Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Potentially invalid checksum in githook report #416

Open
second-frank opened this issue Feb 24, 2023 · 2 comments · May be fixed by #417 or #455
Open

Potentially invalid checksum in githook report #416

second-frank opened this issue Feb 24, 2023 · 2 comments · May be fixed by #417 or #455
Assignees
@tinamthomas

Comments

@second-frank
Copy link

Describe the bug

The proposed .talismanrc format of a --githook report might contain checksums that have no effect when used in the .talismanrc file, so the same finding is reported again on next run.

Seems to happen with files whose name is used multiple times within the repository folder structure, typically readmes or scripts.

To Reproduce

git init
mkdir -p sub-folder
echo 'hello world' > sub-folder/readme.md
echo 'password = "some-secret-value"' > readme.md
git add *
talisman --githook pre-commit

When putting the reported fileignoreconfig section into a .talismanrc file and running talisman --githook pre-commit again, the same finding is reported.

Expected behavior

The proposed format by Talisman to whitelist findings should work by simply copy & pasting.

Additional context

There is a workaround by creating the checksum value explicitly via talisman --checksum command, but the typical user would not be aware of that.

Desktop (please complete the following information):

  • OS: Ubuntu 22.04 / Windows 10 (GitBash)
  • Talisman version: 1.30.0

Frank Seidel [email protected], Mercedes-Benz Tech Innovation GmbH
Provider Information
second-frank added a commit to mercedes-benz/talisman that referenced this issue Feb 24, 2023
@second-frank
use same checksum logic for talismanRC suggestion as during detection (
3b57d33 
…thoughtworks#416)
@second-frank second-frank linked a pull request Feb 24, 2023 that will close this issue
Open
@tinamthomas tinamthomas self-assigned this Mar 20, 2023
@karlbrown-va
Copy link

I just ran into this as well with 1.32.0.

@karlbrown-va
Copy link

This previously closed issue may be related: #344

deepthirera added a commit to deepthirera/talisman that referenced this issue May 21, 2024
@deepthirera
thoughtworks#416 Fix - Files of the same name in sub-folders will be …
262dc6e 
…considered as different files
@deepthirera deepthirera linked a pull request May 21, 2024 that will close this issue
Open
deepthirera added a commit to deepthirera/talisman that referenced this issue Jun 3, 2024
@deepthirera
thoughtworks#416 Fix - Adding more testcases and covering all possibl…
9785d24 
…e special characters
@deepthirera deepthirera mentioned this issue Nov 3, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@tinamthomas tinamthomas

Labels
None yet
Projects
None yet
Milestone
No milestone
3 participants
@tinamthomas @karlbrown-va @second-frank