Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

talisman output for files with brackets #382

Open
revolunet opened this issue Aug 1, 2022 · 4 comments
Open

talisman output for files with brackets #382

revolunet opened this issue Aug 1, 2022 · 4 comments

Comments

@revolunet
Copy link
Contributor

When a file containing brackets gets flagged by talisman, the CLI output doesnt escape the brackets so we cant copy/paste directly to .talismanrc. file names with brackets break the YAML
@svishwanath-tw
Copy link
Collaborator

@revolunet : Sample output along with original filename will be highly appreciated.

@revolunet
Copy link
Contributor Author

Hi,

Say i have a file named src/[something].ts that contain a secret

talisman detects it correctly :

Talisman Report:
+-------------------------------------+--------------------------------------------+----------+
|                FILE                 |                   ERRORS                   | SEVERITY |
+-------------------------------------+--------------------------------------------+----------+
| src/[something].ts | Expected file to not to contain            | high     |
|                                     | base64 encoded texts such as:              |          |
|                                     | b3+E9r461JVqUgUYbnRHC/1XpN1jl0lvXp4ainmTw= |          |
+-------------------------------------+--------------------------------------------+----------+


If you are absolutely sure that you want to ignore the above files from talisman detectors, consider pasting the following format in .talismanrc file in the project root

fileignoreconfig:
- filename: src/[something].ts
  checksum: 01f54590c32718f14c24dfc10e5378090326b841e9037dd2f15a51e028b6ae8f

If i add this line manually, or use interactive mode, its added to .talismanrc as is but has no effect.

The .talismanrc entry should be - filename: src/\[something\].ts

So we should fix how the entry is displayed in the CLI output and also how its written in .talismanrc

@svishwanath-tw
Copy link
Collaborator

@revolunet : Thanks for this clarification. I wanted to know what kind of brackets were being talked about.
I'm a non-native english speaker, and as far as I know:
() -> round brackets
{} -> curly brackets
[] - square brackets

Having said that,
talisman (and therefore .talismanrc) supports checksumming a pattern of filenames , golang regexes can be used to specify filenames at the time of checksumming .
I believe [something] is being treated as a character-class ,the filename in your case will point to the following collection of files {"s.ts", "o.ts" ...., "g.ts"}

Great find. This helps make talisman better and the feedback is much appreciated.

@revolunet
Copy link
Contributor Author

Thanks for clarification, no native english here either :) 🇫🇷

So yes my case is when using square brackets : []

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@revolunet @svishwanath-tw