Unable to scan azuredevops repos
amrityam opened this issue · comments
Describe the bug
I am trying to run gitleaks scan on a publicly available azuredevops repo.
But getting below error.FYI, I am facing this issue with both public and private azuredevops repo.
$ gitleaks --repo=https://dev.azure.com/jsuen0437/jsuen/_git/jsuen
INFO[2020-09-21T20:28:14+02:00] cloning... https://dev.azure.com/jsuen0437/jsuen/_git/jsuen
ERRO[2020-09-21T20:28:14+02:00] unexpected client error: unexpected requesting "https://dev.azure.com/jsuen0437/jsuen/_git/jsuen/git-upload-pack" status code: 400
To Reproduce
Steps to reproduce the behavior:
Install gitleaks in your system and run below command.
gitleaks --repo=https://dev.azure.com/jsuen0437/jsuen/_git/jsuen
Expected behavior
Scan should be successful and it should display the findings.
Screenshots
If applicable, add screenshots to help explain your problem.
Basic Info (please complete the following information):
- OS: tried with both Linux and Windows
- Gitleaks Version: v 6.1.2
Additional context
Just want to know if gitleaks supports scanning of azure devops or not.
cc @zricethezav
You're getting an HTTP 400 (Bad Request) status code, which may mean the URL is incorrect. Try appending ".git" to the end of the URL. Note that you may need to include credentials as well. The command will look something like this:
gitleaks --username=<> --password=<> --repo=https://dev.azure.com/jsuen0437/jsuen/_git/jsuen.git
I tried with multiple options with --access-token=<> as well as --username=<> --password=<>. Still no luck.
Looks like it is not suppoting Azure Repos at this moment. Attaching screenshot for your reference.
Also I think AzureDevOps is not allowing to create alternate credentials anymore instead of which PAT(Personal access Token) should be used. I tried with Personal Access Token, but it didn't work, Same issue is coming.
unexpected client error: unexpected requesting "https://dev.azure.com/amrityamrout/_git/DVWA/git-upload-pack" status code: 400
And the Repo URL is correct by the way. If I try to give wrong access token I am getting authentication required error. Also If i try to put .git at the end of repo url, its showing repository not found. That means repo url is correct. Something is breaking in the code.
Regards,
Amrityam Rout
@timetoplatypus @zricethezav
Looks like there is some issue with go-git package, it has not implemented git v2 protocol which is required by Azure repos.
go-git/go-git#64
src-d/go-git#1058
Regards,
Amrityam Rout
has this problem been resolved? because I also have this problem when I wanted to scan with private azure repos
time="2021-01-06T03:50:00Z" level=error msg="unexpected client error: unexpected requesting "https://dev.azure.com/v-andrepurnomo/Labs%20Azure%20DevOps/_git/eShopWeb/git-upload-pack\" status code: 400"
Hi, I have the same problem. Wanted to use gitleaks as mandatory step in the pull request in Azure DevOps pipelines. But cannot make it work. Same message as described above.
Would love to know if there is a Work Around on this issue, since wanted to use gitleaks over truffleHog, as gitleaks offers username/password and pat tokens needed for ADO private repos.
Gitleaks has been updated to v8.0.0 and this issue will not be fixed moving forward. Sorry for the inconvenience, feel free to fork older versions introduce a fix in your fork.
Gitleaks is not responsible for cloning repos anymore