You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Describe the bug
When using gitleaks-docker as a pre-commit hook, the execution of the hook will fail due to a Git error, which shows that there is no "staged" option for the git diff command.
To Reproduce
Create a git hook with pre-commit with this configuration in the .pre-commit-config.yaml file
I'm using an additional .gitleaks.toml configuration file for gitleaks with this content
# This is an extension of GitLeaks configuration to detect MongoDB URI's
title = "Gitleaks MongoDB URI detection rule"
# Make this configuration file an extension of the base GitLeaks configuration.
[extend]
useDefault = true
[[rules]]
description = "MONGODB URI"
id = "mongodb-uri"
regex = '''mongodb\+srv:\/\/(.*):(.*)@(.*)'''
secretGroup = 1
tags = ["secrets"]
keywords = ["mongo", "mongodb", "uri"]
Install the hooks using this command pre-commit install --hook-type pre-commit --hook-type commit-msg --hook-type pre-push
After staging any change, i use git commit, and then Gitleaks fails as shown below:
I just ran into this issue and I think the error message is misleading. The actual cause in my case is that the repo is owned by my user, but the mount point in the container is owned by root; git rejects this directory, and the git diff command erroneously complains about "--staged".
Note: running "git diff --staged" locally in your repo probably works, whereas running it in a directory that is not a repo will yield the same error message.
Trying to run git log in this image, using the same docker command that pre-commit uses:
(501:20 are my user and group id on the local machine) shows the actual problem:
fatal: detected dubious ownership in repository at '/src'
To add an exception for this directory, call:
git config --global --add safe.directory /src
The suggested fix has already been applied in Dockerfile. Unfortunately, it does not work, because the user whose config it is added for is root, not the user that pre-commit runs the command as (in my case, 501:20).
A workaround that seems to succeed is to add an 'entry' to the gitleaks-docker hook which overrides the user setting that is passed by pre-commit:
Unfortunately, I also have to report that on my colleague's MacBook with essentially identical versions the hook works. So I am still looking for the underlying cause.
Describe the bug
When using gitleaks-docker as a pre-commit hook, the execution of the hook will fail due to a Git error, which shows that there is no "staged" option for the
git diff
command.To Reproduce
Create a git hook with pre-commit with this configuration in the
.pre-commit-config.yaml
fileI'm using an additional
.gitleaks.toml
configuration file for gitleaks with this contentInstall the hooks using this command
pre-commit install --hook-type pre-commit --hook-type commit-msg --hook-type pre-push
After staging any change, i use
git commit
, and then Gitleaks fails as shown below:Expected behavior
Gitleaks scans for any leaked information as expected. Git hooks continues to execute normally.
Screenshots
None, same as "To reproduce" steps
Basic Info (please complete the following information):
Additional context
Is the
--staged
option of Git deprecated? the synonym is the--cached
option.Maybe this line is the culprit?
gitleaks/sources/git.go
Line 92 in 6c52f87
cc @zricethezav
The text was updated successfully, but these errors were encountered: