gitlab.com/gitlab-org/labkit@v1.21.0/mask/sensitive_test.go

gitlab.com/gitlab-org/labkit@v1.21.0/mask/sensitive_test.go (about)

     1  package mask
     2  
     3  import (
     4  	"strings"
     5  	"testing"
     6  
     7  	"github.com/stretchr/testify/require"
     8  )
     9  
    10  type matches uint8
    11  
    12  const (
    13  	whole matches = 1 << iota
    14  	inMiddle
    15  	atStart
    16  	atEnd
    17  )
    18  
    19  const allMatches matches = whole ^ inMiddle ^ atStart ^ atEnd
    20  const noMatches matches = 0
    21  
    22  func TestIsSensitiveParam(t *testing.T) {
    23  	tests := []struct {
    24  		name string
    25  		want matches
    26  	}{
    27  		{"token", whole ^ atEnd},
    28  		{"password", allMatches},
    29  		{"secret", allMatches},
    30  		{"key", whole ^ atEnd},
    31  		{"signature", allMatches},
    32  		{"authorization", whole},
    33  		{"certificate", whole},
    34  		{"encrypted_key", whole ^ atEnd},
    35  		{"hook", whole},
    36  		{"import_url", whole},
    37  		{"elasticsearch_url", whole},
    38  		{"otp_attempt", whole},
    39  		{"sentry_dsn", whole},
    40  		{"trace", whole},
    41  		{"variables", whole},
    42  		{"content", whole},
    43  		{"body", whole},
    44  		{"description", whole},
    45  		{"note", whole},
    46  		{"text", whole},
    47  		{"title", whole},
    48  		{"gitlab", noMatches},
    49  	}
    50  
    51  	for _, tt := range tests {
    52  		t.Run(tt.name, func(t *testing.T) {
    53  			check := func(v string) {
    54  				// Normal case
    55  				gotWhole := IsSensitiveParam(v)
    56  				require.Equal(t, tt.want&whole != 0, gotWhole, "Whole param match on '%s'", v)
    57  
    58  				gotMiddle := IsSensitiveParam("prefix" + v + "suffix")
    59  				require.Equal(t, tt.want&inMiddle != 0, gotMiddle, "Middle match on '%s'", "prefix"+v+"suffix")
    60  
    61  				gotStart := IsSensitiveParam(v + "suffix")
    62  				require.Equal(t, tt.want&atStart != 0, gotStart, "Start match on '%s'", v+"suffix")
    63  
    64  				gotEnd := IsSensitiveParam("prefix" + v)
    65  				require.Equal(t, tt.want&atEnd != 0, gotEnd, "End match on '%s'", "prefix"+v)
    66  			}
    67  
    68  			check(tt.name)
    69  			check(strings.ToUpper(tt.name))
    70  			check(strings.ToLower(tt.name))
    71  		})
    72  	}
    73  }
    74  
    75  func TestIsSensitiveHeader(t *testing.T) {
    76  	tests := []struct {
    77  		name string
    78  		want matches
    79  	}{
    80  		{"token", whole ^ atEnd},
    81  		{"password", allMatches},
    82  		{"secret", allMatches},
    83  		{"key", whole ^ atEnd},
    84  		{"signature", allMatches},
    85  		{"authorization", whole},
    86  		{"name", noMatches},
    87  		{"gitlab", noMatches},
    88  	}
    89  
    90  	for _, tt := range tests {
    91  		t.Run(tt.name, func(t *testing.T) {
    92  			check := func(v string) {
    93  				gotWhole := IsSensitiveHeader(v)
    94  				require.Equal(t, tt.want&whole != 0, gotWhole, "Whole param match on '%s'", v)
    95  
    96  				gotMiddle := IsSensitiveHeader("prefix" + v + "suffix")
    97  				require.Equal(t, tt.want&inMiddle != 0, gotMiddle, "Middle match on '%s'", "prefix"+v+"suffix")
    98  
    99  				gotStart := IsSensitiveHeader(v + "suffix")
   100  				require.Equal(t, tt.want&atStart != 0, gotStart, "Start match on '%s'", v+"suffix")
   101  
   102  				gotEnd := IsSensitiveHeader("prefix" + v)
   103  				require.Equal(t, tt.want&atEnd != 0, gotEnd, "End match on '%s'", "prefix"+v)
   104  			}
   105  
   106  			check(tt.name)
   107  			check(strings.ToUpper(tt.name))
   108  			check(strings.ToLower(tt.name))
   109  		})
   110  	}
   111  }