#254 | Ignore specs and scan results are dependent talisman invocatio…

…n mode

cmd/runner.go

@@ -29,7 +29,7 @@ type runner struct {
 func NewRunner(additions []gitrepo.Addition) *runner {
 	return &runner{
 		additions: additions,
-		results:   helpers.NewDetectionResults(),
+		results:   helpers.NewDetectionResults(talismanrc.Hook),
 	}
 }
 

cmd/scanner_cmd.go

@@ -18,12 +18,13 @@ type ScannerCmd struct {
 	reportDirectory string
 }
 
-//Scan scans git commit history for potential secrets and returns 0 or 1 as exit code
+//Run scans git commit history for potential secrets and returns 0 or 1 as exit code
 func (s *ScannerCmd) Run(tRC *talismanrc.TalismanRC) int {
 	fmt.Printf("\n\n")
 	utility.CreateArt("Running Scan..")
 
 	setCustomSeverities(tRC)
+	tRC.SetMode(talismanrc.Scan)
 	detector.DefaultChain(tRC).Test(s.additions, tRC, s.results)
 	reportsPath, err := report.GenerateReport(s.results, s.reportDirectory)
 	if err != nil {
@@ -43,11 +44,11 @@ func (s *ScannerCmd) exitStatus() int {
 }
 
 //Returns a new scanner command
-func NewScannerCmd(ignoreHistory bool, reportDirectory string) *ScannerCmd {
+func NewScannerCmd(ignoreHistory bool, reportDirectory string, mode talismanrc.Mode) *ScannerCmd {
 	additions := scanner.GetAdditions(ignoreHistory)
 	return &ScannerCmd{
 		additions:       additions,
-		results:         helpers.NewDetectionResults(),
+		results:         helpers.NewDetectionResults(mode),
 		reportDirectory: reportDirectory,
 	}
 }

cmd/talisman.go

@@ -18,8 +18,8 @@ import (
 var (
 	showVersion bool
 	//Version : Version of talisman
-	Version         = "Development Build"
-	interactive     bool
+	Version     = "Development Build"
+	interactive bool
 )
 
 const (
@@ -39,7 +39,7 @@ var options struct {
 	reportDirectory string
 	scanWithHtml    bool
 	input           io.Reader
-};
+}
 
 //var options Options
 
@@ -86,7 +86,7 @@ func main() {
 
 func run(promptContext prompt.PromptContext) (returnCode int) {
 	if err := validateGitExecutable(afero.NewOsFs(), runtime.GOOS); err != nil {
-		log.Errorf("error validating git executable:" + " %v", err)
+		log.Errorf("error validating git executable:"+" %v", err)
 		return 1
 	}
 
@@ -106,10 +106,10 @@ func run(promptContext prompt.PromptContext) (returnCode int) {
 		return NewChecksumCmd(strings.Fields(options.checksum)).Run()
 	} else if options.scan {
 		log.Infof("Running scanner")
-		return NewScannerCmd(options.ignoreHistory, options.reportDirectory).Run(talismanRC)
+		return NewScannerCmd(options.ignoreHistory, options.reportDirectory, talismanrc.Scan).Run(talismanRC)
 	} else if options.scanWithHtml {
 		log.Infof("Running scanner with html report")
-		return NewScannerCmd(options.ignoreHistory, "talisman_html_report").Run(talismanRC)
+		return NewScannerCmd(options.ignoreHistory, "talisman_html_report", talismanrc.Scan).Run(talismanRC)
 	} else if options.pattern != "" {
 		log.Infof("Running scan for %s", options.pattern)
 		return NewPatternCmd(options.pattern).Run(talismanRC, promptContext)

detector/chain.go

@@ -31,9 +31,9 @@ func NewChain() *Chain {
 //DefaultChain returns a DetectorChain with pre-configured detectors
 func DefaultChain(tRC *talismanrc.TalismanRC) *Chain {
 	result := NewChain()
-	result.AddDetector(filename.DefaultFileNameDetector(tRC.Threshold))
+	result.AddDetector(filename.DefaultFileNameDetector(tRC.GetThreshold()))
 	result.AddDetector(filecontent.NewFileContentDetector(tRC))
-	result.AddDetector(pattern.NewPatternDetector(tRC.CustomPatterns))
+	result.AddDetector(pattern.NewPatternDetector(tRC.GetCustomPatterns()))
 	return result
 }
 

detector/chain_test.go

@@ -8,14 +8,14 @@ import (
 	"talisman/talismanrc"
 	"testing"
 
-	"github.com/stretchr/testify/assert"
 	logr "github.com/Sirupsen/logrus"
+	"github.com/stretchr/testify/assert"
 )
 
-
 func init() {
 	logr.SetOutput(ioutil.Discard)
 }
+
 type FailingDetection struct{}
 
 func (v FailingDetection) Test(comparator helpers.ChecksumCompare, currentAdditions []gitrepo.Addition, ignoreConfig *talismanrc.TalismanRC, result *helpers.DetectionResults, additionCompletionCallback func()) {
@@ -29,7 +29,7 @@ func (p PassingDetection) Test(comparator helpers.ChecksumCompare, currentAdditi
 
 func TestEmptyValidationChainPassesAllValidations(t *testing.T) {
 	v := NewChain()
-	results := helpers.NewDetectionResults()
+	results := helpers.NewDetectionResults(talismanrc.Hook)
 	v.Test(nil, &talismanrc.TalismanRC{}, results)
 	assert.False(t, results.HasFailures(), "Empty validation chain is expected to always pass")
 }
@@ -38,7 +38,7 @@ func TestValidationChainWithFailingValidationAlwaysFails(t *testing.T) {
 	v := NewChain()
 	v.AddDetector(PassingDetection{})
 	v.AddDetector(FailingDetection{})
-	results := helpers.NewDetectionResults()
+	results := helpers.NewDetectionResults(talismanrc.Hook)
 	v.Test(nil, &talismanrc.TalismanRC{}, results)
 
 	assert.False(t, results.Successful(), "Expected validation chain with a failure to fail.")

detector/filecontent/base64_aggressive_detector_test.go

@@ -13,7 +13,7 @@ import (
 
 func TestShouldFlagPotentialAWSAccessKeysInAggressiveMode(t *testing.T) {
 	const awsAccessKeyIDExample string = "AKIAIOSFODNN7EXAMPLE\n"
-	results := helpers.NewDetectionResults()
+	results := helpers.NewDetectionResults(talismanrc.Hook)
 	content := []byte(awsAccessKeyIDExample)
 	filename := "filename"
 	additions := []gitrepo.Addition{gitrepo.NewAddition(filename, content)}
@@ -24,7 +24,7 @@ func TestShouldFlagPotentialAWSAccessKeysInAggressiveMode(t *testing.T) {
 
 func TestShouldFlagPotentialAWSAccessKeysAtPropertyDefinitionInAggressiveMode(t *testing.T) {
 	const awsAccessKeyIDExample string = "accessKey=AKIAIOSFODNN7EXAMPLE"
-	results := helpers.NewDetectionResults()
+	results := helpers.NewDetectionResults(talismanrc.Hook)
 	content := []byte(awsAccessKeyIDExample)
 	filename := "filename"
 	additions := []gitrepo.Addition{gitrepo.NewAddition(filename, content)}
@@ -35,7 +35,7 @@ func TestShouldFlagPotentialAWSAccessKeysAtPropertyDefinitionInAggressiveMode(t
 
 func TestShouldNotFlagPotentialSecretsWithinSafeJavaCodeEvenInAggressiveMode(t *testing.T) {
 	const awsAccessKeyIDExample string = "public class HelloWorld {\r\n\r\n    public static void main(String[] args) {\r\n        // Prints \"Hello, World\" to the terminal window.\r\n        System.out.println(\"Hello, World\");\r\n    }\r\n\r\n}"
-	results := helpers.NewDetectionResults()
+	results := helpers.NewDetectionResults(talismanrc.Hook)
 	content := []byte(awsAccessKeyIDExample)
 	filename := "filename"
 	additions := []gitrepo.Addition{gitrepo.NewAddition(filename, content)}

detector/filecontent/base64_detector.go

@@ -23,7 +23,7 @@ func NewBase64Detector(tRC *talismanrc.TalismanRC) *Base64Detector {
 	bd.AggressiveDetector = nil
 
 	bd.base64EntropyThreshold = BASE64_ENTROPY_THRESHOLD
-	if tRC.Experimental.Base64EntropyThreshold > 0.0 {
+	if tRC.GetExperimental().Base64EntropyThreshold > 0.0 {
 		bd.base64EntropyThreshold = tRC.Experimental.Base64EntropyThreshold
 		log.Debugf("Setting b64 entropy threshold to %f", bd.base64EntropyThreshold)
 	}

detector/filecontent/filecontent_detector.go

@@ -149,7 +149,7 @@ func (fc *FileContentDetector) Test(comparator helpers.ChecksumCompare, currentA
 				contentChanHasMore = false
 				continue
 			}
-			processContent(c, ignoreConfig.Threshold, result)
+			processContent(c, ignoreConfig.GetThreshold(), result)
 		}
 	}
 }

detector/filecontent/filecontent_detector_test.go

@@ -20,7 +20,7 @@ fileignoreconfig:
 var talismanRC = &talismanrc.TalismanRC{}
 
 func TestShouldNotFlagSafeText(t *testing.T) {
-	results := helpers.NewDetectionResults()
+	results := helpers.NewDetectionResults(talismanrc.Hook)
 	content := []byte("prettySafe")
 	filename := "filename"
 	additions := []gitrepo.Addition{gitrepo.NewAddition(filename, content)}
@@ -30,7 +30,7 @@ func TestShouldNotFlagSafeText(t *testing.T) {
 }
 
 func TestShouldIgnoreFileIfNeeded(t *testing.T) {
-	results := helpers.NewDetectionResults()
+	results := helpers.NewDetectionResults(talismanrc.Hook)
 	content := []byte("prettySafe")
 	filename := "filename"
 	additions := []gitrepo.Addition{gitrepo.NewAddition(filename, content)}
@@ -44,7 +44,7 @@ func TestShouldNotFlag4CharSafeText(t *testing.T) {
 	input is actually a b64 encoded value. In other words, abcd will match, but it is not necessarily represent
 	 the encoded value of i· rather just a plain abcd input
 	 see stackoverflow.com/questions/8571501/how-to-check-whether-the-string-is-base64-encoded-or-not#comment23919648_8571649*/
-	results := helpers.NewDetectionResults()
+	results := helpers.NewDetectionResults(talismanrc.Hook)
 	content := []byte("abcd")
 	filename := "filename"
 	additions := []gitrepo.Addition{gitrepo.NewAddition(filename, content)}
@@ -55,7 +55,7 @@ func TestShouldNotFlag4CharSafeText(t *testing.T) {
 
 func TestShouldNotFlagLowEntropyBase64Text(t *testing.T) {
 	const lowEntropyString string = "YWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWEK"
-	results := helpers.NewDetectionResults()
+	results := helpers.NewDetectionResults(talismanrc.Hook)
 	content := []byte(lowEntropyString)
 	filename := "filename"
 	additions := []gitrepo.Addition{gitrepo.NewAddition(filename, content)}
@@ -66,7 +66,7 @@ func TestShouldNotFlagLowEntropyBase64Text(t *testing.T) {
 
 func TestShouldFlagPotentialAWSSecretKeys(t *testing.T) {
 	const awsSecretAccessKey string = "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY"
-	results := helpers.NewDetectionResults()
+	results := helpers.NewDetectionResults(talismanrc.Hook)
 	content := []byte(awsSecretAccessKey)
 	filename := "filename"
 	additions := []gitrepo.Addition{gitrepo.NewAddition(filename, content)}
@@ -81,7 +81,7 @@ func TestShouldFlagPotentialAWSSecretKeys(t *testing.T) {
 
 func TestShouldFlagPotentialSecretWithoutTrimmingWhenLengthLessThan50Characters(t *testing.T) {
 	const secret string = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9asdfa"
-	results := helpers.NewDetectionResults()
+	results := helpers.NewDetectionResults(talismanrc.Hook)
 	content := []byte(secret)
 	filename := "filename"
 	additions := []gitrepo.Addition{gitrepo.NewAddition(filename, content)}
@@ -96,7 +96,7 @@ func TestShouldFlagPotentialSecretWithoutTrimmingWhenLengthLessThan50Characters(
 
 func TestShouldFlagPotentialJWT(t *testing.T) {
 	const jwt string = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJzY290Y2guaW8iLCJleHAiOjEzMDA4MTkzODAsIm5hbWUiOiJDaHJpcyBTZXZpbGxlamEiLCJhZG1pbiI6dHJ1ZX0.03f329983b86f7d9a9f5fef85305880101d5e302afafa20154d094b229f757"
-	results := helpers.NewDetectionResults()
+	results := helpers.NewDetectionResults(talismanrc.Hook)
 	content := []byte(jwt)
 	filename := "filename"
 	additions := []gitrepo.Addition{gitrepo.NewAddition(filename, content)}
@@ -111,7 +111,7 @@ func TestShouldFlagPotentialJWT(t *testing.T) {
 
 func TestShouldFlagPotentialSecretsWithinJavaCode(t *testing.T) {
 	const dangerousJavaCode string = "public class HelloWorld {\r\n\r\n    public static void main(String[] args) {\r\n        // Prints \"Hello, World\" to the terminal window.\r\n        accessKey=\"wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY\";\r\n        System.out.println(\"Hello, World\");\r\n    }\r\n\r\n}"
-	results := helpers.NewDetectionResults()
+	results := helpers.NewDetectionResults(talismanrc.Hook)
 	content := []byte(dangerousJavaCode)
 	filename := "filename"
 	additions := []gitrepo.Addition{gitrepo.NewAddition(filename, content)}
@@ -126,7 +126,7 @@ func TestShouldFlagPotentialSecretsWithinJavaCode(t *testing.T) {
 
 func TestShouldNotFlagPotentialSecretsWithinSafeJavaCode(t *testing.T) {
 	const safeJavaCode string = "public class HelloWorld {\r\n\r\n    public static void main(String[] args) {\r\n        // Prints \"Hello, World\" to the terminal window.\r\n        System.out.println(\"Hello, World\");\r\n    }\r\n\r\n}"
-	results := helpers.NewDetectionResults()
+	results := helpers.NewDetectionResults(talismanrc.Hook)
 	content := []byte(safeJavaCode)
 	filename := "filename"
 	additions := []gitrepo.Addition{gitrepo.NewAddition(filename, content)}
@@ -137,7 +137,7 @@ func TestShouldNotFlagPotentialSecretsWithinSafeJavaCode(t *testing.T) {
 
 func TestShouldNotFlagPotentialSecretsWithinSafeLongMethodName(t *testing.T) {
 	const safeLongMethodName string = "TestBase64DetectorShouldNotDetectLongMethodNamesEvenWithRidiculousHighEntropyWordsMightExist"
-	results := helpers.NewDetectionResults()
+	results := helpers.NewDetectionResults(talismanrc.Hook)
 	content := []byte(safeLongMethodName)
 	filename := "filename"
 	additions := []gitrepo.Addition{gitrepo.NewAddition(filename, content)}
@@ -148,7 +148,7 @@ func TestShouldNotFlagPotentialSecretsWithinSafeLongMethodName(t *testing.T) {
 
 func TestShouldFlagPotentialSecretsEncodedInHex(t *testing.T) {
 	const hex string = "68656C6C6F20776F726C6421"
-	results := helpers.NewDetectionResults()
+	results := helpers.NewDetectionResults(talismanrc.Hook)
 	content := []byte(hex)
 	filename := "filename"
 	additions := []gitrepo.Addition{gitrepo.NewAddition(filename, content)}
@@ -162,7 +162,7 @@ func TestShouldFlagPotentialSecretsEncodedInHex(t *testing.T) {
 
 func TestShouldNotFlagPotentialCreditCardNumberIfAboveThreshold(t *testing.T) {
 	const creditCardNumber string = "340000000000009"
-	results := helpers.NewDetectionResults()
+	results := helpers.NewDetectionResults(talismanrc.Hook)
 	content := []byte(creditCardNumber)
 	filename := "filename"
 	additions := []gitrepo.Addition{gitrepo.NewAddition(filename, content)}
@@ -179,7 +179,7 @@ func TestResultsShouldContainHexTextsIfHexAndBase64ExistInFile(t *testing.T) {
 	const hex string = "68656C6C6F20776F726C6421"
 	const base64 string = "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY"
 	const hexAndBase64 = hex + "\n" + base64
-	results := helpers.NewDetectionResults()
+	results := helpers.NewDetectionResults(talismanrc.Hook)
 	content := []byte(hexAndBase64)
 	filename := "filename"
 	additions := []gitrepo.Addition{gitrepo.NewAddition(filename, content)}
@@ -196,7 +196,7 @@ func TestResultsShouldContainBase64TextsIfHexAndBase64ExistInFile(t *testing.T)
 	const hex string = "68656C6C6F20776F726C6421"
 	const base64 string = "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY"
 	const hexAndBase64 = hex + "\n" + base64
-	results := helpers.NewDetectionResults()
+	results := helpers.NewDetectionResults(talismanrc.Hook)
 	content := []byte(hexAndBase64)
 	filename := "filename"
 	additions := []gitrepo.Addition{gitrepo.NewAddition(filename, content)}
@@ -211,7 +211,7 @@ func TestResultsShouldContainBase64TextsIfHexAndBase64ExistInFile(t *testing.T)
 
 func TestResultsShouldContainCreditCardNumberIfCreditCardNumberExistInFile(t *testing.T) {
 	const creditCardNumber string = "340000000000009"
-	results := helpers.NewDetectionResults()
+	results := helpers.NewDetectionResults(talismanrc.Hook)
 	content := []byte(creditCardNumber)
 	filename := "filename"
 	additions := []gitrepo.Addition{gitrepo.NewAddition(filename, content)}

detector/filename/filename_detector_test.go

@@ -137,7 +137,7 @@ func TestShouldIgnoreFilesWhenAskedToDoSoByIgnores(t *testing.T) {
 }
 
 func TestShouldIgnoreIfErrorIsBelowThreshold(t *testing.T) {
-	results := helpers.NewDetectionResults()
+	results := helpers.NewDetectionResults(talismanrc.Hook)
 	severity := severity.High
 	fileName := ".bash_aliases"
 	DefaultFileNameDetector(severity).Test(helpers.NewChecksumCompare(nil, utility.DefaultSHA256Hasher{}, talismanrc.NewTalismanRC(nil)), additionsNamed(fileName), talismanRC, results, func() {})
@@ -156,7 +156,7 @@ func shouldIgnoreFilesWhichWouldOtherwiseTriggerErrors(fileName, ignore string,
 }
 
 func shouldNotFailWithDefaultDetectorAndIgnores(fileName, ignore string, threshold severity.Severity, t *testing.T) {
-	results := helpers.NewDetectionResults()
+	results := helpers.NewDetectionResults(talismanrc.Hook)
 
 	fileIgnoreConfig := talismanrc.FileIgnoreConfig{}
 	fileIgnoreConfig.FileName = ignore
@@ -171,14 +171,14 @@ func shouldNotFailWithDefaultDetectorAndIgnores(fileName, ignore string, thresho
 }
 
 func shouldFailWithSpecificPattern(fileName, pattern string, threshold severity.Severity, t *testing.T) {
-	results := helpers.NewDetectionResults()
+	results := helpers.NewDetectionResults(talismanrc.Hook)
 	pt := []*severity.PatternSeverity{{Pattern: regexp.MustCompile(pattern), Severity: severity.Low}}
 	NewFileNameDetector(pt, threshold).Test(helpers.NewChecksumCompare(nil, utility.DefaultSHA256Hasher{}, talismanrc.NewTalismanRC(nil)), additionsNamed(fileName), talismanRC, results, func() {})
 	assert.True(t, results.HasFailures(), "Expected file %s to fail the check against the %s pattern", fileName, pattern)
 }
 
 func shouldFailWithDefaultDetector(fileName, pattern string, severity severity.Severity, t *testing.T) {
-	results := helpers.NewDetectionResults()
+	results := helpers.NewDetectionResults(talismanrc.Hook)
 	DefaultFileNameDetector(severity).Test(helpers.NewChecksumCompare(nil, utility.DefaultSHA256Hasher{}, talismanrc.NewTalismanRC(nil)), additionsNamed(fileName), talismanRC, results, func() {})
 	assert.True(t, results.HasFailures(), "Expected file %s to fail the check against default detector. Missing pattern %s?", fileName, pattern)
 }

detector/filesize/filesize_detector_test.go

@@ -14,15 +14,15 @@ import (
 var talismanRC = &talismanrc.TalismanRC{}
 
 func TestShouldFlagLargeFiles(t *testing.T) {
-	results := helpers.NewDetectionResults()
+	results := helpers.NewDetectionResults(talismanrc.Hook)
 	content := []byte("more than one byte")
 	additions := []gitrepo.Addition{gitrepo.NewAddition("filename", content)}
 	NewFileSizeDetector(2).Test(helpers.NewChecksumCompare(nil, utility.DefaultSHA256Hasher{}, talismanrc.NewTalismanRC(nil)), additions, talismanRC, results, func() {})
 	assert.True(t, results.HasFailures(), "Expected file to fail the check against file size detector.")
 }
 
 func TestShouldNotFlagLargeFilesIfThresholdIsBelowSeverity(t *testing.T) {
-	results := helpers.NewDetectionResults()
+	results := helpers.NewDetectionResults(talismanrc.Hook)
 	content := []byte("more than one byte")
 	var talismanRCContents = "threshold: high"
 	talismanRCWithThreshold := talismanrc.NewTalismanRC([]byte(talismanRCContents))
@@ -33,15 +33,15 @@ func TestShouldNotFlagLargeFilesIfThresholdIsBelowSeverity(t *testing.T) {
 }
 
 func TestShouldNotFlagSmallFiles(t *testing.T) {
-	results := helpers.NewDetectionResults()
+	results := helpers.NewDetectionResults(talismanrc.Hook)
 	content := []byte("m")
 	additions := []gitrepo.Addition{gitrepo.NewAddition("filename", content)}
 	NewFileSizeDetector(2).Test(helpers.NewChecksumCompare(nil, utility.DefaultSHA256Hasher{}, talismanrc.NewTalismanRC(nil)), additions, talismanRC, results, func() {})
 	assert.False(t, results.HasFailures(), "Expected file to not to fail the check against file size detector.")
 }
 
 func TestShouldNotFlagIgnoredLargeFiles(t *testing.T) {
-	results := helpers.NewDetectionResults()
+	results := helpers.NewDetectionResults(talismanrc.Hook)
 	content := []byte("more than one byte")
 
 	filename := "filename"