added artifacts
This commit is contained in:
@@ -0,0 +1,118 @@
|
||||
package scanning
|
||||
|
||||
import (
|
||||
"regexp"
|
||||
"testing"
|
||||
)
|
||||
|
||||
func TestPatternsCompile(t *testing.T) {
|
||||
for _, p := range Patterns {
|
||||
_, err := regexp.Compile(p.Raw)
|
||||
if err != nil {
|
||||
t.Errorf("pattern %q failed to compile: %v", p.Name, err)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
func TestPatternsHaveNames(t *testing.T) {
|
||||
for _, p := range Patterns {
|
||||
if p.Name == "" {
|
||||
t.Error("pattern with empty name")
|
||||
}
|
||||
if p.Description == "" {
|
||||
t.Errorf("pattern %q has empty description", p.Name)
|
||||
}
|
||||
if p.Severity != "high" && p.Severity != "medium" && p.Severity != "low" {
|
||||
t.Errorf("pattern %q has invalid severity %q", p.Name, p.Severity)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
func TestAWSAccessKey(t *testing.T) {
|
||||
re := regexp.MustCompile(`AKIA[0-9A-Z]{16}`)
|
||||
cases := []struct {
|
||||
input string
|
||||
match bool
|
||||
}{
|
||||
{"AKIAIOSFODNN7EXAMPLE", true},
|
||||
{"AKIA1234567890123456", true},
|
||||
{"not-a-key", false},
|
||||
{"SKIA1234567890123456", false},
|
||||
}
|
||||
for _, tc := range cases {
|
||||
got := re.MatchString(tc.input)
|
||||
if got != tc.match {
|
||||
t.Errorf("input %q: got %v, want %v", tc.input, got, tc.match)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
func TestGitHubToken(t *testing.T) {
|
||||
re := regexp.MustCompile(`gh[pousr]_[A-Za-z0-9_]{36,}`)
|
||||
cases := []struct {
|
||||
input string
|
||||
match bool
|
||||
}{
|
||||
{"ghp_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx", true},
|
||||
{"gho_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx", true},
|
||||
{"ghu_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx", true},
|
||||
{"ghs_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx", true},
|
||||
{"ghr_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx", true},
|
||||
{"not-a-token", false},
|
||||
{"ghp_short", false},
|
||||
}
|
||||
for _, tc := range cases {
|
||||
got := re.MatchString(tc.input)
|
||||
if got != tc.match {
|
||||
t.Errorf("input %q: got %v, want %v", tc.input, got, tc.match)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
func TestPrivateKey(t *testing.T) {
|
||||
re := regexp.MustCompile(`-----BEGIN\s+(RSA|EC|OPENSSH|DSA|PRIVATE)(\s+PRIVATE)?\s+KEY-----`)
|
||||
cases := []struct {
|
||||
input string
|
||||
match bool
|
||||
}{
|
||||
{"-----BEGIN RSA PRIVATE KEY-----", true},
|
||||
{"-----BEGIN EC PRIVATE KEY-----", true},
|
||||
{"-----BEGIN OPENSSH PRIVATE KEY-----", true},
|
||||
{"-----BEGIN DSA PRIVATE KEY-----", true},
|
||||
{"-----BEGIN PRIVATE KEY-----", true},
|
||||
{"-----BEGIN CERTIFICATE-----", false},
|
||||
{"public key is here", false},
|
||||
}
|
||||
for _, tc := range cases {
|
||||
got := re.MatchString(tc.input)
|
||||
if got != tc.match {
|
||||
t.Errorf("input %q: got %v, want %v", tc.input, got, tc.match)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
func TestJWT(t *testing.T) {
|
||||
re := regexp.MustCompile(`eyJ[A-Za-z0-9_-]{10,}\.[A-Za-z0-9_-]{10,}\.[A-Za-z0-9_-]{10,}`)
|
||||
cases := []struct {
|
||||
input string
|
||||
match bool
|
||||
}{
|
||||
{"eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiIxMjM0NTY3ODkwIn0.dozjgNnZctV9XjvP_oGZQZxGdAqVxQ", true},
|
||||
{"not-a-jwt", false},
|
||||
}
|
||||
for _, tc := range cases {
|
||||
got := re.MatchString(tc.input)
|
||||
if got != tc.match {
|
||||
t.Errorf("input %q: got %v, want %v", tc.input, got, tc.match)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
func TestTruncate(t *testing.T) {
|
||||
if truncate("hello", 10) != "hello" {
|
||||
t.Error("should not truncate short strings")
|
||||
}
|
||||
if truncate("hello world this is long", 10) != "hello worl..." {
|
||||
t.Errorf("got %q", truncate("hello world this is long", 10))
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user