|
9 | 9 | "os" |
10 | 10 | "os/exec" |
11 | 11 | "os/signal" |
12 | | - "path/filepath" |
13 | 12 | "runtime" |
14 | 13 | "strconv" |
15 | 14 | "strings" |
@@ -692,9 +691,11 @@ func runSingleScan(ctx context.Context, cmd string, cfg engine.Config) (metrics, |
692 | 691 | var ref sources.JobProgressRef |
693 | 692 | switch cmd { |
694 | 693 | case gitScan.FullCommand(): |
695 | | - // validate the commit |
696 | | - if *gitScanSinceCommit != "" && !isValidCommit(*gitScanURI, *gitScanSinceCommit) { |
697 | | - ctx.Logger().Info("Warning: The provided commit hash appears to be invalid.") |
| 694 | + // validate the commit for local repository only |
| 695 | + if *gitScanSinceCommit != "" && strings.HasPrefix(*gitScanURI, "file") { |
| 696 | + if !isValidCommit(*gitScanURI, *gitScanSinceCommit) { |
| 697 | + ctx.Logger().Info("Warning: The provided commit hash appears to be invalid.") |
| 698 | + } |
698 | 699 | } |
699 | 700 |
|
700 | 701 | gitCfg := sources.GitConfig{ |
@@ -1033,46 +1034,9 @@ func printAverageDetectorTime(e *engine.Engine) { |
1033 | 1034 |
|
1034 | 1035 | // Function to check if the commit is valid |
1035 | 1036 | func isValidCommit(uri, commit string) bool { |
1036 | | - if strings.HasPrefix(uri, "file") { |
1037 | | - // handle file:// urls |
1038 | | - repoPath, _ := strings.CutPrefix(uri, "file://") // remove the prefix to validate against the repo path |
1039 | | - output, err := exec.Command("git", "-C", repoPath, "cat-file", "-t", commit).Output() |
1040 | | - if err != nil { |
1041 | | - return false |
1042 | | - } |
1043 | | - |
1044 | | - return strings.TrimSpace(string(output)) == "commit" |
1045 | | - } else if strings.HasPrefix(uri, "https") { |
1046 | | - return isValidCommitRemote(uri, commit) |
1047 | | - } else { |
1048 | | - return false |
1049 | | - } |
1050 | | -} |
1051 | | - |
1052 | | -func isValidCommitRemote(repoURL, commit string) bool { |
1053 | | - // create temporary directory |
1054 | | - tempDir, err := os.MkdirTemp("", "git-verify-*") |
1055 | | - if err != nil { |
1056 | | - return false |
1057 | | - } |
1058 | | - defer os.RemoveAll(tempDir) |
1059 | | - |
1060 | | - // clone with blob filter, no checkout, and bare repository |
1061 | | - repoPath := filepath.Join(tempDir, "repo.git") |
1062 | | - cloneCmd := exec.Command("git", "clone", |
1063 | | - "--filter=blob:none", |
1064 | | - "--no-checkout", |
1065 | | - "--bare", |
1066 | | - repoURL, |
1067 | | - repoPath) |
1068 | | - |
1069 | | - if err := cloneCmd.Run(); err != nil { |
1070 | | - return false |
1071 | | - } |
1072 | | - |
1073 | | - // verify the commit using --git-dir since it's a bare repository |
1074 | | - cmd := exec.Command("git", "--git-dir", repoPath, "cat-file", "-t", commit) |
1075 | | - output, err := cmd.Output() |
| 1037 | + // handle file:// urls |
| 1038 | + repoPath, _ := strings.CutPrefix(uri, "file://") // remove the prefix to validate against the repo path |
| 1039 | + output, err := exec.Command("git", "-C", repoPath, "cat-file", "-t", commit).Output() |
1076 | 1040 | if err != nil { |
1077 | 1041 | return false |
1078 | 1042 | } |
|
0 commit comments