Mirrors/trufflehog
2
0
Fork 0
mirror of https://github.com/trufflesecurity/trufflehog.git synced 2024-11-10 07:04:24 +00:00
Code Issues Projects Releases Packages Wiki Activity
trufflehog/pkg/custom_detectors/custom_detectors_test.go

216 lines
6 KiB
Go
Raw Normal View History

Add custom detectors configuration parsing (#927) * Add custom_detectors proto * Generate proto code * Create custom_detectors package Also create protoyaml package to test YAML unmarshalling the configuration. * Simplify custom_detectors proto by removing connection * Generate proto code * Update custom_detectors parsing tests
2022-11-21 21:10:38 +00:00
package custom_detectors
import (
Handle invalid regex for custom detector. (#1005) * Handle invalid regex for custom detector. * Add comment highlighting invalid regex.
2023-01-09 17:45:30 +00:00
"context"
Add custom detectors configuration parsing (#927) * Add custom_detectors proto * Generate proto code * Create custom_detectors package Also create protoyaml package to test YAML unmarshalling the configuration. * Simplify custom_detectors proto by removing connection * Generate proto code * Update custom_detectors parsing tests
2022-11-21 21:10:38 +00:00
"testing"
"github.com/stretchr/testify/assert"
Handle invalid regex for custom detector. (#1005) * Handle invalid regex for custom detector. * Add comment highlighting invalid regex.
2023-01-09 17:45:30 +00:00
Add custom detectors configuration parsing (#927) * Add custom_detectors proto * Generate proto code * Create custom_detectors package Also create protoyaml package to test YAML unmarshalling the configuration. * Simplify custom_detectors proto by removing connection * Generate proto code * Update custom_detectors parsing tests
2022-11-21 21:10:38 +00:00
"github.com/trufflesecurity/trufflehog/v3/pkg/pb/custom_detectorspb"
"github.com/trufflesecurity/trufflehog/v3/pkg/protoyaml"
)
Add test for configuring custom regex with webhook verification (#946)
2022-12-02 17:23:20 +00:00
func TestCustomRegexTemplateParsing(t *testing.T) {
testCustomRegexTemplateYaml := `name: Internal bi tool
Add custom detectors configuration parsing (#927) * Add custom_detectors proto * Generate proto code * Create custom_detectors package Also create protoyaml package to test YAML unmarshalling the configuration. * Simplify custom_detectors proto by removing connection * Generate proto code * Update custom_detectors parsing tests
2022-11-21 21:10:38 +00:00
keywords:
- secret_v1_
- pat_v2_
regex:
id_pat_example: ([a-zA-Z0-9]{32})
secret_pat_example: ([a-zA-Z0-9]{32})
verify:
- endpoint: http://localhost:8000/{id_pat_example}
unsafe: true
headers:
- 'Authorization: Bearer {secret_pat_example.0}'
successRanges:
- 200-250
- '288'`
Add test for configuring custom regex with webhook verification (#946)
2022-12-02 17:23:20 +00:00
var got custom_detectorspb.CustomRegex
assert.NoError(t, protoyaml.UnmarshalStrict([]byte(testCustomRegexTemplateYaml), &got))
Add custom detectors configuration parsing (#927) * Add custom_detectors proto * Generate proto code * Create custom_detectors package Also create protoyaml package to test YAML unmarshalling the configuration. * Simplify custom_detectors proto by removing connection * Generate proto code * Update custom_detectors parsing tests
2022-11-21 21:10:38 +00:00
assert.Equal(t, "Internal bi tool", got.Name)
assert.Equal(t, []string{"secret_v1_", "pat_v2_"}, got.Keywords)
assert.Equal(t, map[string]string{
"id_pat_example": "([a-zA-Z0-9]{32})",
"secret_pat_example": "([a-zA-Z0-9]{32})",
}, got.Regex)
assert.Equal(t, 1, len(got.Verify))
assert.Equal(t, "http://localhost:8000/{id_pat_example}", got.Verify[0].Endpoint)
assert.Equal(t, true, got.Verify[0].Unsafe)
assert.Equal(t, []string{"Authorization: Bearer {secret_pat_example.0}"}, got.Verify[0].Headers)
assert.Equal(t, []string{"200-250", "288"}, got.Verify[0].SuccessRanges)
}
Add test for configuring custom regex with webhook verification (#946)
2022-12-02 17:23:20 +00:00
func TestCustomRegexWebhookParsing(t *testing.T) {
testCustomRegexWebhookYaml := `name: Internal bi tool
keywords:
- secret_v1_
- pat_v2_
regex:
id_pat_example: ([a-zA-Z0-9]{32})
secret_pat_example: ([a-zA-Z0-9]{32})
verify:
- endpoint: http://localhost:8000/
unsafe: true
headers:
- 'Authorization: Bearer token'`
Add custom detectors configuration parsing (#927) * Add custom_detectors proto * Generate proto code * Create custom_detectors package Also create protoyaml package to test YAML unmarshalling the configuration. * Simplify custom_detectors proto by removing connection * Generate proto code * Update custom_detectors parsing tests
2022-11-21 21:10:38 +00:00
Add test for configuring custom regex with webhook verification (#946)
2022-12-02 17:23:20 +00:00
var got custom_detectorspb.CustomRegex
assert.NoError(t, protoyaml.UnmarshalStrict([]byte(testCustomRegexWebhookYaml), &got))
assert.Equal(t, "Internal bi tool", got.Name)
assert.Equal(t, []string{"secret_v1_", "pat_v2_"}, got.Keywords)
assert.Equal(t, map[string]string{
"id_pat_example": "([a-zA-Z0-9]{32})",
"secret_pat_example": "([a-zA-Z0-9]{32})",
}, got.Regex)
assert.Equal(t, 1, len(got.Verify))
assert.Equal(t, "http://localhost:8000/", got.Verify[0].Endpoint)
assert.Equal(t, true, got.Verify[0].Unsafe)
assert.Equal(t, []string{"Authorization: Bearer token"}, got.Verify[0].Headers)
Add custom detectors configuration parsing (#927) * Add custom_detectors proto * Generate proto code * Create custom_detectors package Also create protoyaml package to test YAML unmarshalling the configuration. * Simplify custom_detectors proto by removing connection * Generate proto code * Update custom_detectors parsing tests
2022-11-21 21:10:38 +00:00
}
Add test for configuring custom regex with webhook verification (#946)
2022-12-02 17:23:20 +00:00
// TestCustomDetectorsParsing tests the full `detectors` configuration.
Add custom detectors configuration parsing (#927) * Add custom_detectors proto * Generate proto code * Create custom_detectors package Also create protoyaml package to test YAML unmarshalling the configuration. * Simplify custom_detectors proto by removing connection * Generate proto code * Update custom_detectors parsing tests
2022-11-21 21:10:38 +00:00
func TestCustomDetectorsParsing(t *testing.T) {
Add test for configuring custom regex with webhook verification (#946)
2022-12-02 17:23:20 +00:00
// TODO: Support both template and webhook.
testYamlConfig := `detectors:
- name: Internal bi tool
keywords:
- secret_v1_
- pat_v2_
regex:
id_pat_example: ([a-zA-Z0-9]{32})
secret_pat_example: ([a-zA-Z0-9]{32})
verify:
- endpoint: http://localhost:8000/
unsafe: true
headers:
- 'Authorization: Bearer token'`
Add custom detectors configuration parsing (#927) * Add custom_detectors proto * Generate proto code * Create custom_detectors package Also create protoyaml package to test YAML unmarshalling the configuration. * Simplify custom_detectors proto by removing connection * Generate proto code * Update custom_detectors parsing tests
2022-11-21 21:10:38 +00:00
var messages custom_detectorspb.CustomDetectors
assert.NoError(t, protoyaml.UnmarshalStrict([]byte(testYamlConfig), &messages))
Add test for configuring custom regex with webhook verification (#946)
2022-12-02 17:23:20 +00:00
assert.Equal(t, 1, len(messages.Detectors))
got := messages.Detectors[0]
assert.Equal(t, "Internal bi tool", got.Name)
assert.Equal(t, []string{"secret_v1_", "pat_v2_"}, got.Keywords)
assert.Equal(t, map[string]string{
"id_pat_example": "([a-zA-Z0-9]{32})",
"secret_pat_example": "([a-zA-Z0-9]{32})",
}, got.Regex)
assert.Equal(t, 1, len(got.Verify))
assert.Equal(t, "http://localhost:8000/", got.Verify[0].Endpoint)
assert.Equal(t, true, got.Verify[0].Unsafe)
assert.Equal(t, []string{"Authorization: Bearer token"}, got.Verify[0].Headers)
Add custom detectors configuration parsing (#927) * Add custom_detectors proto * Generate proto code * Create custom_detectors package Also create protoyaml package to test YAML unmarshalling the configuration. * Simplify custom_detectors proto by removing connection * Generate proto code * Update custom_detectors parsing tests
2022-11-21 21:10:38 +00:00
}
Add CustomRegex validation (#939) * Add validation skeleton * Add custom detector validation with tests * Validate and test regex vars * Implement RegexVarString * Use RegexVarString for validating regex variables * Add numerics to the regex variable matching Co-authored-by: hxnyk <8292703+hxnyk@users.noreply.github.com>
2022-12-02 17:26:22 +00:00
Handle invalid regex for custom detector. (#1005) * Handle invalid regex for custom detector. * Add comment highlighting invalid regex.
2023-01-09 17:45:30 +00:00
func TestFromData_InvalidRegEx(t *testing.T) {
Support multiple custom detectors (#2064) #1711 accidentally removed the ability to support multiple custom detectors. This PR partially adds back this capability: Multiple custom detectors are now supported overall, but only one custom detector can be returned for a given keyword match.
2023-10-30 22:17:17 +00:00
c := &CustomRegexWebhook{
Handle invalid regex for custom detector. (#1005) * Handle invalid regex for custom detector. * Add comment highlighting invalid regex.
2023-01-09 17:45:30 +00:00
&custom_detectorspb.CustomRegex{
Name: "Internal bi tool",
Keywords: []string{"secret_v1_", "pat_v2_"},
Regex: map[string]string{
"test": "!!?(?:?)[a-zA-Z0-9]{32}", // invalid regex
},
},
}
_, err := c.FromData(context.Background(), false, []byte("test"))
assert.Error(t, err)
}
Implement CustomRegex detector (#950) * Remove verifying successRanges because it is unused in webhook * Move custom_detectors validation code into its own file * Initial implementation of custom regex detector Secret verification is done via webhook. * Add CustomRegex detector type * Add upper bound to permutation * Return early if the context is canceled * Add headers from configuration * Add detector name as a key in the JSON body * Implement faster algorithm for productIndices
2022-12-14 16:26:53 +00:00
func TestProductIndices(t *testing.T) {
Add CustomRegex validation (#939) * Add validation skeleton * Add custom detector validation with tests * Validate and test regex vars * Implement RegexVarString * Use RegexVarString for validating regex variables * Add numerics to the regex variable matching Co-authored-by: hxnyk <8292703+hxnyk@users.noreply.github.com>
2022-12-02 17:26:22 +00:00
tests := []struct {
Implement CustomRegex detector (#950) * Remove verifying successRanges because it is unused in webhook * Move custom_detectors validation code into its own file * Initial implementation of custom regex detector Secret verification is done via webhook. * Add CustomRegex detector type * Add upper bound to permutation * Return early if the context is canceled * Add headers from configuration * Add detector name as a key in the JSON body * Implement faster algorithm for productIndices
2022-12-14 16:26:53 +00:00
name string
input []int
want [][]int
Add CustomRegex validation (#939) * Add validation skeleton * Add custom detector validation with tests * Validate and test regex vars * Implement RegexVarString * Use RegexVarString for validating regex variables * Add numerics to the regex variable matching Co-authored-by: hxnyk <8292703+hxnyk@users.noreply.github.com>
2022-12-02 17:26:22 +00:00
}{
{
Implement CustomRegex detector (#950) * Remove verifying successRanges because it is unused in webhook * Move custom_detectors validation code into its own file * Initial implementation of custom regex detector Secret verification is done via webhook. * Add CustomRegex detector type * Add upper bound to permutation * Return early if the context is canceled * Add headers from configuration * Add detector name as a key in the JSON body * Implement faster algorithm for productIndices
2022-12-14 16:26:53 +00:00
name: "zero",
input: []int{3, 0},
want: nil,
Add CustomRegex validation (#939) * Add validation skeleton * Add custom detector validation with tests * Validate and test regex vars * Implement RegexVarString * Use RegexVarString for validating regex variables * Add numerics to the regex variable matching Co-authored-by: hxnyk <8292703+hxnyk@users.noreply.github.com>
2022-12-02 17:26:22 +00:00
},
{
Implement CustomRegex detector (#950) * Remove verifying successRanges because it is unused in webhook * Move custom_detectors validation code into its own file * Initial implementation of custom regex detector Secret verification is done via webhook. * Add CustomRegex detector type * Add upper bound to permutation * Return early if the context is canceled * Add headers from configuration * Add detector name as a key in the JSON body * Implement faster algorithm for productIndices
2022-12-14 16:26:53 +00:00
name: "one input",
input: []int{3},
want: [][]int{{0}, {1}, {2}},
Add CustomRegex validation (#939) * Add validation skeleton * Add custom detector validation with tests * Validate and test regex vars * Implement RegexVarString * Use RegexVarString for validating regex variables * Add numerics to the regex variable matching Co-authored-by: hxnyk <8292703+hxnyk@users.noreply.github.com>
2022-12-02 17:26:22 +00:00
},
{
Implement CustomRegex detector (#950) * Remove verifying successRanges because it is unused in webhook * Move custom_detectors validation code into its own file * Initial implementation of custom regex detector Secret verification is done via webhook. * Add CustomRegex detector type * Add upper bound to permutation * Return early if the context is canceled * Add headers from configuration * Add detector name as a key in the JSON body * Implement faster algorithm for productIndices
2022-12-14 16:26:53 +00:00
name: "two inputs",
input: []int{3, 2},
want: [][]int{
{0, 0}, {1, 0}, {2, 0},
{0, 1}, {1, 1}, {2, 1},
Add CustomRegex validation (#939) * Add validation skeleton * Add custom detector validation with tests * Validate and test regex vars * Implement RegexVarString * Use RegexVarString for validating regex variables * Add numerics to the regex variable matching Co-authored-by: hxnyk <8292703+hxnyk@users.noreply.github.com>
2022-12-02 17:26:22 +00:00
},
},
{
Implement CustomRegex detector (#950) * Remove verifying successRanges because it is unused in webhook * Move custom_detectors validation code into its own file * Initial implementation of custom regex detector Secret verification is done via webhook. * Add CustomRegex detector type * Add upper bound to permutation * Return early if the context is canceled * Add headers from configuration * Add detector name as a key in the JSON body * Implement faster algorithm for productIndices
2022-12-14 16:26:53 +00:00
name: "three inputs",
input: []int{3, 2, 3},
want: [][]int{
{0, 0, 0}, {1, 0, 0}, {2, 0, 0},
{0, 1, 0}, {1, 1, 0}, {2, 1, 0},
{0, 0, 1}, {1, 0, 1}, {2, 0, 1},
{0, 1, 1}, {1, 1, 1}, {2, 1, 1},
{0, 0, 2}, {1, 0, 2}, {2, 0, 2},
{0, 1, 2}, {1, 1, 2}, {2, 1, 2},
},
Add CustomRegex validation (#939) * Add validation skeleton * Add custom detector validation with tests * Validate and test regex vars * Implement RegexVarString * Use RegexVarString for validating regex variables * Add numerics to the regex variable matching Co-authored-by: hxnyk <8292703+hxnyk@users.noreply.github.com>
2022-12-02 17:26:22 +00:00
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
Implement CustomRegex detector (#950) * Remove verifying successRanges because it is unused in webhook * Move custom_detectors validation code into its own file * Initial implementation of custom regex detector Secret verification is done via webhook. * Add CustomRegex detector type * Add upper bound to permutation * Return early if the context is canceled * Add headers from configuration * Add detector name as a key in the JSON body * Implement faster algorithm for productIndices
2022-12-14 16:26:53 +00:00
got := productIndices(tt.input...)
assert.Equal(t, tt.want, got)
Add CustomRegex validation (#939) * Add validation skeleton * Add custom detector validation with tests * Validate and test regex vars * Implement RegexVarString * Use RegexVarString for validating regex variables * Add numerics to the regex variable matching Co-authored-by: hxnyk <8292703+hxnyk@users.noreply.github.com>
2022-12-02 17:26:22 +00:00
})
}
}
Implement CustomRegex detector (#950) * Remove verifying successRanges because it is unused in webhook * Move custom_detectors validation code into its own file * Initial implementation of custom regex detector Secret verification is done via webhook. * Add CustomRegex detector type * Add upper bound to permutation * Return early if the context is canceled * Add headers from configuration * Add detector name as a key in the JSON body * Implement faster algorithm for productIndices
2022-12-14 16:26:53 +00:00
func TestProductIndicesMax(t *testing.T) {
got := productIndices(2, 3, 4, 5, 6)
assert.GreaterOrEqual(t, 2*3*4*5*6, maxTotalMatches)
assert.Equal(t, maxTotalMatches, len(got))
Add CustomRegex validation (#939) * Add validation skeleton * Add custom detector validation with tests * Validate and test regex vars * Implement RegexVarString * Use RegexVarString for validating regex variables * Add numerics to the regex variable matching Co-authored-by: hxnyk <8292703+hxnyk@users.noreply.github.com>
2022-12-02 17:26:22 +00:00
}
Implement CustomRegex detector (#950) * Remove verifying successRanges because it is unused in webhook * Move custom_detectors validation code into its own file * Initial implementation of custom regex detector Secret verification is done via webhook. * Add CustomRegex detector type * Add upper bound to permutation * Return early if the context is canceled * Add headers from configuration * Add detector name as a key in the JSON body * Implement faster algorithm for productIndices
2022-12-14 16:26:53 +00:00
func TestPermutateMatches(t *testing.T) {
Add CustomRegex validation (#939) * Add validation skeleton * Add custom detector validation with tests * Validate and test regex vars * Implement RegexVarString * Use RegexVarString for validating regex variables * Add numerics to the regex variable matching Co-authored-by: hxnyk <8292703+hxnyk@users.noreply.github.com>
2022-12-02 17:26:22 +00:00
tests := []struct {
Implement CustomRegex detector (#950) * Remove verifying successRanges because it is unused in webhook * Move custom_detectors validation code into its own file * Initial implementation of custom regex detector Secret verification is done via webhook. * Add CustomRegex detector type * Add upper bound to permutation * Return early if the context is canceled * Add headers from configuration * Add detector name as a key in the JSON body * Implement faster algorithm for productIndices
2022-12-14 16:26:53 +00:00
name string
input map[string][][]string
want []map[string][]string
Add CustomRegex validation (#939) * Add validation skeleton * Add custom detector validation with tests * Validate and test regex vars * Implement RegexVarString * Use RegexVarString for validating regex variables * Add numerics to the regex variable matching Co-authored-by: hxnyk <8292703+hxnyk@users.noreply.github.com>
2022-12-02 17:26:22 +00:00
}{
{
Implement CustomRegex detector (#950) * Remove verifying successRanges because it is unused in webhook * Move custom_detectors validation code into its own file * Initial implementation of custom regex detector Secret verification is done via webhook. * Add CustomRegex detector type * Add upper bound to permutation * Return early if the context is canceled * Add headers from configuration * Add detector name as a key in the JSON body * Implement faster algorithm for productIndices
2022-12-14 16:26:53 +00:00
name: "two matches",
input: map[string][][]string{"foo": {{"matchA"}, {"matchB"}}, "bar": {{"matchC"}}},
want: []map[string][]string{
{"foo": {"matchA"}, "bar": {"matchC"}},
{"foo": {"matchB"}, "bar": {"matchC"}},
},
Add CustomRegex validation (#939) * Add validation skeleton * Add custom detector validation with tests * Validate and test regex vars * Implement RegexVarString * Use RegexVarString for validating regex variables * Add numerics to the regex variable matching Co-authored-by: hxnyk <8292703+hxnyk@users.noreply.github.com>
2022-12-02 17:26:22 +00:00
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
Implement CustomRegex detector (#950) * Remove verifying successRanges because it is unused in webhook * Move custom_detectors validation code into its own file * Initial implementation of custom regex detector Secret verification is done via webhook. * Add CustomRegex detector type * Add upper bound to permutation * Return early if the context is canceled * Add headers from configuration * Add detector name as a key in the JSON body * Implement faster algorithm for productIndices
2022-12-14 16:26:53 +00:00
got := permutateMatches(tt.input)
assert.Equal(t, tt.want, got)
Add CustomRegex validation (#939) * Add validation skeleton * Add custom detector validation with tests * Validate and test regex vars * Implement RegexVarString * Use RegexVarString for validating regex variables * Add numerics to the regex variable matching Co-authored-by: hxnyk <8292703+hxnyk@users.noreply.github.com>
2022-12-02 17:26:22 +00:00
})
}
}
Remove false positive detection for CustomRegex (#1050) Checking for false positives can lead to results being removed before ever getting the opportunity to verify them. Users are already responsible for verification of custom detectors, so let's not interfere with how they choose to use it.
2023-01-27 17:57:10 +00:00
func TestDetector(t *testing.T) {
detector, err := NewWebhookCustomRegex(&custom_detectorspb.CustomRegex{
Name: "test",
// "password" is normally flagged as a false positive, but CustomRegex
// should allow the user to decide and report it as a result.
Keywords: []string{"password"},
Regex: map[string]string{"regex": "password=.*"},
})
assert.NoError(t, err)
results, err := detector.FromData(context.Background(), false, []byte(`password="123456"`))
assert.NoError(t, err)
assert.Equal(t, 1, len(results))
assert.Equal(t, results[0].Raw, []byte(`password="123456"`))
}
Implement CustomRegex detector (#950) * Remove verifying successRanges because it is unused in webhook * Move custom_detectors validation code into its own file * Initial implementation of custom regex detector Secret verification is done via webhook. * Add CustomRegex detector type * Add upper bound to permutation * Return early if the context is canceled * Add headers from configuration * Add detector name as a key in the JSON body * Implement faster algorithm for productIndices
2022-12-14 16:26:53 +00:00
func BenchmarkProductIndices(b *testing.B) {
for i := 0; i < b.N; i++ {
_ = productIndices(3, 2, 6)
Add CustomRegex validation (#939) * Add validation skeleton * Add custom detector validation with tests * Validate and test regex vars * Implement RegexVarString * Use RegexVarString for validating regex variables * Add numerics to the regex variable matching Co-authored-by: hxnyk <8292703+hxnyk@users.noreply.github.com>
2022-12-02 17:26:22 +00:00
}
}
Reference in a new issue Copy permalink