File: sensitive_test.go

package info (click to toggle)
golang-gitlab-gitlab-org-labkit 1.17.0-4
  • links: PTS, VCS
  • area: main
  • in suites: sid, trixie
  • size: 1,092 kB
  • sloc: sh: 210; javascript: 49; makefile: 4
file content (111 lines) | stat: -rw-r--r-- 2,733 bytes parent folder | download | duplicates (3) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
 
package mask

import (
	"strings"
	"testing"

	"github.com/stretchr/testify/require"
)

type matches uint8

const (
	whole matches = 1 << iota
	inMiddle
	atStart
	atEnd
)

const allMatches matches = whole ^ inMiddle ^ atStart ^ atEnd
const noMatches matches = 0

func TestIsSensitiveParam(t *testing.T) {
	tests := []struct {
		name string
		want matches
	}{
		{"token", whole ^ atEnd},
		{"password", allMatches},
		{"secret", allMatches},
		{"key", whole ^ atEnd},
		{"signature", allMatches},
		{"authorization", whole},
		{"certificate", whole},
		{"encrypted_key", whole ^ atEnd},
		{"hook", whole},
		{"import_url", whole},
		{"elasticsearch_url", whole},
		{"otp_attempt", whole},
		{"sentry_dsn", whole},
		{"trace", whole},
		{"variables", whole},
		{"content", whole},
		{"body", whole},
		{"description", whole},
		{"note", whole},
		{"text", whole},
		{"title", whole},
		{"gitlab", noMatches},
	}

	for _, tt := range tests {
		t.Run(tt.name, func(t *testing.T) {
			check := func(v string) {
				// Normal case
				gotWhole := IsSensitiveParam(v)
				require.Equal(t, tt.want&whole != 0, gotWhole, "Whole param match on '%s'", v)

				gotMiddle := IsSensitiveParam("prefix" + v + "suffix")
				require.Equal(t, tt.want&inMiddle != 0, gotMiddle, "Middle match on '%s'", "prefix"+v+"suffix")

				gotStart := IsSensitiveParam(v + "suffix")
				require.Equal(t, tt.want&atStart != 0, gotStart, "Start match on '%s'", v+"suffix")

				gotEnd := IsSensitiveParam("prefix" + v)
				require.Equal(t, tt.want&atEnd != 0, gotEnd, "End match on '%s'", "prefix"+v)
			}

			check(tt.name)
			check(strings.ToUpper(tt.name))
			check(strings.ToLower(tt.name))
		})
	}
}

func TestIsSensitiveHeader(t *testing.T) {
	tests := []struct {
		name string
		want matches
	}{
		{"token", whole ^ atEnd},
		{"password", allMatches},
		{"secret", allMatches},
		{"key", whole ^ atEnd},
		{"signature", allMatches},
		{"authorization", whole},
		{"name", noMatches},
		{"gitlab", noMatches},
	}

	for _, tt := range tests {
		t.Run(tt.name, func(t *testing.T) {
			check := func(v string) {
				gotWhole := IsSensitiveHeader(v)
				require.Equal(t, tt.want&whole != 0, gotWhole, "Whole param match on '%s'", v)

				gotMiddle := IsSensitiveHeader("prefix" + v + "suffix")
				require.Equal(t, tt.want&inMiddle != 0, gotMiddle, "Middle match on '%s'", "prefix"+v+"suffix")

				gotStart := IsSensitiveHeader(v + "suffix")
				require.Equal(t, tt.want&atStart != 0, gotStart, "Start match on '%s'", v+"suffix")

				gotEnd := IsSensitiveHeader("prefix" + v)
				require.Equal(t, tt.want&atEnd != 0, gotEnd, "End match on '%s'", "prefix"+v)
			}

			check(tt.name)
			check(strings.ToUpper(tt.name))
			check(strings.ToLower(tt.name))
		})
	}
}