Mirrors/trufflehog
2
0
Fork 0
mirror of https://github.com/trufflesecurity/trufflehog.git synced 2024-11-10 07:04:24 +00:00
Code Issues Projects Releases Packages Wiki Activity

Use Lstat to identify non-regular files in filesystem source (#2628)

Browse source 
* Use Lstat to identify non-regular files in filesystem source

* fix test
This commit is contained in:
Dustin Decker 2024-03-26 15:22:42 -07:00 committed by GitHub
parent cb5825059a
commit 612ff1a0f1
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 11 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

18
pkg/sources/filesystem/filesystem.go
View file

@ -93,12 +93,17 @@ func (s *Source) Chunks(ctx context.Context, chunksChan chan *sources.Chunk, _ .
s.SetProgressComplete(i, len(s.paths), fmt.Sprintf("Path: %s", path), "") s.SetProgressComplete(i, len(s.paths), fmt.Sprintf("Path: %s", path), "")
cleanPath := filepath.Clean(path) cleanPath := filepath.Clean(path)
fileInfo, err := os.Stat(cleanPath) fileInfo, err := os.Lstat(cleanPath)
if err != nil { if err != nil {
logger.Error(err, "unable to get file info") logger.Error(err, "unable to get file info")
continue continue
} }
if fileInfo.Mode()&os.ModeSymlink != 0 {
logger.Info("skipping, not a regular file", "path", cleanPath)
continue
}
if fileInfo.IsDir() { if fileInfo.IsDir() {
err = s.scanDir(ctx, cleanPath, chunksChan) err = s.scanDir(ctx, cleanPath, chunksChan)
} else { } else {
@ -112,7 +117,6 @@ func (s *Source) Chunks(ctx context.Context, chunksChan chan *sources.Chunk, _ .
return nil return nil
} }
func (s *Source) scanDir(ctx context.Context, path string, chunksChan chan *sources.Chunk) error { func (s *Source) scanDir(ctx context.Context, path string, chunksChan chan *sources.Chunk) error {
workerPool := new(errgroup.Group) workerPool := new(errgroup.Group)
workerPool.SetLimit(s.concurrency) workerPool.SetLimit(s.concurrency)
@ -148,12 +152,12 @@ func (s *Source) scanDir(ctx context.Context, path string, chunksChan chan *sour
func (s *Source) scanFile(ctx context.Context, path string, chunksChan chan *sources.Chunk) error { func (s *Source) scanFile(ctx context.Context, path string, chunksChan chan *sources.Chunk) error {
logger := ctx.Logger().WithValues("path", path) logger := ctx.Logger().WithValues("path", path)
fileStat, err := os.Stat(path) fileStat, err := os.Lstat(path)
if err != nil { if err != nil {
return fmt.Errorf("unable to stat file: %w", err) return fmt.Errorf("unable to stat file: %w", err)
} }
if !fileStat.Mode().IsRegular() { if fileStat.Mode()&os.ModeSymlink != 0 {
return fmt.Errorf("not a regular file") return fmt.Errorf("skipping symlink")
} }
inputFile, err := os.Open(path) inputFile, err := os.Open(path)
@ -231,7 +235,7 @@ func (s *Source) scanFile(ctx context.Context, path string, chunksChan chan *sou
// filepath or a directory. // filepath or a directory.
func (s *Source) Enumerate(ctx context.Context, reporter sources.UnitReporter) error { func (s *Source) Enumerate(ctx context.Context, reporter sources.UnitReporter) error {
for _, path := range s.paths { for _, path := range s.paths {
fileInfo, err := os.Stat(filepath.Clean(path)) fileInfo, err := os.Lstat(filepath.Clean(path))
if err != nil { if err != nil {
if err := reporter.UnitErr(ctx, err); err != nil { if err := reporter.UnitErr(ctx, err); err != nil {
return err return err
@ -274,7 +278,7 @@ func (s *Source) ChunkUnit(ctx context.Context, unit sources.SourceUnit, reporte
logger := ctx.Logger().WithValues("path", path) logger := ctx.Logger().WithValues("path", path)
cleanPath := filepath.Clean(path) cleanPath := filepath.Clean(path)
fileInfo, err := os.Stat(cleanPath) fileInfo, err := os.Lstat(cleanPath)
if err != nil { if err != nil {
return reporter.ChunkErr(ctx, fmt.Errorf("unable to get file info: %w", err)) return reporter.ChunkErr(ctx, fmt.Errorf("unable to get file info: %w", err))
} }