You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Describe the bug .talismanrc is supposed to be a yaml file. However, the filename does not end in .yaml, certain editors may not detect it and use yaml settings, and additionally, yaml linters will not detect it by default to find errors.
This can lead to silent failures - for example if a tab is added to one of the lines. Further lines in the file (such as custom_patterns) could be ignored, leading to password leakage.
To Reproduce
Steps to reproduce the behavior:
Create a new git repository and add a test file
Add a custom pattern to .talismanrc:
custom_patterns:
- 'pwd_[a-z]{8,20}'
Add a string matching this pattern to the file
git add . and then talisman -l debug --githook pre-commit and confirm the secret is detected and the custom pattern was used
Replace the spaces in .talismanrc with tabs
git add . and then talisman -l debug --githook pre-commit and confirm the secret no longer detected
Expected behavior
Talisman should fail on a malformed .talismanrc.yaml file and perform some basic sanity checks on the file
.talismanrc should be renamed as .talismanrc.yaml so it is detected by yamllinters and editors.
The samples of .talismanrc.yaml should be updated to be proper yaml (with correct indenting)
The output of the checksum tool should be properly indented (currently it is not indented, missing --- prefix, - e.g.
Describe the bug
.talismanrc
is supposed to be a yaml file. However, the filename does not end in .yaml, certain editors may not detect it and use yaml settings, and additionally, yaml linters will not detect it by default to find errors.This can lead to silent failures - for example if a
tab
is added to one of the lines. Further lines in the file (such as custom_patterns) could be ignored, leading to password leakage.To Reproduce
Steps to reproduce the behavior:
git add .
and thentalisman -l debug --githook pre-commit
and confirm the secret is detected and the custom pattern was usedgit add .
and thentalisman -l debug --githook pre-commit
and confirm the secret no longer detectedExpected behavior
.talismanrc.yaml
file and perform some basic sanity checks on the file.talismanrc
should be renamed as.talismanrc.yaml
so it is detected by yamllinters and editors..talismanrc.yaml
should be updated to be proper yaml (with correct indenting)should be
Desktop (please complete the following information):
The text was updated successfully, but these errors were encountered: