github.com/jfrog/frogbot/v2@v2.21.0/utils/email_test.go (about) 1 package utils 2 3 import ( 4 "github.com/jfrog/frogbot/v2/utils/outputwriter" 5 "github.com/jfrog/froggit-go/vcsclient" 6 "github.com/jfrog/froggit-go/vcsutils" 7 "github.com/jfrog/jfrog-cli-security/formats" 8 "github.com/jordan-wright/email" 9 "github.com/stretchr/testify/assert" 10 "net/textproto" 11 "testing" 12 ) 13 14 func TestGetSecretsEmailContent(t *testing.T) { 15 secrets := []formats.SourceCodeRow{ 16 { 17 SeverityDetails: formats.SeverityDetails{Severity: "High"}, 18 Location: formats.Location{ 19 File: "/config.yaml", StartLine: 12, StartColumn: 30, Snippet: "pass*****"}, 20 }, 21 { 22 SeverityDetails: formats.SeverityDetails{Severity: "Medium"}, 23 Location: formats.Location{ 24 File: "/server-conf.json", StartLine: 15, StartColumn: 20, Snippet: "pass*****"}}, 25 } 26 // Test for results including the "Pull Request" keyword 27 expected := "\n<!DOCTYPE html>\n<html>\n<head>\n <title>Frogbot Secret Detection</title>\n <style>\n body {\n font-family: Arial, sans-serif;\n background-color: #f5f5f5;\n }\n table {\n border-collapse: collapse;\n width: 80%;\n }\n th, td {\n padding: 10px;\n border: 1px solid #ccc;\n }\n th {\n background-color: #f2f2f2;\n }\n tr:nth-child(even) {\n background-color: #f9f9f9;\n }\n tr:hover {\n background-color: #f5f5f5;\n }\n .table-container {\n max-width: 700px;\n padding: 20px;\n box-shadow: 0 4px 8px rgba(0, 0, 0, 0.1);\n border-radius: 10px;\n overflow: hidden;\n background-color: #fff;\n\t\t\tmargin-top: 10px;\n }\n .ignore-comments {\n margin-top: 10px;\n\t\t\tmargin-bottom: 5px;\n border-radius: 5px;\n }\n </style>\n</head>\n<body>\n\t<div>\n\t\tThe following potential exposed secrets in your <a href=\"https://github.com/owner/repo/pullrequest/1\">pull request</a> have been detected by <a href=\"https://docs.jfrog-applications.jfrog.io/jfrog-applications/frogbot\">Frogbot</a>\n\t\t<br/>\n\t\t<table class=\"table-container\">\n <thead>\n <tr>\n <th>FILE</th>\n <th>LINE:COLUMN</th>\n <th>SECRET</th>\n </tr>\n </thead>\n <tbody>\n \n\t\t\t\t<tr>\n\t\t\t\t\t<td> /config.yaml </td>\n\t\t\t\t\t<td> 12:30 </td>\n\t\t\t\t\t<td> pass***** </td>\n\t\t\t\t</tr>\n\t\t\t\t<tr>\n\t\t\t\t\t<td> /server-conf.json </td>\n\t\t\t\t\t<td> 15:20 </td>\n\t\t\t\t\t<td> pass***** </td>\n\t\t\t\t</tr>\n </tbody>\n </table>\n\t\t<div class=\"ignore-comments\">\n\t\t<b>NOTE:</b> If you'd like Frogbot to ignore the lines with the potential secrets, add a comment that includes the <b>jfrog-ignore</b> keyword above the lines with the secrets.\t\n\t\t</div>\n\t</div>\n</body>\n</html>" 28 actualContent := getSecretsEmailContent(secrets, vcsutils.GitHub, "https://github.com/owner/repo/pullrequest/1") 29 assert.Equal(t, expected, actualContent) 30 31 // Test for results including the "Merge Request" keyword 32 expected = "\n<!DOCTYPE html>\n<html>\n<head>\n <title>Frogbot Secret Detection</title>\n <style>\n body {\n font-family: Arial, sans-serif;\n background-color: #f5f5f5;\n }\n table {\n border-collapse: collapse;\n width: 80%;\n }\n th, td {\n padding: 10px;\n border: 1px solid #ccc;\n }\n th {\n background-color: #f2f2f2;\n }\n tr:nth-child(even) {\n background-color: #f9f9f9;\n }\n tr:hover {\n background-color: #f5f5f5;\n }\n .table-container {\n max-width: 700px;\n padding: 20px;\n box-shadow: 0 4px 8px rgba(0, 0, 0, 0.1);\n border-radius: 10px;\n overflow: hidden;\n background-color: #fff;\n\t\t\tmargin-top: 10px;\n }\n .ignore-comments {\n margin-top: 10px;\n\t\t\tmargin-bottom: 5px;\n border-radius: 5px;\n }\n </style>\n</head>\n<body>\n\t<div>\n\t\tThe following potential exposed secrets in your <a href=\"https://github.com/owner/repo/pullrequest/1\">merge request</a> have been detected by <a href=\"https://docs.jfrog-applications.jfrog.io/jfrog-applications/frogbot\">Frogbot</a>\n\t\t<br/>\n\t\t<table class=\"table-container\">\n <thead>\n <tr>\n <th>FILE</th>\n <th>LINE:COLUMN</th>\n <th>SECRET</th>\n </tr>\n </thead>\n <tbody>\n \n\t\t\t\t<tr>\n\t\t\t\t\t<td> /config.yaml </td>\n\t\t\t\t\t<td> 12:30 </td>\n\t\t\t\t\t<td> pass***** </td>\n\t\t\t\t</tr>\n\t\t\t\t<tr>\n\t\t\t\t\t<td> /server-conf.json </td>\n\t\t\t\t\t<td> 15:20 </td>\n\t\t\t\t\t<td> pass***** </td>\n\t\t\t\t</tr>\n </tbody>\n </table>\n\t\t<div class=\"ignore-comments\">\n\t\t<b>NOTE:</b> If you'd like Frogbot to ignore the lines with the potential secrets, add a comment that includes the <b>jfrog-ignore</b> keyword above the lines with the secrets.\t\n\t\t</div>\n\t</div>\n</body>\n</html>" 33 actualContent = getSecretsEmailContent(secrets, vcsutils.GitLab, "https://github.com/owner/repo/pullrequest/1") 34 assert.Equal(t, expected, actualContent) 35 } 36 37 func TestPrepareEmail(t *testing.T) { 38 sender := "JFrog Frogbot <frogbot@jfrog.com>" 39 subject := outputwriter.FrogbotTitlePrefix + " Potential secrets detected" 40 content := "content" 41 emailDetails := EmailDetails{EmailReceivers: []string{"receiver@jfrog.com"}} 42 expectedEmailObject := &email.Email{ 43 From: sender, 44 To: emailDetails.EmailReceivers, 45 Subject: subject, 46 HTML: []byte(content), 47 Headers: textproto.MIMEHeader{}, 48 } 49 actualEmailObject := prepareEmail(sender, subject, content, emailDetails) 50 assert.Equal(t, expectedEmailObject, actualEmailObject) 51 } 52 53 func TestGetEmailReceiversFromCommits(t *testing.T) { 54 commits := []vcsclient.CommitInfo{ 55 {AuthorEmail: "test1@jfrog.com"}, 56 {AuthorEmail: "test2@jfrog.com"}, 57 {AuthorEmail: "receiver1@jfrog.com"}, 58 {AuthorEmail: "test3@jfrog.no.reply.com"}, 59 {AuthorEmail: "test3@jfrog.noreply.com"}, 60 {AuthorEmail: "test3@jfrog.no-reply.com"}, 61 {AuthorEmail: "test3@jfrog.frogbot.com"}, 62 {AuthorEmail: ""}, 63 } 64 preConfiguredEmailReceivers := []string{"receiver1@jfrog.com", "receiver2@jfrog.com"} 65 finalEmailReceiversList, err := getEmailReceiversFromCommits(commits, preConfiguredEmailReceivers) 66 assert.NoError(t, err) 67 assert.ElementsMatch(t, []string{"test1@jfrog.com", "test2@jfrog.com"}, finalEmailReceiversList) 68 }