github.com/google/osv-scalibr@v0.4.1/veles/secrets/gitbasicauth/codecatalyst/detector_test.go

github.com/google/osv-scalibr@v0.4.1/veles/secrets/gitbasicauth/codecatalyst/detector_test.go (about)

     1  // Copyright 2025 Google LLC
     2  //
     3  // Licensed under the Apache License, Version 2.0 (the "License");
     4  // you may not use this file except in compliance with the License.
     5  // You may obtain a copy of the License at
     6  //
     7  //      http://www.apache.org/licenses/LICENSE-2.0
     8  //
     9  // Unless required by applicable law or agreed to in writing, software
    10  // distributed under the License is distributed on an "AS IS" BASIS,
    11  // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12  // See the License for the specific language governing permissions and
    13  // limitations under the License.
    14  
    15  // Copyright 2025 Google LLC
    16  //
    17  // Licensed under the Apache License, Version 2.0 (the "License");
    18  // you may not use this file except in compliance with the License.
    19  // You may obtain a copy of the License at
    20  //
    21  //	http://www.apache.org/licenses/LICENSE-2.0
    22  //
    23  // Unless required by applicable law or agreed to in writing, software
    24  // distributed under the License is distributed on an "AS IS" BASIS,
    25  // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    26  // See the License for the specific language governing permissions and
    27  // limitations under the License.
    28  package codecatalyst_test
    29  
    30  import (
    31  	"strings"
    32  	"testing"
    33  
    34  	"github.com/google/go-cmp/cmp"
    35  	"github.com/google/go-cmp/cmp/cmpopts"
    36  	"github.com/google/osv-scalibr/veles"
    37  	"github.com/google/osv-scalibr/veles/secrets/gitbasicauth/codecatalyst"
    38  )
    39  
    40  const (
    41  	testURL    = `https://user:password@git.region.codecatalyst.aws/v1/space/project/repo`
    42  	anotherURL = `https://another:acsp03irh932r4@git.region.codecatalyst.aws/v1/space2/project/test-repo`
    43  )
    44  
    45  // TestDetector_truePositives tests for cases where we know the Detector
    46  // will find CodeCatalyst credentials.
    47  func TestDetector_truePositives(t *testing.T) {
    48  	engine, err := veles.NewDetectionEngine([]veles.Detector{codecatalyst.NewDetector()})
    49  	if err != nil {
    50  		t.Fatal(err)
    51  	}
    52  	cases := []struct {
    53  		name  string
    54  		input string
    55  		want  []veles.Secret
    56  	}{
    57  		{
    58  			name:  "simple_matching_string",
    59  			input: testURL,
    60  			want: []veles.Secret{
    61  				codecatalyst.Credentials{FullURL: testURL},
    62  			},
    63  		},
    64  		{
    65  			name: "git_config",
    66  			input: `
    67  			[core]
    68  				repositoryformatversion = 0
    69  				filemode = true
    70  				bare = false
    71  				logallrefupdates = true
    72  				ignorecase = true
    73  				precomposeunicode = true
    74  [remote "origin"]
    75  				url = https://user:password@git.region.codecatalyst.aws/v1/space/project/repo
    76  				fetch = +refs/heads/*:refs/remotes/origin/*
    77  [branch "main"]
    78  				remote = origin
    79  				merge = refs/heads/main
    80  `,
    81  			want: []veles.Secret{
    82  				codecatalyst.Credentials{FullURL: testURL},
    83  			},
    84  		},
    85  		{
    86  			name:  "multiple_distinct_matches",
    87  			input: testURL + "\n" + anotherURL,
    88  			want: []veles.Secret{
    89  				codecatalyst.Credentials{FullURL: testURL},
    90  				codecatalyst.Credentials{FullURL: anotherURL},
    91  			},
    92  		},
    93  	}
    94  	for _, tc := range cases {
    95  		t.Run(tc.name, func(t *testing.T) {
    96  			got, err := engine.Detect(t.Context(), strings.NewReader(tc.input))
    97  			if err != nil {
    98  				t.Errorf("Detect() error: %v, want nil", err)
    99  			}
   100  			if diff := cmp.Diff(tc.want, got, cmpopts.EquateEmpty()); diff != "" {
   101  				t.Errorf("Detect() diff (-want +got):\n%s", diff)
   102  			}
   103  		})
   104  	}
   105  }
   106  
   107  // TestDetector_trueNegatives tests for cases where we know the Detector
   108  // will not find CodeCatalyst credentials.
   109  func TestDetector_trueNegatives(t *testing.T) {
   110  	engine, err := veles.NewDetectionEngine([]veles.Detector{codecatalyst.NewDetector()})
   111  	if err != nil {
   112  		t.Fatal(err)
   113  	}
   114  	cases := []struct {
   115  		name  string
   116  		input string
   117  		want  []veles.Secret
   118  	}{{
   119  		name:  "empty_input",
   120  		input: "",
   121  	}, {
   122  		name:  "bad_host_name",
   123  		input: "https://user:password@github.com/project/repo",
   124  	}, {
   125  		name:  "not_git_url",
   126  		input: `https://another:acsp03irh932r4@region.codecatalyst.aws/v1/space2/project/test-repo`,
   127  	}}
   128  	for _, tc := range cases {
   129  		t.Run(tc.name, func(t *testing.T) {
   130  			got, err := engine.Detect(t.Context(), strings.NewReader(tc.input))
   131  			if err != nil {
   132  				t.Errorf("Detect() error: %v, want nil", err)
   133  			}
   134  			if diff := cmp.Diff(tc.want, got, cmpopts.EquateEmpty()); diff != "" {
   135  				t.Errorf("Detect() diff (-want +got):\n%s", diff)
   136  			}
   137  		})
   138  	}
   139  }