trufflehog/pkg/detectors/azuresearchquerykey/azuresearchquerykey_test.go

//go:build detectors
// +build detectors

package azuresearchquerykey

import (
	"context"
	"fmt"
	"testing"
	"time"

	"github.com/google/go-cmp/cmp"
	"github.com/google/go-cmp/cmp/cmpopts"

	"github.com/trufflesecurity/trufflehog/v3/pkg/detectors"

	"github.com/trufflesecurity/trufflehog/v3/pkg/common"
	"github.com/trufflesecurity/trufflehog/v3/pkg/pb/detectorspb"
)

func TestAzureSearchQueryKey_FromChunk(t *testing.T) {
	ctx, cancel := context.WithTimeout(context.Background(), time.Second*5)
	defer cancel()
	testSecrets, err := common.GetSecret(ctx, "trufflehog-testing", "detectors5")
	if err != nil {
		t.Fatalf("could not get test secrets from GCP: %s", err)
	}
	secret := testSecrets.MustGetField("AZURE_SEARCH_QUERY_KEY")
	inactiveSecret := testSecrets.MustGetField("AZURE_SEARCH_QUERY_KEY_INACTIVE")
	url := testSecrets.MustGetField("AZURE_SEARCH_QUERY_KEY_URL")

	type args struct {
		ctx    context.Context
		data   []byte
		verify bool
	}
	tests := []struct {
		name                string
		s                   Scanner
		args                args
		want                []detectors.Result
		wantErr             bool
		wantVerificationErr bool
	}{
		{
			name: "found, verified",
			s:    Scanner{},
			args: args{
				ctx:    context.Background(),
				data:   []byte(fmt.Sprintf("You can find a azure secret %s and azure url %s within", secret, url)),
				verify: true,
			},
			want: []detectors.Result{
				{
					DetectorType: detectorspb.DetectorType_AzureSearchQueryKey,
					Verified:     true,
					RawV2:        []byte(secret + url),
				},
			},
			wantErr:             false,
			wantVerificationErr: false,
		},
		{
			name: "found, unverified",
			s:    Scanner{},
			args: args{
				ctx:    context.Background(),
				data:   []byte(fmt.Sprintf("You can find a azure secret %s and azure url %s within but not valid", inactiveSecret, url)), // the secret would satisfy the regex but not pass validation
				verify: true,
			},
			want: []detectors.Result{
				{
					DetectorType: detectorspb.DetectorType_AzureSearchQueryKey,
					Verified:     false,
					RawV2:        []byte(inactiveSecret + url),
				},
			},
			wantErr:             false,
			wantVerificationErr: false,
		},
		{
			name: "not found",
			s:    Scanner{},
			args: args{
				ctx:    context.Background(),
				data:   []byte("You cannot find the secret within"),
				verify: true,
			},
			want:                nil,
			wantErr:             false,
			wantVerificationErr: false,
		},
		{
			name: "found, would be verified if not for timeout",
			s:    Scanner{client: common.SaneHttpClientTimeOut(1 * time.Microsecond)},
			args: args{
				ctx:    context.Background(),
				data:   []byte(fmt.Sprintf("You can find a azure secret %s and azure url %s within", secret, url)),
				verify: true,
			},
			want: []detectors.Result{
				{
					DetectorType: detectorspb.DetectorType_AzureSearchQueryKey,
					Verified:     false,
					RawV2:        []byte(secret + url),
				},
			},
			wantErr:             false,
			wantVerificationErr: true,
		},
		{
			name: "found, verified but unexpected api surface",
			s:    Scanner{client: common.ConstantResponseHttpClient(404, "")},
			args: args{
				ctx:    context.Background(),
				data:   []byte(fmt.Sprintf("You can find a azure secret %s and azure url %s within", secret, url)),
				verify: true,
			},
			want: []detectors.Result{
				{
					DetectorType: detectorspb.DetectorType_AzureSearchQueryKey,
					Verified:     false,
					RawV2:        []byte(secret + url),
				},
			},
			wantErr:             false,
			wantVerificationErr: true,
		},
	}
	for _, tt := range tests {
		t.Run(tt.name, func(t *testing.T) {
			got, err := tt.s.FromData(tt.args.ctx, tt.args.verify, tt.args.data)
			if (err != nil) != tt.wantErr {
				t.Errorf("AzureSearchQueryKey.FromData() error = %v, wantErr %v", err, tt.wantErr)
				return
			}
			for i := range got {
				if len(got[i].Raw) == 0 {
					t.Fatalf("no raw secret present: \n %+v", got[i])
				}
				if len(got[i].RawV2) == 0 {
					t.Fatalf("no rawV2 secret present: \n %+v", got[i])
				}
				if (got[i].VerificationError() != nil) != tt.wantVerificationErr {
					t.Fatalf("wantVerificationError = %v, verification error = %v", tt.wantVerificationErr, got[i].VerificationError())
				}
			}
			ignoreOpts := cmpopts.IgnoreFields(detectors.Result{}, "Raw", "RawV2", "verificationError")
			if diff := cmp.Diff(got, tt.want, ignoreOpts); diff != "" {
				t.Errorf("AzureSearchQueryKey.FromData() %s diff: (-got +want)\n%s", tt.name, diff)
			}
		})
	}
}

func BenchmarkFromData(benchmark *testing.B) {
	ctx := context.Background()
	s := Scanner{}
	for name, data := range detectors.MustGetBenchmarkData() {
		benchmark.Run(name, func(b *testing.B) {
			b.ResetTimer()
			for n := 0; n < b.N; n++ {
				_, err := s.FromData(ctx, false, data)
				if err != nil {
					b.Fatal(err)
				}
			}
		})
	}
}
added azuresearchquerykey detector (#2349) Co-authored-by: Dustin Decker <dustin@trufflesec.com> 2024-01-29 18:19:51 +00:00			`//go:build detectors`
			`// +build detectors`

			`package azuresearchquerykey`

			`import (`
			`"context"`
			`"fmt"`
			`"testing"`
			`"time"`

			`"github.com/google/go-cmp/cmp"`
			`"github.com/google/go-cmp/cmp/cmpopts"`

			`"github.com/trufflesecurity/trufflehog/v3/pkg/detectors"`

			`"github.com/trufflesecurity/trufflehog/v3/pkg/common"`
			`"github.com/trufflesecurity/trufflehog/v3/pkg/pb/detectorspb"`
			`)`

update azure test files to check rawV2 (#2353) 2024-01-31 16:36:52 +00:00			`func TestAzureSearchQueryKey_FromChunk(t *testing.T) {`
added azuresearchquerykey detector (#2349) Co-authored-by: Dustin Decker <dustin@trufflesec.com> 2024-01-29 18:19:51 +00:00			`ctx, cancel := context.WithTimeout(context.Background(), time.Second*5)`
			`defer cancel()`
			`testSecrets, err := common.GetSecret(ctx, "trufflehog-testing", "detectors5")`
			`if err != nil {`
			`t.Fatalf("could not get test secrets from GCP: %s", err)`
			`}`
			`secret := testSecrets.MustGetField("AZURE_SEARCH_QUERY_KEY")`
			`inactiveSecret := testSecrets.MustGetField("AZURE_SEARCH_QUERY_KEY_INACTIVE")`
			`url := testSecrets.MustGetField("AZURE_SEARCH_QUERY_KEY_URL")`

			`type args struct {`
			`ctx context.Context`
			`data []byte`
			`verify bool`
			`}`
			`tests := []struct {`
			`name string`
			`s Scanner`
			`args args`
			`want []detectors.Result`
			`wantErr bool`
			`wantVerificationErr bool`
			`}{`
			`{`
			`name: "found, verified",`
			`s: Scanner{},`
			`args: args{`
			`ctx: context.Background(),`
			`data: []byte(fmt.Sprintf("You can find a azure secret %s and azure url %s within", secret, url)),`
			`verify: true,`
			`},`
			`want: []detectors.Result{`
			`{`
			`DetectorType: detectorspb.DetectorType_AzureSearchQueryKey,`
			`Verified: true,`
update azure test files to check rawV2 (#2353) 2024-01-31 16:36:52 +00:00			`RawV2: []byte(secret + url),`
added azuresearchquerykey detector (#2349) Co-authored-by: Dustin Decker <dustin@trufflesec.com> 2024-01-29 18:19:51 +00:00			`},`
			`},`
			`wantErr: false,`
			`wantVerificationErr: false,`
			`},`
			`{`
			`name: "found, unverified",`
			`s: Scanner{},`
			`args: args{`
			`ctx: context.Background(),`
			`data: []byte(fmt.Sprintf("You can find a azure secret %s and azure url %s within but not valid", inactiveSecret, url)), // the secret would satisfy the regex but not pass validation`
			`verify: true,`
			`},`
			`want: []detectors.Result{`
			`{`
			`DetectorType: detectorspb.DetectorType_AzureSearchQueryKey,`
			`Verified: false,`
update azure test files to check rawV2 (#2353) 2024-01-31 16:36:52 +00:00			`RawV2: []byte(inactiveSecret + url),`
added azuresearchquerykey detector (#2349) Co-authored-by: Dustin Decker <dustin@trufflesec.com> 2024-01-29 18:19:51 +00:00			`},`
			`},`
			`wantErr: false,`
			`wantVerificationErr: false,`
			`},`
			`{`
			`name: "not found",`
			`s: Scanner{},`
			`args: args{`
			`ctx: context.Background(),`
			`data: []byte("You cannot find the secret within"),`
			`verify: true,`
			`},`
			`want: nil,`
			`wantErr: false,`
			`wantVerificationErr: false,`
			`},`
			`{`
			`name: "found, would be verified if not for timeout",`
			`s: Scanner{client: common.SaneHttpClientTimeOut(1 * time.Microsecond)},`
			`args: args{`
			`ctx: context.Background(),`
			`data: []byte(fmt.Sprintf("You can find a azure secret %s and azure url %s within", secret, url)),`
			`verify: true,`
			`},`
			`want: []detectors.Result{`
			`{`
			`DetectorType: detectorspb.DetectorType_AzureSearchQueryKey,`
			`Verified: false,`
update azure test files to check rawV2 (#2353) 2024-01-31 16:36:52 +00:00			`RawV2: []byte(secret + url),`
added azuresearchquerykey detector (#2349) Co-authored-by: Dustin Decker <dustin@trufflesec.com> 2024-01-29 18:19:51 +00:00			`},`
			`},`
			`wantErr: false,`
			`wantVerificationErr: true,`
			`},`
			`{`
			`name: "found, verified but unexpected api surface",`
			`s: Scanner{client: common.ConstantResponseHttpClient(404, "")},`
			`args: args{`
			`ctx: context.Background(),`
			`data: []byte(fmt.Sprintf("You can find a azure secret %s and azure url %s within", secret, url)),`
			`verify: true,`
			`},`
			`want: []detectors.Result{`
			`{`
			`DetectorType: detectorspb.DetectorType_AzureSearchQueryKey,`
			`Verified: false,`
update azure test files to check rawV2 (#2353) 2024-01-31 16:36:52 +00:00			`RawV2: []byte(secret + url),`
added azuresearchquerykey detector (#2349) Co-authored-by: Dustin Decker <dustin@trufflesec.com> 2024-01-29 18:19:51 +00:00			`},`
			`},`
			`wantErr: false,`
			`wantVerificationErr: true,`
			`},`
			`}`
			`for _, tt := range tests {`
			`t.Run(tt.name, func(t *testing.T) {`
			`got, err := tt.s.FromData(tt.args.ctx, tt.args.verify, tt.args.data)`
			`if (err != nil) != tt.wantErr {`
update azure test files to check rawV2 (#2353) 2024-01-31 16:36:52 +00:00			`t.Errorf("AzureSearchQueryKey.FromData() error = %v, wantErr %v", err, tt.wantErr)`
added azuresearchquerykey detector (#2349) Co-authored-by: Dustin Decker <dustin@trufflesec.com> 2024-01-29 18:19:51 +00:00			`return`
			`}`
			`for i := range got {`
			`if len(got[i].Raw) == 0 {`
			`t.Fatalf("no raw secret present: \n %+v", got[i])`
			`}`
update azure test files to check rawV2 (#2353) 2024-01-31 16:36:52 +00:00			`if len(got[i].RawV2) == 0 {`
			`t.Fatalf("no rawV2 secret present: \n %+v", got[i])`
			`}`
added azuresearchquerykey detector (#2349) Co-authored-by: Dustin Decker <dustin@trufflesec.com> 2024-01-29 18:19:51 +00:00			`if (got[i].VerificationError() != nil) != tt.wantVerificationErr {`
			`t.Fatalf("wantVerificationError = %v, verification error = %v", tt.wantVerificationErr, got[i].VerificationError())`
			`}`
			`}`
update azure test files to check rawV2 (#2353) 2024-01-31 16:36:52 +00:00			`ignoreOpts := cmpopts.IgnoreFields(detectors.Result{}, "Raw", "RawV2", "verificationError")`
added azuresearchquerykey detector (#2349) Co-authored-by: Dustin Decker <dustin@trufflesec.com> 2024-01-29 18:19:51 +00:00			`if diff := cmp.Diff(got, tt.want, ignoreOpts); diff != "" {`
update azure test files to check rawV2 (#2353) 2024-01-31 16:36:52 +00:00			`t.Errorf("AzureSearchQueryKey.FromData() %s diff: (-got +want)\n%s", tt.name, diff)`
added azuresearchquerykey detector (#2349) Co-authored-by: Dustin Decker <dustin@trufflesec.com> 2024-01-29 18:19:51 +00:00			`}`
			`})`
			`}`
			`}`

			`func BenchmarkFromData(benchmark *testing.B) {`
			`ctx := context.Background()`
			`s := Scanner{}`
			`for name, data := range detectors.MustGetBenchmarkData() {`
			`benchmark.Run(name, func(b *testing.B) {`
			`b.ResetTimer()`
			`for n := 0; n < b.N; n++ {`
			`_, err := s.FromData(ctx, false, data)`
			`if err != nil {`
			`b.Fatal(err)`
			`}`
			`}`
			`})`
			`}`
			`}`