Th 899 postman panic issue (#3245)

* Fixed the checks for local exported data * Fixed the check for local export files * Fixed the check for local export files * Fixed the check for local export files * Merge branch 'main' into th-899-postman-panic-issue * minor changes in the tests * test update * test
2024-11-10 07:04:24 +00:00 · 2024-08-26 14:46:05 -04:00 · 2024-08-26 14:46:05 -04:00 · 69f5d9b76d
commit 69f5d9b76d
parent 3b0b2909ca
2 changed files with 83 additions and 6 deletions
--- a/pkg/engine/postman.go
+++ b/pkg/engine/postman.go
@ -26,17 +26,17 @@ func (e *Engine) ScanPostman(ctx context.Context, c sources.PostmanConfig) error
 		CollectionPaths:     c.CollectionPaths,
 		EnvironmentPaths:    c.EnvironmentPaths,
 	}
+
+	// Check if postman data is going to be accessed via an api call using a token, or
+	// if it has been already exported and exists locally
 	if len(c.Token) > 0 {
 		connection.Credential = &sourcespb.Postman_Token{
 			Token: c.Token,
 		}
-	} else {
+	} else if len(c.WorkspacePaths) > 0 || len(c.CollectionPaths) > 0 || len(c.EnvironmentPaths) > 0 {
 		connection.Credential = &sourcespb.Postman_Unauthenticated{}
-	}
-
-	if len(c.Workspaces) == 0 && len(c.Collections) == 0 && len(c.Environments) == 0 && len(c.Token) == 0 && len(c.WorkspacePaths) == 0 && len(c.CollectionPaths) == 0 && len(c.EnvironmentPaths) == 0 {
-		ctx.Logger().Error(errors.New("no postman workspaces, collections, environments or API token provided"), "failed to scan postman")
-		return nil
+	} else {
+		return errors.New("no path to locally exported data or API token provided")
 	}

 	// Turn AhoCorasick keywordsToDetectors into a map of keywords
--- a/pkg/engine/postman_test.go
+++ b/pkg/engine/postman_test.go
@ -0,0 +1,77 @@
+package engine
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+
+	"github.com/trufflesecurity/trufflehog/v3/pkg/context"
+	"github.com/trufflesecurity/trufflehog/v3/pkg/decoders"
+	"github.com/trufflesecurity/trufflehog/v3/pkg/sources"
+)
+
+func TestPostmanEngine(t *testing.T) {
+	tests := []struct {
+		name          string
+		postmanConfig sources.PostmanConfig
+		wantErr       bool
+	}{
+		{
+			name: "scanned Postman with a token",
+			postmanConfig: sources.PostmanConfig{
+				Token: "dummy_key",
+			},
+		},
+		{
+			name: "scanned Postman with workspacePath",
+			postmanConfig: sources.PostmanConfig{
+				WorkspacePaths: []string{"Downloads/Test API.postman_collection.json"},
+			},
+		},
+		{
+			name: "scanned Postman with environmentPath",
+			postmanConfig: sources.PostmanConfig{
+				EnvironmentPaths: []string{"Downloads/Mobile - Points Unlock Redeemables.postman_environment.json"},
+			},
+		},
+		{
+			name:    "no token or file path provided",
+			wantErr: true,
+		},
+	}
+	for _, test := range tests {
+		t.Run(test.name, func(t *testing.T) {
+			ctx, cancel := context.WithCancel(context.TODO())
+			defer cancel()
+
+			const defaultOutputBufferSize = 64
+			opts := []func(*sources.SourceManager){
+				sources.WithSourceUnits(),
+				sources.WithBufferedOutput(defaultOutputBufferSize),
+			}
+
+			sourceManager := sources.NewManager(opts...)
+
+			conf := Config{
+				Concurrency:   1,
+				Decoders:      decoders.DefaultDecoders(),
+				Detectors:     DefaultDetectors(),
+				Verify:        false,
+				SourceManager: sourceManager,
+				Dispatcher:    NewPrinterDispatcher(new(discardPrinter)),
+			}
+
+			e, err := NewEngine(ctx, &conf)
+			assert.NoError(t, err)
+			e.Start(ctx)
+			err = e.ScanPostman(ctx, test.postmanConfig)
+			if err != nil && !test.wantErr {
+				t.Errorf("ScanPostman() got: %v, want: %v", err, nil)
+				return
+			}
+			if err == nil && test.wantErr {
+				t.Errorf("ScanPostman() got: %v, want: %v", err, "error")
+			}
+		})
+	}
+}