forked from mirrors/kingfisher
48 lines
1.4 KiB
Rust
48 lines
1.4 KiB
Rust
use assert_cmd::prelude::*;
|
|
|
|
#[test]
|
|
fn smoke_scan_sqlite_database() -> anyhow::Result<()> {
|
|
use rusqlite::Connection;
|
|
use std::process::Command;
|
|
|
|
let dir = tempfile::tempdir()?;
|
|
let db_path = dir.path().join("secrets.db");
|
|
let github_pat = "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";
|
|
|
|
{
|
|
let conn = Connection::open(&db_path)?;
|
|
conn.execute_batch(&format!(
|
|
"CREATE TABLE user_info (id INTEGER PRIMARY KEY, username TEXT, api_key TEXT);
|
|
INSERT INTO user_info VALUES (1, 'alice', '{github_pat}');"
|
|
))?;
|
|
}
|
|
|
|
let findings_code = 200;
|
|
|
|
// With extraction enabled, the secret should be found and the path should
|
|
// reference the table-level logical file (secrets.db/user_info.sql).
|
|
let output = Command::new(assert_cmd::cargo::cargo_bin!("kingfisher"))
|
|
.args([
|
|
"scan",
|
|
db_path.to_str().unwrap(),
|
|
"--confidence=low",
|
|
"--format",
|
|
"json",
|
|
"--no-update-check",
|
|
])
|
|
.assert()
|
|
.code(findings_code)
|
|
.stdout(predicates::str::contains(github_pat))
|
|
.get_output()
|
|
.stdout
|
|
.clone();
|
|
|
|
let stdout = String::from_utf8_lossy(&output);
|
|
assert!(
|
|
stdout.contains("user_info.sql"),
|
|
"Expected table-level path in finding, got: {stdout}"
|
|
);
|
|
|
|
dir.close()?;
|
|
Ok(())
|
|
}
|