core/go-devops
8
0
Fork 0
Code Issues 4 Pull requests Projects Releases Packages Wiki Activity Actions
go-devops/devkit/secret_test.go
Codex 096cb1bab2 fix(go-devops): replace testify with stdlib testing patterns (AX-6) 
Removes testify + indirect deps from go.mod/go.sum; rewrites
assert/require calls across cmd/dev/*, cmd/setup/*, devkit/* _test.go
to stdlib t.Fatalf patterns. go vet clean. TestRunTestGen_Good fails
pre-existing (missing cmd/dev/pkg/ env) at dev tip — unrelated to
this PR.

Closes tasks.lthn.sh/view.php?id=754

Co-authored-by: Codex <noreply@openai.com>
Via-codex-lane: Cyclops-754 dispatch
2026-04-24 18:51:16 +01:00

55 lines
1.6 KiB
Go
Raw Blame History

package devkit
import (
"os"
"path/filepath"
"testing"
)
func TestScanDir_Good(t *testing.T) {
root := t.TempDir()
mustNoError(t, os.WriteFile(filepath.Join(root, "config.yml"), []byte(`
api_key: "ghp_abcdefghijklmnopqrstuvwxyz1234"
`), 0o600))
mustNoError(t, os.Mkdir(filepath.Join(root, "nested"), 0o755))
mustNoError(t, os.WriteFile(filepath.Join(root, "nested", "creds.txt"), []byte("access_key = AKIA1234567890ABCDEF\n"), 0o600))
findings, err := ScanDir(root)
mustNoError(t, err)
mustLen(t, findings, 2)
mustEqual(t, "github-token", findings[0].Rule)
mustEqual(t, 2, findings[0].Line)
mustEqual(t, "config.yml", filepath.Base(findings[0].Path))
mustEqual(t, "aws-access-key-id", findings[1].Rule)
mustEqual(t, 1, findings[1].Line)
mustEqual(t, "creds.txt", filepath.Base(findings[1].Path))
}
func TestScanDir_SkipsBinaryAndIgnoredDirs(t *testing.T) {
root := t.TempDir()
mustNoError(t, os.Mkdir(filepath.Join(root, ".git"), 0o755))
mustNoError(t, os.WriteFile(filepath.Join(root, ".git", "config"), []byte("token=ghp_abcdefghijklmnopqrstuvwxyz1234"), 0o600))
mustNoError(t, os.WriteFile(filepath.Join(root, "blob.bin"), []byte{0, 1, 2, 3, 4}, 0o600))
findings, err := ScanDir(root)
mustNoError(t, err)
mustEmpty(t, findings)
}
func TestScanDir_ReportsGenericAssignments(t *testing.T) {
root := t.TempDir()
mustNoError(t, os.WriteFile(filepath.Join(root, "secrets.env"), []byte("client_secret: abcdefghijklmnop\n"), 0o600))
findings, err := ScanDir(root)
mustNoError(t, err)
mustLen(t, findings, 1)
mustEqual(t, "generic-secret-assignment", findings[0].Rule)
mustEqual(t, 1, findings[0].Line)
mustEqual(t, 1, findings[0].Column)
}
Reference in a new issue View git blame Copy permalink