mirror of
https://github.com/trufflesecurity/trufflehog.git
synced 2026-05-16 13:20:35 +00:00
Amaan Ullah
0fa069c12f
* enable errcheck and staticcheck for golangci-lint v2 and resolve all issues * skip lint on intentional reference of deprecated DetectorType values
123 lines
3.2 KiB
Go
123 lines
3.2 KiB
Go
package blocknative
|
|
|
|
import (
|
|
"context"
|
|
"testing"
|
|
|
|
"github.com/google/go-cmp/cmp"
|
|
"github.com/stretchr/testify/require"
|
|
|
|
"github.com/trufflesecurity/trufflehog/v3/pkg/detectors"
|
|
"github.com/trufflesecurity/trufflehog/v3/pkg/engine/ahocorasick"
|
|
)
|
|
|
|
func TestBlockNative_Pattern(t *testing.T) {
|
|
d := Scanner{}
|
|
ahoCorasickCore := ahocorasick.NewAhoCorasickCore([]detectors.Detector{d})
|
|
|
|
tests := []struct {
|
|
name string
|
|
input string
|
|
want []string
|
|
}{
|
|
{
|
|
name: "valid pattern",
|
|
input: `
|
|
func main() {
|
|
url := "https://api.example.com/v1/resource"
|
|
|
|
// Create a new request with the secret as a header
|
|
req, err := http.NewRequest("GET", url, http.NoBody)
|
|
if err != nil {
|
|
fmt.Println("Error creating request:", err)
|
|
return
|
|
}
|
|
|
|
blocknativeSecret := "76e50995-059f-3d1a-af8e-cc85fc05eb03"
|
|
req.Header.Set("Authorization", blocknativeSecret)
|
|
|
|
// Perform the request
|
|
client := &http.Client{}
|
|
resp, _ := client.Do(req)
|
|
defer func() { _ = resp.Body.Close() }()
|
|
}
|
|
`,
|
|
want: []string{"76e50995-059f-3d1a-af8e-cc85fc05eb03"},
|
|
},
|
|
{
|
|
name: "valid pattern - xml",
|
|
input: `
|
|
<com.cloudbees.plugins.credentials.impl.StringCredentialsImpl>
|
|
<scope>GLOBAL</scope>
|
|
<id>{blocknative}</id>
|
|
<secret>{blocknative AQAAABAAA 7b15f7f8-52a8-849d-384e-20b4c0de82dd}</secret>
|
|
<description>configuration for production</description>
|
|
<creationDate>2023-05-18T14:32:10Z</creationDate>
|
|
<owner>jenkins-admin</owner>
|
|
</com.cloudbees.plugins.credentials.impl.StringCredentialsImpl>
|
|
`,
|
|
want: []string{"7b15f7f8-52a8-849d-384e-20b4c0de82dd"},
|
|
},
|
|
{
|
|
name: "invalid pattern",
|
|
input: `
|
|
func main() {
|
|
url := "https://api.example.com/v1/resource"
|
|
|
|
// Create a new request with the secret as a header
|
|
req, err := http.NewRequest("GET", url, http.NoBody)
|
|
if err != nil {
|
|
fmt.Println("Error creating request:", err)
|
|
return
|
|
}
|
|
|
|
blocknativeSecret := "2xN7puShxzNf5fZleQthTg305l95D3gSD%c^"
|
|
req.Header.Set("Authorization", blocknativeSecret)
|
|
|
|
// Perform the request
|
|
client := &http.Client{}
|
|
resp, _ := client.Do(req)
|
|
defer func() { _ = resp.Body.Close() }()
|
|
}
|
|
`,
|
|
want: nil,
|
|
},
|
|
}
|
|
|
|
for _, test := range tests {
|
|
t.Run(test.name, func(t *testing.T) {
|
|
matchedDetectors := ahoCorasickCore.FindDetectorMatches([]byte(test.input))
|
|
if len(matchedDetectors) == 0 {
|
|
t.Errorf("test %q failed: expected keywords %v to be found in the input", test.name, d.Keywords())
|
|
return
|
|
}
|
|
|
|
results, err := d.FromData(context.Background(), false, []byte(test.input))
|
|
require.NoError(t, err)
|
|
|
|
if len(results) != len(test.want) {
|
|
t.Errorf("mismatch in result count: expected %d, got %d", len(test.want), len(results))
|
|
return
|
|
}
|
|
|
|
actual := make(map[string]struct{}, len(results))
|
|
for _, r := range results {
|
|
if len(r.RawV2) > 0 {
|
|
actual[string(r.RawV2)] = struct{}{}
|
|
} else {
|
|
actual[string(r.Raw)] = struct{}{}
|
|
}
|
|
}
|
|
|
|
expected := make(map[string]struct{}, len(test.want))
|
|
for _, v := range test.want {
|
|
expected[v] = struct{}{}
|
|
}
|
|
|
|
if diff := cmp.Diff(expected, actual); diff != "" {
|
|
t.Errorf("%s diff: (-want +got)\n%s", test.name, diff)
|
|
}
|
|
})
|
|
}
|
|
}
|