def test_analyze_string_content(self, payload, should_flag):
logic = IbmCloudIamDetector()
output = logic.analyze_string_content(payload, 1, 'mock_filename')
assert len(output) == (1 if should_flag else 0)
if should_flag:
assert list(output.values())[0].secret_value == CLOUD_IAM_KEY
def test_verify_bad_response(self):
responses.add(
responses.POST,
'https://iam.cloud.ibm.com/identity/introspect',
status=404,
)
assert IbmCloudIamDetector().verify(
CLOUD_IAM_KEY_BYTES) == VerifiedResult.UNVERIFIED
def test_verify_invalid_secret(self):
responses.add(
responses.POST,
'https://iam.cloud.ibm.com/identity/token',
status=400,
)
assert IbmCloudIamDetector().verify(
CLOUD_IAM_KEY) == VerifiedResult.VERIFIED_FALSE
def test_verify_valid_secret_byes(self):
responses.add(
responses.POST,
'https://iam.cloud.ibm.com/identity/token',
status=200,
)
IbmCloudIamDetector().verify(
CLOUD_IAM_KEY_BYTES) == VerifiedResult.VERIFIED_TRUE
def test_verify_payload_not_json(self):
responses.add(
responses.POST,
'https://iam.cloud.ibm.com/identity/introspect',
status=200,
body='not json',
headers={'content-type': 'not/json'},
)
with pytest.raises(Exception):
IbmCloudIamDetector().verify(CLOUD_IAM_KEY)
def test_verify_invalid_payload(self):
responses.add(
responses.POST,
'https://iam.cloud.ibm.com/identity/introspect',
status=200,
json={'not-the-field': 'we expect'},
headers={'content-type': 'application/json'},
)
assert IbmCloudIamDetector().verify(
CLOUD_IAM_KEY) == VerifiedResult.UNVERIFIED
def test_verify_valid_secret_bytes(self):
responses.add(
responses.POST,
'https://iam.cloud.ibm.com/identity/introspect',
status=200,
json={'active': True},
headers={'content-type': 'application/json'},
)
assert IbmCloudIamDetector().verify(
CLOUD_IAM_KEY_BYTES) == VerifiedResult.VERIFIED_TRUE
def test_analyze_line(self, payload, should_flag):
logic = IbmCloudIamDetector()
output = logic.analyze_line(payload, 1, 'mock_filename')
assert len(output) == (1 if should_flag else 0)