Merge branch 'master' into feature/idea-scope

thoughtworks · Oct 11, 2019 · edce2e9 · edce2e9
2 parents 70aab43 + 75cd5b2
commit edce2e9
Show file tree

Hide file tree

Showing 38 changed files with 381 additions and 196 deletions.
diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md
@@ -0,0 +1,38 @@
+---
+name: Bug report
+about: Create a report to help us improve
+title: ''
+labels: ''
+assignees: ''
+
+---
+
+**Describe the bug**
+A clear and concise description of what the bug is.
+
+**To Reproduce**
+Steps to reproduce the behavior:
+1. Go to '...'
+2. Click on '....'
+3. Scroll down to '....'
+4. See error
+
+**Expected behavior**
+A clear and concise description of what you expected to happen.
+
+**Screenshots**
+If applicable, add screenshots to help explain your problem.
+
+**Desktop (please complete the following information):**
+ - OS: [e.g. iOS]
+ - Browser [e.g. chrome, safari]
+ - Version [e.g. 22]
+
+**Smartphone (please complete the following information):**
+ - Device: [e.g. iPhone6]
+ - OS: [e.g. iOS8.1]
+ - Browser [e.g. stock browser, safari]
+ - Version [e.g. 22]
+
+**Additional context**
+Add any other context about the problem here.
diff --git a/.github/ISSUE_TEMPLATE/feature_request.md b/.github/ISSUE_TEMPLATE/feature_request.md
@@ -0,0 +1,20 @@
+---
+name: Feature request
+about: Suggest an idea/enhancement for this project
+title: ''
+labels: ''
+assignees: ''
+
+---
+
+**Is your feature request related to a problem? Please describe.**
+A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
+
+**Describe the solution you'd like**
+A clear and concise description of what you want to happen.
+
+**Describe alternatives you've considered**
+A clear and concise description of any alternative solutions or features you've considered.
+
+**Additional context**
+Add any other context or screenshots about the feature request here.
diff --git a/.gitignore b/.gitignore
@@ -9,6 +9,8 @@ talisman_linux_*
 talisman_darwin_*
 talisman_windows_*
 vendor/
-git_repo/data/*
+gitrepo/data/*
 .talismanrc
 .vscode/**
+coverage.out
+coverage.txt
diff --git a/.travis.yml b/.travis.yml
@@ -5,29 +5,31 @@ env:
   - GO111MODULE=on
 go:
 - 1.11.x
+before_install:
+- go get github.com/mattn/goveralls
 install: true
-
 jobs:
   include:
-    - stage: test
-      script:
-        - go mod vendor
-        - go test -v ./...
-before_deploy: ./build
+  - stage: test
+    script:
+    - go mod vendor
+    - go test -covermode=count -coverprofile=coverage.out -v ./...
+    - "$GOPATH/bin/goveralls -coverprofile=coverage.out -service=travis-ci"
+before_deploy: "./build"
 deploy:
   provider: releases
   draft: true
   skip_cleanup: true
   api_key:
     secure: tf9N5ekIuYAEnoQAKMnhjOQ6KHTwDIk/WK8kNDS+Ol2g80/2MPPLTWQBZs/g+KPqL63vbkqgZ4kDti3i5GRARN7ypQ+IqbtYVEfB9L6sNlfkz+fmJFaWjTqSiBDN4lC6zixRmQjlD4h3axIi7TxfeVGR3yct/bbwAQf/8yy6fH16EHk1LRO/Lx1crBIYc9bPu86Qt0BMqomaeUjxrQKq/1+MC2JkLzv29Ixk0Nlgab0HwcLlayFCOgI96r98RFXdkCmMrLgLNhHtfY8VtCkV5HqXdygZUSCwSPL/v/ZxPfBqYHAeoHmr83oV5l7xxhKldIp792bYWNtkE7qlSTj3CRvanYXGZiuG8hzvL+XYt2vnLNJuMfYPW3SkcSBCLOjSzOHPan9I6LBWLjwNUEOmbOALAuUD0DE0zYgZfmNv6/q8e3Z02+sp5hYPoSlu8aHL/vxd5GsuDV0ChP+C/mWjOm5Hlq2r+LGRuJ3oq31lQoENKqychEVw5m0HS5PQvWwf4NDjzgNMTFxCUwfQ+NikXDPo6LCcL4eRcyhuqnhmjnNbiaKSuyrYhzrCC64Agf7seSCaW/+ASDryac8M28P5g0TYZxIfy4Pmcqoj7kHj9uAb6dNGGTcgsZKcUY2Vqo30tQ6mh800YhXgYe/aF7lmBN1YcxgQbSRpqxvtw9iQgvw=
   file:
-    - checksums
-    - talisman_darwin_amd64
-    - talisman_darwin_386
-    - talisman_linux_amd64
-    - talisman_linux_386
-    - talisman_windows_386.exe
-    - talisman_windows_amd64.exe
+  - checksums
+  - talisman_darwin_amd64
+  - talisman_darwin_386
+  - talisman_linux_amd64
+  - talisman_linux_386
+  - talisman_windows_386.exe
+  - talisman_windows_amd64.exe
   on:
     repo: thoughtworks/talisman
     branch: master

diff --git a/CODE_OF_CONDUCT.md b/CODE_OF_CONDUCT.md
@@ -0,0 +1,76 @@
+# Contributor Covenant Code of Conduct
+
+## Our Pledge
+
+In the interest of fostering an open and welcoming environment, we as
+contributors and maintainers pledge to making participation in our project and
+our community a harassment-free experience for everyone, regardless of age, body
+size, disability, ethnicity, sex characteristics, gender identity and expression,
+level of experience, education, socio-economic status, nationality, personal
+appearance, race, religion, or sexual identity and orientation.
+
+## Our Standards
+
+Examples of behavior that contributes to creating a positive environment
+include:
+
+* Using welcoming and inclusive language
+* Being respectful of differing viewpoints and experiences
+* Gracefully accepting constructive criticism
+* Focusing on what is best for the community
+* Showing empathy towards other community members
+
+Examples of unacceptable behavior by participants include:
+
+* The use of sexualized language or imagery and unwelcome sexual attention or
+ advances
+* Trolling, insulting/derogatory comments, and personal or political attacks
+* Public or private harassment
+* Publishing others' private information, such as a physical or electronic
+ address, without explicit permission
+* Other conduct which could reasonably be considered inappropriate in a
+ professional setting
+
+## Our Responsibilities
+
+Project maintainers are responsible for clarifying the standards of acceptable
+behavior and are expected to take appropriate and fair corrective action in
+response to any instances of unacceptable behavior.
+
+Project maintainers have the right and responsibility to remove, edit, or
+reject comments, commits, code, wiki edits, issues, and other contributions
+that are not aligned to this Code of Conduct, or to ban temporarily or
+permanently any contributor for other behaviors that they deem inappropriate,
+threatening, offensive, or harmful.
+
+## Scope
+
+This Code of Conduct applies both within project spaces and in public spaces
+when an individual is representing the project or its community. Examples of
+representing a project or community include using an official project e-mail
+address, posting via an official social media account, or acting as an appointed
+representative at an online or offline event. Representation of a project may be
+further defined and clarified by project maintainers.
+
+## Enforcement
+
+Instances of abusive, harassing, or otherwise unacceptable behavior may be
+reported by contacting the project team at talisman-maintainers@thoughtworks.com. All
+complaints will be reviewed and investigated and will result in a response that
+is deemed necessary and appropriate to the circumstances. The project team is
+obligated to maintain confidentiality with regard to the reporter of an incident.
+Further details of specific enforcement policies may be posted separately.
+
+Project maintainers who do not follow or enforce the Code of Conduct in good
+faith may face temporary or permanent repercussions as determined by other
+members of the project's leadership.
+
+## Attribution
+
+This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4,
+available at https://www.contributor-covenant.org/version/1/4/code-of-conduct.html
+
+[homepage]: https://www.contributor-covenant.org
+
+For answers to common questions about this code of conduct, see
+https://www.contributor-covenant.org/faq
diff --git a/README.md b/README.md
@@ -4,7 +4,7 @@
 <h1 align="center">Talisman</h1>
 <p align="center">A tool to detect and prevent secrets from getting checked in</p>
 
-[![License: MIT](https://img.shields.io/badge/License-MIT-blue.svg)](https://opensource.org/licenses/MIT) [![Go Report Card](https://goreportcard.com/badge/thoughtworks/talisman)](https://goreportcard.com/report/thoughtworks/talisman) [![contributions welcome](https://img.shields.io/badge/contributions-welcome-brightgreen.svg?style=flat)](https://github.com/thoughtworks/talisman/issues) [![Build Status](https://travis-ci.org/thoughtworks/talisman.svg?branch=master)](https://travis-ci.org/thoughtworks/talisman)
+[![License: MIT](https://img.shields.io/badge/License-MIT-blue.svg)](https://opensource.org/licenses/MIT) [![Go Report Card](https://goreportcard.com/badge/thoughtworks/talisman)](https://goreportcard.com/report/thoughtworks/talisman) [![contributions welcome](https://img.shields.io/badge/contributions-welcome-brightgreen.svg?style=flat)](https://github.com/thoughtworks/talisman/issues) [![Build Status](https://travis-ci.org/thoughtworks/talisman.svg?branch=master)](https://travis-ci.org/thoughtworks/talisman) [![Coverage Status](https://coveralls.io/repos/github/thoughtworks/talisman/badge.svg?branch=master)](https://coveralls.io/github/thoughtworks/talisman?branch=master)
 
 
 ## Table of Contents
@@ -450,39 +450,6 @@ When you installed Talisman, it must have created a pre-commit or pre-push hook
 
 You can remove the hook manually by deleting the Talisman pre-commit or pre-push hook from .git/hooks folder in repository.
 
-# Contributing to Talisman
+## Contributing to Talisman
 
-## Developing locally
-
-To contribute to Talisman, you need a working golang development
-environment. Check [this link](https://golang.org/doc/install) to help
-you get started with that.
-
-Talisman now uses go modules (GO111MODULE=on) to manage dependencies
-
-Once you have go 1.11 installed and setup, clone the talisman repository. In your
-working copy, fetch the dependencies by having go mod fetch them for
-you.
-
-```` GO111MODULE=on go mod vendor ````
-
-To run tests ```` GO111MODULE=on go test -mod=vendor ./...  ````
-
-To build Talisman, we can use [gox](https://github.com/mitchellh/gox):
-
-```` gox -osarch="darwin/amd64 linux/386 linux/amd64" ````
-
-Convenince scripts ```./build``` and ```./clean``` perform build and clean-up as mentioned above.
-
-
-## Releasing
-
-* Follow the instructions at the end of 'Developing locally' to build the binaries
-* Bump the [version in install.sh](https://github.com/thoughtworks/talisman/blob/d4b1b1d11137dbb173bf681a03f16183a9d82255/install.sh#L10) according to [semver](https://semver.org/) conventions
-* Update the [expected hashes in install.sh](https://github.com/thoughtworks/talisman/blob/d4b1b1d11137dbb173bf681a03f16183a9d82255/install.sh#L16-L18) to match the new binaries you just created (`shasum -b -a256 ...`)
-* Make release commit and tag with the new version prefixed by `v` (like `git tag v0.3.0`)
-* Push your release commit and tag: `git push && git push --tags`
-* [Create a new release in github](https://github.com/thoughtworks/talisman/releases/new), filling in the new commit tag you just created
-* Update the install script hosted on github pages: `git checkout gh-pages`, `git checkout master -- install.sh`, `git commit -m ...`
-
-The latest version will now be accessible to anyone who builds their own binaries, downloads binaries directly from github releases, or uses the install script from the website.
+To contribute to Talisman, have a look at our [contributing guide](contributing.md).
diff --git a/checksumcalculator/checksumcalculator.go b/checksumcalculator/checksumcalculator.go
@@ -4,7 +4,7 @@ import (
 	"fmt"
 	"os"
 	"talisman/detector"
-	"talisman/git_repo"
+	"talisman/gitrepo"
 	"talisman/utility"
 
 	yaml "gopkg.in/yaml.v2"
@@ -23,7 +23,7 @@ func NewChecksumCalculator(patterns []string) *ChecksumCalculator {
 //SuggestTalismanRC returns the suggestion for .talismanrc format
 func (cc *ChecksumCalculator) SuggestTalismanRC() string {
 	wd, _ := os.Getwd()
-	repo := git_repo.RepoLocatedAt(wd)
+	repo := gitrepo.RepoLocatedAt(wd)
 	gitTrackedFilesAsAdditions := repo.TrackedFilesAsAdditions()
 	//Adding staged files for calculation
 	gitTrackedFilesAsAdditions = append(gitTrackedFilesAsAdditions, repo.StagedAdditions()...)
@@ -45,7 +45,7 @@ func (cc *ChecksumCalculator) SuggestTalismanRC() string {
 	return result
 }
 
-func (cc *ChecksumCalculator) calculateCollectiveChecksumForPattern(fileNamePattern string, additions []git_repo.Addition) string {
+func (cc *ChecksumCalculator) calculateCollectiveChecksumForPattern(fileNamePattern string, additions []gitrepo.Addition) string {
 	var patternpaths []string
 	currentCollectiveChecksum := ""
 	for _, addition := range additions {

diff --git a/contributing.md b/contributing.md
@@ -0,0 +1,52 @@
+# Contributing to Talisman
+
+By contributing to Talisman, you agree to abide by the [code of conduct](CODE_OF_CONDUCT.md).
+
+## How to start contributing
+
+If you are not sure how to begin contributing to Talisman, have a look at the issues tagged under [good first issue](https://github.com/thoughtworks/talisman/labels/good%20first%20issue). 
+
+## Developing locally
+
+To contribute to Talisman, you need a working golang development
+environment. Check [this link](https://golang.org/doc/install) to help
+you get started with that.
+
+Talisman now uses go modules (GO111MODULE=on) to manage dependencies
+
+Once you have go 1.11 installed and setup, clone the talisman repository. In your
+working copy, fetch the dependencies by having go mod fetch them for
+you.
+
+```` GO111MODULE=on go mod vendor ````
+
+To run tests ```` GO111MODULE=on go test -mod=vendor ./...  ````
+
+To build Talisman, we can use [gox](https://github.com/mitchellh/gox):
+
+```` gox -osarch="darwin/amd64 linux/386 linux/amd64" ````
+
+Convenience scripts ```./build``` and ```./clean``` perform build and clean-up as mentioned above.
+
+## Submitting a Pull Request
+
+To send in a pull request
+
+1. Fork the repo.
+2. Create a new feature branch based off the master branch.
+3. Provide the commit message with the the issue number and a proper description.
+4. Ensure that all the tests pass.
+5. Submit the pull request.  
+
+## Releasing
+
+* Follow the instructions at the end of 'Developing locally' to build the binaries
+* Bump the [version in install.sh](https://github.com/thoughtworks/talisman/blob/d4b1b1d11137dbb173bf681a03f16183a9d82255/install.sh#L10) according to [semver](https://semver.org/) conventions
+* Update the [expected hashes in install.sh](https://github.com/thoughtworks/talisman/blob/d4b1b1d11137dbb173bf681a03f16183a9d82255/install.sh#L16-L18) to match the new binaries you just created (`shasum -b -a256 ...`)
+* Make release commit and tag with the new version prefixed by `v` (like `git tag v0.3.0`)
+* Push your release commit and tag: `git push && git push --tags`
+* [Create a new release in github](https://github.com/thoughtworks/talisman/releases/new), filling in the new commit tag you just created
+* Update the install script hosted on github pages: `git checkout gh-pages`, `git checkout master -- install.sh`, `git commit -m ...`
+
+The latest version will now be accessible to anyone who builds their own binaries, downloads binaries directly from github releases, or uses the install script from the website.
+
diff --git a/detector/base64_aggressive_detector_test.go b/detector/base64_aggressive_detector_test.go
@@ -3,7 +3,7 @@ package detector
 import (
 	"testing"
 
-	"talisman/git_repo"
+	"talisman/gitrepo"
 
 	"github.com/stretchr/testify/assert"
 )
@@ -13,7 +13,7 @@ func TestShouldFlagPotentialAWSAccessKeysInAggressiveMode(t *testing.T) {
 	results := NewDetectionResults()
 	content := []byte(awsAccessKeyIDExample)
 	filename := "filename"
-	additions := []git_repo.Addition{git_repo.NewAddition(filename, content)}
+	additions := []gitrepo.Addition{gitrepo.NewAddition(filename, content)}
 
 	NewFileContentDetector().AggressiveMode().Test(additions, TalismanRCIgnore{}, results)
 	assert.True(t, results.HasFailures(), "Expected file to not to contain base64 encoded texts")
@@ -24,7 +24,7 @@ func TestShouldFlagPotentialAWSAccessKeysAtPropertyDefinitionInAggressiveMode(t
 	results := NewDetectionResults()
 	content := []byte(awsAccessKeyIDExample)
 	filename := "filename"
-	additions := []git_repo.Addition{git_repo.NewAddition(filename, content)}
+	additions := []gitrepo.Addition{gitrepo.NewAddition(filename, content)}
 
 	NewFileContentDetector().AggressiveMode().Test(additions, TalismanRCIgnore{}, results)
 	assert.True(t, results.HasFailures(), "Expected file to not to contain base64 encoded texts")
@@ -35,7 +35,7 @@ func TestShouldNotFlagPotentialSecretsWithinSafeJavaCodeEvenInAggressiveMode(t *
 	results := NewDetectionResults()
 	content := []byte(awsAccessKeyIDExample)
 	filename := "filename"
-	additions := []git_repo.Addition{git_repo.NewAddition(filename, content)}
+	additions := []gitrepo.Addition{gitrepo.NewAddition(filename, content)}
 
 	NewFileContentDetector().AggressiveMode().Test(additions, TalismanRCIgnore{}, results)
 	if results == nil {

diff --git a/detector/checksum_compare.go b/detector/checksum_compare.go
@@ -1,22 +1,22 @@
 package detector
 
 import (
-	"talisman/git_repo"
+	"talisman/gitrepo"
 	"talisman/utility"
 )
 
 type ChecksumCompare struct {
-	additions    []git_repo.Addition
+	additions    []gitrepo.Addition
 	ignoreConfig TalismanRCIgnore
 }
 
 //NewChecksumCompare returns new instance of the ChecksumCompare
-func NewChecksumCompare(gitAdditions []git_repo.Addition, talismanRCIgnoreConfig TalismanRCIgnore) *ChecksumCompare {
+func NewChecksumCompare(gitAdditions []gitrepo.Addition, talismanRCIgnoreConfig TalismanRCIgnore) *ChecksumCompare {
 	cc := ChecksumCompare{additions: gitAdditions, ignoreConfig: talismanRCIgnoreConfig}
 	return &cc
 }
 
-func (cc *ChecksumCompare) IsScanNotRequired(addition git_repo.Addition) bool {
+func (cc *ChecksumCompare) IsScanNotRequired(addition gitrepo.Addition) bool {
 	currentCollectiveChecksum := utility.CollectiveSHA256Hash([]string{string(addition.Path)})
 	declaredCheckSum := ""
 	for _, ignore := range cc.ignoreConfig.FileIgnoreConfig {
@@ -45,7 +45,7 @@ func (cc *ChecksumCompare) FilterIgnoresBasedOnChecksums() TalismanRCIgnore {
 	return rc
 }
 
-func (cc *ChecksumCompare) calculateCollectiveChecksumForPattern(fileNamePattern string, additions []git_repo.Addition) string {
+func (cc *ChecksumCompare) calculateCollectiveChecksumForPattern(fileNamePattern string, additions []gitrepo.Addition) string {
 	var patternpaths []string
 	currentCollectiveChecksum := ""
 	for _, addition := range additions {