Rename ChecksumCompare to show its role in ignoring files

Authored-by: Owen Nelson <[email protected]>

Author: tw-owen-nelson

cmd/runner.go

@@ -31,12 +31,12 @@ func NewRunner(additions []gitrepo.Addition, mode string) *runner {
 func (r *runner) Run(tRC *talismanrc.TalismanRC, promptContext prompt.PromptContext) int {
 	wd, _ := os.Getwd()
 	repo := gitrepo.RepoLocatedAt(wd)
-	cc := helpers.BuildCC(r.mode, tRC, repo)
+	ie := helpers.BuildIgnoreEvaluator(r.mode, tRC, repo)
 
 	setCustomSeverities(tRC)
 	additionsToScan := tRC.FilterAdditions(r.additions)
 
-	detector.DefaultChain(tRC, cc).Test(additionsToScan, tRC, r.results)
+	detector.DefaultChain(tRC, ie).Test(additionsToScan, tRC, r.results)
 	r.printReport(promptContext)
 	exitStatus := r.exitStatus()
 	return exitStatus

cmd/scanner_cmd.go

@@ -31,11 +31,11 @@ func (s *ScannerCmd) Run(tRC *talismanrc.TalismanRC) int {
 
 	wd, _ := os.Getwd()
 	repo := gitrepo.RepoLocatedAt(wd)
-	cc := helpers.BuildCC("default", tRC, repo)
+	ie := helpers.BuildIgnoreEvaluator("default", tRC, repo)
 
 	additionsToScan := tRC.FilterAdditions(s.additions)
 
-	detector.DefaultChain(tRC, cc).Test(additionsToScan, tRC, s.results)
+	detector.DefaultChain(tRC, ie).Test(additionsToScan, tRC, s.results)
 	reportsPath, err := report.GenerateReport(s.results, s.reportDirectory)
 	if err != nil {
 		logr.Errorf("error while generating report: %v", err)

detector/chain.go

@@ -17,20 +17,20 @@ import (
 // Chain represents a chain of Detectors.
 // It is itself a detector.
 type Chain struct {
-	detectors     []detector.Detector
-	ignoreChecker *helpers.ChecksumCompare
+	detectors       []detector.Detector
+	ignoreEvaluator *helpers.IgnoreEvaluator
 }
 
 // NewChain returns an empty DetectorChain
 // It is itself a detector, but it tests nothing.
-func NewChain(ignoreChecker *helpers.ChecksumCompare) *Chain {
-	result := Chain{[]detector.Detector{}, ignoreChecker}
+func NewChain(ignoreEvaluator *helpers.IgnoreEvaluator) *Chain {
+	result := Chain{[]detector.Detector{}, ignoreEvaluator}
 	return &result
 }
 
 // DefaultChain returns a DetectorChain with pre-configured detectors
-func DefaultChain(tRC *talismanrc.TalismanRC, ignoreChecker *helpers.ChecksumCompare) *Chain {
-	chain := NewChain(ignoreChecker)
+func DefaultChain(tRC *talismanrc.TalismanRC, ignoreEvaluator *helpers.IgnoreEvaluator) *Chain {
+	chain := NewChain(ignoreEvaluator)
 	chain.AddDetector(filename.DefaultFileNameDetector(tRC.Threshold))
 	chain.AddDetector(filecontent.NewFileContentDetector(tRC))
 	chain.AddDetector(pattern.NewPatternDetector(tRC.CustomPatterns))
@@ -52,7 +52,7 @@ func (dc *Chain) Test(additions []gitrepo.Addition, talismanRC *talismanrc.Talis
 	progressBar := utility.GetProgressBar(os.Stdout, "Talisman Scan")
 	progressBar.Start(total)
 	for _, v := range dc.detectors {
-		v.Test(*dc.ignoreChecker, additions, talismanRC, result, func() {
+		v.Test(*dc.ignoreEvaluator, additions, talismanRC, result, func() {
 			progressBar.Increment()
 		})
 	}

detector/chain_test.go

@@ -21,26 +21,26 @@ func init() {
 
 type FailingDetection struct{}
 
-func (v FailingDetection) Test(comparator helpers.ChecksumCompare, currentAdditions []gitrepo.Addition, ignoreConfig *talismanrc.TalismanRC, result *helpers.DetectionResults, additionCompletionCallback func()) {
+func (v FailingDetection) Test(comparator helpers.IgnoreEvaluator, currentAdditions []gitrepo.Addition, ignoreConfig *talismanrc.TalismanRC, result *helpers.DetectionResults, additionCompletionCallback func()) {
 	result.Fail("some_file", "filecontent", "FAILED BY DESIGN", []string{}, severity.Low)
 }
 
 type PassingDetection struct{}
 
-func (p PassingDetection) Test(comparator helpers.ChecksumCompare, currentAdditions []gitrepo.Addition, ignoreConfig *talismanrc.TalismanRC, result *helpers.DetectionResults, additionCompletionCallback func()) {
+func (p PassingDetection) Test(comparator helpers.IgnoreEvaluator, currentAdditions []gitrepo.Addition, ignoreConfig *talismanrc.TalismanRC, result *helpers.DetectionResults, additionCompletionCallback func()) {
 }
 
 func TestEmptyValidationChainPassesAllValidations(t *testing.T) {
-	cc := helpers.BuildCC("pre-push", nil, gitrepo.RepoLocatedAt("."))
-	v := NewChain(cc)
+	ie := helpers.BuildIgnoreEvaluator("pre-push", nil, gitrepo.RepoLocatedAt("."))
+	v := NewChain(ie)
 	results := helpers.NewDetectionResults(talismanrc.HookMode)
 	v.Test(nil, &talismanrc.TalismanRC{}, results)
 	assert.False(t, results.HasFailures(), "Empty validation chain is expected to always pass")
 }
 
 func TestValidationChainWithFailingValidationAlwaysFails(t *testing.T) {
-	cc := helpers.BuildCC("pre-push", nil, gitrepo.RepoLocatedAt("."))
-	v := NewChain(cc)
+	ie := helpers.BuildIgnoreEvaluator("pre-push", nil, gitrepo.RepoLocatedAt("."))
+	v := NewChain(ie)
 	v.AddDetector(PassingDetection{})
 	v.AddDetector(FailingDetection{})
 	results := helpers.NewDetectionResults(talismanrc.HookMode)
@@ -54,8 +54,8 @@ func TestDefaultChainShouldCreateChainSpecifiedModeAndPresetDetectors(t *testing
 		Threshold:      severity.Medium,
 		CustomPatterns: []talismanrc.PatternString{"AKIA*"},
 	}
-	cc := helpers.BuildCC("pre-push", talismanRC, gitrepo.RepoLocatedAt("."))
-	v := DefaultChain(talismanRC, cc)
+	ie := helpers.BuildIgnoreEvaluator("pre-push", talismanRC, gitrepo.RepoLocatedAt("."))
+	v := DefaultChain(talismanRC, ie)
 	assert.Equal(t, 3, len(v.detectors))
 
 	defaultFileNameDetector := filename.DefaultFileNameDetector(talismanRC.Threshold)

detector/detector/detector.go

@@ -6,9 +6,9 @@ import (
 	"talisman/talismanrc"
 )
 
-//Detector represents a single kind of test to be performed against a set of Additions
-//Detectors are expected to honor the ignores that are passed in and log them in the results
-//Detectors are expected to signal any errors to the results
+// Detector represents a single kind of test to be performed against a set of Additions
+// Detectors are expected to honor the ignores that are passed in and log them in the results
+// Detectors are expected to signal any errors to the results
 type Detector interface {
-	Test(comparator helpers.ChecksumCompare, currentAdditions []gitrepo.Addition, ignoreConfig *talismanrc.TalismanRC, result *helpers.DetectionResults, additionCompletionCallback func())
+	Test(comparator helpers.IgnoreEvaluator, currentAdditions []gitrepo.Addition, ignoreConfig *talismanrc.TalismanRC, result *helpers.DetectionResults, additionCompletionCallback func())
 }

detector/filecontent/base64_aggressive_detector_test.go

@@ -13,7 +13,6 @@ import (
 var _blankTalismanRC = &talismanrc.TalismanRC{}
 var dummyCompletionCallbackFunc = func() {}
 var aggressiveModeFileContentDetector = NewFileContentDetector(_blankTalismanRC).AggressiveMode()
-var defaultCompareChecker = *helpers.BuildCC("default", _blankTalismanRC, gitrepo.RepoLocatedAt("."))
 
 func TestShouldFlagPotentialAWSAccessKeysInAggressiveMode(t *testing.T) {
 	const awsAccessKeyIDExample string = "AKIAIOSFODNN7EXAMPLE\n"
@@ -23,7 +22,7 @@ func TestShouldFlagPotentialAWSAccessKeysInAggressiveMode(t *testing.T) {
 
 	aggressiveModeFileContentDetector.
 		Test(
-			defaultCompareChecker,
+			defaultIgnoreEvaluator,
 			additions,
 			_blankTalismanRC,
 			results,
@@ -40,7 +39,7 @@ func TestShouldFlagPotentialAWSAccessKeysAtPropertyDefinitionInAggressiveMode(t
 
 	aggressiveModeFileContentDetector.
 		Test(
-			defaultCompareChecker,
+			defaultIgnoreEvaluator,
 			additions,
 			_blankTalismanRC,
 			results,
@@ -62,7 +61,7 @@ func TestShouldNotFlagPotentialSecretsWithinSafeJavaCodeEvenInAggressiveMode(t *
 
 	aggressiveModeFileContentDetector.
 		Test(
-			defaultCompareChecker,
+			defaultIgnoreEvaluator,
 			additions,
 			_blankTalismanRC,
 			results,

detector/filecontent/filecontent_detector.go

@@ -76,7 +76,7 @@ type content struct {
 	severity    severity.Severity
 }
 
-func (fc *FileContentDetector) Test(comparator helpers.ChecksumCompare, currentAdditions []gitrepo.Addition, talismanRC *talismanrc.TalismanRC, result *helpers.DetectionResults, additionCompletionCallback func()) {
+func (fc *FileContentDetector) Test(comparator helpers.IgnoreEvaluator, currentAdditions []gitrepo.Addition, talismanRC *talismanrc.TalismanRC, result *helpers.DetectionResults, additionCompletionCallback func()) {
 	contentTypes := []struct {
 		contentType
 		fn

detector/filecontent/filecontent_detector_test.go

@@ -14,7 +14,7 @@ import (
 )
 
 var emptyTalismanRC = &talismanrc.TalismanRC{IgnoreConfigs: []talismanrc.IgnoreConfig{}}
-var defaultChecksumCompareUtility = *helpers.BuildCC("default", emptyTalismanRC, gitrepo.RepoLocatedAt("."))
+var defaultIgnoreEvaluator = *helpers.BuildIgnoreEvaluator("default", emptyTalismanRC, gitrepo.RepoLocatedAt("."))
 var dummyCallback = func() {}
 var filename = "filename"
 
@@ -23,7 +23,7 @@ func TestShouldNotFlagSafeText(t *testing.T) {
 	additions := []gitrepo.Addition{gitrepo.NewAddition(filename, []byte("prettySafe"))}
 
 	NewFileContentDetector(emptyTalismanRC).
-		Test(defaultChecksumCompareUtility, additions, emptyTalismanRC, results, dummyCallback)
+		Test(defaultIgnoreEvaluator, additions, emptyTalismanRC, results, dummyCallback)
 	assert.False(t, results.HasFailures(), "Expected file to not contain base64 encoded texts.")
 }
 
@@ -35,10 +35,9 @@ func TestShouldIgnoreFileIfNeeded(t *testing.T) {
 			&talismanrc.FileIgnoreConfig{FileName: filename},
 		},
 	}
-	checksumCompare := defaultChecksumCompareUtility
 
 	NewFileContentDetector(talismanRCIWithFilenameIgnore).
-		Test(checksumCompare, additions, talismanRCIWithFilenameIgnore, results, dummyCallback)
+		Test(defaultIgnoreEvaluator, additions, talismanRCIWithFilenameIgnore, results, dummyCallback)
 
 	assert.True(t, results.Successful(), "Expected file %s to be ignored by pattern", filename)
 }
@@ -52,7 +51,7 @@ func TestShouldNotFlag4CharSafeText(t *testing.T) {
 	additions := []gitrepo.Addition{gitrepo.NewAddition(filename, []byte("abcd"))}
 
 	NewFileContentDetector(emptyTalismanRC).
-		Test(defaultChecksumCompareUtility, additions, emptyTalismanRC, results, dummyCallback)
+		Test(defaultIgnoreEvaluator, additions, emptyTalismanRC, results, dummyCallback)
 	assert.False(t, results.HasFailures(), "Expected file to not contain base64 encoded texts.")
 }
 
@@ -63,7 +62,7 @@ func TestShouldNotFlagLowEntropyBase64Text(t *testing.T) {
 	additions := []gitrepo.Addition{gitrepo.NewAddition(filename, content)}
 
 	NewFileContentDetector(emptyTalismanRC).
-		Test(defaultChecksumCompareUtility, additions, emptyTalismanRC, results, dummyCallback)
+		Test(defaultIgnoreEvaluator, additions, emptyTalismanRC, results, dummyCallback)
 	assert.False(t, results.HasFailures(), "Expected file to not contain base64 encoded texts.")
 }
 
@@ -74,7 +73,7 @@ func TestShouldFlagPotentialAWSSecretKeys(t *testing.T) {
 	filePath := additions[0].Path
 
 	NewFileContentDetector(emptyTalismanRC).
-		Test(defaultChecksumCompareUtility, additions, emptyTalismanRC, results, dummyCallback)
+		Test(defaultIgnoreEvaluator, additions, emptyTalismanRC, results, dummyCallback)
 
 	expectedMessage := fmt.
 		Sprintf("Expected file to not contain base64 encoded texts such as: %s", awsSecretAccessKey)
@@ -90,7 +89,7 @@ func TestShouldFlagPotentialSecretWithoutTrimmingWhenLengthLessThan50Characters(
 	filePath := additions[0].Path
 
 	NewFileContentDetector(emptyTalismanRC).
-		Test(defaultChecksumCompareUtility, additions, emptyTalismanRC, results, dummyCallback)
+		Test(defaultIgnoreEvaluator, additions, emptyTalismanRC, results, dummyCallback)
 
 	expectedMessage := fmt.Sprintf("Expected file to not contain base64 encoded texts such as: %s", secret)
 	assert.True(t, results.HasFailures(), "Expected file to not contain base64 encoded texts.")
@@ -107,7 +106,7 @@ func TestShouldFlagPotentialJWT(t *testing.T) {
 	filePath := additions[0].Path
 
 	NewFileContentDetector(emptyTalismanRC).
-		Test(defaultChecksumCompareUtility, additions, emptyTalismanRC, results, dummyCallback)
+		Test(defaultIgnoreEvaluator, additions, emptyTalismanRC, results, dummyCallback)
 
 	expectedMessage := fmt.
 		Sprintf("Expected file to not contain base64 encoded texts such as: %s", jwt[:47]+"...")
@@ -130,7 +129,7 @@ func TestShouldFlagPotentialSecretsWithinJavaCode(t *testing.T) {
 	filePath := additions[0].Path
 
 	NewFileContentDetector(emptyTalismanRC).
-		Test(defaultChecksumCompareUtility, additions, emptyTalismanRC, results, dummyCallback)
+		Test(defaultIgnoreEvaluator, additions, emptyTalismanRC, results, dummyCallback)
 	expectedMessage := "Expected file to not contain base64 encoded texts such as: " +
 		"accessKey=\"wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPL..."
 	assert.True(t, results.HasFailures(), "Expected file to not contain base64 encoded texts.")
@@ -149,7 +148,7 @@ func TestShouldNotFlagPotentialSecretsWithinSafeJavaCode(t *testing.T) {
 	additions := []gitrepo.Addition{gitrepo.NewAddition(filename, []byte(safeJavaCode))}
 
 	NewFileContentDetector(emptyTalismanRC).
-		Test(defaultChecksumCompareUtility, additions, emptyTalismanRC, results, dummyCallback)
+		Test(defaultIgnoreEvaluator, additions, emptyTalismanRC, results, dummyCallback)
 	assert.False(t, results.HasFailures(), "Expected file to not contain base64 encoded texts.")
 }
 
@@ -159,7 +158,7 @@ func TestShouldNotFlagPotentialSecretsWithinSafeLongMethodName(t *testing.T) {
 	additions := []gitrepo.Addition{gitrepo.NewAddition(filename, []byte(safeLongMethodName))}
 
 	NewFileContentDetector(emptyTalismanRC).
-		Test(defaultChecksumCompareUtility, additions, emptyTalismanRC, results, dummyCallback)
+		Test(defaultIgnoreEvaluator, additions, emptyTalismanRC, results, dummyCallback)
 	assert.False(t, results.HasFailures(), "Expected file to not contain base64 encoded texts.")
 }
 
@@ -170,7 +169,7 @@ func TestShouldFlagPotentialSecretsEncodedInHex(t *testing.T) {
 	filePath := additions[0].Path
 
 	NewFileContentDetector(emptyTalismanRC).
-		Test(defaultChecksumCompareUtility, additions, emptyTalismanRC, results, dummyCallback)
+		Test(defaultIgnoreEvaluator, additions, emptyTalismanRC, results, dummyCallback)
 	expectedMessage := "Expected file to not contain hex encoded texts such as: " + hex
 	assert.Equal(t, expectedMessage, getFailureMessages(results, filePath)[0])
 	assert.Len(t, results.Results, 1)
@@ -181,10 +180,10 @@ func TestShouldNotFlagPotentialCreditCardNumberIfAboveThreshold(t *testing.T) {
 	results := helpers.NewDetectionResults(talismanrc.HookMode)
 	additions := []gitrepo.Addition{gitrepo.NewAddition(filename, []byte(creditCardNumber))}
 	talismanRCWithThreshold := &talismanrc.TalismanRC{Threshold: severity.High}
-	checksumCompareWithThreshold := *helpers.BuildCC("default", talismanRCWithThreshold, gitrepo.RepoLocatedAt("."))
+	ignoreEvaluatorWithThreshold := *helpers.BuildIgnoreEvaluator("default", talismanRCWithThreshold, gitrepo.RepoLocatedAt("."))
 
 	NewFileContentDetector(emptyTalismanRC).
-		Test(checksumCompareWithThreshold, additions, talismanRCWithThreshold, results, dummyCallback)
+		Test(ignoreEvaluatorWithThreshold, additions, talismanRCWithThreshold, results, dummyCallback)
 
 	assert.False(t, results.HasFailures(), "Expected no base64 detection when threshold is higher")
 }
@@ -197,7 +196,7 @@ func TestShouldNotFlagPotentialSecretsIfIgnored(t *testing.T) {
 	additions := []gitrepo.Addition{gitrepo.NewAddition(filename, []byte(hex))}
 
 	NewFileContentDetector(emptyTalismanRC).
-		Test(defaultChecksumCompareUtility, additions, talismanRCWithIgnores, results, dummyCallback)
+		Test(defaultIgnoreEvaluator, additions, talismanRCWithIgnores, results, dummyCallback)
 
 	assert.False(t, results.HasFailures(), "Expected file ignore allowed pattern for hex text")
 }
@@ -215,7 +214,7 @@ func TestResultsShouldNotFlagCreditCardNumberIfSpecifiedInFileIgnores(t *testing
 	additions := []gitrepo.Addition{gitrepo.NewAddition(filename, []byte(creditCardNumber))}
 
 	NewFileContentDetector(emptyTalismanRC).
-		Test(defaultChecksumCompareUtility, additions, talismanRCWithFileIgnore, results, dummyCallback)
+		Test(defaultIgnoreEvaluator, additions, talismanRCWithFileIgnore, results, dummyCallback)
 
 	assert.False(t, results.HasFailures(), "Expected the creditcard number to be ignored based on talisman RC")
 
@@ -230,7 +229,7 @@ func TestResultsShouldContainHexTextsIfHexAndBase64ExistInFile(t *testing.T) {
 	filePath := additions[0].Path
 
 	NewFileContentDetector(emptyTalismanRC).
-		Test(defaultChecksumCompareUtility, additions, emptyTalismanRC, results, dummyCallback)
+		Test(defaultIgnoreEvaluator, additions, emptyTalismanRC, results, dummyCallback)
 	expectedMessage := "Expected file to not contain hex encoded texts such as: " + hex
 	messageReceived := strings.Join(getFailureMessages(results, filePath), " ")
 	assert.Regexp(t, expectedMessage, messageReceived, "Should contain hex detection message")
@@ -246,7 +245,7 @@ func TestResultsShouldContainBase64TextsIfHexAndBase64ExistInFile(t *testing.T)
 	filePath := additions[0].Path
 
 	NewFileContentDetector(emptyTalismanRC).
-		Test(defaultChecksumCompareUtility, additions, emptyTalismanRC, results, dummyCallback)
+		Test(defaultIgnoreEvaluator, additions, emptyTalismanRC, results, dummyCallback)
 
 	expectedMessage := "Expected file to not contain base64 encoded texts such as: " + base64
 	messageReceived := strings.Join(getFailureMessages(results, filePath), " ")
@@ -261,7 +260,7 @@ func TestResultsShouldContainCreditCardNumberIfCreditCardNumberExistInFile(t *te
 	filePath := additions[0].Path
 
 	NewFileContentDetector(emptyTalismanRC).
-		Test(defaultChecksumCompareUtility, additions, emptyTalismanRC, results, dummyCallback)
+		Test(defaultIgnoreEvaluator, additions, emptyTalismanRC, results, dummyCallback)
 
 	expectedMessage := "Expected file to not contain credit card numbers such as: " + creditCardNumber
 	assert.Equal(t, expectedMessage, getFailureMessages(results, filePath)[0])

detector/filename/filename_detector.go

@@ -83,7 +83,7 @@ func NewFileNameDetector(patternsWithSeverity []*severity.PatternSeverity, thres
 }
 
 // Test tests the fileNames of the Additions to ensure that they don't look suspicious
-func (fd FileNameDetector) Test(comparator helpers.ChecksumCompare, currentAdditions []gitrepo.Addition, ignoreConfig *talismanrc.TalismanRC, result *helpers.DetectionResults, additionCompletionCallback func()) {
+func (fd FileNameDetector) Test(comparator helpers.IgnoreEvaluator, currentAdditions []gitrepo.Addition, ignoreConfig *talismanrc.TalismanRC, result *helpers.DetectionResults, additionCompletionCallback func()) {
 	for _, addition := range currentAdditions {
 		if comparator.ShouldIgnore(addition, "filename") {
 			log.WithFields(log.Fields{