mirror of
https://github.com/trufflesecurity/trufflehog.git
synced 2024-11-13 00:17:18 +00:00
copy verification errors
This commit is contained in:
Cody Rose
parent
ea3a5593ba
commit
bf3170d866
2 changed files with 17 additions and 13 deletions
|
|
@ -114,7 +114,15 @@ type Result struct {
|
|||
AnalysisInfo map[string]string
|
||||
}
|
||||
|
||||
// SetVerificationError is the only way to set a verification error. Any sensitive values should be passed-in as secrets to be redacted.
|
||||
// CopyVerificationInfo clones verification info (status and error) from another Result struct. This is used when
|
||||
// loading verification info from a verification cache. (A method is necessary because verification errors are not
|
||||
// exported, to prevent the accidental storage of sensitive information in them.)
|
||||
func (r *Result) CopyVerificationInfo(from *Result) {
|
||||
r.Verified = from.Verified
|
||||
r.verificationError = from.verificationError
|
||||
}
|
||||
|
||||
// SetVerificationError is the only way to set a new verification error. Any sensitive values should be passed-in as secrets to be redacted.
|
||||
func (r *Result) SetVerificationError(err error, secrets ...string) {
|
||||
if err != nil {
|
||||
r.verificationError = redactSecrets(err, secrets...)
|
||||
|
|
|
|||
|
|
@ -37,23 +37,19 @@ func FromDataCached(
|
|||
}
|
||||
|
||||
if !forceCacheUpdate {
|
||||
withoutVerification, err := detector.FromData(ctx, false, data)
|
||||
withoutRemoteVerification, err := detector.FromData(ctx, false, data)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
if !verify {
|
||||
return withoutVerification, nil
|
||||
return withoutRemoteVerification, nil
|
||||
}
|
||||
|
||||
isEverythingCached := false
|
||||
var fromCache []detectors.Result
|
||||
for _, r := range withoutVerification {
|
||||
for _, r := range withoutRemoteVerification {
|
||||
if cacheHit, ok := verificationCache.Get(getCacheKey(&r)); ok {
|
||||
fromCache = append(fromCache, *cacheHit)
|
||||
fromCache[len(fromCache)-1].Raw = r.Raw
|
||||
fromCache[len(fromCache)-1].RawV2 = r.RawV2
|
||||
fromCache[len(fromCache)-1].VerificationFromCache = true
|
||||
r.CopyVerificationInfo(cacheHit)
|
||||
} else {
|
||||
isEverythingCached = false
|
||||
break
|
||||
|
|
@ -61,16 +57,16 @@ func FromDataCached(
|
|||
}
|
||||
|
||||
if isEverythingCached {
|
||||
return fromCache, nil
|
||||
return withoutRemoteVerification, nil
|
||||
}
|
||||
}
|
||||
|
||||
withVerification, err := detector.FromData(ctx, verify, data)
|
||||
withRemoteVerification, err := detector.FromData(ctx, verify, data)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
for _, r := range withVerification {
|
||||
for _, r := range withRemoteVerification {
|
||||
copyForCaching := r
|
||||
// Do not persist raw secret values in a long-lived cache
|
||||
copyForCaching.Raw = nil
|
||||
|
|
@ -80,5 +76,5 @@ func FromDataCached(
|
|||
verificationCache.Set(getCacheKey(&r), ©ForCaching)
|
||||
}
|
||||
|
||||
return withVerification, nil
|
||||
return withRemoteVerification, nil
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in a new issue