eblume/kingfisher
1
0
Fork 0
forked from mirrors/kingfisher
Code Pull requests Activity Actions
kingfisher/tests/int_uri_parsing.rs

89 lines
2.7 KiB
Rust
Raw Normal View History

- Skip reporting MongoDB and Postgres findings when their connection strings cannot be parsed, even when validation is disabled. - Improve MySQL detection by broadening URI coverage and adding live validation that skips clearly invalid connection strings.
2025-11-15 08:11:25 -08:00
use assert_cmd::prelude::*;
use predicates::prelude::*;
use std::{fs, process::Command};
use tempfile::tempdir;
#[test]
fn filters_invalid_mongodb_uri_even_without_validation() -> anyhow::Result<()> {
let dir = tempdir()?;
let file_path = dir.path().join("mongo.txt");
v1.87.0
2026-03-09 20:46:08 -07:00
// Avoid placeholder-like passwords filtered by ignore_if_contains (e.g. :pass@).
let valid = "mongodb://usr:p4ssw0rd123@exmple.com:27017/db";
let invalid = "mongodb://usr:p4ssw0rd123@exmple.com:abc/db";
- Skip reporting MongoDB and Postgres findings when their connection strings cannot be parsed, even when validation is disabled. - Improve MySQL detection by broadening URI coverage and adding live validation that skips clearly invalid connection strings.
2025-11-15 08:11:25 -08:00
fs::write(&file_path, format!("{valid}\n{invalid}\n"))?;
Command::new(assert_cmd::cargo::cargo_bin!("kingfisher"))
.args([
"scan",
dir.path().to_str().unwrap(),
"--no-binary",
"--confidence=low",
"--format",
"json",
"--no-validate",
"--no-update-check",
])
.assert()
.code(200)
.stdout(predicate::str::contains(valid))
.stdout(predicate::str::contains(invalid).not());
dir.close()?;
Ok(())
}
#[test]
fn filters_invalid_postgres_uri_even_without_validation() -> anyhow::Result<()> {
let dir = tempdir()?;
let file_path = dir.path().join("postgres.txt");
v1.73.0
2026-01-01 22:24:57 -08:00
let valid = "postgres://postgres:secret@exmple.com:5432";
let invalid = "postgres://postgres:secret@exmple.com:70000";
- Skip reporting MongoDB and Postgres findings when their connection strings cannot be parsed, even when validation is disabled. - Improve MySQL detection by broadening URI coverage and adding live validation that skips clearly invalid connection strings.
2025-11-15 08:11:25 -08:00
fs::write(&file_path, format!("{valid}\n{invalid}\n"))?;
Command::new(assert_cmd::cargo::cargo_bin!("kingfisher"))
.args([
"scan",
dir.path().to_str().unwrap(),
"--no-binary",
"--confidence=low",
"--format",
"json",
"--no-validate",
"--no-update-check",
])
.assert()
.code(200)
.stdout(predicate::str::contains(valid))
.stdout(predicate::str::contains(invalid).not());
dir.close()?;
Ok(())
}
#[test]
fn filters_invalid_mysql_uri_even_without_validation() -> anyhow::Result<()> {
let dir = tempdir()?;
let file_path = dir.path().join("mysql.txt");
v1.73.0
2026-01-01 22:24:57 -08:00
let valid = "mysql://user:secret@exmple.com:3306/app";
let invalid = "mysql://user:secret@exmple.com:70000/app";
- Skip reporting MongoDB and Postgres findings when their connection strings cannot be parsed, even when validation is disabled. - Improve MySQL detection by broadening URI coverage and adding live validation that skips clearly invalid connection strings.
2025-11-15 08:11:25 -08:00
fs::write(&file_path, format!("{valid}\n{invalid}\n"))?;
Command::new(assert_cmd::cargo::cargo_bin!("kingfisher"))
.args([
"scan",
dir.path().to_str().unwrap(),
"--no-binary",
v1.65.0
2025-11-16 23:30:14 -08:00
"--confidence=low",
- Skip reporting MongoDB and Postgres findings when their connection strings cannot be parsed, even when validation is disabled. - Improve MySQL detection by broadening URI coverage and adding live validation that skips clearly invalid connection strings.
2025-11-15 08:11:25 -08:00
"--format",
"json",
"--no-validate",
"--no-update-check",
])
.assert()
.code(200)
.stdout(predicate::str::contains(valid))
.stdout(predicate::str::contains(invalid).not());
dir.close()?;
Ok(())
}
Copy permalink