8000 Fix duplicate findings when scanning directory with path only rules by biggusbeetus · Pull Request #1639 · gitleaks/gitleaks · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

Fix duplicate findings when scanning directory with path only rules #1639

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 5 commits into
base: master
Choose a base branch
from
Open

Fix duplicate findings when scanning directory with path only rules #1639

wants to merge 5 commits into from

Conversation

biggusbeetus
Copy link

Description:

Explain the purpose of the PR.

Checklist:

  • Does your PR pass tests?
  • Have you written new tests for your changes?
    Not needed as it is covered by current tests.
  • Have you lint your code locally prior to submission?

Fixes #1638

@zricethezav
Copy link
Collaborator

Hey @biggusbeetus thanks for the PR! I think this is indeed a bug we should fix. WDYT about this implementation?

diff --git a/detect/detect.go b/detect/detect.go
index b4b7c94..8b48d12 100644
--- a/detect/detect.go
+++ b/detect/detect.go
@@ -109,6 +109,8 @@ type Fragment struct {
 	// newlineIndices is a list of indices of newlines in the raw content.
 	// This is used to calculate the line location of a finding
 	newlineIndices [][]int
+
+	firstFragmentFilePath bool
 }
 
 // NewDetector creates a new detector with the given config
@@ -306,7 +308,7 @@ func (d *Detector) detectRule(fragment Fragment, currentRaw string, r config.Rul
 
 	if r.Path != nil && r.Regex == nil && len(encodedSegments) == 0 {
 		// Path _only_ rule
-		if r.Path.MatchString(fragment.FilePath) {
+		if r.Path.MatchString(fragment.FilePath) && fragment.firstFragmentFilePath {
 			finding := report.Finding{
 				Description: r.Description,
 				File:        fragment.FilePath,
diff --git a/detect/directory.go b/detect/directory.go
index a796bdc..7099c37 100644
--- a/detect/directory.go
+++ b/detect/directory.go
@@ -49,6 +49,8 @@ func (d *Detector) DetectFiles(paths <-chan sources.ScanTarget) ([]report.Findin
 				}
 			}
 
+			firstFragment := true
+
 			// Buffer to hold file chunks
 			buf := make([]byte, chunkSize)
 			totalLines := 0
@@ -114,10 +116,15 @@ func (d *Detector) DetectFiles(paths <-chan sources.ScanTarget) ([]report.Findin
 					linesInChunk := strings.Count(chunk, "\n")
 					totalLines += linesInChunk
 					fragment := Fragment{
-						Raw:      chunk,
-						Bytes:    peekBuf.Bytes(),
-						FilePath: pa.Path,
+						Raw:                   chunk,
+						Bytes:                 peekBuf.Bytes(),
+						FilePath:              pa.Path,
+						firstFragmentFilePath: firstFragment,
 					}
+
+					// Reset firstFragment after the first chunk
+					firstFragment = false
+
 					if pa.Symlink != "" {
 						fragment.SymlinkFile = pa.Symlink
 					}

I think that should work

@biggusbeetus
Copy link
Author

Hi zricethezav, I think this should work :)

@biggusbeetus biggusbeetus force-pushed the fix/directory_path_only_duplicates branch from 068e4c9 to 92c163c Compare March 5, 2025 10:03
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Duplicate Path Only Rule Findings When Scanning Directory
2 participants
@biggusbeetus @zricethezav
0