Use string values for defining severity threshold (#114)

README.md

@@ -354,20 +354,19 @@ custom_patterns:
 
 ## Configuring severity threshold
 
-Each validation is associated with a severity value
-
-1. Low Severity
-2. Medium Severity
-3. High Severity
+Each validation is associated with a severity 
+1. low
+2. medium
+3. high
 
 You can specify a threshold in your .talismanrc: 
 
 ```yaml
-threshold: 2
+threshold: medium
 ```
 This will report all Medium severity issues and higher (Potential risks that are below the threshold will be reported in the warnings)
 
-By default, the threshold is set to 1
+By default, the threshold is set to low
 
 ## Talisman as a CLI utility
 

detector/filecontent/filecontent_detector_test.go

@@ -85,7 +85,7 @@ func TestShouldNotFlagBase64ContentIfThresholdIsHigher(t *testing.T) {
 	content := []byte(awsSecretAccessKey)
 	filename := "filename"
 	additions := []gitrepo.Addition{gitrepo.NewAddition(filename, content)}
-	var talismanRCContents = "threshold: 3"
+	var talismanRCContents = "threshold: high"
 	talismanRCWithThreshold := talismanrc.NewTalismanRC([]byte(talismanRCContents))
 
 	NewFileContentDetector(talismanRC).Test(helpers.NewChecksumCompare(nil, utility.DefaultSHA256Hasher{}, talismanRCWithThreshold), additions, talismanRCWithThreshold, results)
@@ -181,7 +181,7 @@ func TestShouldNotFlagSecretsEncodedInHexIfAboveThreshold(t *testing.T) {
 	filename := "filename"
 	additions := []gitrepo.Addition{gitrepo.NewAddition(filename, content)}
 
-	var talismanRCContents = "threshold: 3"
+	var talismanRCContents = "threshold: high"
 	talismanRCWithThreshold := talismanrc.NewTalismanRC([]byte(talismanRCContents))
 
 	NewFileContentDetector(talismanRC).Test(helpers.NewChecksumCompare(nil, utility.DefaultSHA256Hasher{}, talismanRCWithThreshold), additions, talismanRCWithThreshold, results)

detector/filesize/filesize_detector_test.go

@@ -24,7 +24,7 @@ func TestShouldFlagLargeFiles(t *testing.T) {
 func TestShouldNotFlagLargeFilesIfThresholdIsBelowSeverity(t *testing.T) {
 	results := helpers.NewDetectionResults()
 	content := []byte("more than one byte")
-	var talismanRCContents = "threshold: 3"
+	var talismanRCContents = "threshold: high"
 	talismanRCWithThreshold := talismanrc.NewTalismanRC([]byte(talismanRCContents))
 	additions := []gitrepo.Addition{gitrepo.NewAddition("filename", content)}
 	NewFileSizeDetector(2).Test(helpers.NewChecksumCompare(nil, utility.DefaultSHA256Hasher{}, talismanRCWithThreshold), additions, talismanRCWithThreshold, results)

detector/pattern/pattern_detector_test.go

@@ -75,7 +75,7 @@ func TestShouldOnlyWarnSecretPatternIfBelowThreshold(t *testing.T) {
 	content := []byte(`password=UnsafeString`)
 	filename := "secret.txt"
 	additions := []gitrepo.Addition{gitrepo.NewAddition(filename, content)}
-	talismanRCContents := "threshold: 3"
+	talismanRCContents := "threshold: high"
 	talismanRCWithThreshold := talismanrc.NewTalismanRC([]byte(talismanRCContents))
 	NewPatternDetector(customPatterns).Test(helpers.NewChecksumCompare(nil, utility.DefaultSHA256Hasher{}, talismanRCWithThreshold), additions, talismanRCWithThreshold, results)
 	assert.False(t, results.HasFailures(), "Expected file %s to not have failures", filename)

detector/severity/pattern_severity.go

@@ -17,25 +17,12 @@ type PatternSeverity struct {
 	Severity Severity
 }
 
-func SeverityDisplayString(severity SeverityValue) string {
-	switch severity {
-	case 1:
-		return "Low"
-	case 2:
-		return "Medium"
-	case 3:
-		return "High"
-	default:
-		return "Undefined"
-	}
-}
-
 type Severity struct {
 	Value SeverityValue
 }
 
 func (s Severity) String() string {
-	return SeverityDisplayString(s.Value)
+	return SeverityValueToString(s.Value)
 }
 func (s Severity) ExceedsThreshold(threshold SeverityValue) bool {
 	return s.Value >= threshold

detector/severity/severity_map.go

@@ -0,0 +1,23 @@
+package severity
+
+import "strings"
+
+var severityMap = map[SeverityValue]string{
+	LowSeverity:    "low",
+	MediumSeverity: "medium",
+	HighSeverity:   "high",
+}
+
+func SeverityValueToString(severity SeverityValue) string {
+	return severityMap[severity]
+}
+
+func SeverityStringToValue(severity string) SeverityValue {
+	severityInLowerCase := strings.ToLower(severity)
+	for k, v := range severityMap {
+		if v == severityInLowerCase {
+			return k
+		}
+	}
+	return 0
+}

detector/severity/severity_map_test.go

@@ -0,0 +1,26 @@
+package severity
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestShouldReturnSeverityStringForDefinedSeverity(t *testing.T) {
+	assert.Equal(t, SeverityValueToString(LowSeverity), "low")
+	assert.Equal(t, SeverityValueToString(MediumSeverity), "medium")
+	assert.Equal(t, SeverityValueToString(HighSeverity), "high")
+}
+func TestShouldReturnEmptyForInvalidSeverity(t *testing.T) {
+	assert.Equal(t, SeverityValueToString(10), "")
+}
+
+func TestShouldReturnSeverityValueForDefinedStrings(t *testing.T) {
+	assert.Equal(t, SeverityStringToValue("Low"), LowSeverity)
+	assert.Equal(t, SeverityStringToValue("MEDIUM"), MediumSeverity)
+	assert.Equal(t, SeverityStringToValue("high"), HighSeverity)
+}
+
+func TestShouldReturnSeverityZeroForUnknownStrings(t *testing.T) {
+	assert.Equal(t, SeverityStringToValue("FakeSeverity"), SeverityValue(0))
+}

talismanrc/talismanrc.go

@@ -52,6 +52,15 @@ type TalismanRC struct {
 	Threshold        severity.SeverityValue `default:"1" yaml:"threshold,omitempty"`
 }
 
+type TalismanRCFile struct {
+	FileIgnoreConfig []FileIgnoreConfig `yaml:"fileignoreconfig,omitempty"`
+	ScopeConfig      []ScopeConfig      `yaml:"scopeconfig,omitempty"`
+	CustomPatterns   []PatternString    `yaml:"custom_patterns,omitempty"`
+	AllowedPatterns  []string           `yaml:"allowed_patterns,omitempty"`
+	Experimental     ExperimentalConfig `yaml:"experimental,omitempty"`
+	Threshold        string             `default:"low" yaml:"threshold,omitempty"`
+}
+
 func SetFs(_fs afero.Fs) {
 	fs = _fs
 }
@@ -83,14 +92,21 @@ func readRepoFile() func(string) ([]byte, error) {
 }
 
 func NewTalismanRC(fileContents []byte) *TalismanRC {
-	talismanRC := TalismanRC{}
-	err := yaml.Unmarshal(fileContents, &talismanRC)
+	talismanRCFile := TalismanRCFile{}
+	err := yaml.Unmarshal(fileContents, &talismanRCFile)
 	if err != nil {
 		log.Println("Unable to parse .talismanrc")
 		log.Printf("error: %v", err)
-		return &talismanRC
+		return &TalismanRC{}
+	}
+	return &TalismanRC{
+		FileIgnoreConfig: talismanRCFile.FileIgnoreConfig,
+		ScopeConfig:      talismanRCFile.ScopeConfig,
+		CustomPatterns:   talismanRCFile.CustomPatterns,
+		AllowedPatterns:  talismanRCFile.AllowedPatterns,
+		Experimental:     talismanRCFile.Experimental,
+		Threshold:        severity.SeverityStringToValue(talismanRCFile.Threshold),
 	}
-	return &talismanRC
 }
 
 func (i FileIgnoreConfig) isEffective(detectorName string) bool {

talismanrc/talismanrc_test.go

@@ -3,6 +3,7 @@ package talismanrc
 import (
 	"testing"
 
+	"talisman/detector/severity"
 	"talisman/gitrepo"
 
 	"github.com/stretchr/testify/assert"
@@ -20,6 +21,11 @@ func TestShouldIgnoreUnformattedFiles(t *testing.T) {
 	}
 }
 
+func TestShouldConvertThresholdToValue(t *testing.T) {
+	talismanRCContents := []byte("threshold: high")
+	assert.Equal(t, NewTalismanRC(talismanRCContents).Threshold, severity.HighSeverity)
+}
+
 func TestDirectoryPatterns(t *testing.T) {
 	assertAccepts("foo/", "", "bar", t)
 	assertAccepts("foo/", "", "foo", t)
@@ -108,4 +114,4 @@ func CreatetalismanRCWithScopeIgnore(scopesToIgnore []string) *TalismanRC {
 
 	talismanRC := TalismanRC{ScopeConfig: scopeConfigs}
 	return &talismanRC
-}
+}