Remove concept of 'Mode' from TalismanRC

tw-owen-nelson · tw-owen-nelson · commit d97da76ad3eb · 2025-03-20T16:19:14.000-05:00
TalismanRC represents the version-controlled configurations talisman
should consider when running. It is not responsible for distinguishing
between different ways talisman can be invoked.

Authored-by: Owen Nelson &lt;owen.nelson@thoughtworks.com&gt;
diff --git a/cmd/runner.go b/cmd/runner.go
@@ -22,7 +22,7 @@ type runner struct {
 func NewRunner(additions []gitrepo.Addition, mode string) *runner {
 	return &runner{
 		additions: additions,
-		results:   helpers.NewDetectionResults(talismanrc.HookMode),
+		results:   helpers.NewDetectionResults(),
 		mode:      mode,
 	}
 }
diff --git a/cmd/scanner_cmd.go b/cmd/scanner_cmd.go
@@ -62,7 +62,7 @@ func NewScannerCmd(ignoreHistory bool, tRC *talismanrc.TalismanRC, reportDirecto
 	}
 	return &ScannerCmd{
 		additions:       additions,
-		results:         helpers.NewDetectionResults(talismanrc.ScanMode),
+		results:         helpers.NewDetectionResults(),
 		reportDirectory: reportDirectory,
 		ignoreEvaluator: ignoreEvaluator,
 		tRC:             tRC,
diff --git a/detector/chain_test.go b/detector/chain_test.go
@@ -33,7 +33,7 @@ func (p PassingDetection) Test(comparator helpers.IgnoreEvaluator, currentAdditi
 func TestEmptyValidationChainPassesAllValidations(t *testing.T) {
 	ie := helpers.BuildIgnoreEvaluator("pre-push", nil, gitrepo.RepoLocatedAt("."))
 	v := NewChain(ie)
-	results := helpers.NewDetectionResults(talismanrc.HookMode)
+	results := helpers.NewDetectionResults()
 	v.Test(nil, &talismanrc.TalismanRC{}, results)
 	assert.False(t, results.HasFailures(), "Empty validation chain is expected to always pass")
 }
@@ -43,7 +43,7 @@ func TestValidationChainWithFailingValidationAlwaysFails(t *testing.T) {
 	v := NewChain(ie)
 	v.AddDetector(PassingDetection{})
 	v.AddDetector(FailingDetection{})
-	results := helpers.NewDetectionResults(talismanrc.HookMode)
+	results := helpers.NewDetectionResults()
 	v.Test(nil, &talismanrc.TalismanRC{}, results)
 
 	assert.False(t, results.Successful(), "Expected validation chain with a failure to fail.")
diff --git a/detector/filecontent/base64_aggressive_detector_test.go b/detector/filecontent/base64_aggressive_detector_test.go
@@ -16,7 +16,7 @@ var aggressiveModeFileContentDetector = NewFileContentDetector(_blankTalismanRC)
 
 func TestShouldFlagPotentialAWSAccessKeysInAggressiveMode(t *testing.T) {
 	const awsAccessKeyIDExample string = "AKIAIOSFODNN7EXAMPLE\n"
-	results := helpers.NewDetectionResults(talismanrc.HookMode)
+	results := helpers.NewDetectionResults()
 	filename := "filename"
 	additions := []gitrepo.Addition{gitrepo.NewAddition(filename, []byte(awsAccessKeyIDExample))}
 
@@ -33,7 +33,7 @@ func TestShouldFlagPotentialAWSAccessKeysInAggressiveMode(t *testing.T) {
 
 func TestShouldFlagPotentialAWSAccessKeysAtPropertyDefinitionInAggressiveMode(t *testing.T) {
 	const awsAccessKeyIDExample string = "accessKey=AKIAIOSFODNN7EXAMPLE"
-	results := helpers.NewDetectionResults(talismanrc.HookMode)
+	results := helpers.NewDetectionResults()
 	filename := "filename"
 	additions := []gitrepo.Addition{gitrepo.NewAddition(filename, []byte(awsAccessKeyIDExample))}
 
@@ -55,7 +55,7 @@ func TestShouldNotFlagPotentialSecretsWithinSafeJavaCodeEvenInAggressiveMode(t *
 		"		System.out.println(\"Hello, World\");\r\n    " +
 		"	}\r\n\r\n" +
 		"}"
-	results := helpers.NewDetectionResults(talismanrc.HookMode)
+	results := helpers.NewDetectionResults()
 	filename := "filename"
 	additions := []gitrepo.Addition{gitrepo.NewAddition(filename, []byte(awsAccessKeyIDExample))}
 
diff --git a/detector/filecontent/filecontent_detector_test.go b/detector/filecontent/filecontent_detector_test.go
@@ -19,7 +19,7 @@ var dummyCallback = func() {}
 var filename = "filename"
 
 func TestShouldNotFlagSafeText(t *testing.T) {
-	results := helpers.NewDetectionResults(talismanrc.HookMode)
+	results := helpers.NewDetectionResults()
 	additions := []gitrepo.Addition{gitrepo.NewAddition(filename, []byte("prettySafe"))}
 
 	NewFileContentDetector(emptyTalismanRC).
@@ -28,7 +28,7 @@ func TestShouldNotFlagSafeText(t *testing.T) {
 }
 
 func TestShouldIgnoreFileIfNeeded(t *testing.T) {
-	results := helpers.NewDetectionResults(talismanrc.HookMode)
+	results := helpers.NewDetectionResults()
 	additions := []gitrepo.Addition{gitrepo.NewAddition(filename, []byte("prettySafe"))}
 	talismanRCIWithFilenameIgnore := &talismanrc.TalismanRC{
 		IgnoreConfigs: []talismanrc.IgnoreConfig{
@@ -47,7 +47,7 @@ func TestShouldNotFlag4CharSafeText(t *testing.T) {
 		input is actually a b64 encoded value. In other words, abcd will match, but it is not necessarily represent
 		 the encoded value of i· rather just a plain abcd input see
 	stackoverflow.com/questions/8571501/how-to-check-whether-the-string-is-base64-encoded-or-not#comment23919648_8571649*/
-	results := helpers.NewDetectionResults(talismanrc.HookMode)
+	results := helpers.NewDetectionResults()
 	additions := []gitrepo.Addition{gitrepo.NewAddition(filename, []byte("abcd"))}
 
 	NewFileContentDetector(emptyTalismanRC).
@@ -57,7 +57,7 @@ func TestShouldNotFlag4CharSafeText(t *testing.T) {
 
 func TestShouldNotFlagLowEntropyBase64Text(t *testing.T) {
 	const lowEntropyString string = "YWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWEK"
-	results := helpers.NewDetectionResults(talismanrc.HookMode)
+	results := helpers.NewDetectionResults()
 	content := []byte(lowEntropyString)
 	additions := []gitrepo.Addition{gitrepo.NewAddition(filename, content)}
 
@@ -68,7 +68,7 @@ func TestShouldNotFlagLowEntropyBase64Text(t *testing.T) {
 
 func TestShouldFlagPotentialAWSSecretKeys(t *testing.T) {
 	const awsSecretAccessKey string = "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY"
-	results := helpers.NewDetectionResults(talismanrc.HookMode)
+	results := helpers.NewDetectionResults()
 	additions := []gitrepo.Addition{gitrepo.NewAddition(filename, []byte(awsSecretAccessKey))}
 	filePath := additions[0].Path
 
@@ -84,7 +84,7 @@ func TestShouldFlagPotentialAWSSecretKeys(t *testing.T) {
 
 func TestShouldFlagPotentialSecretWithoutTrimmingWhenLengthLessThan50Characters(t *testing.T) {
 	const secret string = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9asdfa"
-	results := helpers.NewDetectionResults(talismanrc.HookMode)
+	results := helpers.NewDetectionResults()
 	additions := []gitrepo.Addition{gitrepo.NewAddition(filename, []byte(secret))}
 	filePath := additions[0].Path
 
@@ -100,7 +100,7 @@ func TestShouldFlagPotentialSecretWithoutTrimmingWhenLengthLessThan50Characters(
 func TestShouldFlagPotentialJWT(t *testing.T) {
 	const jwt string = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJzY290Y2guaW8iLCJleHAiOjEzMDA4MTkzODAsIm5hbWUi" +
 		"OiJDaHJpcyBTZXZpbGxlamEiLCJhZG1pbiI6dHJ1ZX0.03f329983b86f7d9a9f5fef85305880101d5e302afafa20154d094b229f757"
-	results := helpers.NewDetectionResults(talismanrc.HookMode)
+	results := helpers.NewDetectionResults()
 	content := []byte(jwt)
 	additions := []gitrepo.Addition{gitrepo.NewAddition(filename, content)}
 	filePath := additions[0].Path
@@ -123,7 +123,7 @@ func TestShouldFlagPotentialSecretsWithinJavaCode(t *testing.T) {
 		"		System.out.println(\"Hello, World\");\r\n    " +
 		"		}\r\n\r\n" +
 		"}"
-	results := helpers.NewDetectionResults(talismanrc.HookMode)
+	results := helpers.NewDetectionResults()
 	content := []byte(dangerousJavaCode)
 	additions := []gitrepo.Addition{gitrepo.NewAddition(filename, content)}
 	filePath := additions[0].Path
@@ -144,7 +144,7 @@ func TestShouldNotFlagPotentialSecretsWithinSafeJavaCode(t *testing.T) {
 		"   	System.out.println(\"Hello, World\");\r\n    " +
 		"	}\r\n\r\n" +
 		"}"
-	results := helpers.NewDetectionResults(talismanrc.HookMode)
+	results := helpers.NewDetectionResults()
 	additions := []gitrepo.Addition{gitrepo.NewAddition(filename, []byte(safeJavaCode))}
 
 	NewFileContentDetector(emptyTalismanRC).
@@ -154,7 +154,7 @@ func TestShouldNotFlagPotentialSecretsWithinSafeJavaCode(t *testing.T) {
 
 func TestShouldNotFlagPotentialSecretsWithinSafeLongMethodName(t *testing.T) {
 	safeLongMethodName := "TestBase64DetectorShouldNotDetectLongMethodNamesEvenWithRidiculousHighEntropyWordsMightExist"
-	results := helpers.NewDetectionResults(talismanrc.HookMode)
+	results := helpers.NewDetectionResults()
 	additions := []gitrepo.Addition{gitrepo.NewAddition(filename, []byte(safeLongMethodName))}
 
 	NewFileContentDetector(emptyTalismanRC).
@@ -164,7 +164,7 @@ func TestShouldNotFlagPotentialSecretsWithinSafeLongMethodName(t *testing.T) {
 
 func TestShouldFlagPotentialSecretsEncodedInHex(t *testing.T) {
 	const hex string = "68656C6C6F20776F726C6421"
-	results := helpers.NewDetectionResults(talismanrc.HookMode)
+	results := helpers.NewDetectionResults()
 	additions := []gitrepo.Addition{gitrepo.NewAddition(filename, []byte(hex))}
 	filePath := additions[0].Path
 
@@ -177,7 +177,7 @@ func TestShouldFlagPotentialSecretsEncodedInHex(t *testing.T) {
 
 func TestShouldNotFlagPotentialCreditCardNumberIfAboveThreshold(t *testing.T) {
 	const creditCardNumber string = "340000000000009"
-	results := helpers.NewDetectionResults(talismanrc.HookMode)
+	results := helpers.NewDetectionResults()
 	additions := []gitrepo.Addition{gitrepo.NewAddition(filename, []byte(creditCardNumber))}
 	talismanRCWithThreshold := &talismanrc.TalismanRC{Threshold: severity.High}
 	ignoreEvaluatorWithThreshold := helpers.BuildIgnoreEvaluator("default", talismanRCWithThreshold, gitrepo.RepoLocatedAt("."))
@@ -192,7 +192,7 @@ func TestShouldNotFlagPotentialSecretsIfIgnored(t *testing.T) {
 	const hex string = "68656C6C6F20776F726C6421"
 	talismanRCWithIgnores := &talismanrc.TalismanRC{
 		AllowedPatterns: []*regexp.Regexp{regexp.MustCompile("[0-9a-fA-F]*")}}
-	results := helpers.NewDetectionResults(talismanrc.HookMode)
+	results := helpers.NewDetectionResults()
 	additions := []gitrepo.Addition{gitrepo.NewAddition(filename, []byte(hex))}
 
 	NewFileContentDetector(emptyTalismanRC).
@@ -203,7 +203,7 @@ func TestShouldNotFlagPotentialSecretsIfIgnored(t *testing.T) {
 
 func TestResultsShouldNotFlagCreditCardNumberIfSpecifiedInFileIgnores(t *testing.T) {
 	const creditCardNumber string = "340000000000009"
-	results := helpers.NewDetectionResults(talismanrc.HookMode)
+	results := helpers.NewDetectionResults()
 	fileIgnoreConfig := &talismanrc.FileIgnoreConfig{
 		FileName: filename, Checksum: "",
 		AllowedPatterns: []string{creditCardNumber},
@@ -224,7 +224,7 @@ func TestResultsShouldContainHexTextsIfHexAndBase64ExistInFile(t *testing.T) {
 	const hex string = "68656C6C6F20776F726C6421"
 	const base64 string = "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY"
 	const hexAndBase64 = hex + "\n" + base64
-	results := helpers.NewDetectionResults(talismanrc.HookMode)
+	results := helpers.NewDetectionResults()
 	additions := []gitrepo.Addition{gitrepo.NewAddition(filename, []byte(hexAndBase64))}
 	filePath := additions[0].Path
 
@@ -240,7 +240,7 @@ func TestResultsShouldContainBase64TextsIfHexAndBase64ExistInFile(t *testing.T)
 	const hex string = "68656C6C6F20776F726C6421"
 	const base64 string = "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY"
 	const hexAndBase64 = hex + "\n" + base64
-	results := helpers.NewDetectionResults(talismanrc.HookMode)
+	results := helpers.NewDetectionResults()
 	additions := []gitrepo.Addition{gitrepo.NewAddition(filename, []byte(hexAndBase64))}
 	filePath := additions[0].Path
 
@@ -255,7 +255,7 @@ func TestResultsShouldContainBase64TextsIfHexAndBase64ExistInFile(t *testing.T)
 
 func TestResultsShouldContainCreditCardNumberIfCreditCardNumberExistInFile(t *testing.T) {
 	const creditCardNumber string = "340000000000009"
-	results := helpers.NewDetectionResults(talismanrc.HookMode)
+	results := helpers.NewDetectionResults()
 	additions := []gitrepo.Addition{gitrepo.NewAddition(filename, []byte(creditCardNumber))}
 	filePath := additions[0].Path
 
diff --git a/detector/filename/filename_detector_test.go b/detector/filename/filename_detector_test.go
@@ -144,7 +144,7 @@ func TestShouldIgnoreFilesWhenAskedToDoSoByIgnores(t *testing.T) {
 }
 
 func TestShouldIgnoreIfErrorIsBelowThreshold(t *testing.T) {
-	results := helpers.NewDetectionResults(talismanrc.HookMode)
+	results := helpers.NewDetectionResults()
 	fileName := ".bash_aliases"
 
 	DefaultFileNameDetector(severity.High).
@@ -168,7 +168,7 @@ func shouldIgnoreFilesWhichWouldOtherwiseTriggerErrors(
 }
 
 func shouldNotFailWithDefaultDetectorAndIgnores(fileName, ignore string, threshold severity.Severity, t *testing.T) {
-	results := helpers.NewDetectionResults(talismanrc.HookMode)
+	results := helpers.NewDetectionResults()
 	fileIgnoreConfig := &talismanrc.FileIgnoreConfig{
 		FileName:        ignore,
 		IgnoreDetectors: []string{"filename"},
@@ -185,7 +185,7 @@ func shouldNotFailWithDefaultDetectorAndIgnores(fileName, ignore string, thresho
 }
 
 func shouldFailWithSpecificPattern(fileName, pattern string, threshold severity.Severity, t *testing.T) {
-	results := helpers.NewDetectionResults(talismanrc.HookMode)
+	results := helpers.NewDetectionResults()
 	pt := []*severity.PatternSeverity{{Pattern: regexp.MustCompile(pattern), Severity: severity.Low}}
 
 	NewFileNameDetector(pt, threshold).
@@ -197,7 +197,7 @@ func shouldFailWithSpecificPattern(fileName, pattern string, threshold severity.
 }
 
 func shouldFailWithDefaultDetector(fileName, pattern string, severity severity.Severity, t *testing.T) {
-	results := helpers.NewDetectionResults(talismanrc.HookMode)
+	results := helpers.NewDetectionResults()
 	DefaultFileNameDetector(severity).
 		Test(defaultIgnoreEvaluator, additionsNamed(fileName), talismanRC, results, func() {})
 	assert.True(t,
diff --git a/detector/filesize/filesize_detector_test.go b/detector/filesize/filesize_detector_test.go
@@ -19,15 +19,15 @@ func ignoreEvaluatorWithTalismanRC(tRC *talismanrc.TalismanRC) helpers.IgnoreEva
 }
 
 func TestShouldFlagLargeFiles(t *testing.T) {
-	results := helpers.NewDetectionResults(talismanrc.HookMode)
+	results := helpers.NewDetectionResults()
 	content := []byte("more than one byte")
 	additions := []gitrepo.Addition{gitrepo.NewAddition("filename", content)}
 	NewFileSizeDetector(2).Test(defaultIgnoreEvaluator, additions, talismanRC, results, func() {})
 	assert.True(t, results.HasFailures(), "Expected file to fail the check against file size detector.")
 }
 
 func TestShouldNotFlagLargeFilesIfThresholdIsBelowSeverity(t *testing.T) {
-	results := helpers.NewDetectionResults(talismanrc.HookMode)
+	results := helpers.NewDetectionResults()
 	content := []byte("more than one byte")
 	talismanRCWithThreshold := &talismanrc.TalismanRC{Threshold: severity.High}
 	additions := []gitrepo.Addition{gitrepo.NewAddition("filename", content)}
@@ -37,15 +37,15 @@ func TestShouldNotFlagLargeFilesIfThresholdIsBelowSeverity(t *testing.T) {
 }
 
 func TestShouldNotFlagSmallFiles(t *testing.T) {
-	results := helpers.NewDetectionResults(talismanrc.HookMode)
+	results := helpers.NewDetectionResults()
 	content := []byte("m")
 	additions := []gitrepo.Addition{gitrepo.NewAddition("filename", content)}
 	NewFileSizeDetector(2).Test(defaultIgnoreEvaluator, additions, talismanRC, results, func() {})
 	assert.False(t, results.HasFailures(), "Expected file to not fail the check against file size detector.")
 }
 
 func TestShouldNotFlagIgnoredLargeFiles(t *testing.T) {
-	results := helpers.NewDetectionResults(talismanrc.HookMode)
+	results := helpers.NewDetectionResults()
 	content := []byte("more than one byte")
 
 	filename := "filename"
diff --git a/detector/helpers/detection_results.go b/detector/helpers/detection_results.go
@@ -50,7 +50,6 @@ type ResultsSummary struct {
 // Currently, it keeps track of failures and ignored files.
 // The results are grouped by FilePath for easy reporting of all detected problems with individual files.
 type DetectionResults struct {
-	mode    talismanrc.Mode
 	Summary ResultsSummary   `json:"summary"`
 	Results []ResultsDetails `json:"results"`
 }
@@ -65,15 +64,13 @@ func (r *DetectionResults) getResultDetailsForFilePath(fileName gitrepo.FilePath
 }
 
 // NewDetectionResults is a new DetectionResults struct. It represents the pre-run state of a Detection run.
-func NewDetectionResults(mode talismanrc.Mode) *DetectionResults {
+func NewDetectionResults() *DetectionResults {
 	return &DetectionResults{
-		mode,
 		ResultsSummary{
 			FailureTypes{0, 0, 0, 0, 0},
 		},
 		make([]ResultsDetails, 0),
 	}
-
 }
 
 // Fail is used to mark the supplied FilePath as failing a detection for a supplied reason.
@@ -274,7 +271,7 @@ func (r *DetectionResults) suggestTalismanRC(filePaths []string, promptContext p
 	if promptContext.Interactive && runtime.GOOS != "windows" {
 		confirmedEntries := getUserConfirmation(entriesToAdd, promptContext)
 		talismanrcConfig, _ := talismanrc.ConfigFromFile()
-		talismanrcConfig.AddIgnores(r.mode, confirmedEntries)
+		talismanrcConfig.AddIgnores(confirmedEntries)
 
 		for _, confirmedEntry := range confirmedEntries {
 			resultsDetails := r.getResultDetailsForFilePath(gitrepo.FilePath(confirmedEntry.GetFileName()))
diff --git a/detector/helpers/detection_results_test.go b/detector/helpers/detection_results_test.go
diff --git a/detector/pattern/pattern_detector_test.go b/detector/pattern/pattern_detector_test.go
diff --git a/talismanrc/talismanrc.go b/talismanrc/talismanrc.go
diff --git a/talismanrc/talismanrc_test.go b/talismanrc/talismanrc_test.go

Original file line number	Diff line number	Diff line change
`@@ -22,7 +22,7 @@ type runner struct {`
`22`	`22`	`func NewRunner(additions []gitrepo.Addition, mode string) *runner {`
`23`	`23`	`return &runner{`
`24`	`24`	`additions: additions,`
`25`		`- results: helpers.NewDetectionResults(talismanrc.HookMode),`
	`25`	`+ results: helpers.NewDetectionResults(),`
`26`	`26`	`mode: mode,`
`27`	`27`	`}`
`28`	`28`	`}`
Original file line number	Diff line number	Diff line change
`@@ -62,7 +62,7 @@ func NewScannerCmd(ignoreHistory bool, tRC *talismanrc.TalismanRC, reportDirecto`
`62`	`62`	`}`
`63`	`63`	`return &ScannerCmd{`
`64`	`64`	`additions: additions,`
`65`		`- results: helpers.NewDetectionResults(talismanrc.ScanMode),`
	`65`	`+ results: helpers.NewDetectionResults(),`
`66`	`66`	`reportDirectory: reportDirectory,`
`67`	`67`	`ignoreEvaluator: ignoreEvaluator,`
`68`	`68`	`tRC: tRC,`