def test_load_config():
config = core.load_config(config_path("example.yml"), FIXTURE_PATH)
assert set(config["exclude"]["files"]) == set([
Path(fixture_path(".npmrc")),
Path(fixture_path("hardcoded.json")),
Path(fixture_path("hardcoded.yml")),
Path(fixture_path("hardcoded.xml")),
])
assert config["exclude"]["keys"] == [
re.compile("SECRET_VALUE_KEY", flags=re.IGNORECASE)
]
assert config["exclude"]["values"] == [
re.compile("SECRET_VALUE_PLACEHOLDER", flags=re.IGNORECASE)
]
def test_exclude_files():
args = parse_args([fixture_path()])
args.config = core.load_config(config_path("exclude_files.yml"),
FIXTURE_PATH)
secrets = core.run(args)
with pytest.raises(StopIteration):
next(secrets)
def test_detection_by_key(src, keys):
args = parse_args([fixture_path(src)])
secrets = core.run(args)
for key in keys:
assert next(secrets).key == key
with pytest.raises(StopIteration):
next(secrets)
def test_exclude_by_keys_and_values(configfile, src):
args = parse_args([fixture_path(src)])
args.config = core.load_config(config_path(configfile), FIXTURE_PATH)
secrets = core.run(args)
assert next(secrets).key == "hardcoded_password"
with pytest.raises(StopIteration):
next(secrets)
def test_include_files():
args = parse_args([fixture_path()])
args.config = core.load_config(config_path("include_files.yml"),
FIXTURE_PATH)
secrets = core.run(args)
assert next(secrets).value == "hardcoded"
with pytest.raises(StopIteration):
next(secrets)
def test_detection_by_value(src, count):
args = parse_args([fixture_path(src)])
args.config = core.load_config(
CONFIG_PATH.joinpath("detection_by_value.yml"))
secrets = core.run(args)
for _ in range(count):
value = next(secrets).value.lower()
if value.isnumeric():
continue
assert "hardcoded" in value
with pytest.raises(StopIteration):
next(secrets)
def test_detection_by_filename():
expected = map(
fixture_path,
[
".aws/credentials",
".htpasswd",
".npmrc",
".pypirc",
"connection.config",
"integration.conf",
"pip.conf",
"settings.cfg",
"settings.conf",
"settings.env",
"settings.ini",
],
)
args = parse_args([fixture_path()])
args.config = core.load_config(
CONFIG_PATH.joinpath("detection_by_filename.yml"))
secrets = core.run(args)
result = [secret.value for secret in secrets]
for exp in expected:
assert exp in result
import pytest
from yaml.parser import ParserError
from tests.unit.conftest import FIXTURE_PATH, config_path, does_not_raise, fixture_path
from whispers import core
from whispers.cli import parse_args
@pytest.mark.parametrize(
("filename", "expectation"),
[
(f"/tmp/File404-{urandom(30).hex()}",
pytest.raises(FileNotFoundError)),
("/dev/null", pytest.raises(TypeError)),
(fixture_path("hardcoded.yml"), does_not_raise()),
(fixture_path("folder"), pytest.raises(StopIteration)),
],
)
def test_run(filename, expectation):
with expectation:
args = parse_args([filename])
next(core.run(args))
@pytest.mark.parametrize(
("filename", "expectation"),
[
(f"/tmp/File404-{urandom(30).hex()}",
pytest.raises(FileNotFoundError)),
("/dev/null", pytest.raises(TypeError)),
def test_is_static(key, value, expectation):
args = parse_args([fixture_path()])
args.config = core.load_config(CONFIG_PATH.joinpath("example.yml"))
secrets = WhisperSecrets(args)
assert secrets.is_static(key, value) == expectation
def test_init(filename, expected_plugin):
filename = fixture_path(filename)
plugin = WhisperPlugins(filename).plugin
assert isinstance(plugin, expected_plugin)
assert args.output == expectation["output"]
assert args.rules == expectation["rules"]
assert args.src == expectation["src"]
@pytest.mark.parametrize(
("arguments", "expectation"),
[
([], pytest.raises(SystemExit)),
(["-v"], pytest.raises(SystemExit)),
(["-i"], pytest.raises(SystemExit)),
(["-c", "whispers.yml"], pytest.raises(SystemExit)),
(["-r", "whis,pers"], pytest.raises(SystemExit)),
(["-o", "/tmp/whispers"], pytest.raises(SystemExit)),
(["/dev/null/bin"], pytest.raises(FileNotFoundError)),
([fixture_path("hardcoded.json")], does_not_raise()),
([fixture_path("hardcoded.json"), "-o", "/tmp/whispers"
], does_not_raise()),
([fixture_path("hardcoded.json"), "-c",
config_path("example.yml")], does_not_raise()),
],
)
def test_cli(arguments, expectation):
with expectation:
assert cli(arguments) is None
def test_cli_info():
mock_print = StringIO()
with patch("sys.stdout", mock_print):
cli_info()
def test_find_line_number_all(src, linenumbers):
args = parse_args([fixture_path(src)])
secrets = core.run(args)
for number in linenumbers:
assert next(secrets).line == number
import pytest
from yaml.parser import ParserError
from tests.unit.conftest import FIXTURE_PATH, config_path, does_not_raise, fixture_path
from whispers import core
from whispers.cli import parse_args
@pytest.mark.parametrize(
("filename", "expectation"),
[
(f"/tmp/File404-{urandom(30).hex()}",
pytest.raises(FileNotFoundError)),
("/dev/null", pytest.raises(TypeError)),
(fixture_path("hardcoded.yml"), does_not_raise()),
],
)
def test_run(filename, expectation):
with expectation:
args = parse_args([filename])
next(core.run(args))
@pytest.mark.parametrize(
("filename", "expectation"),
[
(f"/tmp/File404-{urandom(30).hex()}",
pytest.raises(FileNotFoundError)),
("/dev/null", pytest.raises(TypeError)),
(config_path("invalid.yml"), pytest.raises(ParserError)),
