Configuring custom severities not working with pre-push

[carhartl]

Describe the bug I don't seem to be able to make use of custom severities when using talisman within a pre-push hook.

To Reproduce Steps to reproduce the behavior:

cat <<EOF > .talismanrc
custom_severities:
  - detector: HexContent
    severity: low
threshold: medium
EOF
echo 5ba6ef628df0b7c21e8d6bf6235d32914effa0d0de62d8ea96678316a1d5d32b > foo.txt
git commit -m "Test"
echo "refs/heads/main HEAD refs/heads/main HEAD^1" | talisman --githook pre-push

(Mimicking a pre-push hook in the last command.)

Output:

Talisman Scan: 3 / 3 <---------------------------------------------------------------------------------> 100.00%

Talisman Report:
+---------+----------------------------------------------------+----------+
|  FILE   |                       ERRORS                       | SEVERITY |
+---------+----------------------------------------------------+----------+
| foo.txt | Expected file to not to contain                    | high     |
|         | hex encoded texts such as:                         |          |
|         | 5ba6ef628df0b7c21e8d6bf6235d32914effa0d0de62d8e... |          |
+---------+----------------------------------------------------+----------+

If you are absolutely sure that you want to ignore the above files from talisman detectors, consider pasting the following format in .talismanrc file in the project root

fileignoreconfig:
- filename: foo.txt
  checksum: 15acfde30d57c8dda5f7b41007a55c446e9d0c79119b77794e48148b7d1a2e2c
version: ""

Talisman done in 51.337541ms

Expected behavior Talisman does not report hex encoded text with high severity, no detections should have been reported respecting the threshold.

Environment:

• OS: macOS Monterey 12.4
• talisman 1.26.0

[lizc126]

Hi, have you found any solution? Thanks!

[zph]

@carhartl I took your reproduction case and validated that with my patch submitted in #459 it outputs the expected result and an exitcode of 0. There's a bit of nuance in that it WILL report it as "low" but won't fail the build by returning an exitcode != 0, which is the behavior I would want and what seems to be supported by the tool after this patch.

Thank you for having succinct test case I could use (in addition to my own).

❯ cat .talismanrc
  custom_severities:
    - detector: HexContent
      severity: low
  threshold: medium

❯ echo "refs/heads/main HEAD refs/heads/main HEAD^1" | ../dist/talisman --githook pre-push
Talisman Scan: 3 / 3 <----------------------------------------------------------------------------------------------------------------------------------------------------------> 100.00%

Talisman Warnings:
+-----------------+----------------------------------------------------+----------+
|      FILE       |                      WARNINGS                      | SEVERITY |
+-----------------+----------------------------------------------------+----------+
| testing/foo.txt | Expected file to not contain                       | low      |
|                 | hex encoded texts such as:                         |          |
|                 | 5ba6ef628df0b7c21e8d6bf6235d32914effa0d0de62d8e... |          |
+-----------------+----------------------------------------------------+----------+

Please review the above file(s) to make sure that no sensitive content is being pushed

Talisman done in 33.960458ms

talisman/testing on  testing [$!?]
❯ echo $status
0

@lizc126 When #459 is reviewed and merged it will work.