core/go-devops
8
0
Fork 0
Code Issues 4 Pull requests Projects Releases Packages Wiki Activity Actions
go-devops/devkit/secret_test.go
Snider 907c5fa64c fix(devops): address CodeRabbit findings on PR #2 
15+ findings dispositioned. AX-6-conformant — no testify reintroduced.

Code fixes:
- cmd/dev/service.go: no-op now returns OK:true, unchecked prompt type assertion guarded
- cmd/workspace/config.go: relative parent traversal blocked + regression test, fmt.Errorf wrapping
- cmd/dev/cmd_issues.go + cmd_reviews.go: import ordering
- tests/cli/devops/main.go: raw WalkDir errors wrapped
- tests/cli/devops/Taskfile.yaml: strict shell flags
- cmd/vanity-import/Dockerfile + docs/development.md: Go 1.26 alignment
- locales/embed.go: missing dappco.re/go/i18n checksum

Test infra:
- New local test helpers in cmd/dev, cmd/setup, devkit, snapshot
- All testify usages already absent — local stdlib helpers preferred
  per AX-6 ban
- Test naming aligned (Test{Filename}_{Function}_{Good,Bad,Ugly} per AX-10)

Disposition replies (RESOLVED-COMMENT, no testify added):
- cmd/dev/cmd_apply_test.go, cmd/setup/cmd_ci_test.go, snapshot_test.go,
  devkit/coverage_test.go: CodeRabbit testify suggestions get reasoning
  reply per AX-6 ban; local helpers are convention.
- SonarCloud/GHAS: no PR checks/annotations found; code-scanning API
  returned no analysis, secret scanning disabled.

Verification: gofmt clean, git diff --check clean, no testify imports.
Targeted go vet + go test pass for cmd/workspace + devkit + snapshot.
Full go vet ./... blocked by pre-existing dappco.re/go/scm
codeberg.org/forgejo/go-sdk auth/replacement issue (out of scope).

Closes findings on https://github.com/dAppCore/go-devops/pull/2

Co-authored-by: Codex <noreply@openai.com>
2026-04-27 15:07:24 +01:00

55 lines
1.6 KiB
Go
Raw Blame History

package devkit
import (
"os"
"path/filepath"
"testing"
)
func TestScanDir_Good(t *testing.T) {
root := t.TempDir()
mustNoError(t, os.WriteFile(filepath.Join(root, "config.yml"), []byte(`
api_key: "ghp_abcdefghijklmnopqrstuvwxyz1234"
`), 0o600))
mustNoError(t, os.Mkdir(filepath.Join(root, "nested"), 0o755))
mustNoError(t, os.WriteFile(filepath.Join(root, "nested", "creds.txt"), []byte("access_key = AKIA1234567890ABCDEF\n"), 0o600))
findings, err := ScanDir(root)
mustNoError(t, err)
mustLen(t, findings, 2)
mustEqual(t, "github-token", findings[0].Rule)
mustEqual(t, 2, findings[0].Line)
mustEqual(t, "config.yml", filepath.Base(findings[0].Path))
mustEqual(t, "aws-access-key-id", findings[1].Rule)
mustEqual(t, 1, findings[1].Line)
mustEqual(t, "creds.txt", filepath.Base(findings[1].Path))
}
func TestScanDir_SkipsBinaryAndIgnoredDirs_Good(t *testing.T) {
root := t.TempDir()
mustNoError(t, os.Mkdir(filepath.Join(root, ".git"), 0o755))
mustNoError(t, os.WriteFile(filepath.Join(root, ".git", "config"), []byte("token=ghp_abcdefghijklmnopqrstuvwxyz1234"), 0o600))
mustNoError(t, os.WriteFile(filepath.Join(root, "blob.bin"), []byte{0, 1, 2, 3, 4}, 0o600))
findings, err := ScanDir(root)
mustNoError(t, err)
mustEmpty(t, findings)
}
func TestScanDir_ReportsGenericAssignments_Bad(t *testing.T) {
root := t.TempDir()
mustNoError(t, os.WriteFile(filepath.Join(root, "secrets.env"), []byte("client_secret: abcdefghijklmnop\n"), 0o600))
findings, err := ScanDir(root)
mustNoError(t, err)
mustLen(t, findings, 1)
mustEqual(t, "generic-secret-assignment", findings[0].Rule)
mustEqual(t, 1, findings[0].Line)
mustEqual(t, 1, findings[0].Column)
}
Reference in a new issue View git blame Copy permalink