Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

timeout issues #3215

Open
dgarozzo opened this issue Aug 13, 2024 · 7 comments
Open

timeout issues #3215

dgarozzo opened this issue Aug 13, 2024 · 7 comments
Labels
bug

Comments

@dgarozzo
Copy link

Please review the Community Note before submitting

TruffleHog Version

trufflehog 3.81.8

Trace Output

mestamp":"2024-03-25 05:19:27 +0000","line":13999}}},"SourceType":16,"Verify":true}}
{"level":"info-4","ts":"2024-08-13T16:20:00-04:00","logger":"trufflehog","msg":"finished scanning chunks","scanner_worker_id":"3SH6C"}
{"level":"info-4","ts":"2024-08-13T16:20:00-04:00","logger":"trufflehog","msg":"finished scanning chunks","scanner_worker_id":"1wjud"}
{"level":"error","ts":"2024-08-13T16:20:09-04:00","logger":"trufflehog","msg":"a detector ignored the context timeout","detector_worker_id":"oiX7V","detector":{"type":"PrivateKey"},"timeout":10}
{"level":"error","ts":"2024-08-13T16:20:09-04:00","logger":"trufflehog","msg":"a detector ignored the context timeout","detector_worker_id":"FMbZB","detector":{"type":"PrivateKey"},"timeout":10}
{"level":"error","ts":"2024-08-13T16:20:09-04:00","logger":"trufflehog","msg":"a detector ignored the context timeout","detector_worker_id":"mNbjH","detector":{"type":"PrivateKey"},"timeout":10}
{"level":"error","ts":"2024-08-13T16:20:09-04:00","logger":"trufflehog","msg":"a detector ignored the context timeout","detector_worker_id":"eK3hU","detector":{"type":"PrivateKey"},"timeout":10}
{"level":"error","ts":"2024-08-13T16:20:09-04:00","logger":"trufflehog","msg":"a detector ignored the context timeout","detector_worker_id":"PZhvk","detector":{"type":"PrivateKey"},"timeout":10}
{"level":"error","ts":"2024-08-13T16:20:09-04:00","logger":"trufflehog","msg":"a detector ignored the context timeout","detector_worker_id":"282Ke","detector":{"type":"PrivateKey"},"timeout":10}
{"level":"error","ts":"2024-08-13T16:20:09-04:00","logger":"trufflehog","msg":"a detector ignored the context timeout","detector_worker_id":"6RFX9","detector":{"type":"PrivateKey"},"timeout":10}
{"level":"error","ts":"2024-08-13T16:20:09-04:00","logger":"trufflehog","msg":"a detector ignored the context timeout","detector_worker_id":"owoxi","detector":{"type":"PrivateKey"},"timeout":10}
{"level":"error","ts":"2024-08-13T16:20:09-04:00","logger":"trufflehog","msg":"a detector ignored the context timeout","detector_worker_id":"I6Iwx","detector":{"type":"PrivateKey"},"timeout":10}
{"level":"error","ts":"2024-08-13T16:20:09-04:00","logger":"trufflehog","msg":"a detector ignored the context timeout","detector_worker_id":"UVFZ0","detector":{"type":"PrivateKey"},"timeout":10}

and then it just sits there for 15 minutes...

and then continues and finishes up:

{"level":"info-4","ts":"2024-08-13T16:35:55-04:00","logger":"trufflehog","msg":"link is empty, skipping update","detector_worker_id":"PZhvk","detector":{"type":"PrivateKey"},"timeout":10}
{"level":"info-4","ts":"2024-08-13T16:35:55-04:00","logger":"trufflehog","msg":"link is empty, skipping update","detector_worker_id":"oiX7V","detector":{"type":"PrivateKey"},"timeout":10}
{"level":"info-4","ts":"2024-08-13T16:35:55-04:00","logger":"trufflehog","msg":"link is empty, skipping update","detector_worker_id":"6RFX9","detector":{"type":"PrivateKey"},"timeout":10}
{"level":"info-4","ts":"2024-08-13T16:35:55-04:00","logger":"trufflehog","msg":"link is empty, skipping update","detector_worker_id":"FMbZB","detector":{"type":"PrivateKey"},"timeout":10}
{"level":"info-4","ts":"2024-08-13T16:35:55-04:00","logger":"trufflehog","msg":"link is empty, skipping update","detector_worker_id":"owoxi","detector":{"type":"PrivateKey"},"timeout":10}
{"level":"info-4","ts":"2024-08-13T16:35:55-04:00","logger":"trufflehog","msg":"link is empty, skipping update","detector_worker_id":"282Ke","detector":{"type":"PrivateKey"},"timeout":10}
{"level":"info-4","ts":"2024-08-13T16:35:55-04:00","logger":"trufflehog","msg":"link is empty, skipping update","detector_worker_id":"UVFZ0","detector":{"type":"PrivateKey"},"timeout":10}
{"level":"info-4","ts":"2024-08-13T16:35:59-04:00","logger":"trufflehog","msg":"link is empty, skipping update","detector_worker_id":"eK3hU","detector":{"type":"PrivateKey"},"timeout":10}
{"level":"info-4","ts":"2024-08-13T16:35:59-04:00","logger":"trufflehog","msg":"link is empty, skipping update","detector_worker_id":"mNbjH","detector":{"type":"PrivateKey"},"timeout":10}
{"level":"info-4","ts":"2024-08-13T16:35:59-04:00","logger":"trufflehog","msg":"link is empty, skipping update","detector_worker_id":"I6Iwx","detector":{"type":"PrivateKey"},"timeout":10}
{"level":"info-0","ts":"2024-08-13T16:35:59-04:00","logger":"trufflehog","msg":"finished scanning","chunks":4309,"bytes":3811170,"verified_secrets":0,"unverified_secrets":0,"scan_duration":"16m25.258658746s","trufflehog_version":"3.81.8"}

Expected Behavior

Adhere to the 10 second timeout.

Actual Behavior

the detector doesn't timeout for 15 minutes.

Steps to Reproduce

trufflehog --trace git https://dev.azure.com/asdf/zxcv/_git/qwerty -j --fail --only-verified

Environment

RHEL 8

Additional Context

Doesn't happen on every repo I scan, but it happens on many of them. I'm guessing any that have a match on the "PrivateKey" detector.

References

  • #0000
@dgarozzo dgarozzo added the bug label Aug 13, 2024
@rgmz
Copy link
Contributor

rgmz commented Aug 13, 2024

Related to #3201

@dgarozzo
Copy link
Author

dgarozzo commented Aug 13, 2024
edited
Loading

Tracing things for the PrivateKey detector, I think I've determined that the server I'm using on my network won't allow me to do this:

ssh gitlab.com 22

It sits there for 15 minutes, and then:

kex_exchange_identification: read: Connection timed out

@dustin-decker
Copy link
Contributor

Should be resolved now by #3161

@dustin-decker dustin-decker reopened this Aug 14, 2024
@dustin-decker
Copy link
Contributor

Re-opened. It seems that #3161 didn't fully address this and was in the release that you reported.

@dgarozzo
Copy link
Author

also see an issue with JDBC:

{"level":"error","ts":"2024-08-15T13:51:14-04:00","logger":"trufflehog","msg":"a detector ignored the context timeout","detector_worker_id":"HSikv","detector":{"type":"JDBC"},"timeout":10}

@dgarozzo
Copy link
Author

Are these the two targets for testing PublicKey? I would need to make sure that the server that I'm testing from has access to those server:port locations?

github.com:22
gitlab.com:22

Are there any other targets? I'm assuming the JDBC test would need to be able to reach whatever JDBC connection is targeting.

@dustin-decker
Copy link
Contributor

Yes those are the two targets for now. You are correct about database verification.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Milestone
No milestone
Development

No branches or pull requests
3 participants
@dgarozzo @dustin-decker @rgmz