Merge ba49bc9 into 8423dce

thoughtworks · Nov 10, 2019 · 4b974c6 · 4b974c6
2 parents 8423dce + ba49bc9
commit 4b974c6
Show file tree

Hide file tree

Showing 23 changed files with 218 additions and 177 deletions.
diff --git a/.gitignore b/.gitignore
@@ -10,7 +10,7 @@ talisman_darwin_*
 talisman_windows_*
 vendor/
 gitrepo/data/*
-.talismanrc
+detector/.talismanrc
 .vscode/**
 coverage.out
 coverage.txt
diff --git a/.talismanrc b/.talismanrc
@@ -0,0 +1,2 @@
+scopeconfig:
+- scope: go
diff --git a/checksumcalculator/checksumcalculator.go b/checksumcalculator/checksumcalculator.go
@@ -3,8 +3,8 @@ package checksumcalculator
 import (
 	"fmt"
 	"os"
-	"talisman/detector"
 	"talisman/gitrepo"
+	"talisman/talismanrc"
 	"talisman/utility"
 
 	yaml "gopkg.in/yaml.v2"
@@ -27,18 +27,18 @@ func (cc *ChecksumCalculator) SuggestTalismanRC() string {
 	gitTrackedFilesAsAdditions := repo.TrackedFilesAsAdditions()
 	//Adding staged files for calculation
 	gitTrackedFilesAsAdditions = append(gitTrackedFilesAsAdditions, repo.StagedAdditions()...)
-	var fileIgnoreConfigs []detector.FileIgnoreConfig
+	var fileIgnoreConfigs []talismanrc.FileIgnoreConfig
 	result := ""
 	for _, pattern := range cc.fileNamePatterns {
 		collectiveChecksum := cc.calculateCollectiveChecksumForPattern(pattern, gitTrackedFilesAsAdditions)
 		if collectiveChecksum != "" {
-			fileIgnoreConfig := detector.FileIgnoreConfig{FileName: pattern, Checksum: collectiveChecksum, IgnoreDetectors: []string{}}
+			fileIgnoreConfig := talismanrc.FileIgnoreConfig{FileName: pattern, Checksum: collectiveChecksum, IgnoreDetectors: []string{}}
 			fileIgnoreConfigs = append(fileIgnoreConfigs, fileIgnoreConfig)
 		}
 	}
 	if len(fileIgnoreConfigs) != 0 {
 		result = result + fmt.Sprintf("\n\x1b[33m.talismanrc format for given file names / patterns\x1b[0m\n")
-		talismanRCIgnoreConfig := detector.TalismanRCIgnore{FileIgnoreConfig: fileIgnoreConfigs}
+		talismanRCIgnoreConfig := talismanrc.TalismanRCIgnore{FileIgnoreConfig: fileIgnoreConfigs}
 		m, _ := yaml.Marshal(&talismanRCIgnoreConfig)
 		result = result + string(m)
 	}

diff --git a/detector/base64_aggressive_detector_test.go b/detector/base64_aggressive_detector_test.go
@@ -4,18 +4,21 @@ import (
 	"testing"
 
 	"talisman/gitrepo"
+	"talisman/talismanrc"
 
 	"github.com/stretchr/testify/assert"
 )
 
+var talismanRCIgnore = &talismanrc.TalismanRCIgnore{}
+
 func TestShouldFlagPotentialAWSAccessKeysInAggressiveMode(t *testing.T) {
 	const awsAccessKeyIDExample string = "AKIAIOSFODNN7EXAMPLE\n"
 	results := NewDetectionResults()
 	content := []byte(awsAccessKeyIDExample)
 	filename := "filename"
 	additions := []gitrepo.Addition{gitrepo.NewAddition(filename, content)}
 
-	NewFileContentDetector().AggressiveMode().Test(additions, TalismanRCIgnore{}, results)
+	NewFileContentDetector().AggressiveMode().Test(additions, talismanRCIgnore, results)
 	assert.True(t, results.HasFailures(), "Expected file to not to contain base64 encoded texts")
 }
 
@@ -26,7 +29,7 @@ func TestShouldFlagPotentialAWSAccessKeysAtPropertyDefinitionInAggressiveMode(t
 	filename := "filename"
 	additions := []gitrepo.Addition{gitrepo.NewAddition(filename, content)}
 
-	NewFileContentDetector().AggressiveMode().Test(additions, TalismanRCIgnore{}, results)
+	NewFileContentDetector().AggressiveMode().Test(additions, talismanRCIgnore, results)
 	assert.True(t, results.HasFailures(), "Expected file to not to contain base64 encoded texts")
 }
 
@@ -37,7 +40,7 @@ func TestShouldNotFlagPotentialSecretsWithinSafeJavaCodeEvenInAggressiveMode(t *
 	filename := "filename"
 	additions := []gitrepo.Addition{gitrepo.NewAddition(filename, content)}
 
-	NewFileContentDetector().AggressiveMode().Test(additions, TalismanRCIgnore{}, results)
+	NewFileContentDetector().AggressiveMode().Test(additions, talismanRCIgnore, results)
 	if results == nil {
 		additions = nil
 	}

diff --git a/detector/checksum_compare.go b/detector/checksum_compare.go
@@ -2,16 +2,17 @@ package detector
 
 import (
 	"talisman/gitrepo"
+	"talisman/talismanrc"
 	"talisman/utility"
 )
 
 type ChecksumCompare struct {
 	additions    []gitrepo.Addition
-	ignoreConfig TalismanRCIgnore
+	ignoreConfig *talismanrc.TalismanRCIgnore
 }
 
 //NewChecksumCompare returns new instance of the ChecksumCompare
-func NewChecksumCompare(gitAdditions []gitrepo.Addition, talismanRCIgnoreConfig TalismanRCIgnore) *ChecksumCompare {
+func NewChecksumCompare(gitAdditions []gitrepo.Addition, talismanRCIgnoreConfig *talismanrc.TalismanRCIgnore) *ChecksumCompare {
 	cc := ChecksumCompare{additions: gitAdditions, ignoreConfig: talismanRCIgnoreConfig}
 	return &cc
 }
@@ -30,17 +31,17 @@ func (cc *ChecksumCompare) IsScanNotRequired(addition gitrepo.Addition) bool {
 
 }
 
-//FilterIgnoresBasedOnChecksums filters the file ignores from the TalismanRCIgnore which doesn't have any checksum value or having mismatched checksum value from the .talsimanrc
-func (cc *ChecksumCompare) FilterIgnoresBasedOnChecksums() TalismanRCIgnore {
-	finalIgnores := []FileIgnoreConfig{}
+//FilterIgnoresBasedOnChecksums filters the file ignores from the talismanrc.TalismanRCIgnore which doesn't have any checksum value or having mismatched checksum value from the .talsimanrc
+func (cc *ChecksumCompare) FilterIgnoresBasedOnChecksums() talismanrc.TalismanRCIgnore {
+	finalIgnores := []talismanrc.FileIgnoreConfig{}
 	for _, ignore := range cc.ignoreConfig.FileIgnoreConfig {
 		currentCollectiveChecksum := cc.calculateCollectiveChecksumForPattern(ignore.FileName, cc.additions)
-		// Compare with previous checksum from FileIgnoreConfig
+		// Compare with previous checksum from talismanrc.FileIgnoreConfig
 		if ignore.Checksum == currentCollectiveChecksum {
 			finalIgnores = append(finalIgnores, ignore)
 		}
 	}
-	rc := TalismanRCIgnore{}
+	rc := talismanrc.TalismanRCIgnore{}
 	rc.FileIgnoreConfig = finalIgnores
 	return rc
 }

diff --git a/detector/checksum_compare_test.go b/detector/checksum_compare_test.go
@@ -2,6 +2,7 @@ package detector
 
 import (
 	"talisman/gitrepo"
+	"talisman/talismanrc"
 	"talisman/utility"
 	"testing"
 
@@ -36,7 +37,7 @@ fileignoreconfig:
 `
 
 func TestShouldConsiderBothFilesForDetection(t *testing.T) {
-	rc := NewTalismanRCIgnore([]byte(talismanRCWithInCorrectChecksum))
+	rc := talismanrc.NewTalismanRCIgnore([]byte(talismanRCWithInCorrectChecksum))
 	addition1 := gitrepo.NewAddition("some_file.pem", make([]byte, 0))
 	addition2 := gitrepo.NewAddition("test/some_file.pem", make([]byte, 0))
 	cc := NewChecksumCompare([]gitrepo.Addition{addition1, addition2}, rc)
@@ -49,7 +50,7 @@ func TestShouldConsiderBothFilesForDetection(t *testing.T) {
 func TestShouldNotConsiderBothFilesForDetection(t *testing.T) {
 	addition1 := gitrepo.NewAddition("some_file.pem", make([]byte, 0))
 	addition2 := gitrepo.NewAddition("test/some_file.pem", make([]byte, 0))
-	rc := NewTalismanRCIgnore([]byte(talismanRCWithCorrectChecksum))
+	rc := talismanrc.NewTalismanRCIgnore([]byte(talismanRCWithCorrectChecksum))
 	cc := NewChecksumCompare([]gitrepo.Addition{addition1, addition2}, rc)
 
 	filteredRC := cc.FilterIgnoresBasedOnChecksums()
@@ -60,7 +61,7 @@ func TestShouldNotConsiderBothFilesForDetection(t *testing.T) {
 func TestShouldConsiderOneFileForDetection(t *testing.T) {
 	addition1 := gitrepo.NewAddition("some_file.pem", make([]byte, 0))
 	addition2 := gitrepo.NewAddition("test/some1_file.pem", make([]byte, 0))
-	rc := NewTalismanRCIgnore([]byte(talismanRCWithOneCorrectChecksum))
+	rc := talismanrc.NewTalismanRCIgnore([]byte(talismanRCWithOneCorrectChecksum))
 	cc := NewChecksumCompare([]gitrepo.Addition{addition1, addition2}, rc)
 
 	filteredRC := cc.FilterIgnoresBasedOnChecksums()
@@ -71,7 +72,7 @@ func TestShouldConsiderOneFileForDetection(t *testing.T) {
 func TestShouldConsiderBothFilesForDetectionIfTalismanRCIsEmpty(t *testing.T) {
 	addition1 := gitrepo.NewAddition("some_file.pem", make([]byte, 0))
 	addition2 := gitrepo.NewAddition("test/some_file.pem", make([]byte, 0))
-	rc := NewTalismanRCIgnore([]byte{})
+	rc := talismanrc.NewTalismanRCIgnore([]byte{})
 	cc := NewChecksumCompare([]gitrepo.Addition{addition1, addition2}, rc)
 
 	filteredRC := cc.FilterIgnoresBasedOnChecksums()

diff --git a/detector/detection_results.go b/detector/detection_results.go
@@ -2,15 +2,17 @@ package detector
 
 import (
 	"fmt"
-	"github.com/spf13/afero"
-	"gopkg.in/yaml.v2"
 	"log"
 	"os"
 	"strings"
 	"talisman/gitrepo"
 	"talisman/prompt"
+	"talisman/talismanrc"
 	"talisman/utility"
 
+	"github.com/spf13/afero"
+	"gopkg.in/yaml.v2"
+
 	"github.com/olekukonko/tablewriter"
 )
 
@@ -302,26 +304,26 @@ func (r *DetectionResults) Report(fs afero.Fs, ignoreFile string, promptContext
 }
 
 func (r *DetectionResults) suggestTalismanRC(fs afero.Fs, ignoreFile string, filePaths []string, promptContext prompt.PromptContext) {
-	var entriesToAdd []FileIgnoreConfig
+	var entriesToAdd []talismanrc.FileIgnoreConfig
 
 	for _, filePath := range filePaths {
 		currentChecksum := utility.CollectiveSHA256Hash([]string{filePath})
-		fileIgnoreConfig := FileIgnoreConfig{filePath, currentChecksum, []string{}}
+		fileIgnoreConfig := talismanrc.FileIgnoreConfig{filePath, currentChecksum, []string{}}
 		entriesToAdd = append(entriesToAdd, fileIgnoreConfig)
 	}
 
 	if promptContext.Interactive {
 		confirmedEntries := getUserConfirmation(entriesToAdd, promptContext)
-		addToTalismanIgnoreFile(confirmedEntries, fs, ignoreFile)
+		talismanrc.Get().AddFileIgnores(confirmedEntries)
 	} else {
 		printTalismanIgnoreSuggestion(entriesToAdd)
 		return
 	}
 
 }
 
-func getUserConfirmation(configs []FileIgnoreConfig, promptContext prompt.PromptContext) []FileIgnoreConfig {
-	confirmed := []FileIgnoreConfig{}
+func getUserConfirmation(configs []talismanrc.FileIgnoreConfig, promptContext prompt.PromptContext) []talismanrc.FileIgnoreConfig {
+	confirmed := []talismanrc.FileIgnoreConfig{}
 	for _, config := range configs {
 		if confirm(config, promptContext) {
 			confirmed = append(confirmed, config)
@@ -330,8 +332,8 @@ func getUserConfirmation(configs []FileIgnoreConfig, promptContext prompt.Prompt
 	return confirmed
 }
 
-func printTalismanIgnoreSuggestion(entriesToAdd []FileIgnoreConfig) {
-	talismanRcIgnoreConfig := TalismanRCIgnore{FileIgnoreConfig: entriesToAdd}
+func printTalismanIgnoreSuggestion(entriesToAdd []talismanrc.FileIgnoreConfig) {
+	talismanRcIgnoreConfig := talismanrc.TalismanRCIgnore{FileIgnoreConfig: entriesToAdd}
 	ignoreEntries, _ := yaml.Marshal(&talismanRcIgnoreConfig)
 	suggestString := fmt.Sprintf("\n\x1b[33mIf you are absolutely sure that you want to ignore the " +
 		"above files from talisman detectors, consider pasting the following format in .talismanrc file" +
@@ -340,31 +342,7 @@ func printTalismanIgnoreSuggestion(entriesToAdd []FileIgnoreConfig) {
 	fmt.Println(string(ignoreEntries))
 }
 
-func addToTalismanIgnoreFile(entriesToAdd []FileIgnoreConfig, fs afero.Fs, ignoreFile string) {
-
-	if len(entriesToAdd) > 0 {
-		talismanRcIgnoreConfig := TalismanRCIgnore{FileIgnoreConfig: entriesToAdd}
-		ignoreEntries, _ := yaml.Marshal(&talismanRcIgnoreConfig)
-		file, err := fs.OpenFile(ignoreFile, os.O_APPEND|os.O_CREATE|os.O_WRONLY, 0644)
-		if err != nil {
-			log.Printf("error opening %s: %s", ignoreFile, err)
-		}
-		defer func() {
-			err := file.Close()
-			if err != nil {
-				log.Printf("error closing %s: %s", ignoreFile, err)
-			}
-
-		}()
-
-		_, err = file.WriteString(string(ignoreEntries))
-		if err != nil {
-			log.Printf("error writing to %s: %s", ignoreFile, err)
-		}
-	}
-}
-
-func confirm(config FileIgnoreConfig, promptContext prompt.PromptContext) bool {
+func confirm(config talismanrc.FileIgnoreConfig, promptContext prompt.PromptContext) bool {
 	bytes, err := yaml.Marshal(&config)
 	if err != nil {
 		log.Printf("error marshalling file ignore config: %s", err)

diff --git a/detector/detection_results_test.go b/detector/detection_results_test.go
@@ -1,13 +1,15 @@
 package detector
 
 import (
-	"github.com/golang/mock/gomock"
-	"github.com/spf13/afero"
 	"strings"
 	mock "talisman/internal/mock/prompt"
 	"talisman/prompt"
+	"talisman/talismanrc"
 	"testing"
 
+	"github.com/golang/mock/gomock"
+	"github.com/spf13/afero"
+
 	"github.com/stretchr/testify/assert"
 )
 
@@ -78,6 +80,9 @@ func TestTalismanRCSuggestionWhenThereAreFailures(t *testing.T) {
 	assert.NoError(t, err)
 	ignoreFile := file.Name()
 
+	talismanrc.SetFs(fs)
+	talismanrc.SetRcFilename(ignoreFile)
+
 	existingContent := `fileignoreconfig:
 - filename: existing.pem
   checksum: 123444ddssa75333b25b6275f97680604add51b84eb8f4a3b9dcbbc652e6f27ac
@@ -175,7 +180,6 @@ scopeconfig: []
 		assert.Equal(t, expectedFileContent, string(bytesFromFile))
 	})
 
-
 	err = fs.Remove(ignoreFile)
 	assert.NoError(t, err)
 }
diff --git a/detector/detector.go b/detector/detector.go
@@ -3,13 +3,14 @@ package detector
 import (
 	"os"
 	"talisman/gitrepo"
+	"talisman/talismanrc"
 )
 
 //Detector represents a single kind of test to be performed against a set of Additions
 //Detectors are expected to honor the ignores that are passed in and log them in the results
 //Detectors are expected to signal any errors to the results
 type Detector interface {
-	Test(additions []gitrepo.Addition, ignoreConfig TalismanRCIgnore, result *DetectionResults)
+	Test(additions []gitrepo.Addition, ignoreConfig *talismanrc.TalismanRCIgnore, result *DetectionResults)
 }
 
 //Chain represents a chain of Detectors.
@@ -42,7 +43,7 @@ func (dc *Chain) AddDetector(d Detector) *Chain {
 
 //Test validates the additions against each detector in the chain.
 //The results are passed in from detector to detector and thus collect all errors from all detectors
-func (dc *Chain) Test(additions []gitrepo.Addition, ignoreConfig TalismanRCIgnore, result *DetectionResults) {
+func (dc *Chain) Test(additions []gitrepo.Addition, ignoreConfig *talismanrc.TalismanRCIgnore, result *DetectionResults) {
 	wd, _ := os.Getwd()
 	repo := gitrepo.RepoLocatedAt(wd)
 	gitTrackedFilesAsAdditions := repo.TrackedFilesAsAdditions()

diff --git a/detector/detector_test.go b/detector/detector_test.go
@@ -4,14 +4,15 @@ import (
 	"testing"
 
 	"talisman/gitrepo"
+	"talisman/talismanrc"
 
 	"github.com/stretchr/testify/assert"
 )
 
 func TestEmptyValidationChainPassesAllValidations(t *testing.T) {
 	v := NewChain()
 	results := NewDetectionResults()
-	v.Test(nil, TalismanRCIgnore{}, results)
+	v.Test(nil, &talismanrc.TalismanRCIgnore{}, results)
 	assert.False(t, results.HasFailures(), "Empty validation chain is expected to always pass")
 }
 
@@ -20,18 +21,18 @@ func TestValidationChainWithFailingValidationAlwaysFails(t *testing.T) {
 	v.AddDetector(PassingDetection{})
 	v.AddDetector(FailingDetection{})
 	results := NewDetectionResults()
-	v.Test(nil, TalismanRCIgnore{}, results)
+	v.Test(nil, &talismanrc.TalismanRCIgnore{}, results)
 
 	assert.False(t, results.Successful(), "Expected validation chain with a failure to fail.")
 }
 
 type FailingDetection struct{}
 
-func (v FailingDetection) Test(additions []gitrepo.Addition, ignoreConfig TalismanRCIgnore, result *DetectionResults) {
+func (v FailingDetection) Test(additions []gitrepo.Addition, ignoreConfig *talismanrc.TalismanRCIgnore, result *DetectionResults) {
 	result.Fail("some_file", "filecontent", "FAILED BY DESIGN", []string{})
 }
 
 type PassingDetection struct{}
 
-func (p PassingDetection) Test(additions []gitrepo.Addition, ignoreConfig TalismanRCIgnore, result *DetectionResults) {
+func (p PassingDetection) Test(additions []gitrepo.Addition, ignoreConfig *talismanrc.TalismanRCIgnore, result *DetectionResults) {
 }