Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Package dependencies can bypass our ignore rules #195

Open
BenoitZugmeyer opened this issue May 11, 2022 · 1 comment
Open

Package dependencies can bypass our ignore rules #195

BenoitZugmeyer opened this issue May 11, 2022 · 1 comment
Labels
bug Something isn't working

Comments

@BenoitZugmeyer
Copy link

BenoitZugmeyer commented May 11, 2022
edited

Overview

In our JS project managed with yarn, we want to ignore anything located in the node_modules folder (our dependencies), so we added node_modules in our .wokeignore file.

Somehow, we have a node_modules dependency (npm-normalize-package-bin) that includes a .gitignore file. In this file, there are some ignore exceptions noted as !some_path_to_include.

With an anterior version of woke, this whole directory was ignored as expected. But with v0.18.1 (probably related to #117), the some_path_to_include is not ignored anymore. Is there any way to force any file located into node_modules to be ignored?

Steps to reproduce

$ mkdir test-woke
$ cd test-woke
$ yarn init -y
$ yarn add npm-normalize-package-bin
$ echo "node_modules" > .wokeignore

Actual result (some node_modules file is not ignored):

$ woke
node_modules/npm-normalize-package-bin/package-lock.json:1582:73-77: `GUys` may be insensitive, use `folks`, `people`, `you all`, `y'all`, `yinz` instead (error)
      "integrity": "sha512-8QQikdH7//R2vurIJSutZ1smHYTcLpRWEOlHnzcWHmBYrOGUysKwSsrC89BCiFj3CbrfJ/nXFdJepOVrY1GCHQ==",
                                                                         ^

Expected result (all node_modules files are ignored):

$ woke
No findings found.

Additional information

Version of woke 
$ woke --version
woke version 0.18.1
Config file 
$ cat .woke.yml
cat: .woke.yml: No such file or directory
Go environment 
$ go version && go env
go version go1.18.1 darwin/amd64
GO111MODULE="auto"
GOARCH="amd64"
GOBIN=""
GOCACHE="/Users/xxx/Library/Caches/go-build"
GOENV="/Users/xxx/Library/Application Support/go/env"
GOEXE=""
GOEXPERIMENT=""
GOFLAGS=""
GOHOSTARCH="amd64"
GOHOSTOS="darwin"
GOINSECURE=""
GOMODCACHE="/Users/xxx/go/pkg/mod"
GONOPROXY="github.com/xxx"
GONOSUMDB="github.com/xxx"
GOOS="darwin"
GOPATH="/Users/xxx/go"
GOPRIVATE="github.com/xxx"
GOPROXY="https://proxy.golang.org,direct"
GOROOT="/usr/local/Cellar/go/1.18.1/libexec"
GOSUMDB="sum.golang.org"
GOTMPDIR=""
GOTOOLDIR="/usr/local/Cellar/go/1.18.1/libexec/pkg/tool/darwin_amd64"
GOVCS=""
GOVERSION="go1.18.1"
GCCGO="gccgo"
GOAMD64="v1"
AR="ar"
CC="clang"
CXX="clang++"
CGO_ENABLED="1"
GOMOD=""
GOWORK=""
CGO_CFLAGS="-g -O2"
CGO_CPPFLAGS=""
CGO_CXXFLAGS="-g -O2"
CGO_FFLAGS="-g -O2"
CGO_LDFLAGS="-g -O2"
PKG_CONFIG="pkg-config"
GOGCCFLAGS="-fPIC -arch x86_64 -m64 -pthread -fno-caret-diagnostics -Qunused-arguments -fmessage-length=0 -fdebug-prefix-map=/var/folders/xxx=/tmp/go-build -gno-record-gcc-switches -fno-common"
Verbose output of running 
$ woke --debug
2022-05-11T11:31:54+02:00 DBG woke version 0.18.1 built from 939e604 on 2022-03-19T15:45:29Z
2022-05-11T11:31:54+02:00 DBG no config file loaded, using only default rules
2022-05-11T11:31:54+02:00 DBG default rules rules=["whitelist","blacklist","master-slave","slave","grandfathered","man-hours","sanity","dummy","guys","whitebox","blackbox"]
2022-05-11T11:31:54+02:00 DBG all enabled rules rules=["whitelist","blacklist","master-slave","slave","grandfathered","man-hours","sanity","dummy","guys","whitebox","blackbox"]
2022-05-11T11:31:54+02:00 DBG Could Not Find Root Git Folder
2022-05-11T11:31:54+02:00 DBG finished compiling ignores durationMS=2.166872
2022-05-11T11:31:54+02:00 DBG created new printer printer=text
2022-05-11T11:31:54+02:00 DBG process files path=. type=parallel
2022-05-11T11:31:54+02:00 DBG skipping content file=. reason="file is a directory"
2022-05-11T11:31:54+02:00 DBG finished processing findings durationMS=0.672365 file=.
2022-05-11T11:31:54+02:00 DBG skipping file=node_modules reason="ignored file"
2022-05-11T11:31:54+02:00 DBG finished processing findings durationMS=0.374578 file=.gitignore
2022-05-11T11:31:54+02:00 DBG skipping file=node_modules/.yarn-integrity reason="ignored file"
2022-05-11T11:31:54+02:00 DBG skipping file=node_modules/npm-normalize-package-bin reason="ignored file"
2022-05-11T11:31:54+02:00 DBG skipping content file=node_modules/npm-normalize-package-bin/test reason="file is a directory"
2022-05-11T11:31:54+02:00 DBG finished processing findings durationMS=0.212282 file=node_modules/npm-normalize-package-bin/test
2022-05-11T11:31:54+02:00 DBG finished processing findings durationMS=0.8495 file=yarn.lock
2022-05-11T11:31:54+02:00 DBG finished processing findings durationMS=0.987997 file=package.json
2022-05-11T11:31:54+02:00 DBG finished processing findings durationMS=0.339032 file=node_modules/npm-normalize-package-bin/.gitignore
2022-05-11T11:31:54+02:00 DBG finished processing findings durationMS=0.21564 file=node_modules/npm-normalize-package-bin/.github/settings.yml
2022-05-11T11:31:54+02:00 DBG finished processing findings durationMS=0.853529 file=node_modules/npm-normalize-package-bin/README.md
2022-05-11T11:31:54+02:00 DBG skipping content file=node_modules/npm-normalize-package-bin/.github reason="file is a directory"
2022-05-11T11:31:54+02:00 DBG finished processing findings durationMS=0.346777 file=node_modules/npm-normalize-package-bin/.github
2022-05-11T11:31:54+02:00 DBG finished processing findings durationMS=0.934917 file=node_modules/npm-normalize-package-bin/package.json
2022-05-11T11:31:54+02:00 DBG finished processing findings durationMS=1.426737 file=node_modules/npm-normalize-package-bin/index.js
2022-05-11T11:31:54+02:00 DBG finished processing findings durationMS=1.212664 file=node_modules/npm-normalize-package-bin/LICENSE
2022-05-11T11:31:54+02:00 DBG finished processing findings durationMS=1.36334 file=node_modules/npm-normalize-package-bin/test/nobin.js
2022-05-11T11:31:54+02:00 DBG finished processing findings durationMS=1.20234 file=node_modules/npm-normalize-package-bin/test/array.js
2022-05-11T11:31:54+02:00 DBG finished processing findings durationMS=1.615487 file=node_modules/npm-normalize-package-bin/test/string.js
2022-05-11T11:31:54+02:00 DBG finished processing findings durationMS=3.003684 file=node_modules/npm-normalize-package-bin/test/object.js
2022-05-11T11:31:54+02:00 DBG finished processing findings durationMS=53.227105 file=node_modules/npm-normalize-package-bin/package-lock.json
node_modules/npm-normalize-package-bin/package-lock.json:1582:73-77: `GUys` may be insensitive, use `folks`, `people`, `you all`, `y'all`, `yinz` instead (error)
      "integrity": "sha512-8QQikdH7//R2vurIJSutZ1smHYTcLpRWEOlHnzcWHmBYrOGUysKwSsrC89BCiFj3CbrfJ/nXFdJepOVrY1GCHQ==",
                                                                         ^
2022-05-11T11:31:54+02:00 DBG woke completed durationMS=60.148751
@BenoitZugmeyer BenoitZugmeyer added the bug Something isn't working label May 11, 2022
@github-actions
Copy link
Contributor

👋 Thanks for submitting your first issue!

Please be sure to read and follow our Code of Conduct and Contributing guide.

⭐️ Is your org or open source project using woke? If so, we'd love for you to be included in the 'Who uses woke' list at https://github.com/get-woke/woke/blob/main/docs/about.md#who-uses-woke.

BenoitZugmeyer added a commit to DataDog/browser-sdk that referenced this issue Jul 6, 2022
@BenoitZugmeyer
⬇️ [RUMF-1329] downgrade woke to a working version
ca0ccd2 
We can't build our CI image with the latest version of `woke` because of
get-woke/woke#195 .

I didn't find an alternative to woke.

I tried a bit to fix the issue, but:

* I'm not fluent with go, and the fix is non-trivial

* the issue seems to be in a woke dependency (`go-git`), and woke is
  using a fork of a fork of this dependency, making it hazardous to fix.
@BenoitZugmeyer BenoitZugmeyer mentioned this issue Jul 6, 2022
Merged
4 tasks
BenoitZugmeyer added a commit to DataDog/browser-sdk that referenced this issue Jul 6, 2022
@BenoitZugmeyer
⬇️ [RUMF-1329] downgrade woke to a working version (#1630)
8b9589c 
We can't build our CI image with the latest version of `woke` because of
get-woke/woke#195 .

I didn't find an alternative to woke.

I tried a bit to fix the issue, but:

* I'm not fluent with go, and the fix is non-trivial

* the issue seems to be in a woke dependency (`go-git`), and woke is
  using a fork of a fork of this dependency, making it hazardous to fix.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@BenoitZugmeyer