changed the approach for persisting the repositories for legacy json printing

Author: shahzadhaider1

main.go

@@ -9,7 +9,6 @@ import (
 	"os"
 	"os/exec"
 	"os/signal"
-	"path/filepath"
 	"runtime"
 	"strconv"
 	"strings"
@@ -710,34 +709,31 @@ func runSingleScan(ctx context.Context, cmd string, cfg engine.Config) (metrics,
 	}
 	eng.Start(ctx)
 
-	tmpDir := filepath.Join(os.TempDir(), "trufflehog_"+strconv.Itoa(os.Getpid()))
 	persistRepo := *gitNoCleanup || *githubNoCleanup || *gitlabNoCleanup
+	clonePath := ""
 
 	defer func() {
 		// Clean up temporary artifacts.
 		if err := cleantemp.CleanTempArtifacts(ctx); err != nil {
 			ctx.Logger().Error(err, "error cleaning temp artifacts")
 		}
 
-		if !persistRepo {
-			if err := os.RemoveAll(tmpDir); err != nil {
-				ctx.Logger().Error(err, "error removing temporary directory")
+		if *jsonLegacy {
+			// If JSON legacy is enabled, that means the cloned repos are not deleted yet
+			// because they were needed for outputting legacy JSON.
+			// We only clean them up here if the user did not request to persist them.
+			if !persistRepo {
+				if err := cleantemp.CleanTempDirsForLegacyJSON(clonePath); err != nil {
+					ctx.Logger().Error(err, "error cleaning temp artifacts for legacy JSON")
+				}
 			}
 		}
 	}()
 
 	var refs []sources.JobProgressRef
 	switch cmd {
 	case gitScan.FullCommand():
-		if *jsonLegacy && !*gitNoCleanup {
-			if *gitClonePath == "" {
-				if err := os.MkdirAll(tmpDir, os.ModePerm); err != nil {
-					return scanMetrics, fmt.Errorf("failed to create temporary directory: %v", err)
-				}
-				*gitClonePath = tmpDir
-			}
-			*gitNoCleanup = true
-		}
+		clonePath = *gitClonePath
 		// validate the commit for local repository only
 		if *gitScanSinceCommit != "" && strings.HasPrefix(*gitScanURI, "file") {
 			if !isValidCommit(*gitScanURI, *gitScanSinceCommit) {
@@ -765,22 +761,15 @@ func runSingleScan(ctx context.Context, cmd string, cfg engine.Config) (metrics,
 			ExcludeGlobs:     *gitScanExcludeGlobs,
 			ClonePath:        *gitClonePath,
 			NoCleanup:        *gitNoCleanup,
+			PrintLegacyJSON:  *jsonLegacy,
 		}
 		if ref, err := eng.ScanGit(ctx, gitCfg); err != nil {
 			return scanMetrics, fmt.Errorf("failed to scan Git: %v", err)
 		} else {
 			refs = []sources.JobProgressRef{ref}
 		}
 	case githubScan.FullCommand():
-		if *jsonLegacy && !*githubNoCleanup {
-			if *githubClonePath == "" {
-				if err := os.MkdirAll(tmpDir, os.ModePerm); err != nil {
-					return scanMetrics, fmt.Errorf("failed to create temporary directory: %v", err)
-				}
-				*githubClonePath = tmpDir
-			}
-			*githubNoCleanup = true
-		}
+		clonePath = *githubClonePath
 		filter, err := common.FilterFromFiles(*githubScanIncludePaths, *githubScanExcludePaths)
 		if err != nil {
 			return scanMetrics, fmt.Errorf("could not create filter: %v", err)
@@ -816,6 +805,7 @@ func runSingleScan(ctx context.Context, cmd string, cfg engine.Config) (metrics,
 			ClonePath:                  *githubClonePath,
 			NoCleanup:                  *githubNoCleanup,
 			IgnoreGists:                *githubIgnoreGists,
+			PrintLegacyJSON:            *jsonLegacy,
 		}
 
 		if ref, err := eng.ScanGitHub(ctx, cfg); err != nil {
@@ -837,15 +827,7 @@ func runSingleScan(ctx context.Context, cmd string, cfg engine.Config) (metrics,
 			refs = []sources.JobProgressRef{ref}
 		}
 	case gitlabScan.FullCommand():
-		if *jsonLegacy && !*gitlabNoCleanup {
-			if *gitlabClonePath == "" {
-				if err := os.MkdirAll(tmpDir, os.ModePerm); err != nil {
-					return scanMetrics, fmt.Errorf("failed to create temporary directory: %v", err)
-				}
-				*gitlabClonePath = tmpDir
-			}
-			*gitlabNoCleanup = true
-		}
+		clonePath = *gitlabClonePath
 		filter, err := common.FilterFromFiles(*gitlabScanIncludePaths, *gitlabScanExcludePaths)
 		if err != nil {
 			return scanMetrics, fmt.Errorf("could not create filter: %v", err)
@@ -860,16 +842,17 @@ func runSingleScan(ctx context.Context, cmd string, cfg engine.Config) (metrics,
 		}
 
 		cfg := sources.GitlabConfig{
-			Endpoint:     *gitlabScanEndpoint,
-			Token:        *gitlabScanToken,
-			Repos:        *gitlabScanRepos,
-			GroupIds:     *gitlabScanGroupIds,
-			IncludeRepos: *gitlabScanIncludeRepos,
-			ExcludeRepos: *gitlabScanExcludeRepos,
-			Filter:       filter,
-			AuthInUrl:    *gitlabAuthInUrl,
-			ClonePath:    *gitlabClonePath,
-			NoCleanup:    *gitlabNoCleanup,
+			Endpoint:        *gitlabScanEndpoint,
+			Token:           *gitlabScanToken,
+			Repos:           *gitlabScanRepos,
+			GroupIds:        *gitlabScanGroupIds,
+			IncludeRepos:    *gitlabScanIncludeRepos,
+			ExcludeRepos:    *gitlabScanExcludeRepos,
+			Filter:          filter,
+			AuthInUrl:       *gitlabAuthInUrl,
+			ClonePath:       *gitlabClonePath,
+			NoCleanup:       *gitlabNoCleanup,
+			PrintLegacyJSON: *jsonLegacy,
 		}
 
 		if ref, err := eng.ScanGitLab(ctx, cfg); err != nil {

pkg/cleantemp/cleantemp.go

@@ -117,3 +117,27 @@ func CleanTempArtifacts(ctx logContext.Context) error {
 
 	return nil
 }
+
+// CleanTempDirsForLegacyJSON removes all directories that start with "trufflehog-"
+// from either the provided clonePath (if not empty) or the OS temp directory.
+func CleanTempDirsForLegacyJSON(baseDir string) error {
+	if baseDir == "" {
+		baseDir = os.TempDir()
+	}
+
+	entries, err := os.ReadDir(baseDir)
+	if err != nil {
+		return err
+	}
+
+	for _, entry := range entries {
+		if entry.IsDir() && strings.HasPrefix(entry.Name(), "trufflehog-") {
+			fullPath := filepath.Join(baseDir, entry.Name())
+			if err := os.RemoveAll(fullPath); err != nil {
+				return err
+			}
+		}
+	}
+
+	return nil
+}

pkg/cleantemp/cleantemp_test.go

@@ -28,3 +28,35 @@ func TestExecName(t *testing.T) {
 
 	assert.True(t, found)
 }
+
+func TestCleanTempDirsForLegacyJSON(t *testing.T) {
+	baseDir := t.TempDir()
+
+	// Create dirs that should be deleted
+	dir1 := filepath.Join(baseDir, "trufflehog-123")
+	dir2 := filepath.Join(baseDir, "trufflehog-456")
+	assert.NoError(t, os.Mkdir(dir1, 0o755))
+	assert.NoError(t, os.Mkdir(dir2, 0o755))
+
+	// Create dirs that should NOT be deleted
+	keepDir := filepath.Join(baseDir, "keepme-123")
+	assert.NoError(t, os.Mkdir(keepDir, 0o755))
+
+	// Create a file with trufflehog- prefix (should not be deleted because only dirs are deleted)
+	keepFile := filepath.Join(baseDir, "trufflehog-file")
+	assert.NoError(t, os.WriteFile(keepFile, []byte("data"), 0o644))
+
+	err := CleanTempDirsForLegacyJSON(baseDir)
+	assert.NoError(t, err)
+
+	_, err = os.Stat(dir1)
+	assert.True(t, os.IsNotExist(err))
+	_, err = os.Stat(dir2)
+	assert.True(t, os.IsNotExist(err))
+
+	_, err = os.Stat(keepDir)
+	assert.NoError(t, err)
+
+	_, err = os.Stat(keepFile)
+	assert.NoError(t, err)
+}

pkg/engine/git.go

@@ -26,6 +26,7 @@ func (e *Engine) ScanGit(ctx context.Context, c sources.GitConfig) (sources.JobP
 		SkipBinaries:     c.SkipBinaries,
 		ClonePath:        c.ClonePath,
 		NoCleanup:        c.NoCleanup,
+		PrintLegacyJson:  c.PrintLegacyJSON,
 	}
 
 	var conn anypb.Any

pkg/engine/github.go

@@ -32,6 +32,7 @@ func (e *Engine) ScanGitHub(ctx context.Context, c sources.GithubConfig) (source
 		ClonePath:                  c.ClonePath,
 		NoCleanup:                  c.NoCleanup,
 		IgnoreGists:                c.IgnoreGists,
+		PrintLegacyJson:            c.PrintLegacyJSON,
 	}
 
 	if len(c.Token) > 0 {

pkg/engine/gitlab.go

@@ -63,6 +63,7 @@ func (e *Engine) ScanGitLab(ctx context.Context, c sources.GitlabConfig) (source
 	}
 
 	connection.NoCleanup = c.NoCleanup
+	connection.PrintLegacyJson = c.PrintLegacyJSON
 
 	var conn anypb.Any
 	err := anypb.MarshalFrom(&conn, connection, proto.MarshalOptions{})