Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Exception in pre-commit mode for first commit in empty repository #349

Open
pmevzek-godaddy opened this issue Apr 13, 2022 · 1 comment
Open

Exception in pre-commit mode for first commit in empty repository #349

pmevzek-godaddy opened this issue Apr 13, 2022 · 1 comment
Labels
bug Something isn't working

Comments

@pmevzek-godaddy
Copy link

🐛 Bug Report

With an empty repository, tartufo pre-commit raises an exception. tartufo scan-local-repo does not raise an exception.

To Reproduce

$ git init test2
Initialized empty Git repository in /private/tmp/test2/.git/
$ cd test2
$ echo OnVybD48OnVybD48c21kOnZvaWNlPiszMi4yMDAwMDAwMDwvc21kOnZvaWNlPjwvc21kOmlzc3VlckluZm8 > secret.txt
$ git add secret.txt
$ tartufo --entropy pre-commit
Traceback (most recent call last):
  File "/Users/mevzek/.local/bin/tartufo", line 8, in <module>
    sys.exit(main())
  File "/Users/mevzek/.local/pipx/venvs/tartufo/lib/python3.9/site-packages/click/core.py", line 1130, in __call__
    return self.main(*args, **kwargs)
  File "/Users/mevzek/.local/pipx/venvs/tartufo/lib/python3.9/site-packages/click/core.py", line 1055, in main
    rv = self.invoke(ctx)
  File "/Users/mevzek/.local/pipx/venvs/tartufo/lib/python3.9/site-packages/click/core.py", line 1657, in invoke
    return _process_result(sub_ctx.command.invoke(sub_ctx))
  File "/Users/mevzek/.local/pipx/venvs/tartufo/lib/python3.9/site-packages/click/core.py", line 1404, in invoke
    return ctx.invoke(self.callback, **ctx.params)
  File "/Users/mevzek/.local/pipx/venvs/tartufo/lib/python3.9/site-packages/click/core.py", line 760, in invoke
    return __callback(*args, **kwargs)
  File "/Users/mevzek/.local/pipx/venvs/tartufo/lib/python3.9/site-packages/click/decorators.py", line 38, in new_func
    return f(get_current_context().obj, *args, **kwargs)
  File "/Users/mevzek/.local/pipx/venvs/tartufo/lib/python3.9/site-packages/click/decorators.py", line 26, in new_func
    return f(get_current_context(), *args, **kwargs)
  File "/Users/mevzek/.local/pipx/venvs/tartufo/lib/python3.9/site-packages/tartufo/commands/pre_commit.py", line 28, in main
    util.process_issues(str(repo_path), scanner, options)
  File "/Users/mevzek/.local/pipx/venvs/tartufo/lib/python3.9/site-packages/tartufo/util.py", line 253, in process_issues
    echo_result(options, scan, repo_path, output_dir)
  File "/Users/mevzek/.local/pipx/venvs/tartufo/lib/python3.9/site-packages/tartufo/util.py", line 104, in echo_result
    for issue in scanner.scan():
  File "/Users/mevzek/.local/pipx/venvs/tartufo/lib/python3.9/site-packages/tartufo/scanner.py", line 571, in scan
    for chunk in self.chunks:  # pylint: disable=too-many-nested-blocks
  File "/Users/mevzek/.local/pipx/venvs/tartufo/lib/python3.9/site-packages/tartufo/scanner.py", line 908, in chunks
    diff_index = self._repo.diff("HEAD")
  File "/Users/mevzek/.local/pipx/venvs/tartufo/lib/python3.9/site-packages/pygit2/repository.py", line 543, in diff
    a = self.__whatever_to_tree_or_blob(a)
  File "/Users/mevzek/.local/pipx/venvs/tartufo/lib/python3.9/site-packages/pygit2/repository.py", line 464, in __whatever_to_tree_or_blob
    obj = self.revparse_single(obj)
KeyError: 'HEAD'

The problem seems to be in pygit2 but tartufo should protect against that.

Doing the commit and then running tartufo scan-local-repo then works (no exception, secret detected):

$ git commit -m 'Added'
[main (root-commit) 050b554] Added
 1 file changed, 1 insertion(+)
 create mode 100644 secret.txt
$ tartufo --entropy scan-local-repo .
~~~~~~~~~~~~~~~~~~~~~
Reason: High Entropy
Filepath: secret.txt
Signature: ca29177c396aa5465f41495af1e486d666308b51b7dab52228730624466cbc25
Commit time: 2022-04-13 14:47:21
Commit message: Added

Commit hash: 050b55440dc9bcc0fa428d15e2ba6991e3ac79a1
Branch: main
diff --git a/secret.txt b/secret.txt
new file mode 100644
index 0000000..049ae76
--- /dev/null
+++ b/secret.txt
@@ -0,0 +1 @@
+OnVybD48c21kOnZvaWNlPiszMi4yMDAwMDAwMDwvc21kOnZvaWNlPjwvc21kOmlzc3VlckluZm8

~~~~~~~~~~~~~~~~~~~~~

Expected Behavior

tartufo pre-commit should work even for first commit in repository

Code Example

Maybe related to #284

Environment

$ tartufo --version
tartufo, version 3.1.3
$ pipx list | grep -A100 tartufo
   package tartufo 3.1.3, installed using Python 3.9.10
    - tartufo
$ /Users/mevzek/.local/pipx/venvs/tartufo/bin/python3 -c 'import pygit2; print(pygit2.LIBGIT2_VER)'
(1, 4, 2)
@pmevzek-godaddy pmevzek-godaddy added the bug Something isn't working label Apr 13, 2022
@sushantmimani
Copy link
Contributor

Hi. This has been fixed in 3.1.4 as well.
#350 (comment)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@sushantmimani @pmevzek-godaddy