Fix Bitbucket line highlighting URLs#4854
Fix Bitbucket line highlighting URLs#4854shahzadhaider1 merged 7 commits intotrufflesecurity:mainfrom
Conversation
alafiand
left a comment
alafiand
left a comment
There was a problem hiding this comment.
This looks like a good fix to make these links more useful. I imagine downstream consumers of these links could have systems in place relying on the old URL format, but I can't imagine they will be upset to see that the links have been fixed.
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 1 potential issue.
Reviewed by Cursor Bugbot for commit 4f22ca1. Configure here.
| if line > 0 { | ||
| baseLink += "#lines-" + strconv.FormatInt(line, 10) | ||
| } | ||
| return baseLink |
There was a problem hiding this comment.
New provider unhandled in GenerateLink switch statement
Low Severity
providerBitbucketServer is added to determineProvider and handled in UpdateLinkLineNumber, but GenerateLink has no corresponding case. If a Bitbucket Server URL (containing /projects/ and /repos/) is ever passed to GenerateLink, it silently falls through to the default case, which applies GitHub-style formatting (/blob/ path, #L fragment) and assumes a .git suffix — both incorrect for Bitbucket Server. While current callers don't trigger this path, the inconsistency between the two functions is a maintenance hazard.
Additional Locations (1)
Reviewed by Cursor Bugbot for commit 4f22ca1. Configure here.
4 participants
Problem
Bitbucket source links generated by TruffleHog do not highlight the correct line when clicked.
GenerateLink()produces/commits/{hash}URLs with no file path or line fragment.UpdateLinkLineNumber()explicitly skips Bitbucket with a comment saying "it doesn't support line links", which is incorrect.determineProvider()doesn't recognize, so they fall through to the default case which appends GitHub-style#L{line}fragments. This format does not work on Bitbucket Server.Root Cause
determineProvider()only detects Bitbucket Cloud (bitbucket.org). Bitbucket Server URLs are unrecognized and treated as GitHub/GitLab. Neither Cloud nor Server gets the correct line fragment format.Fix
GenerateLink(): Bitbucket Cloud now generates/src/{commit}/{file}URLs (matching the existing behavior in the scanner's makeCommitURL) with #lines-{line} fragments.UpdateLinkLineNumber():determineProvider(): NewproviderBitbucketServerdetection usingisBitbucketServerURL()which checks for the distinctive /projects/ + /repos/ path pattern in Bitbucket Server URLs.Correct URL formats
Platform: Bitbucket Cloud
View: Source File
Fragment format: #lines-{line}
Platform: Bitbucket Server
View: Source File
Fragment format: #{line}
References
Verification
Working examples:
Checklist:
make test-community)?make lintthis requires golangci-lint)?Testing
Scan now produces results that include the line number in the secret location URL and upon clicking those URLs, the secrets are correctly highlighted, as shown in the screenshots below:
Note
Low Risk
Low risk: changes are limited to URL/provider detection and link formatting, with expanded unit tests; primary risk is mis-detecting Bitbucket Server URLs and producing slightly different links for Bitbucket Cloud outputs.
Overview
Fixes Bitbucket hyperlink generation so findings link directly to the source file and highlight the correct line.
GenerateLinknow builds Bitbucket Cloud URLs as/src/{commit}/{file}and appends#lines-{N}when a line is available. Provider detection is extended with a newBitbucketServertype (detected via/projects/.../repos/...path structure), andUpdateLinkLineNumbernow updates fragments for Bitbucket Cloud (#lines-N, replacing any existinglines-...) and Bitbucket Server/Data Center (#N). Tests are updated to cover the new Bitbucket Cloud/Server link and line-update behaviors.Reviewed by Cursor Bugbot for commit 59d5562. Bugbot is set up for automated code reviews on this repo. Configure here.