-
Notifications
You must be signed in to change notification settings - Fork 552
Expand file tree
/
Copy pathscan_test.py
More file actions
117 lines (97 loc) · 3.6 KB
/
Copy pathscan_test.py
File metadata and controls
117 lines (97 loc) · 3.6 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
import os.path
import textwrap
from pathlib import Path
import pytest
from detect_secrets.core import scan
from detect_secrets.settings import transient_settings
from detect_secrets.util import git
from testing.mocks import mock_named_temporary_file
class TestGetFilesToScan:
@staticmethod
def test_should_scan_specific_non_tracked_file(non_tracked_file):
assert list(scan.get_files_to_scan(non_tracked_file.name, should_scan_all_files=False))
@staticmethod
def test_should_scan_tracked_files_when_in_subdirectory(non_tracked_file):
pwd = os.getcwd()
try:
os.chdir('test_data')
assert len(list(scan.get_files_to_scan('.', should_scan_all_files=False))) == 23
finally:
os.chdir(pwd)
@staticmethod
def test_should_scan_tracked_files_in_directory(non_tracked_file):
assert (
os.path.relpath(non_tracked_file.name, '') not in set(
scan.get_files_to_scan(
os.path.dirname(non_tracked_file.name),
should_scan_all_files=False,
),
)
)
@staticmethod
def test_should_scan_all_files_in_directory_if_flag_is_provided(non_tracked_file):
assert (
os.path.relpath(non_tracked_file.name, '') in set(
scan.get_files_to_scan(
os.path.dirname(non_tracked_file.name),
should_scan_all_files=True,
),
)
)
@staticmethod
def test_handles_each_path_separately(non_tracked_file):
results = list(
scan.get_files_to_scan(
non_tracked_file.name,
'test_data/short_files',
),
)
# This implies that the test_data/short_files directory is scanned, because otherwise,
# it would only be one file. However, at the same time, this test case isn't fragile to
# additions to this directory.
assert len(results) > 2
@staticmethod
def test_handles_multiple_directories():
directories = [Path('test_data/short_files'), Path('test_data/files')]
results = list(scan.get_files_to_scan(*directories))
for prefix in directories:
assert len(list(filter(lambda x: x.startswith(str(prefix)), results))) > 1
@staticmethod
@pytest.fixture(autouse=True, scope='class')
def non_tracked_file():
with mock_named_temporary_file(
prefix=os.path.join(git.get_root_directory(), 'test_data/'),
) as f:
f.write(b'content does not matter')
f.seek(0)
yield f
class TestScanFile:
@staticmethod
def test_handles_broken_yaml_gracefully():
with mock_named_temporary_file(suffix='.yaml') as f:
f.write(
textwrap.dedent("""
metadata:
name: {{ .values.name }}
""")[1:].encode(),
)
f.seek(0)
assert not list(scan.scan_file(f.name))
@staticmethod
def test_handles_binary_files_gracefully():
# NOTE: This suffix needs to be something that isn't in the known file types, as determined
# by `detect_secrets.util.filetype.determine_file_type`.
with mock_named_temporary_file(suffix='.woff2') as f:
f.write(b'\x86')
f.seek(0)
assert not list(scan.scan_file(f.name))
@pytest.fixture(autouse=True)
def configure_plugins():
with transient_settings({
'plugins_used': [
{
'name': 'BasicAuthDetector',
},
],
}):
yield