fix: scan `.git/config` for secrets · aquasecurity/trivy#6699

(2 评论) (5 反应) (1 负责人)Go (35,000 star) (371 fork)batch import

help wantedscan/secret

描述

However, .git/config could sometimes include credentials (see https://github.com/aquasecurity/trivy/pull/5180#discussion_r1601445169). These directories shouldn't be skipped.

技术栈: go
领域: security
议题类型: bug
难度: 3
预计时间: 1-3 hours
活动状态: active
清晰度: clear
前置要求: Go programmingBasic understanding of Trivy scanningKnowledge of .git directory structure
新手友好度: 60
研究方向: The issue is to modify the walker in `pkg/fanal/walker/walk.go` (line 18) to not skip `.git/config` while still skipping other `.git` directories for efficiency. Review the linked PR discussion (#5180) for context on why `.git` is skipped. The change should ensure that only the `.git/config` file is included, not the entire `.git` directory, to maintain performance. Check if there are any existing tests for the walker and add a test case for scanning `.git/config`.