mirror of
https://github.com/anchore/syft.git
synced 2025-11-17 16:33:21 +01:00
9ec09add67
* add initial secrets cataloger Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * update ETUI elements with new catalogers (file metadata, digests, and secrets) Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * update secrets cataloger to read full contents into memory for searching Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * quick prototype of parallelization secret regex search Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * quick prototype with single aggregated regex Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * quick prototype for secret search line-by-line Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * quick prototype hybrid secrets search Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add secrets cataloger with line strategy Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * adjust verbiage towards SearchResults instead of Secrets + add tests Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * update json schema with secrets cataloger results Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * address PR comments Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * update readme with secrets config options Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * ensure file catalogers call AllLocations once Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
70 lines
2.5 KiB
Go
70 lines
2.5 KiB
Go
package cli
|
|
|
|
import (
|
|
"strings"
|
|
"testing"
|
|
)
|
|
|
|
func TestPowerUserCmdFlags(t *testing.T) {
|
|
tests := []struct {
|
|
name string
|
|
args []string
|
|
env map[string]string
|
|
assertions []traitAssertion
|
|
}{
|
|
{
|
|
name: "json-output-flag-fails",
|
|
args: []string{"power-user", "-o", "json", "docker-archive:" + getFixtureImage(t, "image-pkg-coverage")},
|
|
assertions: []traitAssertion{
|
|
assertFailingReturnCode,
|
|
},
|
|
},
|
|
{
|
|
name: "default-results-w-pkg-coverage",
|
|
args: []string{"power-user", "docker-archive:" + getFixtureImage(t, "image-pkg-coverage")},
|
|
assertions: []traitAssertion{
|
|
assertNotInOutput(" command is deprecated"), // only the root command should be deprecated
|
|
assertInOutput(`"type": "RegularFile"`), // proof of file-metadata data
|
|
assertInOutput(`"algorithm": "sha256"`), // proof of file-metadata default digest algorithm of sha256
|
|
assertInOutput(`"metadataType": "ApkMetadata"`), // proof of package artifacts data
|
|
assertSuccessfulReturnCode,
|
|
},
|
|
},
|
|
{
|
|
name: "defaut-secrets-results-w-reveal-values",
|
|
env: map[string]string{
|
|
"SYFT_SECRETS_REVEAL_VALUES": "true",
|
|
},
|
|
args: []string{"power-user", "docker-archive:" + getFixtureImage(t, "image-secrets")},
|
|
assertions: []traitAssertion{
|
|
assertInOutput(`"classification": "generic-api-key"`), // proof of the secrets cataloger finding something
|
|
assertInOutput(`"12345A7a901b345678901234567890123456789012345678901234567890"`), // proof of the secrets cataloger finding the api key
|
|
assertSuccessfulReturnCode,
|
|
},
|
|
},
|
|
{
|
|
name: "default-secret-results-dont-reveal-values",
|
|
args: []string{"power-user", "docker-archive:" + getFixtureImage(t, "image-secrets")},
|
|
assertions: []traitAssertion{
|
|
assertInOutput(`"classification": "generic-api-key"`), // proof of the secrets cataloger finding something
|
|
assertNotInOutput(`"12345A7a901b345678901234567890123456789012345678901234567890"`), // proof of the secrets cataloger finding the api key
|
|
assertSuccessfulReturnCode,
|
|
},
|
|
},
|
|
}
|
|
|
|
for _, test := range tests {
|
|
t.Run(test.name, func(t *testing.T) {
|
|
cmd, stdout, stderr := runSyftCommand(t, test.env, test.args...)
|
|
for _, traitFn := range test.assertions {
|
|
traitFn(t, stdout, stderr, cmd.ProcessState.ExitCode())
|
|
}
|
|
if t.Failed() {
|
|
t.Log("STDOUT:\n", stdout)
|
|
t.Log("STDERR:\n", stderr)
|
|
t.Log("COMMAND:", strings.Join(cmd.Args, " "))
|
|
}
|
|
})
|
|
}
|
|
}
|