Mirrors/trufflehog
2
0
Fork 0
mirror of https://github.com/trufflesecurity/trufflehog.git synced 2024-09-20 06:31:57 +00:00
Code Issues Projects Releases Packages Wiki Activity

Fix Dockerfiles, readme example, and github rate limit handling

Browse source
This commit is contained in:
Dustin Decker 2022-03-12 07:36:42 -08:00
parent 43de9c3604
commit 794a082b6c
4 changed files with 30 additions and 22 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
Dockerfile
View file

@ -3,8 +3,10 @@ RUN mkdir /build
COPY . /build
WORKDIR /build
RUN CGO_ENABLED=0 go build -a -o trufflehog main.go
RUN mkdir /empty
FROM scratch
COPY --from=builder /empty /tmp
COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt
COPY --from=builder /build/trufflehog /usr/bin/trufflehog
ENTRYPOINT ["/usr/bin/trufflehog"]

2
Dockerfile.goreleaser
View file

@ -1,6 +1,8 @@
FROM golang:bullseye as builder
RUN mkdir /empty
FROM scratch
COPY --from=builder /empty /tmp
COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt
COPY trufflehog /usr/bin/trufflehog
ENTRYPOINT ["/usr/bin/trufflehog"]

2
README.md
View file

@ -21,7 +21,7 @@ Several options:
### 3. Docker
```bash
$ docker run -v "$PWD:/pwd" ghcr.io/trufflesecurity/trufflehog2:latest github --repo https://github.com/dustin-decker/secretsandstuff.git
$ docker run -it -v "$PWD:/pwd" trufflesecurity/trufflehog2:latest github --repo https://github.com/dustin-decker/secretsandstuff --debug
🐷🔑🐷 TruffleHog. Unearth your secrets. 🐷🔑🐷
Found verified result 🐷🔑

46
pkg/sources/github/github.go
View file

@ -354,32 +354,36 @@ func (s *Source) Chunks(ctx context.Context, chunksChan chan *sources.Chunk) err
}
// handleRateLimit returns true if a rate limit was handled
//unauthed github has a rate limit of 60 requests per hour. This will likely only be exhausted if many users/orgs are scanned without auth
// Unauthenticated access to most github endpoints has a rate limit of 60 requests per hour.
// This will likely only be exhausted if many users/orgs are scanned without auth
func handleRateLimit(errIn error, res *github.Response) bool {
knownWait := true
remaining, err := strconv.Atoi(res.Header.Get("x-ratelimit-remaining"))
if err != nil {
knownWait = false
}
resetTime, err := strconv.Atoi(res.Header.Get("x-ratelimit-reset"))
if err != nil || resetTime == 0 {
knownWait = false
}
if knownWait && remaining == 0 {
waitTime := int64(resetTime) - time.Now().Unix()
if waitTime > 0 {
duration := time.Duration(waitTime+1) * time.Second
log.WithField("resumeTime", time.Now().Add(duration).String()).Debugf("rate limited")
time.Sleep(duration)
return true
}
}
limit, ok := errIn.(*github.RateLimitError)
if !ok {
return false
}
if res != nil {
knownWait := true
remaining, err := strconv.Atoi(res.Header.Get("x-ratelimit-remaining"))
if err != nil {
knownWait = false
}
resetTime, err := strconv.Atoi(res.Header.Get("x-ratelimit-reset"))
if err != nil || resetTime == 0 {
knownWait = false
}
if knownWait && remaining == 0 {
waitTime := int64(resetTime) - time.Now().Unix()
if waitTime > 0 {
duration := time.Duration(waitTime+1) * time.Second
log.WithField("resumeTime", time.Now().Add(duration).String()).Debugf("rate limited")
time.Sleep(duration)
return true
}
}
}
log.WithField("retry-after", limit.Message).Debug("handling rate limit (5 minutes retry)")
time.Sleep(time.Minute * 5)
return true