github.com/google/osv-scalibr@v0.4.1/veles/secrets/gcpoauth2access/detector_test.go

github.com/google/osv-scalibr@v0.4.1/veles/secrets/gcpoauth2access/detector_test.go (about)

     1  // Copyright 2025 Google LLC
     2  //
     3  // Licensed under the Apache License, Version 2.0 (the "License");
     4  // you may not use this file except in compliance with the License.
     5  // You may obtain a copy of the License at
     6  //
     7  //      http://www.apache.org/licenses/LICENSE-2.0
     8  //
     9  // Unless required by applicable law or agreed to in writing, software
    10  // distributed under the License is distributed on an "AS IS" BASIS,
    11  // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12  // See the License for the specific language governing permissions and
    13  // limitations under the License.
    14  
    15  package gcpoauth2access_test
    16  
    17  import (
    18  	"fmt"
    19  	"strings"
    20  	"testing"
    21  
    22  	"github.com/google/go-cmp/cmp"
    23  	"github.com/google/osv-scalibr/veles"
    24  	"github.com/google/osv-scalibr/veles/secrets/gcpoauth2access"
    25  )
    26  
    27  const (
    28  	realToken  = "ya29.a0AQQ_BDQWmhK2ywGDxkB2uBTykNRPd89V28-MUwZnVWZl3AMP1BD5s2UiIEdFNThSh-etTblBm6BPd0K1JmuRiyTNW_ICOa3-3gkS2SHoaNgm4x-jPEeDLsFa5ppHPurdNxRU_H9PnfpKCU-3ayKluSVmdQqXUYpo1PwqqbnGw0FWUEL2uZgS8GZ1lL7_9zSrt36PdCYaCgYKAcQSAQ8SFQHGX2MiS2cGUcQliabDBsSTYb8iTw0206"
    29  	shortToken = "ya29.a0AQQ_BDQWmhK2ywGDxkB2uBTykNRPd89V28"
    30  )
    31  
    32  func TestDetector_Detect(t *testing.T) {
    33  	engine, err := veles.NewDetectionEngine([]veles.Detector{gcpoauth2access.NewDetector()})
    34  	if err != nil {
    35  		t.Fatal(err)
    36  	}
    37  
    38  	tests := []struct {
    39  		name  string
    40  		input string
    41  		want  []veles.Secret
    42  	}{
    43  		// --- Empty or invalid input ---
    44  		{
    45  			name:  "empty input",
    46  			input: "",
    47  			want:  nil,
    48  		},
    49  		{
    50  			name:  "non-token input",
    51  			input: "Some random text",
    52  			want:  nil,
    53  		},
    54  		{
    55  			name:  "token too short",
    56  			input: "ya29.a0AQQ",
    57  			want:  nil,
    58  		},
    59  		// --- Valid tokens ---
    60  		{
    61  			name:  "real example token",
    62  			input: realToken,
    63  			want:  []veles.Secret{gcpoauth2access.Token{Token: realToken}},
    64  		},
    65  		{
    66  			name:  "short token",
    67  			input: shortToken,
    68  			want:  []veles.Secret{gcpoauth2access.Token{Token: shortToken}},
    69  		},
    70  		{
    71  			name: "token_in_json",
    72  			input: fmt.Sprintf(`{
    73  				"some_key": "some_value",
    74  				"access_token": %q,
    75  				"expires_in": 3920,
    76  				"other_key": "other_value",
    77  			}`, realToken),
    78  			want: []veles.Secret{gcpoauth2access.Token{Token: realToken}},
    79  		},
    80  		{
    81  			name:  "token in json",
    82  			input: "Authorization: Bearer " + realToken,
    83  			want:  []veles.Secret{gcpoauth2access.Token{Token: realToken}},
    84  		},
    85  		{
    86  			name:  "multiple tokens",
    87  			input: "start, " + realToken + strings.Repeat(", some other data\n", 100) + shortToken + ", end",
    88  			want: []veles.Secret{
    89  				gcpoauth2access.Token{Token: realToken},
    90  				gcpoauth2access.Token{Token: shortToken},
    91  			},
    92  		},
    93  	}
    94  
    95  	for _, tc := range tests {
    96  		t.Run(tc.name, func(t *testing.T) {
    97  			got, err := engine.Detect(t.Context(), strings.NewReader(tc.input))
    98  			if err != nil {
    99  				t.Fatalf("Detect() error: %v, want nil", err)
   100  			}
   101  			if diff := cmp.Diff(tc.want, got); diff != "" {
   102  				t.Errorf("Detect(%q) returned unexpected diff (-want +got):\n%s", tc.input, diff)
   103  			}
   104  		})
   105  	}
   106  }