Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Potentially invalid checksum in githook report #416

Open
second-frank opened this issue Feb 24, 2023 · 2 comments · May be fixed by #417 or #455
Open

Potentially invalid checksum in githook report #416

second-frank opened this issue Feb 24, 2023 · 2 comments · May be fixed by #417 or #455
Assignees

Comments

@second-frank
Copy link

Describe the bug

The proposed .talismanrc format of a --githook report might contain checksums that have no effect when used in the .talismanrc file, so the same finding is reported again on next run.

Seems to happen with files whose name is used multiple times within the repository folder structure, typically readmes or scripts.

To Reproduce

git init
mkdir -p sub-folder
echo 'hello world' > sub-folder/readme.md
echo 'password = "some-secret-value"' > readme.md
git add *
talisman --githook pre-commit

When putting the reported fileignoreconfig section into a .talismanrc file and running talisman --githook pre-commit again, the same finding is reported.

Expected behavior

The proposed format by Talisman to whitelist findings should work by simply copy & pasting.

Additional context

There is a workaround by creating the checksum value explicitly via talisman --checksum command, but the typical user would not be aware of that.

Desktop (please complete the following information):

  • OS: Ubuntu 22.04 / Windows 10 (GitBash)
  • Talisman version: 1.30.0

Frank Seidel [email protected], Mercedes-Benz Tech Innovation GmbH
Provider Information

@karlbrown-va
Copy link

I just ran into this as well with 1.32.0.

@karlbrown-va
Copy link

This previously closed issue may be related: #344

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
3 participants