talisman icon indicating copy to clipboard operation
talisman copied to clipboard

Published 20 hours ago verified publisher icon thoughtworks

Ignore files protected by git-crypt (or similar)

Open cv opened this issue 8 years ago • 7 comments

On our project, we are using git-crypt to safely store privileged material. Talisman is giving off false positives in that case, rendering it almost useless (as an exclusion list has to be kept and maintained manually, which could make things even less safe due to confusion).

cv avatar Mar 02 '16 19:03 cv

@svishwanath-tw thoughts on this card?

harinee avatar Jan 28 '20 13:01 harinee

@harinee : I can think of 2 options,

  1. talisman could scan .gitattributes file to exclude all entrires/patterns that have the attribute filter=git-crypt or diff=git-crypt
  2. Users could specify a set of file-ignores in talismanrc (using checksum calculator), this would prevent the need for talisman having to know about git-crypt explicitly. (no git-crypt specific code in talisman)

svishwanath-tw avatar Jan 28 '20 16:01 svishwanath-tw

  1. I have manually added new file by name (.talismanrc) into root directory of my project.

  2. Copied the output of the command (talisman --checksum="*.go")

  3. And the ran the talisman scan by using the command(talisman --scanWithHtml)

Still it is scanning all the go files.

Seeking help from you.

On Tue, Jan 28, 2020, 9:56 PM Suhas Vishwanath [email protected] wrote:

@harinee https://github.com/harinee : I can think of 2 options,

  1. talisman could scan .gitattributes file to exclude all entrires/patterns that have the attribute filter=git-crypt or diff=git-crypt

  2. Users could specify a set of file-ignores in talismanrc (using checksum calculator), this would prevent the need for talisman having to know about git-crypt explicitly. (no git-crypt specific code in talisman)

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/thoughtworks/talisman/issues/5?email_source=notifications&email_token=ACJYVZFFLPCKRQDZMB23GITRABMB5A5CNFSM4B47CG6KYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEKD7DIA#issuecomment-579334560, or unsubscribe https://github.com/notifications/unsubscribe-auth/ACJYVZFRJCBJVMJEHWRBHXDRABMB5ANCNFSM4B47CG6A .

sanjeevakuamr avatar Feb 18 '20 09:02 sanjeevakuamr

@sanjeevakuamr Talisman --scanWithHtml does not obey talismanrc file today. This is captured in #133. You could upvote there if you wish to. Talismanrc is followed by the pre-commit/pre-push hook alone.

harinee avatar Apr 03 '20 21:04 harinee

@cv @vhasus Can adding custom regex rules handle the git-crypt related issue now? #183

harinee avatar Apr 03 '20 21:04 harinee

Yeah, that would work for my case! Thanks for adding it :)

cv avatar Apr 03 '20 22:04 cv

Oh no, I just realised it won't help, @cv . The custom rules adds regexes to make the rules stricter to catch and fail upon, not to ignore. Sorry for adding confusion. Re-opening.

cc @svishwanath-tw

harinee avatar Apr 04 '20 05:04 harinee