github.com/pkumar631/talisman@v0.3.2/detector/filename_detector.go

github.com/pkumar631/talisman@v0.3.2/detector/filename_detector.go (about)

     1  package detector
     2  
     3  import (
     4  	"fmt"
     5  	"regexp"
     6  
     7  	log "github.com/Sirupsen/logrus"
     8  	"github.com/thoughtworks/talisman/git_repo"
     9  )
    10  
    11  //FileNameDetector represents tests performed against the fileName of the Additions.
    12  //The Paths of the supplied Additions are tested against the configured patterns and if any of them match, it is logged as a failure during the run
    13  type FileNameDetector struct {
    14  	flagPatterns []*regexp.Regexp
    15  }
    16  
    17  //DefaultFileNameDetector returns a FileNameDetector that tests Additions against the pre-configured patterns
    18  func DefaultFileNameDetector() Detector {
    19  	return NewFileNameDetector("^.+_rsa$",
    20  		"^.+_dsa$",
    21  		"^.+_ed25519$",
    22  		"^.+_ecdsa$",
    23  		"^\\.\\w+_history$",
    24  		"^.+\\.pem$",
    25  		"^.+\\.ppk$",
    26  		"^.+\\.key(pair)?$",
    27  		"^.+\\.pkcs12$",
    28  		"^.+\\.pfx$",
    29  		"^.+\\.p12$",
    30  		"^.+\\.asc$",
    31  		"^\\.?htpasswd$",
    32  		"^\\.?netrc$",
    33  		"^.*\\.tblk$",
    34  		"^.*\\.ovpn$",
    35  		"^.*\\.kdb$",
    36  		"^.*\\.agilekeychain$",
    37  		"^.*\\.keychain$",
    38  		"^.*\\.key(store|ring)$",
    39  		"^jenkins\\.plugins\\.publish_over_ssh\\.BapSshPublisherPlugin.xml$",
    40  		"^credentials\\.xml$",
    41  		"^.*\\.pubxml(\\.user)?$",
    42  		"^\\.?s3cfg$",
    43  		"^.*\\.ovpn$",
    44  		"^\\.gitrobrc$",
    45  		"^\\.?(bash|zsh)rc$",
    46  		"^\\.?(bash_|zsh_)?profile$",
    47  		"^\\.?(bash_|zsh_)?aliases$",
    48  		"^secret_token.rb$",
    49  		"^omniauth.rb$",
    50  		"^carrierwave.rb$",
    51  		"^schema.rb$",
    52  		"^database.yml$",
    53  		"^settings.py$",
    54  		"^.*(config)(\\.inc)?\\.php$",
    55  		"^LocalSettings.php$",
    56  		"\\.?env",
    57  		"\\bdump|dump\\b",
    58  		"\\bsql|sql\\b",
    59  		"\\bdump|dump\\b",
    60  		"password",
    61  		"backup",
    62  		"private.*key",
    63  		"(oauth).*(token)",
    64  		"^.*\\.log$",
    65  		"^\\.?kwallet$",
    66  		"^\\.?gnucash$")
    67  }
    68  
    69  //NewFileNameDetector returns a FileNameDetector that tests Additions against the supplied patterns
    70  func NewFileNameDetector(patternStrings ...string) Detector {
    71  	var patterns = make([]*regexp.Regexp, len(patternStrings))
    72  	for i, p := range patternStrings {
    73  		patterns[i], _ = regexp.Compile(p)
    74  	}
    75  	return FileNameDetector{patterns}
    76  }
    77  
    78  //Test tests the fileNames of the Additions to ensure that they don't look suspicious
    79  func (fd FileNameDetector) Test(additions []git_repo.Addition, ignores Ignores, result *DetectionResults) {
    80  	for _, addition := range additions {
    81  		if ignores.Deny(addition) {
    82  			log.WithFields(log.Fields{
    83  				"filePath": addition.Path,
    84  			}).Info("Ignoring addition as it was specified to be ignored.")
    85  			result.Ignore(addition.Path, fmt.Sprintf("%s was ignored by .talismanignore", addition.Path))
    86  			continue
    87  		}
    88  		for _, pattern := range fd.flagPatterns {
    89  			if pattern.MatchString(string(addition.Name)) {
    90  				log.WithFields(log.Fields{
    91  					"filePath": addition.Path,
    92  					"pattern":  pattern,
    93  				}).Info("Failing file as it matched pattern.")
    94  				result.Fail(addition.Path, fmt.Sprintf("The file name %q failed checks against the pattern %s", addition.Path, pattern))
    95  			}
    96  		}
    97  	}
    98  }