github.com/google/osv-scalibr@v0.4.1/extractor/filesystem/secrets/awsaccesskey/awsaccesskey_test.go (about) 1 // Copyright 2025 Google LLC 2 // 3 // Licensed under the Apache License, Version 2.0 (the "License"); 4 // you may not use this file except in compliance with the License. 5 // You may obtain a copy of the License at 6 // 7 // http://www.apache.org/licenses/LICENSE-2.0 8 // 9 // Unless required by applicable law or agreed to in writing, software 10 // distributed under the License is distributed on an "AS IS" BASIS, 11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 // See the License for the specific language governing permissions and 13 // limitations under the License. 14 15 package awsaccesskey_test 16 17 import ( 18 "runtime" 19 "testing" 20 21 "github.com/google/go-cmp/cmp" 22 "github.com/google/go-cmp/cmp/cmpopts" 23 "github.com/google/osv-scalibr/extractor/filesystem/secrets/awsaccesskey" 24 "github.com/google/osv-scalibr/extractor/filesystem/simplefileapi" 25 "github.com/google/osv-scalibr/inventory" 26 "github.com/google/osv-scalibr/testing/extracttest" 27 awsaccesskeydetector "github.com/google/osv-scalibr/veles/secrets/awsaccesskey" 28 ) 29 30 func TestExtractor_FileRequired(t *testing.T) { 31 tests := []struct { 32 inputPath string 33 want bool 34 isWindows bool 35 }{ 36 {inputPath: "", want: false}, 37 38 // linux 39 {inputPath: `/Users/example-user/.aws/credentials`, want: true}, 40 {inputPath: `/Users/example-user/bad/path`, want: false}, 41 42 // windows 43 {inputPath: `C:\Users\USERNAME\.aws\credentials`, isWindows: true, want: true}, 44 {inputPath: `C:\Users\USERNAME\another\bad\path`, isWindows: true, want: false}, 45 } 46 47 for _, tt := range tests { 48 t.Run(tt.inputPath, func(t *testing.T) { 49 if tt.isWindows && runtime.GOOS != "windows" { 50 t.Skipf("Skipping test %q for %q", t.Name(), runtime.GOOS) 51 } 52 e := awsaccesskey.New() 53 got := e.FileRequired(simplefileapi.New(tt.inputPath, nil)) 54 if got != tt.want { 55 t.Errorf("FileRequired(%s) got = %v, want %v", tt.inputPath, got, tt.want) 56 } 57 }) 58 } 59 } 60 61 func TestExtractor_Extract(t *testing.T) { 62 tests := []*struct { 63 Name string 64 Path string 65 WantSecrets []*inventory.Secret 66 WantErr error 67 }{ 68 { 69 Name: "empty", 70 Path: "empty", 71 WantSecrets: nil, 72 }, 73 { 74 Name: "aws_credentials", 75 Path: "aws_credentials", 76 WantSecrets: []*inventory.Secret{ 77 { 78 Secret: awsaccesskeydetector.Credentials{ 79 AccessID: "AIKA1984R439T439HTH4", 80 Secret: "32r923jr023rk320rk2a3rkB34tj340r32Ckt433", 81 }, 82 Location: "aws_credentials", 83 }, 84 }, 85 }, 86 { 87 Name: "random_content", 88 Path: "random_content", 89 WantSecrets: nil, 90 }, 91 } 92 93 for _, tt := range tests { 94 t.Run(tt.Name, func(t *testing.T) { 95 extr := awsaccesskey.New() 96 97 inputCfg := extracttest.ScanInputMockConfig{ 98 Path: tt.Path, 99 FakeScanRoot: "testdata", 100 } 101 102 scanInput := extracttest.GenerateScanInputMock(t, inputCfg) 103 defer extracttest.CloseTestScanInput(t, scanInput) 104 105 got, err := extr.Extract(t.Context(), &scanInput) 106 107 if diff := cmp.Diff(tt.WantErr, err, cmpopts.EquateErrors()); diff != "" { 108 t.Errorf("%s.Extract(%q) error diff (-want +got):\n%s", extr.Name(), tt.Path, diff) 109 return 110 } 111 112 wantInv := inventory.Inventory{Secrets: tt.WantSecrets} 113 opts := []cmp.Option{cmpopts.SortSlices(extracttest.PackageCmpLess), cmpopts.EquateEmpty()} 114 if diff := cmp.Diff(wantInv, got, opts...); diff != "" { 115 t.Errorf("%s.Extract(%q) diff (-want +got):\n%s", extr.Name(), tt.Path, diff) 116 } 117 }) 118 } 119 }