kingfisher/tests/smoke_archive.rs

// tests/smoke_archive.rs
use assert_cmd::prelude::*;
use predicates::prelude::*;
#[test]
fn smoke_scan_tar_gz_archive() -> anyhow::Result<()> {
    use std::process::Command;

    let dir = tempfile::tempdir()?;
    let tar_gz = dir.path().join("payload.tar.gz");
    let github_pat = "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";

    // --- build a payload.tar.gz -------------------------------------------------
    {
        use std::fs::File;

        use flate2::{write::GzEncoder, Compression};
        use tar::Builder;

        let f = File::create(&tar_gz)?;
        let gz = GzEncoder::new(f, Compression::default());
        let mut t = Builder::new(gz);

        let data = format!("token={github_pat}\n");
        t.append_data(&mut tar::Header::new_gnu(), "secret.txt", data.as_bytes())?;
        t.into_inner()?.finish()?;
    }

    // Expected exit-code differs by OS
    let findings_code = 200;

    // ── 1) extraction ENABLED -- secret should be found ─────────────────────────
    Command::new(assert_cmd::cargo::cargo_bin!("kingfisher"))
        .args([
            "scan",
            tar_gz.to_str().unwrap(),
            "--confidence=low",
            "--format",
            "json",
            "--no-update-check",
        ])
        .assert()
        .code(findings_code)
        .stdout(predicates::str::contains(github_pat));

    // ── 2) extraction DISABLED -- secret *not* found ────────────────────────────
    Command::new(assert_cmd::cargo::cargo_bin!("kingfisher"))
        .args([
            "scan",
            tar_gz.to_str().unwrap(),
            "--confidence=low",
            "--format",
            "json",
            "--no-extract-archives",
            "--no-update-check", // skip update check to avoid network calls
        ])
        .assert()
        .success() // always 0
        .stdout(predicates::str::contains(github_pat).not());

    dir.close()?;
    Ok(())
}
preparing for v1.12 2025-06-24 17:17:16 -07:00			`// tests/smoke_archive.rs`
			`use assert_cmd::prelude::*;`
			`use predicates::prelude::*;`
			`#[test]`
			`fn smoke_scan_tar_gz_archive() -> anyhow::Result<()> {`
			`use std::process::Command;`

			`let dir = tempfile::tempdir()?;`
			`let tar_gz = dir.path().join("payload.tar.gz");`
v1.63.0 2025-11-10 18:47:51 -08:00			`let github_pat = "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";`
preparing for v1.12 2025-06-24 17:17:16 -07:00
			`// --- build a payload.tar.gz -------------------------------------------------`
			`{`
preparing for v1.12 2025-06-24 20:17:40 -07:00			`use std::fs::File;`
preparing for v1.12 2025-06-24 17:17:16 -07:00
			`use flate2::{write::GzEncoder, Compression};`
			`use tar::Builder;`

			`let f = File::create(&tar_gz)?;`
			`let gz = GzEncoder::new(f, Compression::default());`
			`let mut t = Builder::new(gz);`

			`let data = format!("token={github_pat}\n");`
			`t.append_data(&mut tar::Header::new_gnu(), "secret.txt", data.as_bytes())?;`
			`t.into_inner()?.finish()?;`
			`}`

			`// Expected exit-code differs by OS`
			`let findings_code = 200;`

			`// ── 1) extraction ENABLED -- secret should be found ─────────────────────────`
Added an optional exclude_words list to PatternRequirements so matches containing case-insensitive placeholder words are filtered out, with accompanying tests to cover the new behavior. 2025-11-04 13:07:24 -08:00			`Command::new(assert_cmd::cargo::cargo_bin!("kingfisher"))`
Fixed broken pagerduty rule 2025-06-25 20:56:24 -07:00			`.args([`
			`"scan",`
			`tar_gz.to_str().unwrap(),`
			`"--confidence=low",`
			`"--format",`
			`"json",`
			`"--no-update-check",`
			`])`
preparing for v1.12 2025-06-24 17:17:16 -07:00			`.assert()`
			`.code(findings_code)`
			`.stdout(predicates::str::contains(github_pat));`

			`// ── 2) extraction DISABLED -- secret not found ────────────────────────────`
Added an optional exclude_words list to PatternRequirements so matches containing case-insensitive placeholder words are filtered out, with accompanying tests to cover the new behavior. 2025-11-04 13:07:24 -08:00			`Command::new(assert_cmd::cargo::cargo_bin!("kingfisher"))`
preparing for v1.12 2025-06-24 17:17:16 -07:00			`.args([`
			`"scan",`
			`tar_gz.to_str().unwrap(),`
			`"--confidence=low",`
			`"--format",`
			`"json",`
			`"--no-extract-archives",`
preparing for v1.12 2025-06-24 20:17:40 -07:00			`"--no-update-check", // skip update check to avoid network calls`
preparing for v1.12 2025-06-24 17:17:16 -07:00			`])`
			`.assert()`
			`.success() // always 0`
			`.stdout(predicates::str::contains(github_pat).not());`

			`dir.close()?;`
			`Ok(())`
			`}`