forked from mirrors/kingfisher
34 lines
1,007 B
Rust
34 lines
1,007 B
Rust
use assert_cmd::prelude::*;
|
|
use predicates::prelude::*;
|
|
use std::{fs, process::Command};
|
|
use tempfile::tempdir;
|
|
|
|
// Ensure base64 encoded secrets are decoded and detected
|
|
#[test]
|
|
fn detects_base64_encoded_secret() -> anyhow::Result<()> {
|
|
let dir = tempdir()?;
|
|
let file_path = dir.path().join("secret.txt");
|
|
// Base64 for ghp_1wuHFikBKQtCcH3EB2FBUkyn8krXhP2qLqPa
|
|
let encoded = "Z2hwXzF3dUhGaWtCS1F0Q2NIM0VCMkZCVWt5bjhrclhoUDJxTHFQYQ==";
|
|
fs::write(&file_path, encoded)?;
|
|
|
|
Command::cargo_bin("kingfisher")?
|
|
.args([
|
|
"scan",
|
|
dir.path().to_str().unwrap(),
|
|
"--no-binary",
|
|
"--confidence=low",
|
|
"--format",
|
|
"json",
|
|
"--no-update-check",
|
|
])
|
|
.assert()
|
|
.code(200)
|
|
.stdout(
|
|
predicate::str::contains("ghp_1wuHFikBKQtCcH3EB2FBUkyn8krXhP2qLqPa")
|
|
.and(predicate::str::contains("\"encoding\": \"base64\"")),
|
|
);
|
|
|
|
dir.close()?;
|
|
Ok(())
|
|
}
|