Skip to content

Commit

Permalink
use same checksum logic for talismanRC suggestion as during detection (
Browse files Browse the repository at this point in the history
  • Loading branch information
second-frank committed Feb 24, 2023
1 parent 5ee48f7 commit 3b57d33
Show file tree
Hide file tree
Showing 3 changed files with 67 additions and 15 deletions.
6 changes: 3 additions & 3 deletions cmd/runner.go
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,7 @@ func (r *runner) Run(tRC *talismanrc.TalismanRC, promptContext prompt.PromptCont
setCustomSeverities(tRC)
additionsToScan := tRC.FilterAdditions(r.additions)
detector.DefaultChain(tRC, r.mode).Test(additionsToScan, tRC, r.results)
r.printReport(promptContext)
r.printReport(additionsToScan, promptContext)
exitStatus := r.exitStatus()
return exitStatus
}
Expand All @@ -42,12 +42,12 @@ func setCustomSeverities(tRC *talismanrc.TalismanRC) {
}
}

func (r *runner) printReport(promptContext prompt.PromptContext) {
func (r *runner) printReport(currentAdditions []gitrepo.Addition, promptContext prompt.PromptContext) {
if r.results.HasWarnings() {
fmt.Println(r.results.ReportWarnings())
}
if r.results.HasIgnores() || r.results.HasFailures() {
r.results.Report(promptContext, r.mode)
r.results.Report(currentAdditions, promptContext, r.mode)
}
}

Expand Down
16 changes: 12 additions & 4 deletions detector/helpers/detection_results.go
Original file line number Diff line number Diff line change
Expand Up @@ -233,7 +233,7 @@ func (r *DetectionResults) ReportWarnings() string {
}

//Report returns a string documenting the various failures and ignored files for the current run
func (r *DetectionResults) Report(promptContext prompt.PromptContext, mode string) string {
func (r *DetectionResults) Report(currentAdditions []gitrepo.Addition, promptContext prompt.PromptContext, mode string) string {
var result string
var filePathsForFailures []string
var data [][]string
Expand All @@ -257,16 +257,24 @@ func (r *DetectionResults) Report(promptContext prompt.PromptContext, mode strin
table.AppendBulk(data)
table.Render()
fmt.Println()
r.suggestTalismanRC(filePathsForFailures, promptContext, mode)
r.suggestTalismanRC(filePathsForFailures, currentAdditions, promptContext, mode)
}
return result
}

func (r *DetectionResults) suggestTalismanRC(filePaths []string, promptContext prompt.PromptContext, mode string) {
func (r *DetectionResults) suggestTalismanRC(filePaths []string, currentAdditions []gitrepo.Addition, promptContext prompt.PromptContext, mode string) {
var entriesToAdd []talismanrc.IgnoreConfig
hasher := utility.MakeHasher(mode, ".")
for _, filePath := range filePaths {
currentChecksum := hasher.CollectiveSHA256Hash([]string{filePath})
var patternPaths []string
for _, addition := range currentAdditions {
if addition.Matches(filePath) {
patternPaths = append(patternPaths, string(addition.Path))
}
}
patternPaths = utility.UniqueItems(patternPaths)

currentChecksum := hasher.CollectiveSHA256Hash(patternPaths)
fileIgnoreConfig := talismanrc.BuildIgnoreConfig(r.mode, filePath, currentChecksum, []string{})
entriesToAdd = append(entriesToAdd, fileIgnoreConfig)
}
Expand Down
60 changes: 52 additions & 8 deletions detector/helpers/detection_results_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@ import (
"io/ioutil"
"strings"
"talisman/detector/severity"
"talisman/gitrepo"
mock "talisman/internal/mock/prompt"
"talisman/prompt"
"talisman/talismanrc"
Expand Down Expand Up @@ -83,12 +84,16 @@ func TestErrorExitCodeInInteractive(t *testing.T) {

prompter := mock.NewMockPrompt(ctrl)
results := NewDetectionResults(talismanrc.HookMode)
gitAdditions := []gitrepo.Addition{
gitrepo.NewAddition("some_file.pem", []byte{}),
gitrepo.NewAddition("another.pem", []byte{}),
}

promptContext := prompt.NewPromptContext(true, prompter)
prompter.EXPECT().Confirm(gomock.Any()).Return(false).Times(2)
results.Fail("some_file.pem", "filecontent", "Bomb", []string{}, severity.Low)
results.Fail("another.pem", "filecontent", "password", []string{}, severity.Low)
results.Report(promptContext, "default")
results.Report(gitAdditions, promptContext, "default")
assert.True(t, results.HasFailures())
}

Expand All @@ -98,12 +103,16 @@ func TestSuccessExitCodeInInteractive(t *testing.T) {

prompter := mock.NewMockPrompt(ctrl)
results := NewDetectionResults(talismanrc.HookMode)
gitAdditions := []gitrepo.Addition{
gitrepo.NewAddition("some_file.pem", []byte{}),
gitrepo.NewAddition("another.pem", []byte{}),
}

promptContext := prompt.NewPromptContext(true, prompter)
prompter.EXPECT().Confirm(gomock.Any()).Return(true).Times(2)
results.Fail("some_file.pem", "filecontent", "Bomb", []string{}, severity.Low)
results.Fail("another.pem", "filecontent", "password", []string{}, severity.Low)
results.Report(promptContext, "default")
results.Report(gitAdditions, promptContext, "default")
assert.False(t, results.HasFailures())
}

Expand Down Expand Up @@ -152,7 +161,7 @@ func TestTalismanRCSuggestionWhenThereAreFailures(t *testing.T) {
promptContext := prompt.NewPromptContext(true, prompter)
prompter.EXPECT().Confirm(gomock.Any()).Return(false).Times(0)

results.Report(promptContext, "default")
results.Report([]gitrepo.Addition{}, promptContext, "default")
bytesFromFile, err := afero.ReadFile(fs, ignoreFile)

assert.NoError(t, err)
Expand All @@ -163,9 +172,11 @@ func TestTalismanRCSuggestionWhenThereAreFailures(t *testing.T) {
t.Run("when user declines, entry should not be added to talismanrc", func(t *testing.T) {
promptContext := prompt.NewPromptContext(true, prompter)
prompter.EXPECT().Confirm("Do you want to add some_file.pem with above checksum in talismanrc ?").Return(false)
gitAdditions := []gitrepo.Addition{gitrepo.NewAddition("some_file.pem", []byte{})}

results.Fail("some_file.pem", "filecontent", "Bomb", []string{}, severity.Low)

results.Report(promptContext, "default")
results.Report(gitAdditions, promptContext, "default")
bytesFromFile, err := afero.ReadFile(fs, ignoreFile)

assert.NoError(t, err)
Expand All @@ -176,9 +187,11 @@ func TestTalismanRCSuggestionWhenThereAreFailures(t *testing.T) {
t.Run("when interactive flag is set to false, it should not ask user", func(t *testing.T) {
promptContext := prompt.NewPromptContext(false, prompter)
prompter.EXPECT().Confirm(gomock.Any()).Return(false).Times(0)
gitAdditions := []gitrepo.Addition{gitrepo.NewAddition("some_file.pem", []byte{})}

results.Fail("some_file.pem", "filecontent", "Bomb", []string{}, severity.Low)

results.Report(promptContext, "default")
results.Report(gitAdditions, promptContext, "default")
bytesFromFile, err := afero.ReadFile(fs, ignoreFile)

assert.NoError(t, err)
Expand All @@ -189,6 +202,7 @@ func TestTalismanRCSuggestionWhenThereAreFailures(t *testing.T) {
t.Run("when user confirms, entry should be appended to given ignore file", func(t *testing.T) {
promptContext := prompt.NewPromptContext(true, prompter)
prompter.EXPECT().Confirm("Do you want to add some_file.pem with above checksum in talismanrc ?").Return(true)
gitAdditions := []gitrepo.Addition{gitrepo.NewAddition("some_file.pem", []byte{})}

results.Fail("some_file.pem", "filecontent", "Bomb", []string{}, severity.Low)

Expand All @@ -197,7 +211,7 @@ func TestTalismanRCSuggestionWhenThereAreFailures(t *testing.T) {
checksum: 87139cc4d975333b25b6275f97680604add51b84eb8f4a3b9dcbbc652e6f27ac
version: "1.0"
`
results.Report(promptContext, "default")
results.Report(gitAdditions, promptContext, "default")
bytesFromFile, err := afero.ReadFile(fs, ignoreFile)

assert.NoError(t, err)
Expand All @@ -208,6 +222,8 @@ version: "1.0"
t.Run("when user confirms, entry for existing file should updated", func(t *testing.T) {
promptContext := prompt.NewPromptContext(true, prompter)
prompter.EXPECT().Confirm("Do you want to add existing.pem with above checksum in talismanrc ?").Return(true)
gitAdditions := []gitrepo.Addition{gitrepo.NewAddition("existing.pem", []byte{})}

results := NewDetectionResults(talismanrc.HookMode)
results.Fail("existing.pem", "filecontent", "This will bomb!", []string{}, severity.Low)

Expand All @@ -216,7 +232,7 @@ version: "1.0"
checksum: 5bc0b0692a316bb2919263addaef0ffba3a21b9e1cca62a1028390e97e861e4e
version: "1.0"
`
results.Report(promptContext, "default")
results.Report(gitAdditions, promptContext, "default")
bytesFromFile, err := afero.ReadFile(fs, ignoreFile)

assert.NoError(t, err)
Expand All @@ -228,6 +244,10 @@ version: "1.0"
promptContext := prompt.NewPromptContext(true, prompter)
prompter.EXPECT().Confirm("Do you want to add some_file.pem with above checksum in talismanrc ?").Return(true)
prompter.EXPECT().Confirm("Do you want to add another.pem with above checksum in talismanrc ?").Return(true)
gitAdditions := []gitrepo.Addition{
gitrepo.NewAddition("some_file.pem", []byte{}),
gitrepo.NewAddition("another.pem", []byte{}),
}

results.Fail("some_file.pem", "filecontent", "Bomb", []string{}, severity.Low)
results.Fail("another.pem", "filecontent", "password", []string{}, severity.Low)
Expand All @@ -239,7 +259,31 @@ version: "1.0"
checksum: 87139cc4d975333b25b6275f97680604add51b84eb8f4a3b9dcbbc652e6f27ac
version: "1.0"
`
results.Report(promptContext, "default")
results.Report(gitAdditions, promptContext, "default")
bytesFromFile, err := afero.ReadFile(fs, ignoreFile)

assert.NoError(t, err)
assert.Equal(t, expectedFileContent, string(bytesFromFile))
})

_ = afero.WriteFile(fs, ignoreFile, []byte(existingContent), 0666)
t.Run("suggested checksum is based on git additions, not the singular file", func(t *testing.T) {
promptContext := prompt.NewPromptContext(true, prompter)
prompter.EXPECT().Confirm("Do you want to add some_file.pem with above checksum in talismanrc ?").Return(true)
gitAdditions := []gitrepo.Addition{
gitrepo.NewAddition("some_file.pem", []byte{}),
gitrepo.NewAddition("subfolder/some_file.pem", []byte{}),
}

results := NewDetectionResults(talismanrc.HookMode)
results.Fail("some_file.pem", "filecontent", "This will bomb!", []string{}, severity.Low)

expectedFileContent := `fileignoreconfig:
- filename: some_file.pem
checksum: c2093b0fdf75a5e75067f48c119c34f4ec2bfc23fb9e5520d5570d669fbc23be
version: "1.0"
`
results.Report(gitAdditions, promptContext, "default")
bytesFromFile, err := afero.ReadFile(fs, ignoreFile)

assert.NoError(t, err)
Expand Down

0 comments on commit 3b57d33

Please sign in to comment.