Skip to content

Commit 7746b2c

Browse files
mplzikmplzik
authored
Return non-zero exit code if an error occurs during a scan (#4476)
With its original code, Trufflehog was returning a zero exit code in cases when an error was encountered during a scan. This led to some unexpected situations, such as succeeding if a git repo was not cloned correctly or if a non-existent commit was referenced from `--since-commit`. This commit adds a new flag `--fail-on-scan-errors` that, if enabled, will propagate scan errors further (alongside with the current behavior of reporting them on console), ensuring that Trufflehog returns a non-zero exit code. The change should be fairly safe, as it is hidden behind a flag and if not activated, the original behavior is retained. See also: #4218 Signed-off-by: Milan Plzik <[email protected]>
1 parent 466da5b commit 7746b2c

File tree

1 file changed

+6
-1
lines changed

1 file changed

+6
-1
lines changed

main.go

Lines changed: 6 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -72,6 +72,7 @@ var (
7272
printAvgDetectorTime = cli.Flag("print-avg-detector-time", "Print the average time spent on each detector.").Bool()
7373
noUpdate = cli.Flag("no-update", "Don't check for updates.").Bool()
7474
fail = cli.Flag("fail", "Exit with code 183 if results are found.").Bool()
75+
failOnScanErrors = cli.Flag("fail-on-scan-errors", "Exit with non-zero error code if an error occurs during the scan.").Bool()
7576
verifiers = cli.Flag("verifier", "Set custom verification endpoints.").StringMap()
7677
customVerifiersOnly = cli.Flag("custom-verifiers-only", "Only use custom verification endpoints.").Bool()
7778
detectorTimeout = cli.Flag("detector-timeout", "Maximum time to spend scanning chunks per detector (e.g., 30s).").Duration()
@@ -1081,8 +1082,12 @@ func runSingleScan(ctx context.Context, cmd string, cfg engine.Config) (metrics,
10811082
}
10821083

10831084
// Print any non-fatal errors reported during the scan.
1085+
var retErr error
10841086
for _, ref := range refs {
10851087
if errs := ref.Snapshot().Errors; len(errs) > 0 {
1088+
if *failOnScanErrors {
1089+
retErr = fmt.Errorf("encountered errors during scan")
1090+
}
10861091
errMsgs := make([]string, len(errs))
10871092
for i := 0; i < len(errs); i++ {
10881093
errMsgs[i] = errs[i].Error()
@@ -1099,7 +1104,7 @@ func runSingleScan(ctx context.Context, cmd string, cfg engine.Config) (metrics,
10991104
printAverageDetectorTime(eng)
11001105
}
11011106

1102-
return metrics{Metrics: eng.GetMetrics(), hasFoundResults: eng.HasFoundResults()}, nil
1107+
return metrics{Metrics: eng.GetMetrics(), hasFoundResults: eng.HasFoundResults()}, retErr
11031108
}
11041109

11051110
// parseResults ensures that users provide valid CSV input to `--results`.

0 commit comments

Comments
 (0)