57 lines
1.8 KiB
Go
57 lines
1.8 KiB
Go
package devkit
|
|
|
|
import (
|
|
"os"
|
|
"path/filepath"
|
|
"testing"
|
|
|
|
"github.com/stretchr/testify/require"
|
|
)
|
|
|
|
func TestScanDir_Good(t *testing.T) {
|
|
root := t.TempDir()
|
|
|
|
require.NoError(t, os.WriteFile(filepath.Join(root, "config.yml"), []byte(`
|
|
api_key: "ghp_abcdefghijklmnopqrstuvwxyz1234"
|
|
`), 0o600))
|
|
|
|
require.NoError(t, os.Mkdir(filepath.Join(root, "nested"), 0o755))
|
|
require.NoError(t, os.WriteFile(filepath.Join(root, "nested", "creds.txt"), []byte("access_key = AKIA1234567890ABCDEF\n"), 0o600))
|
|
|
|
findings, err := ScanDir(root)
|
|
require.NoError(t, err)
|
|
require.Len(t, findings, 2)
|
|
|
|
require.Equal(t, "github-token", findings[0].Rule)
|
|
require.Equal(t, 2, findings[0].Line)
|
|
require.Equal(t, "config.yml", filepath.Base(findings[0].Path))
|
|
|
|
require.Equal(t, "aws-access-key-id", findings[1].Rule)
|
|
require.Equal(t, 1, findings[1].Line)
|
|
require.Equal(t, "creds.txt", filepath.Base(findings[1].Path))
|
|
}
|
|
|
|
func TestScanDir_SkipsBinaryAndIgnoredDirs(t *testing.T) {
|
|
root := t.TempDir()
|
|
|
|
require.NoError(t, os.Mkdir(filepath.Join(root, ".git"), 0o755))
|
|
require.NoError(t, os.WriteFile(filepath.Join(root, ".git", "config"), []byte("token=ghp_abcdefghijklmnopqrstuvwxyz1234"), 0o600))
|
|
require.NoError(t, os.WriteFile(filepath.Join(root, "blob.bin"), []byte{0, 1, 2, 3, 4}, 0o600))
|
|
|
|
findings, err := ScanDir(root)
|
|
require.NoError(t, err)
|
|
require.Empty(t, findings)
|
|
}
|
|
|
|
func TestScanDir_ReportsGenericAssignments(t *testing.T) {
|
|
root := t.TempDir()
|
|
|
|
require.NoError(t, os.WriteFile(filepath.Join(root, "secrets.env"), []byte("client_secret: abcdefghijklmnop\n"), 0o600))
|
|
|
|
findings, err := ScanDir(root)
|
|
require.NoError(t, err)
|
|
require.Len(t, findings, 1)
|
|
require.Equal(t, "generic-secret-assignment", findings[0].Rule)
|
|
require.Equal(t, 1, findings[0].Line)
|
|
require.Equal(t, 1, findings[0].Column)
|
|
}
|