Package dependencies can bypass our ignore rules

[BenoitZugmeyer]

Overview

In our JS project managed with yarn, we want to ignore anything located in the node_modules folder (our dependencies), so we added node_modules in our .wokeignore file.

Somehow, we have a node_modules dependency (npm-normalize-package-bin) that includes a .gitignore file. In this file, there are some ignore exceptions noted as !some_path_to_include.

With an anterior version of woke, this whole directory was ignored as expected. But with v0.18.1 (probably related to #117), the some_path_to_include is not ignored anymore. Is there any way to force any file located into node_modules to be ignored?

Steps to reproduce

$ mkdir test-woke
$ cd test-woke
$ yarn init -y
$ yarn add npm-normalize-package-bin
$ echo "node_modules" > .wokeignore

Actual result (some node_modules file is not ignored):

$ woke
node_modules/npm-normalize-package-bin/package-lock.json:1582:73-77: `GUys` may be insensitive, use `folks`, `people`, `you all`, `y'all`, `yinz` instead (error)
      "integrity": "sha512-8QQikdH7//R2vurIJSutZ1smHYTcLpRWEOlHnzcWHmBYrOGUysKwSsrC89BCiFj3CbrfJ/nXFdJepOVrY1GCHQ==",
                                                                         ^

Expected result (all node_modules files are ignored):

$ woke
No findings found.

Additional information

Version of woke

$ woke --version
woke version 0.18.1

Config file

$ cat .woke.yml
cat: .woke.yml: No such file or directory

Go environment

$ go version && go env
go version go1.18.1 darwin/amd64
GO111MODULE="auto"
GOARCH="amd64"
GOBIN=""
GOCACHE="/Users/xxx/Library/Caches/go-build"
GOENV="/Users/xxx/Library/Application Support/go/env"
GOEXE=""
GOEXPERIMENT=""
GOFLAGS=""
GOHOSTARCH="amd64"
GOHOSTOS="darwin"
GOINSECURE=""
GOMODCACHE="/Users/xxx/go/pkg/mod"
GONOPROXY="github.com/xxx"
GONOSUMDB="github.com/xxx"
GOOS="darwin"
GOPATH="/Users/xxx/go"
GOPRIVATE="github.com/xxx"
GOPROXY="https://proxy.golang.org,direct"
GOROOT="/usr/local/Cellar/go/1.18.1/libexec"
GOSUMDB="sum.golang.org"
GOTMPDIR=""
GOTOOLDIR="/usr/local/Cellar/go/1.18.1/libexec/pkg/tool/darwin_amd64"
GOVCS=""
GOVERSION="go1.18.1"
GCCGO="gccgo"
GOAMD64="v1"
AR="ar"
CC="clang"
CXX="clang++"
CGO_ENABLED="1"
GOMOD=""
GOWORK=""
CGO_CFLAGS="-g -O2"
CGO_CPPFLAGS=""
CGO_CXXFLAGS="-g -O2"
CGO_FFLAGS="-g -O2"
CGO_LDFLAGS="-g -O2"
PKG_CONFIG="pkg-config"
GOGCCFLAGS="-fPIC -arch x86_64 -m64 -pthread -fno-caret-diagnostics -Qunused-arguments -fmessage-length=0 -fdebug-prefix-map=/var/folders/xxx=/tmp/go-build -gno-record-gcc-switches -fno-common"

Verbose output of running

$ woke --debug
2022-05-11T11:31:54+02:00 DBG woke version 0.18.1 built from 939e604 on 2022-03-19T15:45:29Z
2022-05-11T11:31:54+02:00 DBG no config file loaded, using only default rules
2022-05-11T11:31:54+02:00 DBG default rules rules=["whitelist","blacklist","master-slave","slave","grandfathered","man-hours","sanity","dummy","guys","whitebox","blackbox"]
2022-05-11T11:31:54+02:00 DBG all enabled rules rules=["whitelist","blacklist","master-slave","slave","grandfathered","man-hours","sanity","dummy","guys","whitebox","blackbox"]
2022-05-11T11:31:54+02:00 DBG Could Not Find Root Git Folder
2022-05-11T11:31:54+02:00 DBG finished compiling ignores durationMS=2.166872
2022-05-11T11:31:54+02:00 DBG created new printer printer=text
2022-05-11T11:31:54+02:00 DBG process files path=. type=parallel
2022-05-11T11:31:54+02:00 DBG skipping content file=. reason="file is a directory"
2022-05-11T11:31:54+02:00 DBG finished processing findings durationMS=0.672365 file=.
2022-05-11T11:31:54+02:00 DBG skipping file=node_modules reason="ignored file"
2022-05-11T11:31:54+02:00 DBG finished processing findings durationMS=0.374578 file=.gitignore
2022-05-11T11:31:54+02:00 DBG skipping file=node_modules/.yarn-integrity reason="ignored file"
2022-05-11T11:31:54+02:00 DBG skipping file=node_modules/npm-normalize-package-bin reason="ignored file"
2022-05-11T11:31:54+02:00 DBG skipping content file=node_modules/npm-normalize-package-bin/test reason="file is a directory"
2022-05-11T11:31:54+02:00 DBG finished processing findings durationMS=0.212282 file=node_modules/npm-normalize-package-bin/test
2022-05-11T11:31:54+02:00 DBG finished processing findings durationMS=0.8495 file=yarn.lock
2022-05-11T11:31:54+02:00 DBG finished processing findings durationMS=0.987997 file=package.json
2022-05-11T11:31:54+02:00 DBG finished processing findings durationMS=0.339032 file=node_modules/npm-normalize-package-bin/.gitignore
2022-05-11T11:31:54+02:00 DBG finished processing findings durationMS=0.21564 file=node_modules/npm-normalize-package-bin/.github/settings.yml
2022-05-11T11:31:54+02:00 DBG finished processing findings durationMS=0.853529 file=node_modules/npm-normalize-package-bin/README.md
2022-05-11T11:31:54+02:00 DBG skipping content file=node_modules/npm-normalize-package-bin/.github reason="file is a directory"
2022-05-11T11:31:54+02:00 DBG finished processing findings durationMS=0.346777 file=node_modules/npm-normalize-package-bin/.github
2022-05-11T11:31:54+02:00 DBG finished processing findings durationMS=0.934917 file=node_modules/npm-normalize-package-bin/package.json
2022-05-11T11:31:54+02:00 DBG finished processing findings durationMS=1.426737 file=node_modules/npm-normalize-package-bin/index.js
2022-05-11T11:31:54+02:00 DBG finished processing findings durationMS=1.212664 file=node_modules/npm-normalize-package-bin/LICENSE
2022-05-11T11:31:54+02:00 DBG finished processing findings durationMS=1.36334 file=node_modules/npm-normalize-package-bin/test/nobin.js
2022-05-11T11:31:54+02:00 DBG finished processing findings durationMS=1.20234 file=node_modules/npm-normalize-package-bin/test/array.js
2022-05-11T11:31:54+02:00 DBG finished processing findings durationMS=1.615487 file=node_modules/npm-normalize-package-bin/test/string.js
2022-05-11T11:31:54+02:00 DBG finished processing findings durationMS=3.003684 file=node_modules/npm-normalize-package-bin/test/object.js
2022-05-11T11:31:54+02:00 DBG finished processing findings durationMS=53.227105 file=node_modules/npm-normalize-package-bin/package-lock.json
node_modules/npm-normalize-package-bin/package-lock.json:1582:73-77: `GUys` may be insensitive, use `folks`, `people`, `you all`, `y'all`, `yinz` instead (error)
      "integrity": "sha512-8QQikdH7//R2vurIJSutZ1smHYTcLpRWEOlHnzcWHmBYrOGUysKwSsrC89BCiFj3CbrfJ/nXFdJepOVrY1GCHQ==",
                                                                         ^
2022-05-11T11:31:54+02:00 DBG woke completed durationMS=60.148751

[github-actions]

👋 Thanks for submitting your first issue!

Please be sure to read and follow our Code of Conduct and Contributing guide.

⭐️ Is your org or open source project using woke? If so, we'd love for you to be included in the 'Who uses woke' list at https://github.com/get-woke/woke/blob/main/docs/about.md#who-uses-woke.