Revert "[INS-397] Fix git version parser panic on non-numeric patch versions …" (#4903)

This reverts commit c120e8c.

Author: trufflesteeeve

pkg/detectors/azureapimanagement/repositorykey/repositorykey.go

@@ -3,16 +3,17 @@ package repositorykey
 import (
 	"context"
 	"errors"
+	"fmt"
 	"net/url"
 	"os/exec"
+	"strconv"
 	"strings"
 
 	regexp "github.com/wasilibs/go-re2"
 
 	"github.com/trufflesecurity/trufflehog/v3/pkg/cache/simple"
 	logContext "github.com/trufflesecurity/trufflehog/v3/pkg/context"
 	"github.com/trufflesecurity/trufflehog/v3/pkg/detectors"
-	"github.com/trufflesecurity/trufflehog/v3/pkg/gitcmd"
 	"github.com/trufflesecurity/trufflehog/v3/pkg/pb/detector_typepb"
 )
 
@@ -99,8 +100,36 @@ func (s Scanner) Description() string {
 	return "Azure API Management Repository Keys provide access to the API Management (APIM) configuration repository, allowing users to directly interact with and modify API definitions, policies, and settings. These keys enable programmatic access to APIM's Git-based repository, where configurations can be cloned, edited, and pushed back to apply changes. They are primarily used for managing API configurations as code, automating deployments, and synchronizing APIM settings across environments."
 }
 
+func gitCmdCheck() error {
+	if errors.Is(exec.Command("git").Run(), exec.ErrNotFound) {
+		return fmt.Errorf("'git' command not found in $PATH. Make sure git is installed and included in $PATH")
+	}
+
+	// Check the version is greater than or equal to 2.20.0
+	out, err := exec.Command("git", "--version").Output()
+	if err != nil {
+		return fmt.Errorf("failed to check git version: %w", err)
+	}
+
+	// Extract the version string using a regex to find the version numbers
+	var regex = regexp.MustCompile(`\d+\.\d+\.\d+`)
+
+	versionStr := regex.FindString(string(out))
+	versionParts := strings.Split(versionStr, ".")
+
+	// Parse version numbers
+	major, _ := strconv.Atoi(versionParts[0])
+	minor, _ := strconv.Atoi(versionParts[1])
+
+	// Compare with version 2.20.0<=x<3.0.0
+	if major == 2 && minor >= 20 {
+		return nil
+	}
+	return fmt.Errorf("git version is %s, but must be greater than or equal to 2.20.0, and less than 3.0.0", versionStr)
+}
+
 func verifyUrlPassword(_ context.Context, repoUrl, user, password string) (bool, error) {
-	if err := gitcmd.CheckVersion(); err != nil {
+	if err := gitCmdCheck(); err != nil {
 		return false, err
 	}
 

pkg/gitcmd/gitcmd.go

@@ -0,0 +1,40 @@
+package git
+
+import (
+	"fmt"
+	"os/exec"
+	"regexp"
+	"strconv"
+	"strings"
+
+	"github.com/go-errors/errors"
+)
+
+// Extract the version string using a regex to find the version numbers
+var regex = regexp.MustCompile(`\d+\.\d+\.\d+`)
+
+// CmdCheck checks if git is installed and meets 2.20.0<=x<3.0.0 version requirements.
+func CmdCheck() error {
+	if errors.Is(exec.Command("git").Run(), exec.ErrNotFound) {
+		return fmt.Errorf("'git' command not found in $PATH. Make sure git is installed and included in $PATH")
+	}
+
+	// Check the version is greater than or equal to 2.20.0
+	out, err := exec.Command("git", "--version").Output()
+	if err != nil {
+		return fmt.Errorf("failed to check git version: %w", err)
+	}
+
+	versionStr := regex.FindString(string(out))
+	versionParts := strings.Split(versionStr, ".")
+
+	// Parse version numbers
+	major, _ := strconv.Atoi(versionParts[0])
+	minor, _ := strconv.Atoi(versionParts[1])
+
+	// Compare with version 2.20.0<=x<3.0.0
+	if major == 2 && minor >= 20 {
+		return nil
+	}
+	return fmt.Errorf("git version is %s, but must be greater than or equal to 2.20.0, and less than 3.0.0", versionStr)
+}

pkg/gitcmd/gitcmd_test.go

@@ -30,7 +30,6 @@ import (
 	"github.com/trufflesecurity/trufflehog/v3/pkg/common"
 	"github.com/trufflesecurity/trufflehog/v3/pkg/context"
 	"github.com/trufflesecurity/trufflehog/v3/pkg/feature"
-	"github.com/trufflesecurity/trufflehog/v3/pkg/gitcmd"
 	"github.com/trufflesecurity/trufflehog/v3/pkg/gitparse"
 	"github.com/trufflesecurity/trufflehog/v3/pkg/handlers"
 	"github.com/trufflesecurity/trufflehog/v3/pkg/pb/source_metadatapb"
@@ -215,7 +214,7 @@ func (s *Source) Init(aCtx context.Context, name string, jobId sources.JobID, so
 		concurrency = runtime.NumCPU()
 	}
 
-	if err = gitcmd.CheckVersion(); err != nil {
+	if err = CmdCheck(); err != nil {
 		return err
 	}
 
@@ -615,7 +614,7 @@ func executeClone(ctx context.Context, params cloneParams) (*git.Repository, err
 //
 // Pinging using other authentication methods is only unimplemented because there's been no pressing need for it yet.
 func PingRepoUsingToken(ctx context.Context, token, gitUrl, user string) error {
-	if err := gitcmd.CheckVersion(); err != nil {
+	if err := CmdCheck(); err != nil {
 		return err
 	}
 	lsUrl, err := GitURLParse(gitUrl)

pkg/sources/git/cmd_check.go

@@ -28,7 +28,6 @@ import (
 	"github.com/trufflesecurity/trufflehog/v3/pkg/common"
 	"github.com/trufflesecurity/trufflehog/v3/pkg/context"
 	"github.com/trufflesecurity/trufflehog/v3/pkg/feature"
-	"github.com/trufflesecurity/trufflehog/v3/pkg/gitcmd"
 	"github.com/trufflesecurity/trufflehog/v3/pkg/giturl"
 	"github.com/trufflesecurity/trufflehog/v3/pkg/handlers"
 	"github.com/trufflesecurity/trufflehog/v3/pkg/pb/source_metadatapb"
@@ -214,7 +213,7 @@ func (c *filteredRepoCache) wantRepo(s string) bool {
 
 // Init returns an initialized GitHub source.
 func (s *Source) Init(aCtx context.Context, name string, jobID sources.JobID, sourceID sources.SourceID, verify bool, connection *anypb.Any, concurrency int) error {
-	err := gitcmd.CheckVersion()
+	err := git.CmdCheck()
 	if err != nil {
 		return err
 	}

pkg/sources/git/git.go

@@ -9,7 +9,6 @@ import (
 	"google.golang.org/protobuf/types/known/anypb"
 
 	"github.com/trufflesecurity/trufflehog/v3/pkg/context"
-	"github.com/trufflesecurity/trufflehog/v3/pkg/gitcmd"
 	"github.com/trufflesecurity/trufflehog/v3/pkg/giturl"
 	"github.com/trufflesecurity/trufflehog/v3/pkg/log"
 	"github.com/trufflesecurity/trufflehog/v3/pkg/pb/source_metadatapb"
@@ -69,7 +68,7 @@ func (s *Source) JobID() sources.JobID {
 
 // Init returns an initialized GitHubExperimental source.
 func (s *Source) Init(aCtx context.Context, name string, jobID sources.JobID, sourceID sources.SourceID, verify bool, connection *anypb.Any, concurrency int) error {
-	err := gitcmd.CheckVersion()
+	err := git.CmdCheck()
 	if err != nil {
 		return err
 	}

pkg/sources/github/github.go

@@ -13,7 +13,6 @@ import (
 	"github.com/trufflesecurity/trufflehog/v3/pkg/common"
 	"github.com/trufflesecurity/trufflehog/v3/pkg/context"
 	"github.com/trufflesecurity/trufflehog/v3/pkg/feature"
-	"github.com/trufflesecurity/trufflehog/v3/pkg/gitcmd"
 	"github.com/trufflesecurity/trufflehog/v3/pkg/giturl"
 	"github.com/trufflesecurity/trufflehog/v3/pkg/log"
 	"github.com/trufflesecurity/trufflehog/v3/pkg/pb/source_metadatapb"
@@ -167,7 +166,7 @@ func (s *Source) Init(ctx context.Context, name string, jobId sources.JobID, sou
 	s.jobPool = &errgroup.Group{}
 	s.jobPool.SetLimit(concurrency)
 
-	if err := gitcmd.CheckVersion(); err != nil {
+	if err := git.CmdCheck(); err != nil {
 		return err
 	}
 

pkg/sources/github_experimental/github_experimental.go

@@ -19,7 +19,6 @@ import (
 	"github.com/trufflesecurity/trufflehog/v3/pkg/cache/simple"
 	"github.com/trufflesecurity/trufflehog/v3/pkg/common"
 	"github.com/trufflesecurity/trufflehog/v3/pkg/context"
-	"github.com/trufflesecurity/trufflehog/v3/pkg/gitcmd"
 	"github.com/trufflesecurity/trufflehog/v3/pkg/giturl"
 	"github.com/trufflesecurity/trufflehog/v3/pkg/pb/source_metadatapb"
 	"github.com/trufflesecurity/trufflehog/v3/pkg/pb/sourcespb"
@@ -170,7 +169,7 @@ func (c *filteredRepoCache) includeRepo(s string) bool {
 
 // Init returns an initialized HuggingFace source.
 func (s *Source) Init(ctx context.Context, name string, jobID sources.JobID, sourceID sources.SourceID, verify bool, connection *anypb.Any, concurrency int) error {
-	err := gitcmd.CheckVersion()
+	err := git.CmdCheck()
 	if err != nil {
 		return err
 	}