From 8772cdc907077cf43cc1ebbf5911c93e16f24b89 Mon Sep 17 00:00:00 2001
From: azu <azu@users.noreply.github.com>
Date: Sun, 12 Nov 2023 12:38:41 +0900
Subject: [PATCH] fix(secretlint): fix secretlintginore matching logics (#672)

* test(secretlint): add ignore test for #671

* fix(secretlint): use `ignoreFiles` option for ignoring

fix https://github.com/secretlint/secretlint/issues/671
---
 packages/secretlint/package.json              |  2 +-
 packages/secretlint/src/search.ts             | 35 ++++-------------
 .../.secretlintrc.json                        |  7 ++++
 .../fixtures/bar/secret                       |  1 +
 .../fixtures/foo                              |  1 +
 .../ignore-file                               |  2 +
 .../options.ts                                |  9 +++++
 .../output.json                               |  5 +++
 yarn.lock                                     | 38 +++++++++++++++++++
 9 files changed, 71 insertions(+), 29 deletions(-)
 create mode 100644 packages/secretlint/test/snapshots/--secretlintignore=file-and-dir/.secretlintrc.json
 create mode 100644 packages/secretlint/test/snapshots/--secretlintignore=file-and-dir/fixtures/bar/secret
 create mode 100644 packages/secretlint/test/snapshots/--secretlintignore=file-and-dir/fixtures/foo
 create mode 100644 packages/secretlint/test/snapshots/--secretlintignore=file-and-dir/ignore-file
 create mode 100644 packages/secretlint/test/snapshots/--secretlintignore=file-and-dir/options.ts
 create mode 100644 packages/secretlint/test/snapshots/--secretlintignore=file-and-dir/output.json

diff --git a/packages/secretlint/package.json b/packages/secretlint/package.json
index a7c5b0ad8..a32961a23 100644
--- a/packages/secretlint/package.json
+++ b/packages/secretlint/package.json
@@ -67,7 +67,7 @@
     "@secretlint/node": "^7.0.7",
     "@secretlint/profiler": "^7.0.7",
     "debug": "^4.3.4",
-    "globby": "^13.2.2",
+    "globby": "^14.0.0",
     "meow": "^12.1.1",
     "read-pkg": "^8.1.0"
   },
diff --git a/packages/secretlint/src/search.ts b/packages/secretlint/src/search.ts
index f7ea096c4..261cef70a 100644
--- a/packages/secretlint/src/search.ts
+++ b/packages/secretlint/src/search.ts
@@ -1,57 +1,36 @@
 import { globby } from "globby";
-import fs from "node:fs";
-import path from "node:path";
 import debug0 from "debug";
+
 const debug = debug0("secretlint");
-const DEFAULT_IGNORE_PATTERNS = Object.freeze([
+const DEFAULT_IGNORE_PATTERNS = [
     "**/.git/**",
     "**/node_modules/**",
     "**/.secretlintrc/**",
     "**/.secretlintrc.{json,yaml,yml,js}/**",
     "**/.secretlintignore*/**",
-]);
+];
 export type SearchFilesOptions = {
     cwd: string;
     ignoreFilePath?: string;
 };
 
-const mapGitIgnorePatternTo = (base: string) => (ignore: string) => {
-    const mapped = ignore.startsWith("!")
-        ? "!" + path.resolve(path.join(base, ignore.slice(1)))
-        : path.resolve(path.join(base, ignore));
-    return mapped.replace(/\\/g, "/");
-};
 /**
  * globby wrapper that support ignore options
  * @param patterns
  * @param options
  */
 export const searchFiles = async (patterns: string[], options: SearchFilesOptions) => {
-    const ignoredPatterns = [];
-    ignoredPatterns.push(...DEFAULT_IGNORE_PATTERNS);
-    if (options.ignoreFilePath) {
-        const baseDir = path.relative(options.cwd, path.dirname(options.ignoreFilePath));
-        const normalizeIgnoreFilePath = path.resolve(options.cwd, options.ignoreFilePath);
-        debug("searchFiles ignore baseDir: %s, normalizeIgnoreFilePath: %s", baseDir, normalizeIgnoreFilePath);
-        if (fs.existsSync(normalizeIgnoreFilePath)) {
-            const ignored = fs
-                .readFileSync(normalizeIgnoreFilePath, "utf-8")
-                .split(/\r?\n/)
-                .filter((line) => !/^\s*$/.test(line) && !/^\s*#/.test(line))
-                .map(mapGitIgnorePatternTo(baseDir));
-            debug("ignored: %o", ignored);
-            ignoredPatterns.push(...ignored);
-        }
-    }
     // glob pattern should be used "/" as path separator
     const globPatterns = patterns.map((pattern) => {
         return pattern.replace(/\\/g, "/");
     });
     debug("search patterns: %o", globPatterns);
-    debug("search ignore patterns: %o", ignoredPatterns);
+    debug("search DEFAULT_IGNORE_PATTERNS: %o", DEFAULT_IGNORE_PATTERNS);
+    debug("search ignoreFilePath: %s", options.ignoreFilePath);
     const searchResultItems = await globby(globPatterns, {
         cwd: options.cwd,
-        ignore: ignoredPatterns,
+        ignore: DEFAULT_IGNORE_PATTERNS,
+        ignoreFiles: options.ignoreFilePath ? [options.ignoreFilePath] : undefined,
         dot: true,
         absolute: true,
     });
diff --git a/packages/secretlint/test/snapshots/--secretlintignore=file-and-dir/.secretlintrc.json b/packages/secretlint/test/snapshots/--secretlintignore=file-and-dir/.secretlintrc.json
new file mode 100644
index 000000000..a1020cef8
--- /dev/null
+++ b/packages/secretlint/test/snapshots/--secretlintignore=file-and-dir/.secretlintrc.json
@@ -0,0 +1,7 @@
+{
+  "rules": [
+    {
+      "id": "@secretlint/secretlint-rule-example"
+    }
+  ]
+}
diff --git a/packages/secretlint/test/snapshots/--secretlintignore=file-and-dir/fixtures/bar/secret b/packages/secretlint/test/snapshots/--secretlintignore=file-and-dir/fixtures/bar/secret
new file mode 100644
index 000000000..f20c0d4e4
--- /dev/null
+++ b/packages/secretlint/test/snapshots/--secretlintignore=file-and-dir/fixtures/bar/secret
@@ -0,0 +1 @@
+THIS IS SECRET DATA!!
diff --git a/packages/secretlint/test/snapshots/--secretlintignore=file-and-dir/fixtures/foo b/packages/secretlint/test/snapshots/--secretlintignore=file-and-dir/fixtures/foo
new file mode 100644
index 000000000..f20c0d4e4
--- /dev/null
+++ b/packages/secretlint/test/snapshots/--secretlintignore=file-and-dir/fixtures/foo
@@ -0,0 +1 @@
+THIS IS SECRET DATA!!
diff --git a/packages/secretlint/test/snapshots/--secretlintignore=file-and-dir/ignore-file b/packages/secretlint/test/snapshots/--secretlintignore=file-and-dir/ignore-file
new file mode 100644
index 000000000..aae76fe73
--- /dev/null
+++ b/packages/secretlint/test/snapshots/--secretlintignore=file-and-dir/ignore-file
@@ -0,0 +1,2 @@
+**/foo
+**/bar
diff --git a/packages/secretlint/test/snapshots/--secretlintignore=file-and-dir/options.ts b/packages/secretlint/test/snapshots/--secretlintignore=file-and-dir/options.ts
new file mode 100644
index 000000000..3befe6aa9
--- /dev/null
+++ b/packages/secretlint/test/snapshots/--secretlintignore=file-and-dir/options.ts
@@ -0,0 +1,9 @@
+import { fileURLToPath } from "node:url";
+import { cli } from "../../../src/cli.js";
+
+const __dirname = fileURLToPath(new URL(".", import.meta.url));
+export const inputs: string[] = ["fixtures/**/*"];
+export const options: Partial<typeof cli.flags> = {
+    secretlintignore: "ignore-file",
+    cwd: __dirname,
+};
diff --git a/packages/secretlint/test/snapshots/--secretlintignore=file-and-dir/output.json b/packages/secretlint/test/snapshots/--secretlintignore=file-and-dir/output.json
new file mode 100644
index 000000000..0db9aa7c3
--- /dev/null
+++ b/packages/secretlint/test/snapshots/--secretlintignore=file-and-dir/output.json
@@ -0,0 +1,5 @@
+{
+    "exitStatus": 0,
+    "stdout": [],
+    "stderr": null
+}
\ No newline at end of file
diff --git a/yarn.lock b/yarn.lock
index b683e9b38..57a60eb9e 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -619,6 +619,11 @@
   resolved "https://registry.yarnpkg.com/@sinclair/typebox/-/typebox-0.25.24.tgz#8c7688559979f7079aacaf31aa881c3aa410b718"
   integrity sha512-XJfwUVUKDHF5ugKwIcxEgc9k8b7HbznCp6eUfWgu710hMPNIO4aw4/zB5RogDQz8nd6gyCDpU9O/m6qYEWY6yQ==
 
+"@sindresorhus/merge-streams@^1.0.0":
+  version "1.0.0"
+  resolved "https://registry.yarnpkg.com/@sindresorhus/merge-streams/-/merge-streams-1.0.0.tgz#9cd84cc15bc865a5ca35fcaae198eb899f7b5c90"
+  integrity sha512-rUV5WyJrJLoloD4NDN1V1+LDMDWOa4OTsT4yYJwQNpTU6FWxkxHpL7eu4w+DmiH8x/EAM1otkPE1+LaspIbplw==
+
 "@textlint/ast-node-types@^12.6.1":
   version "12.6.1"
   resolved "https://registry.yarnpkg.com/@textlint/ast-node-types/-/ast-node-types-12.6.1.tgz#35ecefe74e701d7f632c083d4fda89cab1b89012"
@@ -2120,6 +2125,17 @@ fast-glob@^3.2.9, fast-glob@^3.3.0:
     merge2 "^1.3.0"
     micromatch "^4.0.4"
 
+fast-glob@^3.3.2:
+  version "3.3.2"
+  resolved "https://registry.yarnpkg.com/fast-glob/-/fast-glob-3.3.2.tgz#a904501e57cfdd2ffcded45e99a54fef55e46129"
+  integrity sha512-oX2ruAFQwf/Orj8m737Y5adxDQO0LAB7/S5MnxCdTNDd4p6BsyIVsv9JQsATbTSq8KHRpLwIHbVlUNatxd+1Ow==
+  dependencies:
+    "@nodelib/fs.stat" "^2.0.2"
+    "@nodelib/fs.walk" "^1.2.3"
+    glob-parent "^5.1.2"
+    merge2 "^1.3.0"
+    micromatch "^4.0.4"
+
 fast-levenshtein@^2.0.6:
   version "2.0.6"
   resolved "https://registry.yarnpkg.com/fast-levenshtein/-/fast-levenshtein-2.0.6.tgz#3d8a5c66883a16a30ca8643e851f19baa7797917"
@@ -2515,6 +2531,18 @@ globby@^13.2.2:
     merge2 "^1.4.1"
     slash "^4.0.0"
 
+globby@^14.0.0:
+  version "14.0.0"
+  resolved "https://registry.yarnpkg.com/globby/-/globby-14.0.0.tgz#ea9c062a3614e33f516804e778590fcf055256b9"
+  integrity sha512-/1WM/LNHRAOH9lZta77uGbq0dAEQM+XjNesWwhlERDVenqothRbnzTrL3/LrIoEPPjeUHC3vrS6TwoyxeHs7MQ==
+  dependencies:
+    "@sindresorhus/merge-streams" "^1.0.0"
+    fast-glob "^3.3.2"
+    ignore "^5.2.4"
+    path-type "^5.0.0"
+    slash "^5.1.0"
+    unicorn-magic "^0.1.0"
+
 graceful-fs@^4.1.11, graceful-fs@^4.1.2, graceful-fs@^4.1.6, graceful-fs@^4.2.0, graceful-fs@^4.2.11, graceful-fs@^4.2.6:
   version "4.2.11"
   resolved "https://registry.yarnpkg.com/graceful-fs/-/graceful-fs-4.2.11.tgz#4183e4e8bf08bb6e05bbb2f7d2e0c8f712ca40e3"
@@ -4411,6 +4439,11 @@ path-type@^4.0.0:
   resolved "https://registry.yarnpkg.com/path-type/-/path-type-4.0.0.tgz#84ed01c0a7ba380afe09d90a8c180dcd9d03043b"
   integrity sha512-gDKb8aZMDeD/tZWs9P6+q0J9Mwkdl6xMV8TjnGP3qJVJ06bdMgkbBlLU8IdfOsIsFz2BW1rNVT3XuNEl8zPAvw==
 
+path-type@^5.0.0:
+  version "5.0.0"
+  resolved "https://registry.yarnpkg.com/path-type/-/path-type-5.0.0.tgz#14b01ed7aea7ddf9c7c3f46181d4d04f9c785bb8"
+  integrity sha512-5HviZNaZcfqP95rwpv+1HDgUamezbqdSYTyzjTvwtJSnIH+3vnbmWsItli8OFEndS984VT55M3jduxZbX351gg==
+
 picomatch@^2.0.4, picomatch@^2.2.1, picomatch@^2.3.1:
   version "2.3.1"
   resolved "https://registry.yarnpkg.com/picomatch/-/picomatch-2.3.1.tgz#3ba3833733646d9d3e4995946c1365a67fb07a42"
@@ -5638,6 +5671,11 @@ undici-types@~5.26.4:
   resolved "https://registry.yarnpkg.com/undici-types/-/undici-types-5.26.5.tgz#bcd539893d00b56e964fd2657a4866b221a65617"
   integrity sha512-JlCMO+ehdEIKqlFxk6IfVoAUVmgz7cU7zD/h9XZ0qzeosSHmUJVOzSQvvYSYWXkFXC+IfLKSIffhv0sVZup6pA==
 
+unicorn-magic@^0.1.0:
+  version "0.1.0"
+  resolved "https://registry.yarnpkg.com/unicorn-magic/-/unicorn-magic-0.1.0.tgz#1bb9a51c823aaf9d73a8bfcd3d1a23dde94b0ce4"
+  integrity sha512-lRfVq8fE8gz6QMBuDM6a+LO3IAzTi05H6gCVaUpir2E1Rwpo4ZUog45KpNXKC/Mn3Yb9UDuHumeFTo9iV/D9FQ==
+
 union-value@^1.0.0:
   version "1.0.1"
   resolved "https://registry.yarnpkg.com/union-value/-/union-value-1.0.1.tgz#0b6fe7b835aecda61c6ea4d4f02c14221e109847"