integration testing for mongodb. (#2907)

* integration testing for mongodb. * add more test cases. remove dead code/comments
2024-11-10 07:04:24 +00:00 · 2024-06-04 00:59:25 +05:00 · 2024-06-04 00:59:25 +05:00 · e5a5b63845
commit e5a5b63845
parent fbff476a52
3 changed files with 185 additions and 0 deletions
--- a/go.mod
+++ b/go.mod
@ -254,6 +254,7 @@ require (
 	github.com/shoenig/go-m1cpu v0.1.6 // indirect
 	github.com/sirupsen/logrus v1.9.3 // indirect
 	github.com/skeema/knownhosts v1.2.2 // indirect
+	github.com/testcontainers/testcontainers-go/modules/mongodb v0.31.0 // indirect
 	github.com/testcontainers/testcontainers-go/modules/redis v0.31.0 // indirect
 	github.com/tetratelabs/wazero v1.7.1 // indirect
 	github.com/therootcompany/xz v1.0.1 // indirect
--- a/go.sum
+++ b/go.sum
@ -714,6 +714,8 @@ github.com/testcontainers/testcontainers-go v0.31.0 h1:W0VwIhcEVhRflwL9as3dhY6jX
 github.com/testcontainers/testcontainers-go v0.31.0/go.mod h1:D2lAoA0zUFiSY+eAflqK5mcUx/A5hrrORaEQrd0SefI=
 github.com/testcontainers/testcontainers-go/modules/elasticsearch v0.31.0 h1:KBbU/rVL3RhrFYcrVGY+NDw3x3Ho2YlJUnjbIOsL6jk=
 github.com/testcontainers/testcontainers-go/modules/elasticsearch v0.31.0/go.mod h1:7YQbgJUoNDztnXWAdCRtI+gUqBM+URd83JzwYlzwGhQ=
+github.com/testcontainers/testcontainers-go/modules/mongodb v0.31.0 h1:0ZAEX50NNK/TVRqDls4aQUmokRcYzstKzmF3DCfFK+Y=
+github.com/testcontainers/testcontainers-go/modules/mongodb v0.31.0/go.mod h1:n5KbYAdzD8xJrNVGdPvSacJtwZ4D0Q/byTMI5vR/dk8=
 github.com/testcontainers/testcontainers-go/modules/mssql v0.31.0 h1:X4MRxswzZJov/X5a5FYGzNmMRAKlnErE+5euMoMJGzM=
 github.com/testcontainers/testcontainers-go/modules/mssql v0.31.0/go.mod h1:GsGFz4tcxka1meZdBBHdqZCYdpHQaa/pORXW/ELWZV0=
 github.com/testcontainers/testcontainers-go/modules/mysql v0.31.0 h1:790+S8ewZYCbG+o8IiFlZ8ZZ33XbNO6zV9qhU6xhlRk=
--- a/pkg/detectors/mongodb/mongodb_integration_test.go
+++ b/pkg/detectors/mongodb/mongodb_integration_test.go
@ -0,0 +1,182 @@
+//go:build detectors && integration
+// +build detectors,integration
+
+package mongodb
+
+import (
+	"context"
+	"fmt"
+	"testing"
+	"time"
+
+	"github.com/brianvoe/gofakeit/v7"
+	"github.com/google/go-cmp/cmp"
+	"github.com/google/go-cmp/cmp/cmpopts"
+	"github.com/testcontainers/testcontainers-go"
+	"github.com/testcontainers/testcontainers-go/modules/mongodb"
+	"github.com/testcontainers/testcontainers-go/wait"
+	"github.com/trufflesecurity/trufflehog/v3/pkg/detectors"
+	"github.com/trufflesecurity/trufflehog/v3/pkg/pb/detectorspb"
+)
+
+func TestIntegrationMongoDB_FromChunk(t *testing.T) {
+
+	ctx := context.Background()
+
+	mongoDbUser := gofakeit.Username()
+	mongoDbPass := gofakeit.Password(true, true, true, false, false, 10)
+
+	mongoContainer, err := mongodb.RunContainer(
+		ctx,
+		testcontainers.WithImage("mongo:7.0.11"),
+		mongodb.WithUsername(mongoDbUser),
+		mongodb.WithPassword(mongoDbPass),
+		testcontainers.WithWaitStrategy(
+			// mongodb logs "Waiting for connections" twice after that it starts accepting connections
+			wait.ForLog("Waiting for connections").WithOccurrence(2).WithStartupTimeout(10*time.Second),
+		),
+	)
+
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer mongoContainer.Terminate(ctx)
+
+	port, err := mongoContainer.MappedPort(ctx, "27017")
+	if err != nil {
+		t.Fatal(err)
+	}
+	host, err := mongoContainer.Host(ctx)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	// mongodb+srv://mongotester:Risa0y3t35Si1qT3@cluster0.z8js2ni.mongodb.net/?retryWrites=true&w=majority
+	// mongodb+srv://mongotester:risa0y3t35Si1qT3@cluster0.z8js2ni.mongodb.net/?retryWrites=true&w=majority
+
+	type args struct {
+		ctx    context.Context
+		data   []byte
+		verify bool
+	}
+	tests := []struct {
+		name                string
+		s                   Scanner
+		args                args
+		want                []detectors.Result
+		wantErr             bool
+		wantVerificationErr bool
+	}{
+		{
+			name: "found, verified",
+			s:    Scanner{},
+			args: args{
+				ctx:    context.Background(),
+				data:   []byte(fmt.Sprintf("mongodb://%s:%s@%s:%s/?retryWrites=true&w=majority", mongoDbUser, mongoDbPass, host, port.Port())),
+				verify: true,
+			},
+			want: []detectors.Result{
+				{
+					DetectorType: detectorspb.DetectorType_MongoDB,
+					Verified:     true,
+					ExtraData: map[string]string{
+						"rotation_guide": "https://howtorotate.com/docs/tutorials/mongo/",
+					},
+				},
+			},
+			wantErr: false,
+		},
+		{
+			name: "found, unverified",
+			s:    Scanner{},
+			args: args{
+				ctx:    context.Background(),
+				data:   []byte(fmt.Sprintf("mongodb://%s:%s@%s:%s/?retryWrites=true&w=majority", mongoDbUser, "invalidPassword", host, port)), // the secret would satisfy the regex but not pass validation
+				verify: true,
+			},
+			want: []detectors.Result{
+				{
+					DetectorType: detectorspb.DetectorType_MongoDB,
+					Verified:     false,
+					ExtraData: map[string]string{
+						"rotation_guide": "https://howtorotate.com/docs/tutorials/mongo/",
+					},
+				},
+			},
+			wantErr: false,
+		},
+		{
+			name: "found, would be verified but for connection timeout",
+			s:    Scanner{timeout: 1 * time.Microsecond},
+			args: args{
+				ctx:    context.Background(),
+				data:   []byte(fmt.Sprintf("mongodb://%s:%s@%s:%s/?retryWrites=true&w=majority", mongoDbUser, mongoDbPass, host, port.Port())),
+				verify: true,
+			},
+			want: []detectors.Result{
+				{
+					DetectorType: detectorspb.DetectorType_MongoDB,
+					Verified:     false,
+					ExtraData: map[string]string{
+						"rotation_guide": "https://howtorotate.com/docs/tutorials/mongo/",
+					},
+				},
+			},
+			wantErr:             false,
+			wantVerificationErr: true,
+		},
+		{
+			name: "found, bad host",
+			s:    Scanner{},
+			args: args{
+				ctx:    context.Background(),
+				data:   []byte(fmt.Sprintf("mongodb://%s:%s@%s:%s/?retryWrites=true&w=majority", mongoDbUser, mongoDbPass, "bad.host", port.Port())),
+				verify: true,
+			},
+			want: []detectors.Result{
+				{
+					DetectorType: detectorspb.DetectorType_MongoDB,
+					Verified:     false,
+					ExtraData: map[string]string{
+						"rotation_guide": "https://howtorotate.com/docs/tutorials/mongo/",
+					},
+				},
+			},
+			wantErr:             false,
+			wantVerificationErr: true,
+		},
+		{
+			name: "not found",
+			s:    Scanner{},
+			args: args{
+				ctx:    context.Background(),
+				data:   []byte("You cannot find the secret within"),
+				verify: true,
+			},
+			want:    nil,
+			wantErr: false,
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			got, err := tt.s.FromData(tt.args.ctx, tt.args.verify, tt.args.data)
+			if (err != nil) != tt.wantErr {
+				t.Errorf("MongoDB.FromData() error = %v, wantErr %v", err, tt.wantErr)
+				return
+			}
+			for i := range got {
+				if len(got[i].Raw) == 0 {
+					t.Fatalf("no raw secret present: \n %+v", got[i])
+				}
+				got[i].Raw = nil
+				if (got[i].VerificationError() != nil) != tt.wantVerificationErr {
+					t.Fatalf("wantVerificationErr = %v, verification error = %v", tt.wantVerificationErr, got[i].VerificationError())
+				}
+			}
+			ignoreOpts := cmpopts.IgnoreFields(detectors.Result{}, "RawV2", "verificationError")
+			if diff := cmp.Diff(tt.want, got, ignoreOpts); diff != "" {
+				t.Errorf("MongoDB.FromData() %s diff: (-got +want)\n%s", tt.name, diff)
+			}
+		})
+	}
+}