Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package trufflehog for openSUSE:Factory checked in at 2026-03-04 21:08:00 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/trufflehog (Old) and /work/SRC/openSUSE:Factory/.trufflehog.new.561 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "trufflehog" Wed Mar 4 21:08:00 2026 rev:114 rq:1336207 version:3.93.6 Changes: -------- --- /work/SRC/openSUSE:Factory/trufflehog/trufflehog.changes 2026-02-27 17:14:12.254792503 +0100 +++ /work/SRC/openSUSE:Factory/.trufflehog.new.561/trufflehog.changes 2026-03-04 21:08:36.104838735 +0100 @@ -1,0 +2,7 @@ +Mon Mar 02 06:17:19 UTC 2026 - Johannes Kastl <[email protected]> + +- Update to version 3.93.6: + * Move verify flag into `detectableChunk` (#4558) + * GH_TOKEN needed for gh (#4772) + +------------------------------------------------------------------- Old: ---- trufflehog-3.93.5.obscpio New: ---- trufflehog-3.93.6.obscpio ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ trufflehog.spec ++++++ --- /var/tmp/diff_new_pack.sP5Nns/_old 2026-03-04 21:08:38.432934953 +0100 +++ /var/tmp/diff_new_pack.sP5Nns/_new 2026-03-04 21:08:38.432934953 +0100 @@ -17,7 +17,7 @@ Name: trufflehog -Version: 3.93.5 +Version: 3.93.6 Release: 0 Summary: CLI tool to find exposed secrets in source and archives License: AGPL-3.0-or-later ++++++ _service ++++++ --- /var/tmp/diff_new_pack.sP5Nns/_old 2026-03-04 21:08:38.480936938 +0100 +++ /var/tmp/diff_new_pack.sP5Nns/_new 2026-03-04 21:08:38.488937268 +0100 @@ -2,7 +2,7 @@ <service name="obs_scm" mode="manual"> <param name="url">https://github.com/trufflesecurity/trufflehog.git</param> <param name="scm">git</param> - <param name="revision">v3.93.5</param> + <param name="revision">v3.93.6</param> <param name="match-tag">v*</param> <param name="versionformat">@PARENT_TAG@</param> <param name="versionrewrite-pattern">v(.*)</param> ++++++ _servicedata ++++++ --- /var/tmp/diff_new_pack.sP5Nns/_old 2026-03-04 21:08:38.512938260 +0100 +++ /var/tmp/diff_new_pack.sP5Nns/_new 2026-03-04 21:08:38.528938921 +0100 @@ -1,6 +1,6 @@ <servicedata> <service name="tar_scm"> <param name="url">https://github.com/trufflesecurity/trufflehog.git</param> - <param name="changesrevision">7cdc7ef878439f74842c00422c65ab864ed83125</param></service></servicedata> + <param name="changesrevision">041f07e9df901a1038a528e5525b0226d04dd5ea</param></service></servicedata> (No newline at EOF) ++++++ trufflehog-3.93.5.obscpio -> trufflehog-3.93.6.obscpio ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/trufflehog-3.93.5/.github/workflows/release-guard.yml new/trufflehog-3.93.6/.github/workflows/release-guard.yml --- old/trufflehog-3.93.5/.github/workflows/release-guard.yml 2026-02-26 20:28:23.000000000 +0100 +++ new/trufflehog-3.93.6/.github/workflows/release-guard.yml 2026-02-27 16:05:52.000000000 +0100 @@ -31,3 +31,5 @@ echo "Restoring $PREVIOUS_TAG as latest..." gh release edit "$PREVIOUS_TAG" --latest + env: + GH_TOKEN: ${{ github.token }} diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/trufflehog-3.93.5/pkg/decoders/escaped_unicode.go new/trufflehog-3.93.6/pkg/decoders/escaped_unicode.go --- old/trufflehog-3.93.5/pkg/decoders/escaped_unicode.go 2026-02-26 20:28:23.000000000 +0100 +++ new/trufflehog-3.93.6/pkg/decoders/escaped_unicode.go 2026-02-27 16:05:52.000000000 +0100 @@ -111,7 +111,7 @@ SecretID: chunk.SecretID, SourceMetadata: chunk.SourceMetadata, SourceType: chunk.SourceType, - Verify: chunk.Verify, + SourceVerify: chunk.SourceVerify, }, } } else { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/trufflehog-3.93.5/pkg/engine/engine.go new/trufflehog-3.93.6/pkg/engine/engine.go --- old/trufflehog-3.93.5/pkg/engine/engine.go 2026-02-26 20:28:23.000000000 +0100 +++ new/trufflehog-3.93.6/pkg/engine/engine.go 2026-02-27 16:05:52.000000000 +0100 @@ -777,6 +777,7 @@ chunk sources.Chunk decoder detectorspb.DecoderType wgDoneFn func() + verify bool } // verificationOverlapChunk is a decoded chunk that has multiple detectors that match it. @@ -851,7 +852,7 @@ for chunk := range e.ChunksChan() { startTime := time.Now() - sourceVerify := chunk.Verify + sourceVerify := chunk.SourceVerify decoded := iterativeDecode(chunk, e.decoders, e.maxDecodeDepth) @@ -869,12 +870,12 @@ } for _, detector := range matchingDetectors { - d.Chunk.Verify = e.shouldVerifyChunk(sourceVerify, detector, e.detectorVerificationOverrides) wgDetect.Add(1) e.detectableChunksChan <- detectableChunk{ chunk: *d.Chunk, detector: detector, decoder: d.DecoderType, + verify: e.shouldVerifyChunk(sourceVerify, detector, e.detectorVerificationOverrides), wgDoneFn: wgDetect.Done, } } @@ -1069,11 +1070,11 @@ for _, detector := range detectorKeysWithResults { wgDetect.Add(1) - chunk.chunk.Verify = e.shouldVerifyChunk(chunk.chunk.Verify, detector, e.detectorVerificationOverrides) e.detectableChunksChan <- detectableChunk{ chunk: chunk.chunk, detector: detector, decoder: chunk.decoder, + verify: e.shouldVerifyChunk(chunk.chunk.SourceVerify, detector, e.detectorVerificationOverrides), wgDoneFn: wgDetect.Done, } } @@ -1136,7 +1137,7 @@ results, err := e.verificationCache.FromData( ctx, data.detector.Detector, - data.chunk.Verify, + data.verify, data.chunk.SecretID != 0, matchBytes) t.Stop() diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/trufflehog-3.93.5/pkg/engine/engine_test.go new/trufflehog-3.93.6/pkg/engine/engine_test.go --- old/trufflehog-3.93.5/pkg/engine/engine_test.go 2026-02-26 20:28:23.000000000 +0100 +++ new/trufflehog-3.93.6/pkg/engine/engine_test.go 2026-02-27 16:05:52.000000000 +0100 @@ -1501,77 +1501,115 @@ func (p passthroughDecoder) Type() detectorspb.DecoderType { return detectorspb.DecoderType(-1) } +// TestEngine_DetectChunk_UsesVerifyFlag validates that detectChunk correctly forwards detectableChunk.verify to +// detectors. func TestEngine_DetectChunk_UsesVerifyFlag(t *testing.T) { ctx := context.Background() - // Arrange: Create a minimal engine. - e := &Engine{ - results: make(chan detectors.ResultWithMetadata, 1), - verificationCache: verificationcache.New(nil, &verificationcache.InMemoryMetrics{}), + testCases := []struct { + name string + verify bool + }{ + {name: "verify=true", verify: true}, + {name: "verify=false", verify: false}, } - // Arrange: Create a detector match. We can't create one directly, so we have to use a minimal A-H core. - ahcore := ahocorasick.NewAhoCorasickCore([]detectors.Detector{passthroughDetector{keywords: []string{"keyword"}}}) - detectorMatches := ahcore.FindDetectorMatches([]byte("keyword")) - require.Len(t, detectorMatches, 1) - - // Arrange: Create a chunk to detect. - chunk := detectableChunk{ - chunk: sources.Chunk{ - Verify: true, - }, - detector: detectorMatches[0], - wgDoneFn: func() {}, - } + for _, tc := range testCases { + t.Run(tc.name, func(t *testing.T) { + // Arrange: Create a minimal engine. + e := &Engine{ + results: make(chan detectors.ResultWithMetadata, 1), + verificationCache: verificationcache.New(nil, &verificationcache.InMemoryMetrics{}), + } + + // Arrange: Create a detector match. We can't create one directly, so we have to use a minimal A-H core. + ahcore := ahocorasick.NewAhoCorasickCore([]detectors.Detector{passthroughDetector{keywords: []string{"keyword"}}}) + detectorMatches := ahcore.FindDetectorMatches([]byte("keyword")) + require.Len(t, detectorMatches, 1) + + // Arrange: Create a chunk to detect. + chunk := detectableChunk{ + detector: detectorMatches[0], + verify: tc.verify, + wgDoneFn: func() {}, + } - // Act - e.detectChunk(ctx, chunk) - close(e.results) - - // Assert: Confirm that a result was generated and that it has the expected verify flag. - select { - case result := <-e.results: - assert.True(t, result.Result.Verified) - default: - t.Errorf("expected a result but did not get one") + // Act + e.detectChunk(ctx, chunk) + close(e.results) + + // Assert: Confirm that a result was generated and that it has the expected verify flag. + select { + case result := <-e.results: + assert.Equal(t, tc.verify, result.Result.Verified) + default: + t.Errorf("expected a result but did not get one") + } + }) } } +// TestEngine_ScannerWorker_DetectableChunkHasCorrectVerifyFlag validates that scannerWorker generates detectableChunk +// structs that have the correct verify flag set. It also validates that the original chunks' SourceVerify flags are +// unchanged. func TestEngine_ScannerWorker_DetectableChunkHasCorrectVerifyFlag(t *testing.T) { ctx := context.Background() - // Arrange: Create a minimal engine. - detector := &passthroughDetector{keywords: []string{"keyword"}} - e := &Engine{ - AhoCorasickCore: ahocorasick.NewAhoCorasickCore([]detectors.Detector{detector}), - decoders: []decoders.Decoder{passthroughDecoder{}}, - detectableChunksChan: make(chan detectableChunk, 1), - sourceManager: sources.NewManager(), - verify: true, - maxDecodeDepth: 1, - } + testCases := []struct { + name string + engineVerify bool + sourceVerify bool + wantVerify bool + }{ + {name: "engineVerify=false,sourceVerify=false", engineVerify: false, sourceVerify: false, wantVerify: false}, + {name: "engineVerify=false,sourceVerify=true", engineVerify: false, sourceVerify: true, wantVerify: false}, + {name: "engineVerify=true,sourceVerify=false", engineVerify: true, sourceVerify: false, wantVerify: false}, + {name: "engineVerify=true,sourceVerify=true", engineVerify: true, sourceVerify: true, wantVerify: true}, + } + + for _, tc := range testCases { + t.Run(tc.name, func(t *testing.T) { + // Arrange: Create a minimal engine. + detector := &passthroughDetector{keywords: []string{"keyword"}} + e := &Engine{ + AhoCorasickCore: ahocorasick.NewAhoCorasickCore([]detectors.Detector{detector}), + decoders: []decoders.Decoder{passthroughDecoder{}}, + detectableChunksChan: make(chan detectableChunk, 1), + sourceManager: sources.NewManager(), + verify: tc.engineVerify, + maxDecodeDepth: 1, + } - // Arrange: Create a chunk to scan. - chunk := sources.Chunk{ - Data: []byte("keyword"), - Verify: true, - } + // Arrange: Create a chunk to scan. + chunk := sources.Chunk{ + Data: []byte("keyword"), + SourceVerify: tc.sourceVerify, + } - // Arrange: Enqueue a chunk to be scanned. - e.sourceManager.ScanChunk(&chunk) + // Arrange: Enqueue a chunk to be scanned. + e.sourceManager.ScanChunk(&chunk) - // Act - go e.scannerWorker(ctx) + // Act + go e.scannerWorker(ctx) - // Assert: Confirm that a chunk was generated and that it has the expected verify flag. - select { - case chunk := <-e.detectableChunksChan: - assert.True(t, chunk.chunk.Verify) - case <-time.After(1 * time.Second): - t.Errorf("expected a detectableChunk but did not get one") + // Assert: Confirm that a chunk was generated, that its SourceVerify flag is unchanged, and that its verify + // flag is correctly set. + select { + case chunk := <-e.detectableChunksChan: + assert.Equal(t, tc.sourceVerify, chunk.chunk.SourceVerify) + assert.Equal(t, tc.wantVerify, chunk.verify) + case <-time.After(1 * time.Second): + t.Errorf("expected a detectableChunk but did not get one") + } + }) } } +// TestEngine_VerificationOverlapWorker_DetectableChunkHasCorrectVerifyFlag validates that the results directly +// generated by verificationOverlapWorker all came from detector invocations with the verify flag cleared (because these +// results were generated from verification overlaps). It also validates that detectableChunk structs generated by +// verificationOverlapWorker have their verify flags correctly set, and that these structs' original chunks' +// SourceVerify flags are unchanged. func TestEngine_VerificationOverlapWorker_DetectableChunkHasCorrectVerifyFlag(t *testing.T) { ctx := context.Background() @@ -1597,8 +1635,8 @@ // Arrange: Create a chunk to "scan." chunk := sources.Chunk{ - Data: []byte("keyword ;oahpow8heg;blaisd"), - Verify: true, + Data: []byte("keyword ;oahpow8heg;blaisd"), + SourceVerify: true, } // Arrange: Create overlapping detector matches. We can't create them directly, so we have to use a minimal A-H @@ -1628,11 +1666,13 @@ assert.False(t, result.Result.Verified) } - // Assert: Confirm that every generated detectable chunk carries the original Verify flag. + // Assert: Confirm that every generated detectable chunk's Chunk.SourceVerify flag is unchanged and that its + // verify flag is correctly set. // CMR: There should be not be any of these chunks. However, due to what I believe is an unrelated bug, there - // are. This test ensures that even in that erroneous case, their Verify flag is correct. + // are. This test ensures that even in that erroneous case, their contents are correct. for detectableChunk := range processedDetectableChunks { - assert.True(t, detectableChunk.chunk.Verify) + assert.True(t, detectableChunk.verify) + assert.True(t, detectableChunk.chunk.SourceVerify) } }) t.Run("no overlap", func(t *testing.T) { @@ -1656,8 +1696,8 @@ // Arrange: Create a chunk to "scan." chunk := sources.Chunk{ - Data: []byte("keyword ;oahpow8heg;blaisd"), - Verify: true, + Data: []byte("keyword ;oahpow8heg;blaisd"), + SourceVerify: true, } // Arrange: Create non-overlapping detector matches. We can't create them directly, so we have to use a minimal @@ -1681,9 +1721,10 @@ close(e.detectableChunksChan) close(processedDetectableChunks) - // Assert: Confirm that every generated detectable chunk carries the original Verify flag. + // Assert: Confirm that SourceVerify flags are unchanged, and verify flags are correctly set. for detectableChunk := range processedDetectableChunks { - assert.True(t, detectableChunk.chunk.Verify) + assert.True(t, detectableChunk.chunk.SourceVerify) + assert.True(t, detectableChunk.verify) } }) } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/trufflehog-3.93.5/pkg/sources/circleci/circleci.go new/trufflehog-3.93.6/pkg/sources/circleci/circleci.go --- old/trufflehog-3.93.5/pkg/sources/circleci/circleci.go 2026-02-26 20:28:23.000000000 +0100 +++ new/trufflehog-3.93.6/pkg/sources/circleci/circleci.go 2026-02-27 16:05:52.000000000 +0100 @@ -375,7 +375,7 @@ }, }, }, - Verify: s.verify, + SourceVerify: s.verify, } if err := data.Error(); err != nil { return err diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/trufflehog-3.93.5/pkg/sources/docker/docker.go new/trufflehog-3.93.6/pkg/sources/docker/docker.go --- old/trufflehog-3.93.5/pkg/sources/docker/docker.go 2026-02-26 20:28:23.000000000 +0100 +++ new/trufflehog-3.93.6/pkg/sources/docker/docker.go 2026-02-27 16:05:52.000000000 +0100 @@ -351,8 +351,8 @@ }, }, }, - Verify: s.verify, - Data: []byte(historyInfo.entry.CreatedBy), + SourceVerify: s.verify, + Data: []byte(historyInfo.entry.CreatedBy), } ctx.Logger().V(2).Info("scanning image history entry", "index", historyInfo.index, "layer", historyInfo.layerDigest) @@ -464,7 +464,7 @@ }, }, }, - Verify: s.verify, + SourceVerify: s.verify, } chunk.Data = data.Bytes() diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/trufflehog-3.93.5/pkg/sources/elasticsearch/elasticsearch.go new/trufflehog-3.93.6/pkg/sources/elasticsearch/elasticsearch.go --- old/trufflehog-3.93.5/pkg/sources/elasticsearch/elasticsearch.go 2026-02-26 20:28:23.000000000 +0100 +++ new/trufflehog-3.93.6/pkg/sources/elasticsearch/elasticsearch.go 2026-02-27 16:05:52.000000000 +0100 @@ -202,7 +202,7 @@ }, }, }, - Verify: s.verify, + SourceVerify: s.verify, } chunk.Data = []byte(document.message) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/trufflehog-3.93.5/pkg/sources/filesystem/filesystem.go new/trufflehog-3.93.6/pkg/sources/filesystem/filesystem.go --- old/trufflehog-3.93.5/pkg/sources/filesystem/filesystem.go 2026-02-26 20:28:23.000000000 +0100 +++ new/trufflehog-3.93.6/pkg/sources/filesystem/filesystem.go 2026-02-27 16:05:52.000000000 +0100 @@ -346,7 +346,7 @@ }, }, }, - Verify: s.verify, + SourceVerify: s.verify, } return handlers.HandleFile(fileCtx, inputFile, chunkSkel, sources.ChanReporter{Ch: chunksChan}) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/trufflehog-3.93.5/pkg/sources/gcs/gcs.go new/trufflehog-3.93.6/pkg/sources/gcs/gcs.go --- old/trufflehog-3.93.5/pkg/sources/gcs/gcs.go 2026-02-26 20:28:23.000000000 +0100 +++ new/trufflehog-3.93.6/pkg/sources/gcs/gcs.go 2026-02-27 16:05:52.000000000 +0100 @@ -333,11 +333,11 @@ func (s *Source) processObject(ctx context.Context, o object) error { chunkSkel := &sources.Chunk{ - SourceName: s.name, - SourceType: s.Type(), - JobID: s.JobID(), - SourceID: s.sourceId, - Verify: s.verify, + SourceName: s.name, + SourceType: s.Type(), + JobID: s.JobID(), + SourceID: s.sourceId, + SourceVerify: s.verify, SourceMetadata: &source_metadatapb.MetaData{ Data: &source_metadatapb.MetaData_Gcs{ Gcs: &source_metadatapb.GCS{ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/trufflehog-3.93.5/pkg/sources/gcs/gcs_integration_test.go new/trufflehog-3.93.6/pkg/sources/gcs/gcs_integration_test.go --- old/trufflehog-3.93.5/pkg/sources/gcs/gcs_integration_test.go 2026-02-26 20:28:23.000000000 +0100 +++ new/trufflehog-3.93.6/pkg/sources/gcs/gcs_integration_test.go 2026-02-27 16:05:52.000000000 +0100 @@ -79,10 +79,10 @@ want := []*sources.Chunk{ { - SourceName: "test", - SourceType: sourcespb.SourceType_SOURCE_TYPE_GCS, - SourceID: 0, - Verify: true, + SourceName: "test", + SourceType: sourcespb.SourceType_SOURCE_TYPE_GCS, + SourceID: 0, + SourceVerify: true, SourceMetadata: &source_metadatapb.MetaData{ Data: &source_metadatapb.MetaData_Gcs{ Gcs: &source_metadatapb.GCS{ @@ -164,10 +164,10 @@ chunks := make([]*sources.Chunk, 0, len(objects)) for _, o := range objects { chunks = append(chunks, &sources.Chunk{ - SourceName: "test", - SourceType: sourcespb.SourceType_SOURCE_TYPE_GCS, - SourceID: 0, - Verify: true, + SourceName: "test", + SourceType: sourcespb.SourceType_SOURCE_TYPE_GCS, + SourceID: 0, + SourceVerify: true, SourceMetadata: &source_metadatapb.MetaData{ Data: &source_metadatapb.MetaData_Gcs{ Gcs: &source_metadatapb.GCS{ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/trufflehog-3.93.5/pkg/sources/gcs/gcs_test.go new/trufflehog-3.93.6/pkg/sources/gcs/gcs_test.go --- old/trufflehog-3.93.5/pkg/sources/gcs/gcs_test.go 2026-02-26 20:28:23.000000000 +0100 +++ new/trufflehog-3.93.6/pkg/sources/gcs/gcs_test.go 2026-02-27 16:05:52.000000000 +0100 @@ -271,11 +271,11 @@ func createTestSourceChunk(id int) *sources.Chunk { return &sources.Chunk{ - SourceName: "test", - SourceType: sourcespb.SourceType_SOURCE_TYPE_GCS, - SourceID: 0, - Verify: true, - Data: []byte(fmt.Sprintf("hello world %d", id)), + SourceName: "test", + SourceType: sourcespb.SourceType_SOURCE_TYPE_GCS, + SourceID: 0, + SourceVerify: true, + Data: []byte(fmt.Sprintf("hello world %d", id)), SourceMetadata: &source_metadatapb.MetaData{ Data: &source_metadatapb.MetaData_Gcs{ Gcs: &source_metadatapb.GCS{ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/trufflehog-3.93.5/pkg/sources/git/git.go new/trufflehog-3.93.6/pkg/sources/git/git.go --- old/trufflehog-3.93.5/pkg/sources/git/git.go 2026-02-26 20:28:23.000000000 +0100 +++ new/trufflehog-3.93.6/pkg/sources/git/git.go 2026-02-27 16:05:52.000000000 +0100 @@ -762,7 +762,7 @@ SourceType: s.sourceType, SourceMetadata: metadata, Data: []byte(sb.String()), - Verify: s.verify, + SourceVerify: s.verify, } if err := reporter.ChunkOk(ctx, chunk); err != nil { return err @@ -796,7 +796,7 @@ JobID: s.jobID, SourceType: s.sourceType, SourceMetadata: metadata, - Verify: s.verify, + SourceVerify: s.verify, } if err := HandleBinary(ctx, gitDir, reporter, chunkSkel, commitHash, fileName, s.skipArchives); err != nil { @@ -845,7 +845,7 @@ SourceType: s.sourceType, SourceMetadata: metadata, Data: data, - Verify: s.verify, + SourceVerify: s.verify, } return reporter.ChunkOk(ctx, chunk) } @@ -883,7 +883,7 @@ SourceType: s.sourceType, SourceMetadata: metadata, Data: append([]byte{}, newChunkBuffer.Bytes()...), - Verify: s.verify, + SourceVerify: s.verify, } if err := reporter.ChunkOk(ctx, chunk); err != nil { // TODO: Return error. @@ -903,7 +903,7 @@ SourceType: s.sourceType, SourceMetadata: metadata, Data: line, - Verify: s.verify, + SourceVerify: s.verify, } if err := reporter.ChunkOk(ctx, chunk); err != nil { // TODO: Return error. @@ -927,7 +927,7 @@ SourceType: s.sourceType, SourceMetadata: metadata, Data: append([]byte{}, newChunkBuffer.Bytes()...), - Verify: s.verify, + SourceVerify: s.verify, } if err := reporter.ChunkOk(ctx, chunk); err != nil { // TODO: Return error. @@ -1027,7 +1027,7 @@ JobID: s.jobID, SourceType: s.sourceType, SourceMetadata: metadata, - Verify: s.verify, + SourceVerify: s.verify, } if err := HandleBinary(ctx, gitDir, reporter, chunkSkel, commitHash, fileName, s.skipArchives); err != nil { logger.Error(err, "error handling binary file") @@ -1057,7 +1057,7 @@ SourceType: s.sourceType, SourceMetadata: metadata, Data: data, - Verify: s.verify, + SourceVerify: s.verify, } return reporter.ChunkOk(ctx, chunk) } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/trufflehog-3.93.5/pkg/sources/git/git_test.go new/trufflehog-3.93.6/pkg/sources/git/git_test.go --- old/trufflehog-3.93.5/pkg/sources/git/git_test.go 2026-02-26 20:28:23.000000000 +0100 +++ new/trufflehog-3.93.6/pkg/sources/git/git_test.go 2026-02-27 16:05:52.000000000 +0100 @@ -96,9 +96,9 @@ concurrency: 4, }, wantChunk: &sources.Chunk{ - SourceType: sourcespb.SourceType_SOURCE_TYPE_GIT, - SourceName: "this repo", - Verify: false, + SourceType: sourcespb.SourceType_SOURCE_TYPE_GIT, + SourceName: "this repo", + SourceVerify: false, }, wantErr: false, }, @@ -115,9 +115,9 @@ concurrency: 4, }, wantChunk: &sources.Chunk{ - SourceType: sourcespb.SourceType_SOURCE_TYPE_GIT, - SourceName: "test source", - Verify: false, + SourceType: sourcespb.SourceType_SOURCE_TYPE_GIT, + SourceName: "test source", + SourceVerify: false, }, wantErr: false, }, @@ -134,9 +134,9 @@ concurrency: 0, }, wantChunk: &sources.Chunk{ - SourceType: sourcespb.SourceType_SOURCE_TYPE_GIT, - SourceName: "test source", - Verify: false, + SourceType: sourcespb.SourceType_SOURCE_TYPE_GIT, + SourceName: "test source", + SourceVerify: false, }, wantErr: false, }, @@ -156,9 +156,9 @@ concurrency: 4, }, wantChunk: &sources.Chunk{ - SourceType: sourcespb.SourceType_SOURCE_TYPE_GIT, - SourceName: "test source", - Verify: false, + SourceType: sourcespb.SourceType_SOURCE_TYPE_GIT, + SourceName: "test source", + SourceVerify: false, }, wantErr: false, }, diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/trufflehog-3.93.5/pkg/sources/github/github.go new/trufflehog-3.93.6/pkg/sources/github/github.go --- old/trufflehog-3.93.5/pkg/sources/github/github.go 2026-02-26 20:28:23.000000000 +0100 +++ new/trufflehog-3.93.6/pkg/sources/github/github.go 2026-02-27 16:05:52.000000000 +0100 @@ -1252,8 +1252,8 @@ }, }, }, - Data: []byte(sanitizer.UTF8(comment.GetBody())), - Verify: s.verify, + Data: []byte(sanitizer.UTF8(comment.GetBody())), + SourceVerify: s.verify, } if err := reporter.ChunkOk(ctx, chunk); err != nil { @@ -1389,8 +1389,8 @@ }, }, }, - Data: []byte(sanitizer.UTF8(issue.GetTitle() + "\n" + issue.GetBody())), - Verify: s.verify, + Data: []byte(sanitizer.UTF8(issue.GetTitle() + "\n" + issue.GetBody())), + SourceVerify: s.verify, } if err := reporter.ChunkOk(ctx, chunk); err != nil { @@ -1456,8 +1456,8 @@ }, }, }, - Data: []byte(sanitizer.UTF8(comment.GetBody())), - Verify: s.verify, + Data: []byte(sanitizer.UTF8(comment.GetBody())), + SourceVerify: s.verify, } if err := reporter.ChunkOk(ctx, chunk); err != nil { @@ -1552,8 +1552,8 @@ }, }, }, - Data: []byte(sanitizer.UTF8(pr.GetTitle() + "\n" + pr.GetBody())), - Verify: s.verify, + Data: []byte(sanitizer.UTF8(pr.GetTitle() + "\n" + pr.GetBody())), + SourceVerify: s.verify, } if err := reporter.ChunkOk(ctx, chunk); err != nil { @@ -1588,8 +1588,8 @@ }, }, }, - Data: []byte(sanitizer.UTF8(comment.GetBody())), - Verify: s.verify, + Data: []byte(sanitizer.UTF8(comment.GetBody())), + SourceVerify: s.verify, } if err := reporter.ChunkOk(ctx, chunk); err != nil { @@ -1627,7 +1627,7 @@ SourceMetadata: &source_metadatapb.MetaData{ Data: &source_metadatapb.MetaData_Github{Github: meta}, }, - Verify: s.verify, + SourceVerify: s.verify, } u, err := url.Parse(meta.GetLink()) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/trufflehog-3.93.5/pkg/sources/github/github_integration_test.go new/trufflehog-3.93.6/pkg/sources/github/github_integration_test.go --- old/trufflehog-3.93.5/pkg/sources/github/github_integration_test.go 2026-02-26 20:28:23.000000000 +0100 +++ new/trufflehog-3.93.6/pkg/sources/github/github_integration_test.go 2026-02-27 16:05:52.000000000 +0100 @@ -127,7 +127,7 @@ }, }, }, - Verify: false, + SourceVerify: false, }, wantErr: false, }, @@ -157,7 +157,7 @@ }, }, }, - Verify: false, + SourceVerify: false, }, wantErr: false, }, @@ -342,7 +342,7 @@ }, }, }, - Verify: false, + SourceVerify: false, }, wantErr: false, }, @@ -367,7 +367,7 @@ }, }, }, - Verify: false, + SourceVerify: false, }, wantErr: false, }, @@ -453,7 +453,7 @@ }, }, }, - Verify: false, + SourceVerify: false, }, wantErr: false, }, @@ -502,7 +502,7 @@ }, }, }, - Verify: false, + SourceVerify: false, }, wantErr: false, minRepo: 1, @@ -596,7 +596,7 @@ }, }, }, - Verify: false, + SourceVerify: false, }, wantErr: false, user: "truffle-sandbox", @@ -994,7 +994,7 @@ }, }, }, - Verify: false, + SourceVerify: false, } s := Source{} diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/trufflehog-3.93.5/pkg/sources/github/graphql.go new/trufflehog-3.93.6/pkg/sources/github/graphql.go --- old/trufflehog-3.93.5/pkg/sources/github/graphql.go 2026-02-26 20:28:23.000000000 +0100 +++ new/trufflehog-3.93.6/pkg/sources/github/graphql.go 2026-02-27 16:05:52.000000000 +0100 @@ -418,8 +418,8 @@ }, }, }, - Data: []byte(sanitizer.UTF8(issue.Title + "\n" + issue.Body)), - Verify: s.verify, + Data: []byte(sanitizer.UTF8(issue.Title + "\n" + issue.Body)), + SourceVerify: s.verify, } if err := reporter.ChunkOk(ctx, chunk); err != nil { @@ -453,8 +453,8 @@ }, }, }, - Data: []byte(sanitizer.UTF8(comment.Body)), - Verify: s.verify, + Data: []byte(sanitizer.UTF8(comment.Body)), + SourceVerify: s.verify, } if err := reporter.ChunkOk(ctx, chunk); err != nil { @@ -483,8 +483,8 @@ }, }, }, - Data: []byte(sanitizer.UTF8(pr.Title + "\n" + pr.Body)), - Verify: s.verify, + Data: []byte(sanitizer.UTF8(pr.Title + "\n" + pr.Body)), + SourceVerify: s.verify, } if err := reporter.ChunkOk(ctx, chunk); err != nil { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/trufflehog-3.93.5/pkg/sources/gitlab/gitlab.go new/trufflehog-3.93.6/pkg/sources/gitlab/gitlab.go --- old/trufflehog-3.93.5/pkg/sources/gitlab/gitlab.go 2026-02-26 20:28:23.000000000 +0100 +++ new/trufflehog-3.93.6/pkg/sources/gitlab/gitlab.go 2026-02-27 16:05:52.000000000 +0100 @@ -388,7 +388,7 @@ SourceMetadata: &source_metadatapb.MetaData{ Data: &source_metadatapb.MetaData_Gitlab{Gitlab: meta}, }, - Verify: s.verify, + SourceVerify: s.verify, } if err := common.CancellableWrite(ctx, chunksChan, chunk); err != nil { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/trufflehog-3.93.5/pkg/sources/huggingface/huggingface.go new/trufflehog-3.93.6/pkg/sources/huggingface/huggingface.go --- old/trufflehog-3.93.5/pkg/sources/huggingface/huggingface.go 2026-02-26 20:28:23.000000000 +0100 +++ new/trufflehog-3.93.6/pkg/sources/huggingface/huggingface.go 2026-02-27 16:05:52.000000000 +0100 @@ -663,8 +663,8 @@ }, }, }, - Data: []byte(comment.Data.Latest.Raw), - Verify: s.verify, + Data: []byte(comment.Data.Latest.Raw), + SourceVerify: s.verify, } select { case <-ctx.Done(): diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/trufflehog-3.93.5/pkg/sources/jenkins/jenkins.go new/trufflehog-3.93.6/pkg/sources/jenkins/jenkins.go --- old/trufflehog-3.93.5/pkg/sources/jenkins/jenkins.go 2026-02-26 20:28:23.000000000 +0100 +++ new/trufflehog-3.93.6/pkg/sources/jenkins/jenkins.go 2026-02-27 16:05:52.000000000 +0100 @@ -426,7 +426,7 @@ }, }, }, - Verify: s.verify, + SourceVerify: s.verify, } ctx.Logger().V(4).Info("scanning build log") diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/trufflehog-3.93.5/pkg/sources/json_enumerator/json_enumerator.go new/trufflehog-3.93.6/pkg/sources/json_enumerator/json_enumerator.go --- old/trufflehog-3.93.5/pkg/sources/json_enumerator/json_enumerator.go 2026-02-26 20:28:23.000000000 +0100 +++ new/trufflehog-3.93.6/pkg/sources/json_enumerator/json_enumerator.go 2026-02-27 16:05:52.000000000 +0100 @@ -165,11 +165,11 @@ } chunkSkel := &sources.Chunk{ - SourceType: s.Type(), - SourceName: s.name, - SourceID: s.SourceID(), - JobID: s.JobID(), - Verify: s.verify, + SourceType: s.Type(), + SourceName: s.name, + SourceID: s.SourceID(), + JobID: s.JobID(), + SourceVerify: s.verify, SourceMetadata: &source_metadatapb.MetaData{ Data: &source_metadatapb.MetaData_JsonEnumerator{ JsonEnumerator: &source_metadatapb.JSONEnumerator{ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/trufflehog-3.93.5/pkg/sources/postman/postman.go new/trufflehog-3.93.6/pkg/sources/postman/postman.go --- old/trufflehog-3.93.5/pkg/sources/postman/postman.go 2026-02-26 20:28:23.000000000 +0100 +++ new/trufflehog-3.93.6/pkg/sources/postman/postman.go 2026-02-27 16:05:52.000000000 +0100 @@ -804,7 +804,7 @@ }, }, }, - Verify: s.verify, + SourceVerify: s.verify, } } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/trufflehog-3.93.5/pkg/sources/s3/s3.go new/trufflehog-3.93.6/pkg/sources/s3/s3.go --- old/trufflehog-3.93.5/pkg/sources/s3/s3.go 2026-02-26 20:28:23.000000000 +0100 +++ new/trufflehog-3.93.6/pkg/sources/s3/s3.go 2026-02-27 16:05:52.000000000 +0100 @@ -596,7 +596,7 @@ }, }, }, - Verify: s.verify, + SourceVerify: s.verify, } if err := handlers.HandleFile(ctx, res.Body, chunkSkel, reporter); err != nil { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/trufflehog-3.93.5/pkg/sources/sources.go new/trufflehog-3.93.6/pkg/sources/sources.go --- old/trufflehog-3.93.5/pkg/sources/sources.go 2026-02-26 20:28:23.000000000 +0100 +++ new/trufflehog-3.93.6/pkg/sources/sources.go 2026-02-27 16:05:52.000000000 +0100 @@ -45,8 +45,8 @@ // SourceType is the type of Source that produced the chunk. SourceType sourcespb.SourceType - // Verify specifies whether any secrets in the Chunk should be verified. - Verify bool + // SourceVerify specifies whether this chunk was generated by a source that has verification enabled in its config. + SourceVerify bool } // ChunkingTarget specifies criteria for a targeted chunking process. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/trufflehog-3.93.5/pkg/sources/stdin/stdin.go new/trufflehog-3.93.6/pkg/sources/stdin/stdin.go --- old/trufflehog-3.93.5/pkg/sources/stdin/stdin.go 2026-02-26 20:28:23.000000000 +0100 +++ new/trufflehog-3.93.6/pkg/sources/stdin/stdin.go 2026-02-27 16:05:52.000000000 +0100 @@ -60,7 +60,7 @@ SourceMetadata: &source_metadatapb.MetaData{ Data: &source_metadatapb.MetaData_Stdin{}, }, - Verify: s.verify, + SourceVerify: s.verify, } ctx.Logger().Info("scanning stdin for secrets") diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/trufflehog-3.93.5/pkg/sources/syslog/syslog.go new/trufflehog-3.93.6/pkg/sources/syslog/syslog.go --- old/trufflehog-3.93.5/pkg/sources/syslog/syslog.go 2026-02-26 20:28:23.000000000 +0100 +++ new/trufflehog-3.93.6/pkg/sources/syslog/syslog.go 2026-02-27 16:05:52.000000000 +0100 @@ -282,7 +282,7 @@ JobID: s.JobID(), SourceMetadata: metadata, Data: input, - Verify: s.verify, + SourceVerify: s.verify, } } } @@ -332,7 +332,7 @@ SourceType: s.syslog.sourceType, SourceMetadata: metadata, Data: input, - Verify: s.verify, + SourceVerify: s.verify, } } } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/trufflehog-3.93.5/pkg/sources/travisci/travisci.go new/trufflehog-3.93.6/pkg/sources/travisci/travisci.go --- old/trufflehog-3.93.5/pkg/sources/travisci/travisci.go 2026-02-26 20:28:23.000000000 +0100 +++ new/trufflehog-3.93.6/pkg/sources/travisci/travisci.go 2026-02-27 16:05:52.000000000 +0100 @@ -203,7 +203,7 @@ }, }, }, - Verify: s.verify, + SourceVerify: s.verify, } if err := reporter.ChunkOk(ctx, chunk); err != nil { ++++++ trufflehog.obsinfo ++++++ --- /var/tmp/diff_new_pack.sP5Nns/_old 2026-03-04 21:08:41.933079612 +0100 +++ /var/tmp/diff_new_pack.sP5Nns/_new 2026-03-04 21:08:41.949080273 +0100 @@ -1,5 +1,5 @@ name: trufflehog -version: 3.93.5 -mtime: 1772134103 -commit: 7cdc7ef878439f74842c00422c65ab864ed83125 +version: 3.93.6 +mtime: 1772204752 +commit: 041f07e9df901a1038a528e5525b0226d04dd5ea ++++++ vendor.tar.gz ++++++ /work/SRC/openSUSE:Factory/trufflehog/vendor.tar.gz /work/SRC/openSUSE:Factory/.trufflehog.new.561/vendor.tar.gz differ: char 17, line 1
