Scan mode with IgnoreHistory option now respects the fileIgnore config in .talismanrc

cmd/scanner_cmd_test.go

@@ -44,7 +44,6 @@ func TestScannerCmdAddingSecretKeyShouldExitZeroIfFileIsWithinConfiguredScope(t
 		git.SetupBaselineFiles("simple-file")
 		git.CreateFileWithContents("go.sum", awsAccessKeyIDExample)
 		git.CreateFileWithContents("go.mod", awsAccessKeyIDExample)
-		git.CreateFileWithContents(".talismanrc", talismanRCDataWithScopeAsGo)
 		git.AddAndcommit("*", "go sum file")
 		os.Chdir(git.GetRoot())
 
@@ -53,3 +52,37 @@ func TestScannerCmdAddingSecretKeyShouldExitZeroIfFileIsWithinConfiguredScope(t
 		assert.Equal(t, 0, scannerCmd.exitStatus(), "Expected ScannerCmd.exitStatus() to return 0 since no secret is found")
 	})
 }
+
+func TestScannerCmdDetectsSecretAndIgnoresWhileRunningInIgnoreHistoryModeWithValidIgnoreConf(t *testing.T) {
+	withNewTmpGitRepo(func(git *git_testing.GitTesting) {
+		git.SetupBaselineFiles("simple-file")
+		git.CreateFileWithContents("go.sum", awsAccessKeyIDExample)
+		git.CreateFileWithContents("go.mod", awsAccessKeyIDExample)
+		git.AddAndcommit("*", "go sum file")
+		os.Chdir(git.GetRoot())
+
+		scannerCmd := NewScannerCmd(true, git.GetRoot())
+		scannerCmd.Run(&talismanrc.TalismanRC{
+			IgnoreConfigs: []talismanrc.IgnoreConfig{
+				&talismanrc.FileIgnoreConfig{FileName: "go.sum", Checksum: "582093519ae682d5170aecc9b935af7e90ed528c577ecd2c9dd1fad8f4924ab9"},
+				&talismanrc.FileIgnoreConfig{FileName: "go.mod", Checksum: "8a03b9b61c505ace06d590d2b9b4f4b6fa70136e14c26875ced149180e00d1af"},
+			}})
+		assert.Equal(t, 0, scannerCmd.exitStatus(), "Expected ScannerCmd.exitStatus() to return 0 since secrets file ignore is enabled")
+	})
+}
+
+func TestScannerCmdDetectsSecretAndIgnoresWhileRunningNormalScanMode(t *testing.T) {
+	withNewTmpGitRepo(func(git *git_testing.GitTesting) {
+		git.SetupBaselineFiles("simple-file")
+		git.CreateFileWithContents("go.sum", awsAccessKeyIDExample)
+		git.CreateFileWithContents("go.mod", awsAccessKeyIDExample)
+		git.AddAndcommit("*", "go sum file")
+		os.Chdir(git.GetRoot())
+
+		scannerCmd := NewScannerCmd(false, git.GetRoot())
+		scannerCmd.Run(&talismanrc.TalismanRC{
+			IgnoreConfigs: []talismanrc.IgnoreConfig{
+			}})
+		assert.Equal(t, 1, scannerCmd.exitStatus(), "Expected ScannerCmd.exitStatus() to return 1 since secrets file ignore is enabled")
+	})
+}

cmd/talisman.go

@@ -149,10 +149,10 @@ func run(promptContext prompt.PromptContext) (returnCode int) {
 		return NewChecksumCmd(strings.Fields(options.Checksum)).Run()
 	} else if options.Scan {
 		log.Infof("Running scanner")
-		return NewScannerCmd(options.IgnoreHistory, options.ReportDirectory).Run(talismanrc.For(talismanrc.ScanMode))
+		return NewScannerCmd(options.IgnoreHistory, options.ReportDirectory).Run(talismanrc.ForScan(options.IgnoreHistory))
 	} else if options.ScanWithHtml {
 		log.Infof("Running scanner with html report")
-		return NewScannerCmd(options.IgnoreHistory, "talisman_html_report").Run(talismanrc.For(talismanrc.ScanMode))
+		return NewScannerCmd(options.IgnoreHistory, "talisman_html_report").Run(talismanrc.ForScan(options.IgnoreHistory))
 	} else if options.Pattern != "" {
 		log.Infof("Running scan for %s", options.Pattern)
 		return NewPatternCmd(options.Pattern).Run(talismanrc.For(talismanrc.HookMode), promptContext)

talismanrc/talismanrc.go

@@ -208,3 +208,10 @@ func For(mode Mode) *TalismanRC {
 	talismanRC := fromPersistedRC(configFromTalismanRCFile, mode)
 	return talismanRC
 }
+
+func ForScan(ignoreHistory bool) *TalismanRC {
+	if ignoreHistory {
+		return For(HookMode)
+	}
+	return For(ScanMode)
+}

talismanrc/talismanrc_test.go

@@ -266,4 +266,33 @@ func TestFor(t *testing.T) {
 		assert.True(t, rc.IgnoreConfigs[2].ChecksumMatches("file3_checksum"))
 
 	})
+
+
+}
+
+func TestForScan(t *testing.T) {
+	var repoFileReader = func(string) ([]byte, error) {
+		return []byte(`fileignoreconfig:
+- filename: testfile_1.yml
+  checksum: file1_checksum
+- filename: testfile_2.yml
+  checksum: file2_checksum
+- filename: testfile_3.yml
+  checksum: file3_checksum`), nil
+	}
+	t.Run("talismanrc.ForScan(ignoreHistory) should populate talismanrc for scan mode with ignore history", func(t *testing.T) {
+		setRepoFileReader(repoFileReader)
+		rc := ForScan(true)
+
+		assert.Equal(t, 3, len(rc.IgnoreConfigs))
+
+	})
+
+	t.Run("talismanrc.ForScan(ignoreHistory) should populate talismanrc for scan mode without ignore history", func(t *testing.T) {
+		setRepoFileReader(repoFileReader)
+		rc := ForScan(false)
+
+		assert.Equal(t, 0, len(rc.IgnoreConfigs))
+
+	})
 }