thoughtworks · second-frank · Feb 27, 2023
diff --git a/detector/helpers/checksum_compare.go b/detector/helpers/checksum_compare.go
@@ -23,8 +23,10 @@ func (cc *ChecksumCompare) IsScanNotRequired(addition gitrepo.Addition) bool {
 	for _, ignore := range cc.talismanRC.IgnoreConfigs {
 		if addition.Matches(ignore.GetFileName()) {
 			currentCollectiveChecksum = cc.calculator.CalculateCollectiveChecksumForPattern(ignore.GetFileName())
-			return ignore.ChecksumMatches(currentCollectiveChecksum)
+			if ignore.ChecksumMatches(currentCollectiveChecksum) {
+				return true
+			}
 		}
 	}
-	return false;
+	return false
 }
diff --git a/detector/helpers/checksum_compare_test.go b/detector/helpers/checksum_compare_test.go
@@ -58,4 +58,58 @@ func TestChecksumCompare_IsScanNotRequired(t *testing.T) {
 		assert.True(t, required)
 	})
 
+	t.Run("should find any matching talismanrc config", func(t *testing.T) {
+		ctrl := gomock.NewController(t)
+		defer ctrl.Finish()
+		mockSHA256Hasher := mockutility.NewMockSHA256Hasher(ctrl)
+		checksumCalculator := mockchecksumcalculator.NewMockChecksumCalculator(ctrl)
+		ignoreConfig := talismanrc.TalismanRC{
+			IgnoreConfigs: []talismanrc.IgnoreConfig{
+				&talismanrc.FileIgnoreConfig{
+					FileName: "some.txt",
+					Checksum: "sha1",
+				},
+				&talismanrc.FileIgnoreConfig{
+					FileName: "some.txt",
+					Checksum: "recent-sha1",
+				},
+			},
+		}
+		cc := NewChecksumCompare(checksumCalculator, mockSHA256Hasher, &ignoreConfig)
+		addition := gitrepo.Addition{Name: "some.txt"}
+		mockSHA256Hasher.EXPECT().CollectiveSHA256Hash([]string{string(addition.Path)}).Return("somesha")
+		checksumCalculator.EXPECT().CalculateCollectiveChecksumForPattern("some.txt").Return("recent-sha1").Times(2)
+
+		required := cc.IsScanNotRequired(addition)
+
+		assert.True(t, required)
+	})
+
+	t.Run("should find checksum talismanrc config only", func(t *testing.T) {
+		ctrl := gomock.NewController(t)
+		defer ctrl.Finish()
+		mockSHA256Hasher := mockutility.NewMockSHA256Hasher(ctrl)
+		checksumCalculator := mockchecksumcalculator.NewMockChecksumCalculator(ctrl)
+		ignoreConfig := talismanrc.TalismanRC{
+			IgnoreConfigs: []talismanrc.IgnoreConfig{
+				&talismanrc.FileIgnoreConfig{
+					FileName:        "*.txt",
+					AllowedPatterns: []string{"key"},
+				},
+				&talismanrc.FileIgnoreConfig{
+					FileName: "some.txt",
+					Checksum: "sha1",
+				},
+			},
+		}
+		cc := NewChecksumCompare(checksumCalculator, mockSHA256Hasher, &ignoreConfig)
+		addition := gitrepo.Addition{Name: "some.txt"}
+		mockSHA256Hasher.EXPECT().CollectiveSHA256Hash([]string{string(addition.Path)}).Return("somesha")
+		checksumCalculator.EXPECT().CalculateCollectiveChecksumForPattern("*.txt").Return("sha1")
+		checksumCalculator.EXPECT().CalculateCollectiveChecksumForPattern("some.txt").Return("sha1")
+
+		required := cc.IsScanNotRequired(addition)
+
+		assert.True(t, required)
+	})
 }
diff --git a/talismanrc/talismanrc.go b/talismanrc/talismanrc.go
@@ -165,16 +165,15 @@ func (tRC *TalismanRC) Deny(addition gitrepo.Addition, detectorName string) bool
 }
 
 //Strip git addition 
-func(tRC *TalismanRC) FilterAllowedPatternsFromAddition(addition gitrepo.Addition) string {
-	additionPathAsString := string(addition.Path)
+func (tRC *TalismanRC) FilterAllowedPatternsFromAddition(addition gitrepo.Addition) string {
 	// Processing global allowed patterns
 	for _, pattern := range tRC.AllowedPatterns {
 		addition.Data = pattern.ReplaceAll(addition.Data, []byte(""))
 	}
 
 	// Processing allowed patterns based on file path
 	for _, ignoreConfig := range tRC.IgnoreConfigs {
-		if ignoreConfig.GetFileName() == additionPathAsString {
+		if addition.Matches(ignoreConfig.GetFileName()) {
 			for _, pattern := range ignoreConfig.GetAllowedPatterns() {
 				addition.Data = pattern.ReplaceAll(addition.Data, []byte(""))
 			}

diff --git a/talismanrc/talismanrc_test.go b/talismanrc/talismanrc_test.go
@@ -73,6 +73,20 @@ func TestShouldFilterAllowedPatternsFromAdditionBasedOnFileConfig(t *testing.T)
 	assert.Equal(t, fileContentFiltered2, fileContent)
 }
 
+func TestShouldFilterAllowedPatternsFromAdditionBasedOnFileConfigWithWildcards(t *testing.T) {
+	const hexContent string = "68656C6C6F20776F726C6421"
+	const fileContent string = "Prefix content" + hexContent
+	gitRepoAddition1 := testAdditionWithData("foo/file1.yml", []byte(fileContent))
+	gitRepoAddition2 := testAdditionWithData("foo/file2.yml", []byte(fileContent))
+	talismanrc := createTalismanRCWithFileIgnores("foo/*.yml", "somedetector", []string{hexContent})
+
+	fileContentFiltered1 := talismanrc.FilterAllowedPatternsFromAddition(gitRepoAddition1)
+	fileContentFiltered2 := talismanrc.FilterAllowedPatternsFromAddition(gitRepoAddition2)
+
+	assert.Equal(t, fileContentFiltered1, "Prefix content")
+	assert.Equal(t, fileContentFiltered2, "Prefix content")
+}
+
 func TestShouldConvertThresholdToValue(t *testing.T) {
 	talismanRCContents := []byte("threshold: high")
 	assert.Equal(t, newPersistedRC(talismanRCContents).Threshold, severity.High)
@@ -299,8 +313,6 @@ func TestFor(t *testing.T) {
 		assert.True(t, rc.IgnoreConfigs[2].ChecksumMatches("file3_checksum"))
 
 	})
-
-
 }
 
 func TestForScan(t *testing.T) {