Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Even after adding the checksum talisman is still throwing error which is so annoying #463

Open
mai1x9 opened this issue Oct 5, 2024 · 9 comments

Comments

@mai1x9
Copy link

mai1x9 commented Oct 5, 2024

Describe the bug

  • Talisman showed to add the checksum
fileignoreconfig:
- filename: .env
  checksum: 908d465d343b767253e77c80d7f12c592aa7fdab854b0d1f6a0b6999c5528321
version: ""
  • Rerun the tailsman, it shows the same erorr and same checksum. This is so frustrating. Even if checksum is not changed why the hell it is showing the error report again and again. The entire pre commit is failing because of this non sense issue.

To Reproduce
Steps to reproduce the behavior:

  1. Go to '...'
  2. Click on '....'
  3. Scroll down to '....'
  4. See error

Expected behavior
A clear and concise description of what you expected to happen.

Screenshots
If applicable, add screenshots to help explain your problem.

Desktop (please complete the following information):

  • OS: Ubuntu 20.04
  • Browser [e.g. chrome, safari]
  • Version [e.g. 22]

Smartphone (please complete the following information):

  • Device: [e.g. iPhone6]
  • OS: [e.g. iOS8.1]
  • Browser [e.g. stock browser, safari]
  • Version [e.g. 22]

Additional context
Talisman version: v1.28.0

Git pre-commit-conf.yml

  - repo: https://github.com/thoughtworks/talisman
    rev: "v1.28.0"
    hooks:
      - id: talisman-commit
        entry: cmd --githook pre-commit

@harinee
Copy link
Collaborator

harinee commented Oct 5, 2024

Hi,
So you copied the same filename and checksum to your talismanrc and it still doesn't ignore this?
Could you please also double-check if all the syntax look right in the talismanrc file?
If you can, please share your talismanrc file?

@mai1x9
Copy link
Author

mai1x9 commented Oct 5, 2024

Hi, So you copied the same filename and checksum to your talismanrc and it still doesn't ignore this? Could you please also double-check if all the syntax look right in the talismanrc file? If you can, please share your talismanrc file?

Hi thank you for reply. Right it doesn't ignore. Everytime I run commit, pre hook executes and talisman gives same check sum.

I have added fileignore as shown in issue. I don't know why it ist working. Only when checksum changes it will show the error again. But the checksum is same.....

I tried to add ignore detectors too and ignored the file content for now to bypass this and it worked. I could fix it but no wonder why it didn't work at first place.

@seifrajhi
Copy link

+1
facing the exact same issue

@deepthirera
Copy link
Collaborator

Hi @mai1x9
Could you please give us more details on this?

  1. Is this happening with any file or just with .env file? We tried reproducing the issue but it doesn't happen.
  2. Provide us more details on '...' mentioned in the steps to reproduce.
  3. Share your .talismanrc file if possible.
  4. Is there another .env file(file with the name .env) in any of the subfolders?

@mai1x9
Copy link
Author

mai1x9 commented Oct 11, 2024

Hi @mai1x9 Could you please give us more details on this?

  1. Is this happening with any file or just with .env file? We tried reproducing the issue but it doesn't happen.
  2. Provide us more details on '...' mentioned in the steps to reproduce.
  3. Share your .talismanrc file if possible.
  4. Is there another .env file(file with the name .env) in any of the subfolders?

@deepthirera closing the Issue. I had running out of time and couldn't perform proper RCA.
I could see probably talisman is part of git pre hook and some files are changed due to pritter or auto eslint fixes and I may have forgot to do git add .

@mai1x9 mai1x9 closed this as completed Oct 11, 2024
@mai1x9
Copy link
Author

mai1x9 commented Oct 28, 2024

Hi @mai1x9 Could you please give us more details on this?

  1. Is this happening with any file or just with .env file? We tried reproducing the issue but it doesn't happen.
  2. Provide us more details on '...' mentioned in the steps to reproduce.
  3. Share your .talismanrc file if possible.
  4. Is there another .env file(file with the name .env) in any of the subfolders?

Hi @deepthirera

I think the Issue has occured again. Its occuring with .env as well as package-lock.json files only. Even if they are added in .talismanrc still its showing the error.

The .talismanrc file

fileignoreconfig:
- filename: config/.env
  checksum: 537ca087a26360147e71d80b62b24a044e35ca5411e0ca87bb86043ffba8c148
- filename: package-lock.json
  checksum: 7f195ce0ae38cca4e11270502a5842bbc4e2e74feb16d804a9ffe57cbbab8834
- filename: tools/check_absurd_versions.js
  checksum: 229653fc59a1ab19cab29201f25198bdf5c011b835edf8fa11cc140ed4e6837c
- filename: helpers/cvss.js
  checksum: 4e61d19e32e551784f2ac89aaea76dd4ed2da64a53704af920ae448c6242e705
- filename: config/.env
  checksum: 6ac12a3f0f7451e1f30bcaea3706493beaeb0c5276f0f06e6a4454cd3a2f0db7
- filename: package-lock.json
  checksum: 83d9db6db2714a3f8e975226df0fe7d7f2a5d82cf09ceecc775f83983ed7113a
version: ""

As you can see from below screenshot, the hash values are correct for .env and package-lock.json, still its not working.

image

@harinee I have faced same issue with another repo, I attached screenshot and .talismanrc file. Please have a look.

The git pre-commit hook:

repos:
  - repo: https://github.com/pre-commit/pre-commit-hooks
    rev: v4.4.0
    hooks:
      - id: trailing-whitespace
      - id: end-of-file-fixer
      - id: check-yaml
      - id: check-json

  - repo: local
    hooks:
      - id: prettify-files
        name: Prettify staged files
        entry: .hooks/prettier.sh
        language: script
        stages: [commit]

  - repo: local
    hooks:
      - id: Eslint
        name: eslint check
        entry: .hooks/eslint.sh
        language: script
        stages: [commit]

  - repo: https://github.com/thoughtworks/talisman
    rev: "v1.28.0"
    hooks:
      - id: talisman-commit
        entry: cmd --githook pre-commit

  - repo: https://github.com/codespell-project/codespell
    rev: v2.3.0
    hooks:
      - id: codespell

  # - repo: local
  #   hooks:
  #     - id: codeql
  #       name: codeql check
  #       entry: .hooks/codeql.sh
  #       language: script
  #       stages: [commit]

  # - repo: local
  #   hooks:
  #     - id: owasp_dependency_check
  #       name: dependency check
  #       entry: .hooks/owasp.sh
  #       language: script
  #       stages: [commit]



Bypass talisman

I found the only way to bypass is

- filename: config/.env
  checksum: 6ac12a3f0f7451e1f30bcaea3706493beaeb0c5276f0f06e6a4454cd3a2f0db7
  ignore_detectors: [filecontent, filesize, filename]
- filename: package-lock.json
  checksum: 83d9db6db2714a3f8e975226df0fe7d7f2a5d82cf09ceecc775f83983ed7113a
  ignore_detectors: [filecontent, filesize, filename]

by adding ignore_detectors, but I dont think this isnt the right way to do. ?

@mai1x9 mai1x9 reopened this Oct 28, 2024
@deepthirera
Copy link
Collaborator

Hi @mai1x9,
Thanks for sharing the details of the issue.
Are there multiple .env or package-lock.json files in your project directory? If so, then this might be related to #416

@mai1x9
Copy link
Author

mai1x9 commented Nov 3, 2024

@deepthirera
Yeah you are right. The project has multiple env files, one for dev. test and prod.

Also we use lot of git sub modules, so yeah we may end up woth multiple package locks.

will check your suggestion and try. Thank you

@carterbox
Copy link

fileignoreconfig:
- filename: config/.env
  checksum: 537ca087a26360147e71d80b62b24a044e35ca5411e0ca87bb86043ffba8c148
- filename: package-lock.json
  checksum: 7f195ce0ae38cca4e11270502a5842bbc4e2e74feb16d804a9ffe57cbbab8834
- filename: tools/check_absurd_versions.js
  checksum: 229653fc59a1ab19cab29201f25198bdf5c011b835edf8fa11cc140ed4e6837c
- filename: helpers/cvss.js
  checksum: 4e61d19e32e551784f2ac89aaea76dd4ed2da64a53704af920ae448c6242e705
- filename: config/.env
  checksum: 6ac12a3f0f7451e1f30bcaea3706493beaeb0c5276f0f06e6a4454cd3a2f0db7
- filename: package-lock.json
  checksum: 83d9db6db2714a3f8e975226df0fe7d7f2a5d82cf09ceecc775f83983ed7113a
version: ""

The filenames in the provided config are non-unique. config/.env is listed twice. I would assume that this is not allowed and talisman might be using the first checksum it finds.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

5 participants