github.com/devseccon/trivy@v0.47.1-0.20231123133102-bd902a0bd996/pkg/fanal/analyzer/imgconf/secret/secret_test.go

github.com/devseccon/trivy@v0.47.1-0.20231123133102-bd902a0bd996/pkg/fanal/analyzer/imgconf/secret/secret_test.go (about)

     1  package secret
     2  
     3  import (
     4  	"context"
     5  	"testing"
     6  
     7  	v1 "github.com/google/go-containerregistry/pkg/v1"
     8  	"github.com/stretchr/testify/assert"
     9  	"github.com/stretchr/testify/require"
    10  
    11  	"github.com/devseccon/trivy/pkg/fanal/analyzer"
    12  	"github.com/devseccon/trivy/pkg/fanal/types"
    13  )
    14  
    15  func Test_secretAnalyzer_Analyze(t *testing.T) {
    16  	tests := []struct {
    17  		name    string
    18  		config  *v1.ConfigFile
    19  		want    *analyzer.ConfigAnalysisResult
    20  		wantErr bool
    21  	}{
    22  		{
    23  			name: "happy path",
    24  			config: &v1.ConfigFile{
    25  				Config: v1.Config{
    26  					Env: []string{
    27  						"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
    28  						"secret=ghp_eifae6eigh3aeSah1shahd6oi1tague6vaey", // dummy token
    29  					},
    30  				},
    31  			},
    32  			want: &analyzer.ConfigAnalysisResult{
    33  				Secret: &types.Secret{
    34  					FilePath: "config.json",
    35  					Findings: []types.SecretFinding{
    36  						{
    37  							RuleID:    "github-pat",
    38  							Category:  "GitHub",
    39  							Severity:  "CRITICAL",
    40  							Title:     "GitHub Personal Access Token",
    41  							StartLine: 12,
    42  							EndLine:   12,
    43  							Code: types.Code{
    44  								Lines: []types.Line{
    45  									{
    46  										Number:      10,
    47  										Content:     "  \"Env\": [",
    48  										Highlighted: "  \"Env\": [",
    49  									},
    50  									{
    51  										Number:      11,
    52  										Content:     "  \"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin\",",
    53  										Highlighted: "  \"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin\",",
    54  									},
    55  									{
    56  										Number:      12,
    57  										Content:     "  \"secret=****************************************\"",
    58  										IsCause:     true,
    59  										Highlighted: "  \"secret=****************************************\"",
    60  										FirstCause:  true,
    61  										LastCause:   true,
    62  									},
    63  									{
    64  										Number:      13,
    65  										Content:     "  ]",
    66  										Highlighted: "  ]",
    67  									},
    68  								},
    69  							},
    70  							Match: "  \"secret=****************************************\"",
    71  						},
    72  					},
    73  				},
    74  			},
    75  		},
    76  		{
    77  			name: "no secret",
    78  			config: &v1.ConfigFile{
    79  				Config: v1.Config{
    80  					Env: []string{
    81  						"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
    82  					},
    83  				},
    84  			},
    85  			want: nil,
    86  		},
    87  		{
    88  			name:   "nil config",
    89  			config: nil,
    90  			want:   nil,
    91  		},
    92  	}
    93  	for _, tt := range tests {
    94  		t.Run(tt.name, func(t *testing.T) {
    95  			a, err := newSecretAnalyzer(analyzer.ConfigAnalyzerOptions{})
    96  			require.NoError(t, err)
    97  
    98  			got, err := a.Analyze(context.Background(), analyzer.ConfigAnalysisInput{
    99  				Config: tt.config,
   100  			})
   101  			if tt.wantErr {
   102  				assert.Error(t, err)
   103  				return
   104  			}
   105  			require.NoError(t, err)
   106  			assert.Equal(t, tt.want, got)
   107  		})
   108  	}
   109  }