented
Jan 18, 2024
pkg/gitparse/gitparse.go
Outdated
| ) | ||
|
|
||
| const ( | ||
| // defaultDateFormat is the standard date format for git. | ||
| defaultDateFormat = "Mon Jan 02 15:04:05 2006 -0700" | ||
|
|
||
| // defaultMaxDiffSize is the maximum size for a diff. Larger diffs will be cut off. | ||
| defaultMaxDiffSize = 1 * 1024 * 1024 * 1024 // 1GB | ||
| defaultMaxDiffSize = 2 * 1024 * 1024 * 1024 // 1GB |
There was a problem hiding this comment.
increased these since we now write to disk and shouldn't run into issues with large diffs or commits.
There was a problem hiding this comment.
Nit: The comment should be updated too
ahrav
force-pushed
the
feat-tmp-file-diffs
branch
from
f4cc7f1 to
fd41709
Compare
ahrav
commented
Jan 18, 2024
| @@ -1048,9 +1089,6 @@ func (s *Git) handleBinary(ctx context.Context, gitDir string, reporter sources. | |||
| return err | |||
| } | |||
| defer func() { | |||
| if err := fileReader.Close(); err != nil { | |||
There was a problem hiding this comment.
removed, since StdoutPipe clsoes the pipe after seeing the command exit:
// StdoutPipe returns a pipe that will be connected to the command's
// standard output when the command starts.
//
// Wait will close the pipe after seeing the command exit....
mcastorina
reviewed
Jan 18, 2024
There was a problem hiding this comment.
I have a general question about the bufferedfilewriter package. What is the intended API for using it?
For example, is it meant to be written to all at once and then read from all at once? Can the contents be peeked at before reading? I think answering how it will be used (or needs to be used) will help shape the interface.
Comment on lines
52
to
56
| // Len returns the number of bytes in the buffer. | ||
| func (w *BufferedFileWriter) Len() int { return w.buf.Len() } | ||
|
|
||
| // String returns the contents of the buffer as a string. | ||
| func (w *BufferedFileWriter) String() string { return w.buf.String() } |
There was a problem hiding this comment.
These methods aren't exactly accurate, right? The contents might be on disk instead of in the buffer.
There was a problem hiding this comment.
Oh yea good catch. This should be the size, since that's what we will use to determine if we want to chunk the diff in the git source.
Main use case is for our git handling of diff/commits. So multiple writes, but only a single read for now. No peek, no extra fancy stuff for now. I purposely scoped this to be very specific for the time being. I don't currently forsee any imminent uses of this pkg, so I think the reduced interface is a decent starting point. If in the future we plan on using it elsewhere we can always adjust it to make it a bit more broad. (ie regular reading, reading in chunks, peeking, encrypting data, etc) |
rosecodym
reviewed
Jan 19, 2024
There was a problem hiding this comment.
I have one concrete question about stringification, but taking a step back, I'm pretty concerned about big-banging this into the codebase. It's a pretty sophisticated I/O structure, used in many of our most popular sources, that interacts with the temp file system - something we've historically (and currently!) had nasty trouble with. It's also probably got a pretty complicated performance profile in which a bunch of variables we don't entirely control (disk latency, diff size, flush-to-disk threshold) combine to create what's most likely a non-monotonic performance curve. (I'm guessing that it's good for small diffs and good for large diffs but pretty bad for diffs right around the cutoff.)
Is there any way we can roll this out gradually? I know that it would make the transitional code itself kind of gnarly but this thing is big, and deep, and complicated, and touching risky things. This might be a good topic for a synchronous chat, if you want.
|
failing tests look to be due to account lockout with Gitlab. |
mcastorina
reviewed
Jan 23, 2024
pkg/gitparse/gitparse.go
Outdated
| ) | ||
|
|
||
| const ( | ||
| // defaultDateFormat is the standard date format for git. | ||
| defaultDateFormat = "Mon Jan 02 15:04:05 2006 -0700" | ||
|
|
||
| // defaultMaxDiffSize is the maximum size for a diff. Larger diffs will be cut off. | ||
| defaultMaxDiffSize = 1 * 1024 * 1024 * 1024 // 1GB | ||
| defaultMaxDiffSize = 2 * 1024 * 1024 * 1024 // 1GB |
There was a problem hiding this comment.
Nit: The comment should be updated too
rosecodym
reviewed
Jan 29, 2024
| reader, err := diff.ReadCloser() | ||
| if err != nil { | ||
| ctx.Logger().Error(err, "error creating reader for commits", "filename", fileName, "commit", hash, "file", diff.PathB) | ||
| return nil |
There was a problem hiding this comment.
Why don't we want to propagate this error up?
There was a problem hiding this comment.
I think the idea is to prevent stopping a scan for an error for a single diff. Do we think this should warrant stopping the scan?
rosecodym
approved these changes
Jan 30, 2024
haraldh
referenced
this pull request
in matter-labs/vault-auth-tee
Feb 13, 2024
[](https://renovatebot.com) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [trufflesecurity/trufflehog](https://togithub.com/trufflesecurity/trufflehog) | action | minor | `v3.63.5` -> `v3.67.5` | --- ### Release Notes <details> <summary>trufflesecurity/trufflehog (trufflesecurity/trufflehog)</summary> ### [`v3.67.5`](https://togithub.com/trufflesecurity/trufflehog/releases/tag/v3.67.5) [Compare Source](https://togithub.com/trufflesecurity/trufflehog/compare/v3.67.4...v3.67.5) #### What's Changed - Fix handling of GitHub ratelimit information by [@​rgmz](https://togithub.com/rgmz) in [https://github.com/trufflesecurity/trufflehog/pull/2041](https://togithub.com/trufflesecurity/trufflehog/pull/2041) - Set GHA workdir by [@​zricethezav](https://togithub.com/zricethezav) in [https://github.com/trufflesecurity/trufflehog/pull/2393](https://togithub.com/trufflesecurity/trufflehog/pull/2393) - Allow CLI version pinning in GHA ([#​2397](https://togithub.com/trufflesecurity/trufflehog/issues/2397)) by [@​skeweredlogic](https://togithub.com/skeweredlogic) in [https://github.com/trufflesecurity/trufflehog/pull/2398](https://togithub.com/trufflesecurity/trufflehog/pull/2398) - \[bug] - prevent concurrent map writes by [@​ahrav](https://togithub.com/ahrav) in [https://github.com/trufflesecurity/trufflehog/pull/2399](https://togithub.com/trufflesecurity/trufflehog/pull/2399) - Allow multiple domains for Forager by [@​dustin-decker](https://togithub.com/dustin-decker) in [https://github.com/trufflesecurity/trufflehog/pull/2400](https://togithub.com/trufflesecurity/trufflehog/pull/2400) - Update GitParse to handle quoted binary filenames by [@​rgmz](https://togithub.com/rgmz) in [https://github.com/trufflesecurity/trufflehog/pull/2391](https://togithub.com/trufflesecurity/trufflehog/pull/2391) - \[feat] - buffered file writer metrics by [@​ahrav](https://togithub.com/ahrav) in [https://github.com/trufflesecurity/trufflehog/pull/2395](https://togithub.com/trufflesecurity/trufflehog/pull/2395) #### New Contributors - [@​skeweredlogic](https://togithub.com/skeweredlogic) made their first contribution in [https://github.com/trufflesecurity/trufflehog/pull/2398](https://togithub.com/trufflesecurity/trufflehog/pull/2398) **Full Changelog**: trufflesecurity/trufflehog@v3.67.4...v3.67.5 ### [`v3.67.4`](https://togithub.com/trufflesecurity/trufflehog/releases/tag/v3.67.4) [Compare Source](https://togithub.com/trufflesecurity/trufflehog/compare/v3.67.3...v3.67.4) #### What's Changed - \[feat] - use diff chan by [@​ahrav](https://togithub.com/ahrav) in [https://github.com/trufflesecurity/trufflehog/pull/2387](https://togithub.com/trufflesecurity/trufflehog/pull/2387) **Full Changelog**: trufflesecurity/trufflehog@v3.67.3...v3.67.4 ### [`v3.67.3`](https://togithub.com/trufflesecurity/trufflehog/releases/tag/v3.67.3) [Compare Source](https://togithub.com/trufflesecurity/trufflehog/compare/v3.67.2...v3.67.3) #### What's Changed - Disable GitHub wiki scanning by default by [@​rosecodym](https://togithub.com/rosecodym) in [https://github.com/trufflesecurity/trufflehog/pull/2386](https://togithub.com/trufflesecurity/trufflehog/pull/2386) - Fix binary file hanging bug in git sources by [@​mcastorina](https://togithub.com/mcastorina) in [https://github.com/trufflesecurity/trufflehog/pull/2388](https://togithub.com/trufflesecurity/trufflehog/pull/2388) - tightening opsgenie detection and verification by [@​dylanTruffle](https://togithub.com/dylanTruffle) in [https://github.com/trufflesecurity/trufflehog/pull/2389](https://togithub.com/trufflesecurity/trufflehog/pull/2389) - Make `SkipFile` case-insensitive by [@​rgmz](https://togithub.com/rgmz) in [https://github.com/trufflesecurity/trufflehog/pull/2383](https://togithub.com/trufflesecurity/trufflehog/pull/2383) - \[not-fixup] - Reduce memory consumption for Buffered File Writer by [@​ahrav](https://togithub.com/ahrav) in [https://github.com/trufflesecurity/trufflehog/pull/2377](https://togithub.com/trufflesecurity/trufflehog/pull/2377) **Full Changelog**: trufflesecurity/trufflehog@v3.67.2...v3.67.3 ### [`v3.67.2`](https://togithub.com/trufflesecurity/trufflehog/releases/tag/v3.67.2) [Compare Source](https://togithub.com/trufflesecurity/trufflehog/compare/3.67.1...v3.67.2) #### What's Changed - \[bug] - unhashable map key by [@​ahrav](https://togithub.com/ahrav) in [https://github.com/trufflesecurity/trufflehog/pull/2374](https://togithub.com/trufflesecurity/trufflehog/pull/2374) - custom detector docs improvement by [@​dxa4481](https://togithub.com/dxa4481) in [https://github.com/trufflesecurity/trufflehog/pull/2376](https://togithub.com/trufflesecurity/trufflehog/pull/2376) - \[fixup] - correctly use the buffered file writer by [@​ahrav](https://togithub.com/ahrav) in [https://github.com/trufflesecurity/trufflehog/pull/2373](https://togithub.com/trufflesecurity/trufflehog/pull/2373) **Full Changelog**: trufflesecurity/trufflehog@v3.67.1...v3.67.2 ### [`v3.67.1`](https://togithub.com/trufflesecurity/trufflehog/releases/tag/v3.67.1) [Compare Source](https://togithub.com/trufflesecurity/trufflehog/compare/3.67.1...3.67.1) #### What's Changed - \[chore] Cleanup GitLab source errors by [@​mcastorina](https://togithub.com/mcastorina) in [https://github.com/trufflesecurity/trufflehog/pull/2345](https://togithub.com/trufflesecurity/trufflehog/pull/2345) - \[feat] - concurently scan the filesystem source by [@​ahrav](https://togithub.com/ahrav) in [https://github.com/trufflesecurity/trufflehog/pull/2364](https://togithub.com/trufflesecurity/trufflehog/pull/2364) **Full Changelog**: trufflesecurity/trufflehog@3.67.1...v3.67.1 ### [`v3.67.1`](https://togithub.com/trufflesecurity/trufflehog/releases/tag/v3.67.1) [Compare Source](https://togithub.com/trufflesecurity/trufflehog/compare/v3.67.0...3.67.1) ##### What's Changed - \[chore] Cleanup GitLab source errors by [@​mcastorina](https://togithub.com/mcastorina) in [https://github.com/trufflesecurity/trufflehog/pull/2345](https://togithub.com/trufflesecurity/trufflehog/pull/2345) - \[feat] - concurently scan the filesystem source by [@​ahrav](https://togithub.com/ahrav) in [https://github.com/trufflesecurity/trufflehog/pull/2364](https://togithub.com/trufflesecurity/trufflehog/pull/2364) **Full Changelog**: trufflesecurity/trufflehog@3.67.1...v3.67.1 ### [`v3.67.0`](https://togithub.com/trufflesecurity/trufflehog/releases/tag/v3.67.0) [Compare Source](https://togithub.com/trufflesecurity/trufflehog/compare/v3.66.3...v3.67.0) #### What's Changed - Make AzureDevopsPersonalAccessToken verification more robust by [@​dustin-decker](https://togithub.com/dustin-decker) in [https://github.com/trufflesecurity/trufflehog/pull/2359](https://togithub.com/trufflesecurity/trufflehog/pull/2359) - Polite Verification by [@​ahrav](https://togithub.com/ahrav) in [https://github.com/trufflesecurity/trufflehog/pull/2356](https://togithub.com/trufflesecurity/trufflehog/pull/2356) **Full Changelog**: trufflesecurity/trufflehog@v3.66.3...v3.67.0 ### [`v3.66.3`](https://togithub.com/trufflesecurity/trufflehog/releases/tag/v3.66.3) [Compare Source](https://togithub.com/trufflesecurity/trufflehog/compare/v3.66.2...v3.66.3) #### What's Changed - Allow for configuring the buffered file writer by [@​ahrav](https://togithub.com/ahrav) in [https://github.com/trufflesecurity/trufflehog/pull/2319](https://togithub.com/trufflesecurity/trufflehog/pull/2319) - added flyio protos by [@​lonmarsDev](https://togithub.com/lonmarsDev) in [https://github.com/trufflesecurity/trufflehog/pull/2357](https://togithub.com/trufflesecurity/trufflehog/pull/2357) - Scan GitHub wikis by [@​rgmz](https://togithub.com/rgmz) in [https://github.com/trufflesecurity/trufflehog/pull/2233](https://togithub.com/trufflesecurity/trufflehog/pull/2233) - \[chore] Add filesystem integration test by [@​mcastorina](https://togithub.com/mcastorina) in [https://github.com/trufflesecurity/trufflehog/pull/2358](https://togithub.com/trufflesecurity/trufflehog/pull/2358) - update azure test files to check rawV2 by [@​roxanne-tampus](https://togithub.com/roxanne-tampus) in [https://github.com/trufflesecurity/trufflehog/pull/2353](https://togithub.com/trufflesecurity/trufflehog/pull/2353) - \[bug] fix script change by [@​ahrav](https://togithub.com/ahrav) in [https://github.com/trufflesecurity/trufflehog/pull/2360](https://togithub.com/trufflesecurity/trufflehog/pull/2360) **Full Changelog**: trufflesecurity/trufflehog@v3.66.2...v3.66.3 ### [`v3.66.2`](https://togithub.com/trufflesecurity/trufflehog/releases/tag/v3.66.2) [Compare Source](https://togithub.com/trufflesecurity/trufflehog/compare/v3.66.1...v3.66.2) #### What's Changed - Update the template detector by [@​rgmz](https://togithub.com/rgmz) in [https://github.com/trufflesecurity/trufflehog/pull/2342](https://togithub.com/trufflesecurity/trufflehog/pull/2342) - Detectors Updates 1 for Tristate Verification by [@​0x1](https://togithub.com/0x1) in [https://github.com/trufflesecurity/trufflehog/pull/2187](https://togithub.com/trufflesecurity/trufflehog/pull/2187) - Fix filesystem enumeration ignore paths bug by [@​mcastorina](https://togithub.com/mcastorina) in [https://github.com/trufflesecurity/trufflehog/pull/2355](https://togithub.com/trufflesecurity/trufflehog/pull/2355) - \[feat] - tmp file diffs by [@​ahrav](https://togithub.com/ahrav) in [https://github.com/trufflesecurity/trufflehog/pull/2306](https://togithub.com/trufflesecurity/trufflehog/pull/2306) **Full Changelog**: trufflesecurity/trufflehog@v3.66.1...v3.66.2 ### [`v3.66.1`](https://togithub.com/trufflesecurity/trufflehog/releases/tag/v3.66.1) [Compare Source](https://togithub.com/trufflesecurity/trufflehog/compare/v3.66.0...v3.66.1) #### What's Changed - Azure function key is throwing FPs by [@​dustin-decker](https://togithub.com/dustin-decker) in [https://github.com/trufflesecurity/trufflehog/pull/2352](https://togithub.com/trufflesecurity/trufflehog/pull/2352) **Full Changelog**: trufflesecurity/trufflehog@v3.66.0...v3.66.1 ### [`v3.66.0`](https://togithub.com/trufflesecurity/trufflehog/releases/tag/v3.66.0) [Compare Source](https://togithub.com/trufflesecurity/trufflehog/compare/v3.65.0...v3.66.0) #### What's Changed - \[chore] - make sure to close connections after testing by [@​ahrav](https://togithub.com/ahrav) in [https://github.com/trufflesecurity/trufflehog/pull/2343](https://togithub.com/trufflesecurity/trufflehog/pull/2343) - Prevent print or logging in detectors by [@​dustin-decker](https://togithub.com/dustin-decker) in [https://github.com/trufflesecurity/trufflehog/pull/2341](https://togithub.com/trufflesecurity/trufflehog/pull/2341) - Add the new MaxMind license key format by [@​faktas2](https://togithub.com/faktas2) in [https://github.com/trufflesecurity/trufflehog/pull/2181](https://togithub.com/trufflesecurity/trufflehog/pull/2181) - updates to plain and json printing to include verification error by [@​0x1](https://togithub.com/0x1) in [https://github.com/trufflesecurity/trufflehog/pull/2335](https://togithub.com/trufflesecurity/trufflehog/pull/2335) - added azurefunctionkey detector by [@​roxanne-tampus](https://togithub.com/roxanne-tampus) in [https://github.com/trufflesecurity/trufflehog/pull/2337](https://togithub.com/trufflesecurity/trufflehog/pull/2337) - added azuresearchadminkey detector by [@​roxanne-tampus](https://togithub.com/roxanne-tampus) in [https://github.com/trufflesecurity/trufflehog/pull/2348](https://togithub.com/trufflesecurity/trufflehog/pull/2348) - added azuresearchquerykey detector by [@​roxanne-tampus](https://togithub.com/roxanne-tampus) in [https://github.com/trufflesecurity/trufflehog/pull/2349](https://togithub.com/trufflesecurity/trufflehog/pull/2349) - Improve fp ignore logic by [@​dustin-decker](https://togithub.com/dustin-decker) in [https://github.com/trufflesecurity/trufflehog/pull/2351](https://togithub.com/trufflesecurity/trufflehog/pull/2351) #### New Contributors - [@​faktas2](https://togithub.com/faktas2) made their first contribution in [https://github.com/trufflesecurity/trufflehog/pull/2181](https://togithub.com/trufflesecurity/trufflehog/pull/2181) **Full Changelog**: trufflesecurity/trufflehog@v3.65.0...v3.66.0 ### [`v3.65.0`](https://togithub.com/trufflesecurity/trufflehog/releases/tag/v3.65.0) [Compare Source](https://togithub.com/trufflesecurity/trufflehog/compare/v3.64.0...v3.65.0) #### What's Changed - Walk directories in filesystem source enumeration by [@​mcastorina](https://togithub.com/mcastorina) in [https://github.com/trufflesecurity/trufflehog/pull/2313](https://togithub.com/trufflesecurity/trufflehog/pull/2313) - added azuredevopspersonalaccesstoken detector by [@​roxanne-tampus](https://togithub.com/roxanne-tampus) in [https://github.com/trufflesecurity/trufflehog/pull/2315](https://togithub.com/trufflesecurity/trufflehog/pull/2315) - updating doppler logic by [@​joeleonjr](https://togithub.com/joeleonjr) in [https://github.com/trufflesecurity/trufflehog/pull/2329](https://togithub.com/trufflesecurity/trufflehog/pull/2329) - add priority semaphore to source manager by [@​ahrav](https://togithub.com/ahrav) in [https://github.com/trufflesecurity/trufflehog/pull/2336](https://togithub.com/trufflesecurity/trufflehog/pull/2336) - Add Google oauth2 token detector by [@​rgmz](https://togithub.com/rgmz) in [https://github.com/trufflesecurity/trufflehog/pull/2274](https://togithub.com/trufflesecurity/trufflehog/pull/2274) - Update DockerHub detector logic by [@​rgmz](https://togithub.com/rgmz) in [https://github.com/trufflesecurity/trufflehog/pull/2266](https://togithub.com/trufflesecurity/trufflehog/pull/2266) - Improve GitHub scan logging by [@​rgmz](https://togithub.com/rgmz) in [https://github.com/trufflesecurity/trufflehog/pull/2220](https://togithub.com/trufflesecurity/trufflehog/pull/2220) - add tri-state verification to yelp by [@​zubairk14](https://togithub.com/zubairk14) in [https://github.com/trufflesecurity/trufflehog/pull/1736](https://togithub.com/trufflesecurity/trufflehog/pull/1736) - Fix broken test by [@​dustin-decker](https://togithub.com/dustin-decker) in [https://github.com/trufflesecurity/trufflehog/pull/2339](https://togithub.com/trufflesecurity/trufflehog/pull/2339) **Full Changelog**: trufflesecurity/trufflehog@v3.64.0...v3.65.0 ### [`v3.64.0`](https://togithub.com/trufflesecurity/trufflehog/releases/tag/v3.64.0) [Compare Source](https://togithub.com/trufflesecurity/trufflehog/compare/v3.63.11...v3.64.0) #### What's Changed - Add prometheus metrics to measure hook execution time by [@​mcastorina](https://togithub.com/mcastorina) in [https://github.com/trufflesecurity/trufflehog/pull/2312](https://togithub.com/trufflesecurity/trufflehog/pull/2312) - updating detector logic for zenscrape by [@​joeleonjr](https://togithub.com/joeleonjr) in [https://github.com/trufflesecurity/trufflehog/pull/2316](https://togithub.com/trufflesecurity/trufflehog/pull/2316) - fix for incorrect AWS account number identification by [@​joeleonjr](https://togithub.com/joeleonjr) in [https://github.com/trufflesecurity/trufflehog/pull/2332](https://togithub.com/trufflesecurity/trufflehog/pull/2332) - Narrow Postgres detector to only look for URIs by [@​rosecodym](https://togithub.com/rosecodym) in [https://github.com/trufflesecurity/trufflehog/pull/2314](https://togithub.com/trufflesecurity/trufflehog/pull/2314) - Update Gitlab repo count in tests by [@​rosecodym](https://togithub.com/rosecodym) in [https://github.com/trufflesecurity/trufflehog/pull/2333](https://togithub.com/trufflesecurity/trufflehog/pull/2333) - \[feat] - Replace regexp pkg w/ go-re2 in detectors by [@​ahrav](https://togithub.com/ahrav) in [https://github.com/trufflesecurity/trufflehog/pull/2324](https://togithub.com/trufflesecurity/trufflehog/pull/2324) **Full Changelog**: trufflesecurity/trufflehog@v3.63.11...v3.64.0 ### [`v3.63.11`](https://togithub.com/trufflesecurity/trufflehog/releases/tag/v3.63.11) [Compare Source](https://togithub.com/trufflesecurity/trufflehog/compare/v3.63.10...v3.63.11) #### What's Changed - \[fixup] - save 8 bytes per chunk by [@​ahrav](https://togithub.com/ahrav) in [https://github.com/trufflesecurity/trufflehog/pull/2310](https://togithub.com/trufflesecurity/trufflehog/pull/2310) - fix(deps): update module github.com/hashicorp/golang-lru to v2 by [@​renovate](https://togithub.com/renovate) in [https://github.com/trufflesecurity/trufflehog/pull/2054](https://togithub.com/trufflesecurity/trufflehog/pull/2054) - \[chore] - Update Chunk struct comment by [@​ahrav](https://togithub.com/ahrav) in [https://github.com/trufflesecurity/trufflehog/pull/2317](https://togithub.com/trufflesecurity/trufflehog/pull/2317) - fix(deps): update golang.org/x/exp digest to [`1b97071`](https://togithub.com/trufflesecurity/trufflehog/commit/1b97071) by [@​renovate](https://togithub.com/renovate) in [https://github.com/trufflesecurity/trufflehog/pull/2318](https://togithub.com/trufflesecurity/trufflehog/pull/2318) - fix(deps): update module github.com/couchbase/gocb/v2 to v2.7.1 by [@​renovate](https://togithub.com/renovate) in [https://github.com/trufflesecurity/trufflehog/pull/2320](https://togithub.com/trufflesecurity/trufflehog/pull/2320) - fix(deps): update module github.com/envoyproxy/protoc-gen-validate to v1.0.4 by [@​renovate](https://togithub.com/renovate) in [https://github.com/trufflesecurity/trufflehog/pull/2322](https://togithub.com/trufflesecurity/trufflehog/pull/2322) - fix(deps): update module github.com/aws/aws-sdk-go to v1.50.0 by [@​renovate](https://togithub.com/renovate) in [https://github.com/trufflesecurity/trufflehog/pull/2325](https://togithub.com/trufflesecurity/trufflehog/pull/2325) - \[chore] - reduce test time by [@​ahrav](https://togithub.com/ahrav) in [https://github.com/trufflesecurity/trufflehog/pull/2321](https://togithub.com/trufflesecurity/trufflehog/pull/2321) **Full Changelog**: trufflesecurity/trufflehog@v3.63.10...v3.63.11 ### [`v3.63.10`](https://togithub.com/trufflesecurity/trufflehog/releases/tag/v3.63.10) [Compare Source](https://togithub.com/trufflesecurity/trufflehog/compare/v3.63.9...v3.63.10) #### What's Changed - added azure protos by [@​roxanne-tampus](https://togithub.com/roxanne-tampus) in [https://github.com/trufflesecurity/trufflehog/pull/2304](https://togithub.com/trufflesecurity/trufflehog/pull/2304) - \[fixup ] - Allow ssh cloning with AWS Code Commit by [@​ahrav](https://togithub.com/ahrav) in [https://github.com/trufflesecurity/trufflehog/pull/2307](https://togithub.com/trufflesecurity/trufflehog/pull/2307) - Assume unauthenticated github scans have public visibility by [@​mcastorina](https://togithub.com/mcastorina) in [https://github.com/trufflesecurity/trufflehog/pull/2308](https://togithub.com/trufflesecurity/trufflehog/pull/2308) - \[chore] - Add regex and keyword for api_org tokens by [@​ahrav](https://togithub.com/ahrav) in [https://github.com/trufflesecurity/trufflehog/pull/2240](https://togithub.com/trufflesecurity/trufflehog/pull/2240) **Full Changelog**: trufflesecurity/trufflehog@v3.63.9...v3.63.10 ### [`v3.63.9`](https://togithub.com/trufflesecurity/trufflehog/releases/tag/v3.63.9) [Compare Source](https://togithub.com/trufflesecurity/trufflehog/compare/v3.63.8...v3.63.9) #### What's Changed - \[chore] - update docs for pre-commit by [@​ahrav](https://togithub.com/ahrav) in [https://github.com/trufflesecurity/trufflehog/pull/2280](https://togithub.com/trufflesecurity/trufflehog/pull/2280) - Ignore common false positives for Parseur Detector by [@​rgmz](https://togithub.com/rgmz) in [https://github.com/trufflesecurity/trufflehog/pull/2229](https://togithub.com/trufflesecurity/trufflehog/pull/2229) - Ignore common Signable false positives by [@​rgmz](https://togithub.com/rgmz) in [https://github.com/trufflesecurity/trufflehog/pull/2230](https://togithub.com/trufflesecurity/trufflehog/pull/2230) - fix(deps): update golang.org/x/exp digest to [`be819d1`](https://togithub.com/trufflesecurity/trufflehog/commit/be819d1) by [@​renovate](https://togithub.com/renovate) in [https://github.com/trufflesecurity/trufflehog/pull/2281](https://togithub.com/trufflesecurity/trufflehog/pull/2281) - \[chore] - update test by [@​ahrav](https://togithub.com/ahrav) in [https://github.com/trufflesecurity/trufflehog/pull/2283](https://togithub.com/trufflesecurity/trufflehog/pull/2283) - adding postgres detector by [@​dylanTruffle](https://togithub.com/dylanTruffle) in [https://github.com/trufflesecurity/trufflehog/pull/2108](https://togithub.com/trufflesecurity/trufflehog/pull/2108) - fix(deps): update module github.com/azuread/microsoft-authentication-library-for-go to v1.2.1 by [@​renovate](https://togithub.com/renovate) in [https://github.com/trufflesecurity/trufflehog/pull/2282](https://togithub.com/trufflesecurity/trufflehog/pull/2282) - fix(deps): update golang.org/x/exp digest to [`0dcbfd6`](https://togithub.com/trufflesecurity/trufflehog/commit/0dcbfd6) by [@​renovate](https://togithub.com/renovate) in [https://github.com/trufflesecurity/trufflehog/pull/2284](https://togithub.com/trufflesecurity/trufflehog/pull/2284) - fix(deps): update module github.com/gabriel-vasile/mimetype to v1.4.3 by [@​renovate](https://togithub.com/renovate) in [https://github.com/trufflesecurity/trufflehog/pull/2285](https://togithub.com/trufflesecurity/trufflehog/pull/2285) - Extend memory cache by [@​ahrav](https://togithub.com/ahrav) in [https://github.com/trufflesecurity/trufflehog/pull/2275](https://togithub.com/trufflesecurity/trufflehog/pull/2275) - fix(deps): update module github.com/mattn/go-sqlite3 to v1.14.19 by [@​renovate](https://togithub.com/renovate) in [https://github.com/trufflesecurity/trufflehog/pull/2286](https://togithub.com/trufflesecurity/trufflehog/pull/2286) - chore(deps): update alpine docker tag to v3.19 by [@​renovate](https://togithub.com/renovate) in [https://github.com/trufflesecurity/trufflehog/pull/2287](https://togithub.com/trufflesecurity/trufflehog/pull/2287) - chore(deps): update sigstore/cosign-installer action to v3.3.0 by [@​renovate](https://togithub.com/renovate) in [https://github.com/trufflesecurity/trufflehog/pull/2290](https://togithub.com/trufflesecurity/trufflehog/pull/2290) - fix(deps): update module cloud.google.com/go/storage to v1.36.0 by [@​renovate](https://togithub.com/renovate) in [https://github.com/trufflesecurity/trufflehog/pull/2291](https://togithub.com/trufflesecurity/trufflehog/pull/2291) - fix(deps): update module github.com/aws/aws-sdk-go to v1.49.18 by [@​renovate](https://togithub.com/renovate) in [https://github.com/trufflesecurity/trufflehog/pull/2292](https://togithub.com/trufflesecurity/trufflehog/pull/2292) - feat(installation): Implement checksum signature verification by [@​hibare](https://togithub.com/hibare) in [https://github.com/trufflesecurity/trufflehog/pull/2157](https://togithub.com/trufflesecurity/trufflehog/pull/2157) - fix(deps): update module github.com/aws/aws-sdk-go to v1.49.19 by [@​renovate](https://togithub.com/renovate) in [https://github.com/trufflesecurity/trufflehog/pull/2294](https://togithub.com/trufflesecurity/trufflehog/pull/2294) - fix(deps): update module github.com/bradleyfalzon/ghinstallation/v2 to v2.9.0 by [@​renovate](https://togithub.com/renovate) in [https://github.com/trufflesecurity/trufflehog/pull/2295](https://togithub.com/trufflesecurity/trufflehog/pull/2295) - \[chore] - small updates by [@​ahrav](https://togithub.com/ahrav) in [https://github.com/trufflesecurity/trufflehog/pull/2288](https://togithub.com/trufflesecurity/trufflehog/pull/2288) - \[feat] - Allow for the use of include/exclude path files for filesystem scans by [@​ahrav](https://togithub.com/ahrav) in [https://github.com/trufflesecurity/trufflehog/pull/2297](https://togithub.com/trufflesecurity/trufflehog/pull/2297) - Individuate archive tests by [@​rosecodym](https://togithub.com/rosecodym) in [https://github.com/trufflesecurity/trufflehog/pull/2293](https://togithub.com/trufflesecurity/trufflehog/pull/2293) - \[feat] - Provide CLI flag to only use custom verifiers by [@​ahrav](https://togithub.com/ahrav) in [https://github.com/trufflesecurity/trufflehog/pull/2299](https://togithub.com/trufflesecurity/trufflehog/pull/2299) - Disable postgres detector because it it too sensitive by [@​dustin-decker](https://togithub.com/dustin-decker) in [https://github.com/trufflesecurity/trufflehog/pull/2303](https://togithub.com/trufflesecurity/trufflehog/pull/2303) **Full Changelog**: trufflesecurity/trufflehog@v3.63.8...v3.63.9 ### [`v3.63.8`](https://togithub.com/trufflesecurity/trufflehog/releases/tag/v3.63.8) [Compare Source](https://togithub.com/trufflesecurity/trufflehog/compare/v3.63.7...v3.63.8) #### What's Changed - Fix commit message single quote escaping on GitHub Action by [@​0x2b3bfa0](https://togithub.com/0x2b3bfa0) in [https://github.com/trufflesecurity/trufflehog/pull/2259](https://togithub.com/trufflesecurity/trufflehog/pull/2259) - fix(deps): update module github.com/go-git/go-git/v5 to v5.11.0 \[security] by [@​renovate](https://togithub.com/renovate) in [https://github.com/trufflesecurity/trufflehog/pull/2263](https://togithub.com/trufflesecurity/trufflehog/pull/2263) - Fix non-ASCII whitespace on GitHub Action by [@​0x2b3bfa0](https://togithub.com/0x2b3bfa0) in [https://github.com/trufflesecurity/trufflehog/pull/2270](https://togithub.com/trufflesecurity/trufflehog/pull/2270) - Update GitParse logic to handle edge case. by [@​rgmz](https://togithub.com/rgmz) in [https://github.com/trufflesecurity/trufflehog/pull/2206](https://togithub.com/trufflesecurity/trufflehog/pull/2206) - \[chore] Add test to check all versioned detectors are non-zero by [@​mcastorina](https://togithub.com/mcastorina) in [https://github.com/trufflesecurity/trufflehog/pull/2272](https://togithub.com/trufflesecurity/trufflehog/pull/2272) - Update stripe detector regex by [@​NikhilPanwar](https://togithub.com/NikhilPanwar) in [https://github.com/trufflesecurity/trufflehog/pull/2261](https://togithub.com/trufflesecurity/trufflehog/pull/2261) - Update to Sourcegraph Access token format by [@​shivasurya](https://togithub.com/shivasurya) in [https://github.com/trufflesecurity/trufflehog/pull/2254](https://togithub.com/trufflesecurity/trufflehog/pull/2254) - Bump github.com/cloudflare/circl from 1.3.3 to 1.3.7 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/trufflesecurity/trufflehog/pull/2278](https://togithub.com/trufflesecurity/trufflehog/pull/2278) - Bump github.com/dvsekhvalnov/jose2go from 1.5.0 to 1.6.0 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/trufflesecurity/trufflehog/pull/2279](https://togithub.com/trufflesecurity/trufflehog/pull/2279) - Wrap temp deletion err by [@​rosecodym](https://togithub.com/rosecodym) in [https://github.com/trufflesecurity/trufflehog/pull/2277](https://togithub.com/trufflesecurity/trufflehog/pull/2277) - 1833 Fix syslog udp by [@​df3rry](https://togithub.com/df3rry) in [https://github.com/trufflesecurity/trufflehog/pull/1835](https://togithub.com/trufflesecurity/trufflehog/pull/1835) #### New Contributors - [@​0x2b3bfa0](https://togithub.com/0x2b3bfa0) made their first contribution in [https://github.com/trufflesecurity/trufflehog/pull/2259](https://togithub.com/trufflesecurity/trufflehog/pull/2259) - [@​NikhilPanwar](https://togithub.com/NikhilPanwar) made their first contribution in [https://github.com/trufflesecurity/trufflehog/pull/2261](https://togithub.com/trufflesecurity/trufflehog/pull/2261) - [@​df3rry](https://togithub.com/df3rry) made their first contribution in [https://github.com/trufflesecurity/trufflehog/pull/1835](https://togithub.com/trufflesecurity/trufflehog/pull/1835) **Full Changelog**: trufflesecurity/trufflehog@v3.63.7...v3.63.8 ### [`v3.63.7`](https://togithub.com/trufflesecurity/trufflehog/releases/tag/v3.63.7) [Compare Source](https://togithub.com/trufflesecurity/trufflehog/compare/v3.63.6...v3.63.7) #### What's Changed - Add skip archive support by [@​dustin-decker](https://togithub.com/dustin-decker) in [https://github.com/trufflesecurity/trufflehog/pull/2257](https://togithub.com/trufflesecurity/trufflehog/pull/2257) - Skip all binaries by [@​bill-rich](https://togithub.com/bill-rich) in [https://github.com/trufflesecurity/trufflehog/pull/2256](https://togithub.com/trufflesecurity/trufflehog/pull/2256) - Add handlerOpts back by [@​bill-rich](https://togithub.com/bill-rich) in [https://github.com/trufflesecurity/trufflehog/pull/2258](https://togithub.com/trufflesecurity/trufflehog/pull/2258) - Use directory iterator instead of walkdir by [@​dustin-decker](https://togithub.com/dustin-decker) in [https://github.com/trufflesecurity/trufflehog/pull/2260](https://togithub.com/trufflesecurity/trufflehog/pull/2260) **Full Changelog**: trufflesecurity/trufflehog@v3.63.6...v3.63.7 ### [`v3.63.6`](https://togithub.com/trufflesecurity/trufflehog/releases/tag/v3.63.6) [Compare Source](https://togithub.com/trufflesecurity/trufflehog/compare/v3.63.5...v3.63.6) #### What's Changed - Adds basic if/else check if pid slice is empty by [@​codevbus](https://togithub.com/codevbus) in [https://github.com/trufflesecurity/trufflehog/pull/2244](https://togithub.com/trufflesecurity/trufflehog/pull/2244) - \[fixup] - move cleanup to run by [@​ahrav](https://togithub.com/ahrav) in [https://github.com/trufflesecurity/trufflehog/pull/2245](https://togithub.com/trufflesecurity/trufflehog/pull/2245) - shallow cloning + GitHub Action by [@​joeleonjr](https://togithub.com/joeleonjr) in [https://github.com/trufflesecurity/trufflehog/pull/2138](https://togithub.com/trufflesecurity/trufflehog/pull/2138) - Update GitHub extradata by [@​rgmz](https://togithub.com/rgmz) in [https://github.com/trufflesecurity/trufflehog/pull/2219](https://togithub.com/trufflesecurity/trufflehog/pull/2219) - Avoid extraneous authentication attempts when verifying Snowflake by [@​rgmz](https://togithub.com/rgmz) in [https://github.com/trufflesecurity/trufflehog/pull/2057](https://togithub.com/trufflesecurity/trufflehog/pull/2057) - Add missing import by [@​dustin-decker](https://togithub.com/dustin-decker) in [https://github.com/trufflesecurity/trufflehog/pull/2246](https://togithub.com/trufflesecurity/trufflehog/pull/2246) - \[bug] - Bug archive handler memory leak by [@​ahrav](https://togithub.com/ahrav) in [https://github.com/trufflesecurity/trufflehog/pull/2247](https://togithub.com/trufflesecurity/trufflehog/pull/2247) - \[chore] - use snake_case for naming by [@​ahrav](https://togithub.com/ahrav) in [https://github.com/trufflesecurity/trufflehog/pull/2238](https://togithub.com/trufflesecurity/trufflehog/pull/2238) - \[chore] - add additional binary extensions to skip by [@​ahrav](https://togithub.com/ahrav) in [https://github.com/trufflesecurity/trufflehog/pull/2235](https://togithub.com/trufflesecurity/trufflehog/pull/2235) - \[chore] - lower logging level by [@​ahrav](https://togithub.com/ahrav) in [https://github.com/trufflesecurity/trufflehog/pull/2249](https://togithub.com/trufflesecurity/trufflehog/pull/2249) - \[bug] - Fix Context Timeout-Induced Goroutine Leak in readInChunks by [@​ahrav](https://togithub.com/ahrav) in [https://github.com/trufflesecurity/trufflehog/pull/2251](https://togithub.com/trufflesecurity/trufflehog/pull/2251) - Dedupe some source log keys by [@​rosecodym](https://togithub.com/rosecodym) in [https://github.com/trufflesecurity/trufflehog/pull/2250](https://togithub.com/trufflesecurity/trufflehog/pull/2250) - \[fixup] - Refactor to Pass Reader for Binary Diffs and Archived Data; Optimize /tmp Directory Cleanup by [@​ahrav](https://togithub.com/ahrav) in [https://github.com/trufflesecurity/trufflehog/pull/2253](https://togithub.com/trufflesecurity/trufflehog/pull/2253) - Use walkdir for tmp cleanup by [@​dustin-decker](https://togithub.com/dustin-decker) in [https://github.com/trufflesecurity/trufflehog/pull/2255](https://togithub.com/trufflesecurity/trufflehog/pull/2255) **Full Changelog**: trufflesecurity/trufflehog@v3.63.5...v3.63.6 </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/matter-labs/vault-auth-tee). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4xMDMuMSIsInVwZGF0ZWRJblZlciI6IjM3LjE3My4wIiwidGFyZ2V0QnJhbmNoIjoibWFpbiJ9-->
](https://renovatebot.com){kind=link}
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description:
This PR aims to reduce memory usage when scanning large repositories containing diffs that exceed 10MB. Diffs now write to temporary disk files instead of allocating in-memory buffers.
The 10MB threshold is configurable and could be adjusted based on gathering metrics on average diff size. The bytes.Buffer could also be pre-allocated to the average diff length to optimize memory allocation.
By streaming large diffs to disk rather than buffering fully in memory, we can alleviate memory pressure and OutOfMemory errors that occur when scanning extremely large repositories.
Checklist:
make test-community)?make lintthis requires golangci-lint)?