TruffleHog Version
trufflehog 3.90.11
Expected Behavior
Considering this checks an user's repositories:
trufflehog github --org $user
And this checks an organization's repositories:
trufflehog github --org $org --token $GITHUB_TOKEN
This also should check an user's repositories, but now using a token:
trufflehog github --org $user --token $GITHUB_TOKEN
Actual Behavior
When a user is passed to --org and --token is specified, the repositories of the token's owner are being analyzed (instead of the specified user).
Steps to Reproduce
- Run the following command using a user instead of an organization:
trufflehog github --org $user --token $GITHUB_TOKEN
- Notice that the specified user' repositories will not be checked.
Potential Solution
I have a suggestion that worked here:
- Go to the function
getReposByOrgOrUser inside pkg/sources/github/repo.go;
- Remove the parameter
authenticated, and pass false to the function getReposByUser();
- Inside pkg/sources/github/github.go, update all the references that call
getReposByOrgOrUser, removing the boolean parameter.
I did not create a PR because I feel this solution may have collateral effects that I cannot understand now, having a very superficial context of the code.
TruffleHog Version
trufflehog 3.90.11
Expected Behavior
Considering this checks an user's repositories:
trufflehog github --org $userAnd this checks an organization's repositories:
This also should check an user's repositories, but now using a token:
Actual Behavior
When a user is passed to
--organd--tokenis specified, the repositories of the token's owner are being analyzed (instead of the specified user).Steps to Reproduce
Potential Solution
I have a suggestion that worked here:
getReposByOrgOrUserinside pkg/sources/github/repo.go;authenticated, and passfalseto the functiongetReposByUser();getReposByOrgOrUser, removing the boolean parameter.I did not create a PR because I feel this solution may have collateral effects that I cannot understand now, having a very superficial context of the code.