Talisman fails silently if parts of the .talismanrc are not valid yaml #454
Description
Describe the bug
.talismanrc is supposed to be a yaml file. However, the filename does not end in .yaml, certain editors may not detect it and use yaml settings, and additionally, yaml linters will not detect it by default to find errors.
This can lead to silent failures - for example if a tab is added to one of the lines. Further lines in the file (such as custom_patterns) could be ignored, leading to password leakage.
To Reproduce
Steps to reproduce the behavior:
- Create a new git repository and add a test file
- Add a custom pattern to .talismanrc:
custom_patterns:
- 'pwd_[a-z]{8,20}'
- Add a string matching this pattern to the file
git add .and thentalisman -l debug --githook pre-commitand confirm the secret is detected and the custom pattern was used- Replace the spaces in .talismanrc with tabs
git add .and thentalisman -l debug --githook pre-commitand confirm the secret no longer detected
Expected behavior
- Talisman should fail on a malformed
.talismanrc.yamlfile and perform some basic sanity checks on the file .talismanrcshould be renamed as.talismanrc.yamlso it is detected by yamllinters and editors.- The samples of
.talismanrc.yamlshould be updated to be proper yaml (with correct indenting) - The output of the checksum tool should be properly indented (currently it is not indented, missing --- prefix, - e.g.
fileignoreconfig:
- filename: readme.md
checksum: xxx
version: ""
should be
---
fileignoreconfig:
- filename: readme.md
checksum: xxx
version: ''
Desktop (please complete the following information):
- OS: OSX