Interactive mode #374
Description
Feature Request
Is your feature request related to a problem? Please describe.
It would be nice to have an interactive mode for use when cleaning up legacy repos.
Describe the solution you'd like
A flag somewhat akin to git add -p which would pause tartufo after each match, and after response to prompt continue the scan after reloading the tartufo.toml without having to start over.
A more advanced version could accept user input of to either update the tartufo.toml with the signature of a false positive or write out to a 'issue' file of real problems that need to be addressed.
Describe alternatives you've considered
Current strategy has been to abort tartufo after it's found a few issues, address them by hand, and then restart the scan
Teachability, Documentation, Adoption, Migration Strategy
example interface:
Reason: High Entropy
Filepath: Project/SomeFile.cs
Signature: fd1c9bfe7c636d7d17ee4ded238ae6ad8e026f6e5bd7b5e4582e33d1674b5fad
Commit time: 2009-03-26 01:07:17
Commit message: Some message
Commit hash: ee4a1261e697f28e096637c14c81e124876b055e
Branch: master
diff --git a/ Project/SomeFile.cs b/ Project/SomeFile.cs
index 5d9009f..7a219df 100644
--- a/ Project/SomeFile.cs
+++ b/ Project/SomeFile.cs
@@ -330,6 +330,22 @@ namespace Space
if (String.Compare("Thing", value, true) != 0)
throw new Exception("Thing is not compatible with " + value);
}
+ public bool IsSomething
+ {
+ get
+ {
+ return GetConfigValue("/some/sort/of/file/path/or.some.such") != "okay";
+ }
+ set
+ {
Mark signature as [f,i,c,q]?
Meanings:
- f - false positive (prompt for reason, add signature to exclusion list)
- i - real issue (prompt for reason and output to file)
- c - continue (reload tartufo.toml and continue)
- q - quit