eblume/kingfisher
1
0
Fork 0
forked from mirrors/kingfisher
Code Pull requests Activity Actions

Respect user color settings in update messages by using the same color helper as the main reporter, ensuring consistent output and no ANSI codes on update check, when color is disabled

Browse source
This commit is contained in:
Mick Grove 2025-10-11 12:36:35 -07:00
commit 1208fe8544
3 changed files with 27 additions and 24 deletions
Download patch file Download diff file Expand all files Collapse all files

1
CHANGELOG.md
View file

@ -6,6 +6,7 @@ All notable changes to this project will be documented in this file.
- Added inline ignore directive detection to treat suppression tokens anywhere on surrounding lines, including multi-line handling
- Added a `--no-ignore` CLI flag to disable inline directives when you need every potential secret reported
- Added: repeatable `--ignore-comment <TOKEN>` flag to reuse inline directives from other scanners (for example `NOSONAR`, `kics-scan ignore`, `gitleaks:allow`, etc)
- Respect user color settings in update messages by using the same color helper as the main reporter, ensuring consistent output and no ANSI codes on update check, when color is disabled
## [v1.56.0]
- Fixed tree-sitter scanning bug where passing --no-base64 caused errors to be printed when the file type couldnt be determined

31
README.md
View file

@ -977,21 +977,6 @@ The `--confidence` flag sets a minimum confidence threshold, not an exact match.
Use `--skip-regex` and `--skip-word` to suppress findings you know are benign. Both flags may be provided multiple times and are tested against the secret value **and** the full match context.
### Inline ignore directives
Add `kingfisher:ignore` (or `kingfisher:allow`) anywhere on the same line as a finding to silence it. Multi-line strings and PEM-style blocks may also be ignored by placing the directive on the closing delimiter line (for example, `""" # kingfisher:ignore`), on the next logical line after the string, **or** on a comment immediately before the value:
```python
# kingfisher:ignore
API_KEY = """
line 1
line 2
"""
# kingfisher:ignore
```
Kingfisher searches the surrounding lines for these tokens without requiring language-specific comment markers. To reuse existing inline directives from other scanners, add them with repeatable `--ignore-comment` flags (for example `--ignore-comment "gitleaks:allow" --ignore-comment "NOSONAR"`). Use `--no-ignore` when you want to disable inline suppressions entirely.
With `--skip-regex`, these should be Rust compatible regular expressions, which you can test out at [regex101](https://regex101.com)
```bash
@ -1011,6 +996,22 @@ kingfisher scan \
If a `--skip-regex` regular expression fails to compile, the scan aborts with an error so that typos are caught early.
### Inline ignore directives
Add `kingfisher:ignore` (or `kingfisher:allow`) anywhere on the same line as a finding to silence it. Multi-line strings and PEM-style blocks may also be ignored by placing the directive on the closing delimiter line (for example, `""" # kingfisher:ignore`), on the next logical line after the string, **or** on a comment immediately before the value:
```python
# kingfisher:ignore
API_KEY = """
line 1
line 2
"""
# kingfisher:ignore
```
Kingfisher searches the surrounding lines for these tokens without requiring language-specific comment markers. To reuse existing inline directives from other scanners, add them with repeatable `--ignore-comment` flags (for example `--ignore-comment "gitleaks:allow" --ignore-comment "NOSONAR"`). Use `--no-ignore` when you want to disable inline suppressions entirely.
## Finding Fingerprint
The document below details the four-field formula (rule SHA-1, origin label, start & end offsets) hashed with XXH3-64 to create Kingfishers 64-bit finding fingerprint, and explains how this ID powers safe deduplication; plus how `--no-dedup` can be used shows every raw match.

19
src/update.rs
View file

@ -36,12 +36,13 @@ pub fn check_for_update(global_args: &GlobalArgs, base_url: Option<&str>) -> Opt
return None;
}
// Decide once whether we want coloured output.
let use_color = std::io::stderr().is_terminal() && !global_args.quiet;
// Respect the user's color preferences when printing update
// by delegating to the same helper used by the main reporter logic. This keeps
// the update checker in sync with the rest of the application and avoids
// emitting raw ANSI escape codes when colour output has been disabled.
let use_color = !global_args.quiet && global_args.use_color(std::io::stderr());
let styles = Styles::new(use_color);
// info!("{}", "Checking for updates…");
let mut builder = Update::configure();
builder
.repo_owner("mongodb")
@ -113,22 +114,22 @@ pub fn check_for_update(global_args: &GlobalArgs, base_url: Option<&str>) -> Opt
if curr > latest {
let plain =
format!("Running Kingfisher {curr} which is newer than latest released {latest}");
info!("{}", plain);
info!("{}", styled_heading(&styles, plain.as_str()));
return Some(plain);
}
// else fall through to Case 3 (latest > running)
}
// ───────────── Case 3: latest > running ─────────────
let plain = format!("NEW KINGFISHER RELEASE {} AVAILABLE", release.version);
info!("{}", plain);
let plain = format!("New Kingfisher release {} available", release.version);
info!("{}", styled_heading(&styles, plain.as_str()));
// Attempt selfupdate when allowed and feasible.
if global_args.self_update {
match updater.update() {
Ok(status) => {
let message = format!("UPDATED TO VERSION {}", status.version());
info!("{}", message);
let message = format!("Updated to version {}", status.version());
info!("{}", styled_heading(&styles, message.as_str()));
}
Err(e) => match e {
UpdError::Io(ref io_err) => match io_err.kind() {