Description
Describe the bug
I have tested 'Ignoring specific keywords' feature in fileignoreconfig on a single repository and found that allowed_patterns keywords fails the git push due to availability of those allowed patterns in .talismanrc itself. Talisman should bypass contents of filename list allowed patterns in .talismanrc file in terms of scanning during the git push to fulfil the requirements whenever allowed_patterns are used at the file level only instead of the whole repo level.
I am testing a scenario in a CI/CD pipeline using Jenkinsfile where I am using SonarQube scans. Talisman denies git push as it finds -Dsonar.projectKey=numeric-application as a key suspect, whereas it's just an identifier. Allowing it at the repo level allowed_patterns: ['projectKey=numeric-application'] does do the trick but it also rules out any possibilities of Talisman notifying us about accidental commits in the future with those keys anywhere else within the repo.
To conclude, Talisman should allow git pushes whenever allowed_patterns list in fileignoreconfig is being used to filter patterns only at the file level 'Ignoring specific keywords'.
To Reproduce
Steps to reproduce the behavior:
- Do a single repo installation of Talisman
- Inside the repository directory create any file with
mvn sonar:sonar -Dsonar.projectKey=numeric-application - Add the same contents in
.talismanrcfile as:
fileignoreconfig:
- filename: Jenkinsfile
allowed_patterns: ['-Dsonar.projectKey=numeric-application']
- Commit the code and push to the repository.
Expected behavior
Talisman should allow git pushes whenever allowed_patterns list in fileignoreconfig is being used to filter patterns only at the file level 'Ignoring specific keywords'.
Screenshots
Talisman version:
- v1.31.0