no hash shown in fingerprint

Question

no hash shown in fingerprint

j-lakeman opened this issue 3 months ago · comments

John Lakeman commented 3 months ago

Describe the bug
when a leak is found, no hash is shown in the fingerprint

To Reproduce
Steps to reproduce the behavior:

have test file with a “secret” in it
let Gitleaks find it
see fingerprint without hash

Expected behavior
hash should be in front of file path like in example .gitleaksignore

Screenshots

[I] ~ ❯❯❯ gitleaks detect --log-level warn --no-banner --verbose --no-git --source .config/spotify-player/                                                                                               main ⬆ ✱
Finding:     client_id = "65b708073fc0480ea92a077233ca87bd"
Secret:      65b708073fc0480ea92a077233ca87bd
RuleID:      generic-api-key
Entropy:     3.641127
File:        .config/spotify-player/app.toml
Line:        2
Fingerprint: .config/spotify-player/app.toml:generic-api-key:2

5:56PM WRN leaks found: 1
[I] ~ ❯❯❯

Basic Info (please complete the following information):

OS: Debian GNU/Linux trixie trixie/sid x86_64
Gitleaks Version: 8.16.0-1+b4 amd64

cc @zricethezav

John Lakeman · Answer 1 · Thu May 16 2024 20:59:04 GMT+0800 (China Standard Time)

It seems to have sth to do with the --no-git flag.

Reproduced also on openSUSE Tumbleweed and macOS.

Zachary Rice · Answer 2 · Sat Jun 15 2024 03:23:50 GMT+0800 (China Standard Time)

@j-lakeman that's correct. The hash is the commit sha. If you are running --no-git then the fingerprint will not contain a hash indicating this is a no-git fingerprint