github.com/pkumar631/talisman@v0.3.2/detector/filename_detector.go (about) 1 package detector 2 3 import ( 4 "fmt" 5 "regexp" 6 7 log "github.com/Sirupsen/logrus" 8 "github.com/thoughtworks/talisman/git_repo" 9 ) 10 11 //FileNameDetector represents tests performed against the fileName of the Additions. 12 //The Paths of the supplied Additions are tested against the configured patterns and if any of them match, it is logged as a failure during the run 13 type FileNameDetector struct { 14 flagPatterns []*regexp.Regexp 15 } 16 17 //DefaultFileNameDetector returns a FileNameDetector that tests Additions against the pre-configured patterns 18 func DefaultFileNameDetector() Detector { 19 return NewFileNameDetector("^.+_rsa$", 20 "^.+_dsa$", 21 "^.+_ed25519$", 22 "^.+_ecdsa$", 23 "^\\.\\w+_history$", 24 "^.+\\.pem$", 25 "^.+\\.ppk$", 26 "^.+\\.key(pair)?$", 27 "^.+\\.pkcs12$", 28 "^.+\\.pfx$", 29 "^.+\\.p12$", 30 "^.+\\.asc$", 31 "^\\.?htpasswd$", 32 "^\\.?netrc$", 33 "^.*\\.tblk$", 34 "^.*\\.ovpn$", 35 "^.*\\.kdb$", 36 "^.*\\.agilekeychain$", 37 "^.*\\.keychain$", 38 "^.*\\.key(store|ring)$", 39 "^jenkins\\.plugins\\.publish_over_ssh\\.BapSshPublisherPlugin.xml$", 40 "^credentials\\.xml$", 41 "^.*\\.pubxml(\\.user)?$", 42 "^\\.?s3cfg$", 43 "^.*\\.ovpn$", 44 "^\\.gitrobrc$", 45 "^\\.?(bash|zsh)rc$", 46 "^\\.?(bash_|zsh_)?profile$", 47 "^\\.?(bash_|zsh_)?aliases$", 48 "^secret_token.rb$", 49 "^omniauth.rb$", 50 "^carrierwave.rb$", 51 "^schema.rb$", 52 "^database.yml$", 53 "^settings.py$", 54 "^.*(config)(\\.inc)?\\.php$", 55 "^LocalSettings.php$", 56 "\\.?env", 57 "\\bdump|dump\\b", 58 "\\bsql|sql\\b", 59 "\\bdump|dump\\b", 60 "password", 61 "backup", 62 "private.*key", 63 "(oauth).*(token)", 64 "^.*\\.log$", 65 "^\\.?kwallet$", 66 "^\\.?gnucash$") 67 } 68 69 //NewFileNameDetector returns a FileNameDetector that tests Additions against the supplied patterns 70 func NewFileNameDetector(patternStrings ...string) Detector { 71 var patterns = make([]*regexp.Regexp, len(patternStrings)) 72 for i, p := range patternStrings { 73 patterns[i], _ = regexp.Compile(p) 74 } 75 return FileNameDetector{patterns} 76 } 77 78 //Test tests the fileNames of the Additions to ensure that they don't look suspicious 79 func (fd FileNameDetector) Test(additions []git_repo.Addition, ignores Ignores, result *DetectionResults) { 80 for _, addition := range additions { 81 if ignores.Deny(addition) { 82 log.WithFields(log.Fields{ 83 "filePath": addition.Path, 84 }).Info("Ignoring addition as it was specified to be ignored.") 85 result.Ignore(addition.Path, fmt.Sprintf("%s was ignored by .talismanignore", addition.Path)) 86 continue 87 } 88 for _, pattern := range fd.flagPatterns { 89 if pattern.MatchString(string(addition.Name)) { 90 log.WithFields(log.Fields{ 91 "filePath": addition.Path, 92 "pattern": pattern, 93 }).Info("Failing file as it matched pattern.") 94 result.Fail(addition.Path, fmt.Sprintf("The file name %q failed checks against the pattern %s", addition.Path, pattern)) 95 } 96 } 97 } 98 }