Merge e01044b into 1009c0a

thoughtworks · Nov 19, 2019 · aebf29b · aebf29b
2 parents 1009c0a + e01044b
commit aebf29b
Show file tree

Hide file tree

Showing 2 changed files with 26 additions and 4 deletions.
diff --git a/detector/filecontent_detector.go b/detector/filecontent_detector.go
@@ -159,14 +159,21 @@ func processContent(c content, result *DetectionResults) {
 				"filePath": c.path,
 			}).Info(c.contentType.getInfo())
 			if string(c.name) == talismanrc.DefaultRCFileName {
-				result.Warn(c.path, "filecontent", fmt.Sprintf(c.contentType.getMessageFormat(), res), []string{})
+				result.Warn(c.path, "filecontent", fmt.Sprintf(c.contentType.getMessageFormat(), formatForReporting(res)), []string{})
 			} else {
-				result.Fail(c.path, "filecontent", fmt.Sprintf(c.contentType.getMessageFormat(), res), []string{})
+				result.Fail(c.path, "filecontent", fmt.Sprintf(c.contentType.getMessageFormat(), formatForReporting(res)), []string{})
 			}
 		}
 	}
 }
 
+func formatForReporting(input string) string {
+	if len(input) > 50 {
+		return input[:47] + "..."
+	}
+	return input
+}
+
 func (fc *FileContentDetector) detectFile(data []byte, getResult fn) []string {
 	content := string(data)
 	return fc.checkEachLine(content, getResult)

diff --git a/detector/filecontent_detector_test.go b/detector/filecontent_detector_test.go
@@ -75,6 +75,21 @@ func TestShouldFlagPotentialAWSSecretKeys(t *testing.T) {
 	assert.Len(t, results.Results, 1)
 }
 
+func TestShouldFlagPotentialSecretWithoutTrimmingWhenLengthLessThan50Characters(t *testing.T) {
+	const secret string = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9asdfa"
+	results := NewDetectionResults()
+	content := []byte(secret)
+	filename := "filename"
+	additions := []gitrepo.Addition{gitrepo.NewAddition(filename, content)}
+	filePath := additions[0].Path
+
+	NewFileContentDetector().Test(additions, talismanRCIgnore, results)
+	expectedMessage := fmt.Sprintf("Expected file to not to contain base64 encoded texts such as: %s", secret)
+	assert.True(t, results.HasFailures(), "Expected file to not to contain base64 encoded texts")
+	assert.Equal(t, expectedMessage, getFailureMessages(results, filePath)[0])
+	assert.Len(t, results.Results, 1)
+}
+
 func TestShouldFlagPotentialJWT(t *testing.T) {
 	const jwt string = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJzY290Y2guaW8iLCJleHAiOjEzMDA4MTkzODAsIm5hbWUiOiJDaHJpcyBTZXZpbGxlamEiLCJhZG1pbiI6dHJ1ZX0.03f329983b86f7d9a9f5fef85305880101d5e302afafa20154d094b229f757"
 	results := NewDetectionResults()
@@ -84,7 +99,7 @@ func TestShouldFlagPotentialJWT(t *testing.T) {
 	filePath := additions[0].Path
 
 	NewFileContentDetector().Test(additions, talismanRCIgnore, results)
-	expectedMessage := fmt.Sprintf("Expected file to not to contain base64 encoded texts such as: %s", jwt)
+	expectedMessage := fmt.Sprintf("Expected file to not to contain base64 encoded texts such as: %s", jwt[:47]+"...")
 	assert.True(t, results.HasFailures(), "Expected file to not to contain base64 encoded texts")
 	assert.Equal(t, expectedMessage, getFailureMessages(results, filePath)[0])
 	assert.Len(t, results.Results, 1)
@@ -99,7 +114,7 @@ func TestShouldFlagPotentialSecretsWithinJavaCode(t *testing.T) {
 	filePath := additions[0].Path
 
 	NewFileContentDetector().Test(additions, talismanRCIgnore, results)
-	expectedMessage := "Expected file to not to contain base64 encoded texts such as: accessKey=\"wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY\";"
+	expectedMessage := "Expected file to not to contain base64 encoded texts such as: accessKey=\"wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPL..."
 	assert.True(t, results.HasFailures(), "Expected file to not to contain base64 encoded texts")
 	assert.Equal(t, expectedMessage, getFailureMessages(results, filePath)[0])
 	assert.Len(t, results.Results, 1)