#254 | Ignore specs and scan results depend on invocation mode

- Misc code cleanup and test refactorings
thoughtworks · Jun 13, 2021 · 38cbc4a · 38cbc4a
1 parent 665b04a
commit 38cbc4a
Show file tree

Hide file tree

Showing 19 changed files with 343 additions and 210 deletions.
diff --git a/detector/chain_test.go b/detector/chain_test.go
@@ -18,19 +18,19 @@ func init() {
 
 type FailingDetection struct{}
 
-func (v FailingDetection) Test(comparator helpers.ChecksumCompare, currentAdditions []gitrepo.Addition, ignoreConfig *talismanrc.talismanRC, result *helpers.DetectionResults, additionCompletionCallback func()) {
+func (v FailingDetection) Test(comparator helpers.ChecksumCompare, currentAdditions []gitrepo.Addition, ignoreConfig *talismanrc.TalismanRC, result *helpers.DetectionResults, additionCompletionCallback func()) {
 	result.Fail("some_file", "filecontent", "FAILED BY DESIGN", []string{}, severity.Low)
 }
 
 type PassingDetection struct{}
 
-func (p PassingDetection) Test(comparator helpers.ChecksumCompare, currentAdditions []gitrepo.Addition, ignoreConfig *talismanrc.talismanRC, result *helpers.DetectionResults, additionCompletionCallback func()) {
+func (p PassingDetection) Test(comparator helpers.ChecksumCompare, currentAdditions []gitrepo.Addition, ignoreConfig *talismanrc.TalismanRC, result *helpers.DetectionResults, additionCompletionCallback func()) {
 }
 
 func TestEmptyValidationChainPassesAllValidations(t *testing.T) {
 	v := NewChain()
 	results := helpers.NewDetectionResults(talismanrc.HookMode)
-	v.Test(nil, &talismanrc.talismanRC{}, results)
+	v.Test(nil, &talismanrc.TalismanRC{}, results)
 	assert.False(t, results.HasFailures(), "Empty validation chain is expected to always pass")
 }
 
@@ -39,7 +39,7 @@ func TestValidationChainWithFailingValidationAlwaysFails(t *testing.T) {
 	v.AddDetector(PassingDetection{})
 	v.AddDetector(FailingDetection{})
 	results := helpers.NewDetectionResults(talismanrc.HookMode)
-	v.Test(nil, &talismanrc.talismanRC{}, results)
+	v.Test(nil, &talismanrc.TalismanRC{}, results)
 
 	assert.False(t, results.Successful(), "Expected validation chain with a failure to fail.")
 }
diff --git a/detector/filecontent/base64_aggressive_detector_test.go b/detector/filecontent/base64_aggressive_detector_test.go
@@ -11,38 +11,62 @@ import (
 	"github.com/stretchr/testify/assert"
 )
 
+var _blankTalismanRC = &talismanrc.TalismanRC{}
+var dummyCompletionCallbackFunc = func() {}
+var aggressiveModeFileContentDetector = NewFileContentDetector(_blankTalismanRC).AggressiveMode()
+
 func TestShouldFlagPotentialAWSAccessKeysInAggressiveMode(t *testing.T) {
 	const awsAccessKeyIDExample string = "AKIAIOSFODNN7EXAMPLE\n"
 	results := helpers.NewDetectionResults(talismanrc.HookMode)
-	content := []byte(awsAccessKeyIDExample)
 	filename := "filename"
-	additions := []gitrepo.Addition{gitrepo.NewAddition(filename, content)}
+	additions := []gitrepo.Addition{gitrepo.NewAddition(filename, []byte(awsAccessKeyIDExample))}
+
+	aggressiveModeFileContentDetector.
+		Test(
+			helpers.NewChecksumCompare(nil, utility.DefaultSHA256Hasher{}, _blankTalismanRC),
+			additions,
+			_blankTalismanRC,
+			results,
+			dummyCompletionCallbackFunc)
 
-	NewFileContentDetector(talismanRC).AggressiveMode().Test(helpers.NewChecksumCompare(nil, utility.DefaultSHA256Hasher{}, talismanrc.NewTalismanRC(nil)), additions, talismanRC, results, func() {})
 	assert.True(t, results.HasFailures(), "Expected file to not to contain base64 encoded texts")
 }
 
 func TestShouldFlagPotentialAWSAccessKeysAtPropertyDefinitionInAggressiveMode(t *testing.T) {
 	const awsAccessKeyIDExample string = "accessKey=AKIAIOSFODNN7EXAMPLE"
 	results := helpers.NewDetectionResults(talismanrc.HookMode)
-	content := []byte(awsAccessKeyIDExample)
 	filename := "filename"
-	additions := []gitrepo.Addition{gitrepo.NewAddition(filename, content)}
+	additions := []gitrepo.Addition{gitrepo.NewAddition(filename, []byte(awsAccessKeyIDExample))}
+
+	aggressiveModeFileContentDetector.
+		Test(
+			helpers.NewChecksumCompare(nil, utility.DefaultSHA256Hasher{}, _blankTalismanRC),
+			additions,
+			_blankTalismanRC,
+			results,
+			dummyCompletionCallbackFunc)
 
-	NewFileContentDetector(talismanRC).AggressiveMode().Test(helpers.NewChecksumCompare(nil, utility.DefaultSHA256Hasher{}, talismanrc.NewTalismanRC(nil)), additions, talismanRC, results, func() {})
 	assert.True(t, results.HasFailures(), "Expected file to not to contain base64 encoded texts")
 }
 
 func TestShouldNotFlagPotentialSecretsWithinSafeJavaCodeEvenInAggressiveMode(t *testing.T) {
-	const awsAccessKeyIDExample string = "public class HelloWorld {\r\n\r\n    public static void main(String[] args) {\r\n        // Prints \"Hello, World\" to the terminal window.\r\n        System.out.println(\"Hello, World\");\r\n    }\r\n\r\n}"
+	const awsAccessKeyIDExample string = "public class HelloWorld {\r\n\r\n" +
+		"   public static void main(String[] args) {\r\n        " +
+		"		// Prints \"Hello, World\" to the terminal window.\r\n        " +
+		"		System.out.println(\"Hello, World\");\r\n    " +
+		"	}\r\n\r\n" +
+		"}"
 	results := helpers.NewDetectionResults(talismanrc.HookMode)
-	content := []byte(awsAccessKeyIDExample)
 	filename := "filename"
-	additions := []gitrepo.Addition{gitrepo.NewAddition(filename, content)}
+	additions := []gitrepo.Addition{gitrepo.NewAddition(filename, []byte(awsAccessKeyIDExample))}
+
+	aggressiveModeFileContentDetector.
+		Test(
+			helpers.NewChecksumCompare(nil, utility.DefaultSHA256Hasher{}, _blankTalismanRC),
+			additions,
+			_blankTalismanRC,
+			results,
+			dummyCompletionCallbackFunc)
 
-	NewFileContentDetector(talismanRC).AggressiveMode().Test(helpers.NewChecksumCompare(nil, utility.DefaultSHA256Hasher{}, talismanrc.NewTalismanRC(nil)), additions, talismanRC, results, func() {})
-	if results == nil {
-		additions = nil
-	}
 	assert.False(t, results.HasFailures(), "Expected file to not to contain base64 encoded texts")
 }
diff --git a/detector/filecontent/filecontent_detector.go b/detector/filecontent/filecontent_detector.go
@@ -135,16 +135,17 @@ func (fc *FileContentDetector) Test(comparator helpers.ChecksumCompare, currentA
 		close(ignoredFilePaths)
 		close(contents)
 	}()
-
 	for ignoredChanHasMore, contentChanHasMore := true, true; ignoredChanHasMore || contentChanHasMore; {
 		select {
 		case ignoredFilePath, hasMore := <-ignoredFilePaths:
+			log.Debugf("Processing results for ignored file %v", ignoredFilePath)
 			if !hasMore {
 				ignoredChanHasMore = false
 				continue
 			}
 			processIgnoredFilepath(ignoredFilePath, result)
 		case c, hasMore := <-contents:
+			log.Debugf("Processing results for file %v", c.path)
 			if !hasMore {
 				contentChanHasMore = false
 				continue