github.com/pkumar631/talisman@v0.3.2/detector/filecontent_detector_test.go (about) 1 package detector 2 3 import ( 4 "github.com/stretchr/testify/assert" 5 "github.com/thoughtworks/talisman/git_repo" 6 "testing" 7 ) 8 9 func TestShouldNotFlagSafeText(t *testing.T) { 10 results := NewDetectionResults() 11 content := []byte("prettySafe") 12 filename := "filename" 13 additions := []git_repo.Addition{git_repo.NewAddition(filename, content)} 14 15 NewFileContentDetector().Test(additions, NewIgnores(), results) 16 assert.False(t, results.HasFailures(), "Expected file to not to contain base64 encoded texts") 17 } 18 19 func TestShouldIgnoreFileIfNeeded(t *testing.T) { 20 results := NewDetectionResults() 21 content := []byte("prettySafe") 22 filename := "filename" 23 additions := []git_repo.Addition{git_repo.NewAddition(filename, content)} 24 ignores := NewIgnores(filename) 25 26 NewFileContentDetector().Test(additions, ignores, results) 27 assert.True(t, results.Successful(), "Expected file %s to be ignored by pattern", filename) 28 } 29 30 func TestShouldNotFlag4CharSafeText(t *testing.T) { 31 /*This only tell that an input could have been a b64 encoded value, but it does not tell whether or not the 32 input is actually a b64 encoded value. In other words, abcd will match, but it is not necessarily represent 33 the encoded value of i· rather just a plain abcd input 34 see stackoverflow.com/questions/8571501/how-to-check-whether-the-string-is-base64-encoded-or-not#comment23919648_8571649*/ 35 results := NewDetectionResults() 36 content := []byte("abcd") 37 filename := "filename" 38 additions := []git_repo.Addition{git_repo.NewAddition(filename, content)} 39 40 NewFileContentDetector().Test(additions, NewIgnores(), results) 41 assert.False(t, results.HasFailures(), "Expected file to not to contain base64 encoded texts") 42 } 43 44 func TestShouldNotFlagLowEntropyBase64Text(t *testing.T) { 45 const lowEntropyString string = "YWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWEK" 46 results := NewDetectionResults() 47 content := []byte(lowEntropyString) 48 filename := "filename" 49 additions := []git_repo.Addition{git_repo.NewAddition(filename, content)} 50 51 NewFileContentDetector().Test(additions, NewIgnores(), results) 52 assert.False(t, results.HasFailures(), "Expected file to not to contain base64 encoded texts") 53 } 54 55 func TestShouldFlagPotentialAWSSecretKeys(t *testing.T) { 56 const awsSecretAccessKey string = "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY" 57 results := NewDetectionResults() 58 content := []byte(awsSecretAccessKey) 59 filename := "filename" 60 additions := []git_repo.Addition{git_repo.NewAddition(filename, content)} 61 62 NewFileContentDetector().Test(additions, NewIgnores(), results) 63 assert.True(t, results.HasFailures(), "Expected file to not to contain base64 encoded texts") 64 65 } 66 67 func TestShouldFlagPotentialJWT(t *testing.T) { 68 const jwt string = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJzY290Y2guaW8iLCJleHAiOjEzMDA4MTkzODAsIm5hbWUiOiJDaHJpcyBTZXZpbGxlamEiLCJhZG1pbiI6dHJ1ZX0.03f329983b86f7d9a9f5fef85305880101d5e302afafa20154d094b229f757" 69 results := NewDetectionResults() 70 content := []byte(jwt) 71 filename := "filename" 72 additions := []git_repo.Addition{git_repo.NewAddition(filename, content)} 73 74 NewFileContentDetector().Test(additions, NewIgnores(), results) 75 assert.True(t, results.HasFailures(), "Expected file to not to contain base64 encoded texts") 76 } 77 78 func TestShouldFlagPotentialSecretsWithinJavaCode(t *testing.T) { 79 const dangerousJavaCode string = "public class HelloWorld {\r\n\r\n public static void main(String[] args) {\r\n // Prints \"Hello, World\" to the terminal window.\r\n accessKey=\"wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY\";\r\n System.out.println(\"Hello, World\");\r\n }\r\n\r\n}" 80 results := NewDetectionResults() 81 content := []byte(dangerousJavaCode) 82 filename := "filename" 83 additions := []git_repo.Addition{git_repo.NewAddition(filename, content)} 84 85 NewFileContentDetector().Test(additions, NewIgnores(), results) 86 assert.True(t, results.HasFailures(), "Expected file to not to contain base64 encoded texts") 87 } 88 89 func TestShouldNotFlagPotentialSecretsWithinSafeJavaCode(t *testing.T) { 90 const safeJavaCode string = "public class HelloWorld {\r\n\r\n public static void main(String[] args) {\r\n // Prints \"Hello, World\" to the terminal window.\r\n System.out.println(\"Hello, World\");\r\n }\r\n\r\n}" 91 results := NewDetectionResults() 92 content := []byte(safeJavaCode) 93 filename := "filename" 94 additions := []git_repo.Addition{git_repo.NewAddition(filename, content)} 95 96 NewFileContentDetector().Test(additions, NewIgnores(), results) 97 assert.False(t, results.HasFailures(), "Expected file to not to contain base64 encoded texts") 98 } 99 100 func TestShouldNotFlagPotentialSecretsWithinSafeLongMethodName(t *testing.T) { 101 const safeLongMethodName string = "TestBase64DetectorShouldNotDetectLongMethodNamesEvenWithRidiculousHighEntropyWordsMightExist" 102 results := NewDetectionResults() 103 content := []byte(safeLongMethodName) 104 filename := "filename" 105 additions := []git_repo.Addition{git_repo.NewAddition(filename, content)} 106 107 NewFileContentDetector().Test(additions, NewIgnores(), results) 108 assert.False(t, results.HasFailures(), "Expected file to not to contain base64 encoded texts") 109 } 110 111 112 func TestShouldFlagPotentialSecretsEncodedInHex(t *testing.T) { 113 const hex string = "68656C6C6F20776F726C6421" 114 results := NewDetectionResults() 115 content := []byte(hex) 116 filename := "filename" 117 additions := []git_repo.Addition{git_repo.NewAddition(filename, content)} 118 119 NewFileContentDetector().Test(additions, NewIgnores(), results) 120 assert.True(t, results.HasFailures(), "Expected file to not to contain base64 encoded texts") 121 } 122 123 func TestResultsShouldContainHexTextsIfHexAndBase64ExistInFile(t *testing.T) { 124 const hex string = "68656C6C6F20776F726C6421" 125 const base64 string = "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY" 126 const hexAndBase64 = hex + "\n" + base64 127 results := NewDetectionResults() 128 content := []byte(hexAndBase64) 129 filename := "filename" 130 additions := []git_repo.Addition{git_repo.NewAddition(filename, content)} 131 filePath := additions[0].Path 132 133 NewFileContentDetector().Test(additions, NewIgnores(), results) 134 expectedMsg := "Expected file to not to contain base64 or hex encoded texts such as: " + hex 135 assert.Equal(t, expectedMsg, results.Failures(filePath)[0]) 136 } 137 138 func TestResultsShouldContainBase64TextsIfHexAndBase64ExistInFile(t *testing.T) { 139 const hex string = "68656C6C6F20776F726C6421" 140 const base64 string = "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY" 141 const hexAndBase64 = hex + "\n" + base64 142 results := NewDetectionResults() 143 content := []byte(hexAndBase64) 144 filename := "filename" 145 additions := []git_repo.Addition{git_repo.NewAddition(filename, content)} 146 filePath := additions[0].Path 147 148 NewFileContentDetector().Test(additions, NewIgnores(), results) 149 expectedMsg := "Expected file to not to contain base64 or hex encoded texts such as: " + base64 150 assert.Equal(t, expectedMsg, results.Failures(filePath)[1]) 151 }