Git source should fail if directory doesn't exists

[rgmz]

Please review the Community Note before submitting

TruffleHog Version

HEAD

Description

When using TruffleHog with a file:// uri, the scan will complete with a 0 exit code even if the directory doesn't exist.

$ ls /tmp/fake-dir/
ls: cannot access '/tmp/fake-dir/': No such file or directory
$ ./trufflehog git file:///tmp/fake-dir/
🐷🔑🐷  TruffleHog. Unearth your secrets. 🐷🔑🐷

2024-06-23T18:12:55-04:00       info-0  trufflehog      running source  {"source_manager_worker_id": "XIh5z", "with_units": true}
2024-06-23T18:12:55-04:00       info-0  trufflehog      finished scanning       {"chunks": 0, "bytes": 0, "verified_secrets": 0, "unverified_secrets": 0, "scan_duration": "4.326315ms", "trufflehog_version": "dev"}
$ echo $?
0

[rgmz]

It seems that git.scanDir returns an error (repository does not exist), however, the error seems to vanish into a void.

trufflehog/pkg/sources/git/git.go

Lines 324 to 330 in de19a39

	func (s *Source) scanDir(ctx context.Context, gitDir string, reporter sources.ChunkReporter) error {
	if !s.scanOptions.Bare && strings.HasSuffix(gitDir, "git") {
	// TODO: Figure out why we skip directories ending in "git".
	return nil
	}
	// try paths instead of url
	repo, err := RepoFromPath(gitDir, s.scanOptions.Bare)

trufflehog/pkg/sources/git/git.go

Line 1272 in de19a39

func (s *Source) ChunkUnit(ctx context.Context, unit sources.SourceUnit, reporter sources.ChunkReporter) error {

trufflehog/pkg/sources/source_manager.go

Lines 369 to 372 in de19a39

	if err := source.ChunkUnit(ctx, unit, chunkReporter); err != nil {
	report.ReportError(Fatal{ChunkError{Unit: unit, Err: err}})
	catchFirstFatal(Fatal{err})
	}

Confusingly, scanDirs and scanRepos — which would log such an error — don't seem to run in any configuration I tested. They only get called runWithoutUnits.

trufflehog/pkg/sources/source_manager.go

Line 286 in de19a39

return s.runWithoutUnits(ctx, source, report, targets...)

[sahil9001]

I have raised a PR for this @rgmz , please check

[mcastorina]

#3612 partially addresses this issue by logging the non-fatal errors produced during a scan.

The directory not existing should probably be a fatal error though.

» ./trufflehog git file:///tmp/fake-dir/
🐷🔑🐷  TruffleHog. Unearth your secrets. 🐷🔑🐷

2024-11-14T23:34:31-08:00       info-0  trufflehog      running source  {"source_manager_worker_id": "FdwKg", "with_units": true}
2024-11-14T23:34:31-08:00       error   trufflehog      encountered errors during scan  {"errors": ["error chunking dir \"/tmp/fake-dir/\": repository does not exist"]}
2024-11-14T23:34:31-08:00       info-0  trufflehog      finished scanning       {"chunks": 0, "bytes": 0, "verified_secrets": 0, "unverified_secrets": 0, "scan_duration": "31.771833ms", "trufflehog_version": "dev"}