def test_all_commits_are_passed_to_diff_worker(self, mock_worker, mock_repo):
# Expose a "master" branch for our "repo"
branches = mock_repo.return_value.remotes.origin.fetch
master_branch = mock.MagicMock(name="master")
branches.side_effect = [[master_branch]]
# Expose 3 commits for our "repo"
commit_1 = mock.MagicMock(name="third commit")
commit_2 = mock.MagicMock(name="second commit")
commit_3 = mock.MagicMock(name="first commit")
mock_repo.return_value.iter_commits.return_value = [
commit_1,
commit_2,
commit_3,
]
scanner.find_strings(
"/fake/repo", print_json=True, suppress_output=False,
)
call_1 = mock.call(
commit_2.diff.return_value,
None,
True,
False,
True,
False,
None,
None,
commit_1,
master_branch.name,
)
call_2 = mock.call(
commit_3.diff.return_value,
None,
True,
False,
True,
False,
None,
None,
commit_2,
master_branch.name,
)
call_3 = mock.call(
commit_3.diff.return_value,
None,
True,
False,
True,
False,
None,
None,
commit_3,
master_branch.name,
)
mock_worker.assert_has_calls((call_1, call_2, call_3), any_order=True)
def test_return_correct_commit_hash(self):
"""FIXME: Split this test out into multiple smaller tests w/o real clone
FIXME: Also, this test will continue to grow slower the more times we commit
Necessary:
* Make sure all commits are checked (done)
* Make sure all branches are checked
* Make sure `diff_worker` flags bad diffs
* Make sure all bad diffs are returned
"""
# Start at commit d15627104d07846ac2914a976e8e347a663bbd9b, which
# is immediately followed by a secret inserting commit:
# https://github.com/dxa4481/truffleHog/commit/9ed54617547cfca783e0f81f8dc5c927e3d1e345
since_commit = "d15627104d07846ac2914a976e8e347a663bbd9b"
commit_w_secret = "9ed54617547cfca783e0f81f8dc5c927e3d1e345"
xcheck_commit_w_scrt_comment = "OH no a secret"
tmp_stdout = six.StringIO()
bak_stdout = sys.stdout
# Redirect STDOUT, run scan and re-establish STDOUT
sys.stdout = tmp_stdout
try:
# We have to clone tartufo mostly because TravisCI only does a shallow clone
repo_path = util.clone_git_repo("https://github.com/godaddy/tartufo.git")
try:
scanner.find_strings(
str(repo_path),
since_commit=since_commit,
print_json=True,
suppress_output=False,
)
finally:
shutil.rmtree(repo_path)
finally:
sys.stdout = bak_stdout
json_result_list = tmp_stdout.getvalue().split("\n")
results = [json.loads(r) for r in json_result_list if bool(r.strip())]
filtered_results = [
result for result in results if result["commit_hash"] == commit_w_secret
]
self.assertEqual(1, len(filtered_results))
self.assertEqual(commit_w_secret, filtered_results[0]["commit_hash"])
# Additionally, we cross-validate the commit comment matches the expected comment
self.assertEqual(
xcheck_commit_w_scrt_comment, filtered_results[0]["commit_message"].strip()
)
def get_org_repos(orgname, page):
response = requests.get(
url="https://api.github.com/users/{}/repos?page={}".format(orgname, page)
)
json = response.json()
if not json:
return
for item in json:
if item["fork"] is False: # and reached:
print("searching " + item["html_url"])
results = scanner.find_strings(
item["html_url"],
do_regex=True,
custom_regexes=RULES,
do_entropy=False,
max_depth=100000,
)
for issue in results:
# FIXME: This does not at all work with the new code structure.
data = loads(open(issue).read())
data["github_url"] = "{}/blob/{}/{}".format(
item["html_url"], data["commitHash"], data["path"]
)
data["github_commit_url"] = "{}/commit/{}".format(
item["html_url"], data["commitHash"]
)
data["diff"] = data["diff"][0:200]
data["printDiff"] = data["printDiff"][0:200]
print(dumps(data, indent=4))
get_org_repos(orgname, page + 1)
def test_return_correct_commit_hash(self):
"""FIXME: Split this test out into multiple smaller tests w/o real clone
FIXME: Also, this test will continue to grow slower the more times we commit
Necessary:
* Make sure all commits are checked (done)
* Make sure all branches are checked
* Make sure `diff_worker` flags bad diffs
* Make sure all bad diffs are returned
"""
# Start at commit d15627104d07846ac2914a976e8e347a663bbd9b, which
# is immediately followed by a secret inserting commit:
# https://github.com/dxa4481/truffleHog/commit/9ed54617547cfca783e0f81f8dc5c927e3d1e345
since_commit = "d15627104d07846ac2914a976e8e347a663bbd9b"
commit_w_secret = "9ed54617547cfca783e0f81f8dc5c927e3d1e345"
xcheck_commit_w_scrt_comment = "OH no a secret"
# We have to clone tartufo mostly because TravisCI only does a shallow clone
repo_path = util.clone_git_repo(
"https://github.com/godaddy/tartufo.git")
try:
issues = scanner.find_strings(
repo_path,
since_commit=since_commit,
)
filtered_results = [
result for result in issues
if result.commit_hash == commit_w_secret
]
self.assertEqual(1, len(filtered_results))
self.assertEqual(commit_w_secret, filtered_results[0].commit_hash)
# Additionally, we cross-validate the commit comment matches the expected comment
self.assertEqual(xcheck_commit_w_scrt_comment,
filtered_results[0].commit_message.strip())
finally:
shutil.rmtree(repo_path)
def test_find_strings_checks_out_branch_when_specified(self, mock_repo):
scanner.find_strings("test_repo", branch="testbranch")
mock_repo.return_value.remotes.origin.fetch.assert_called_once_with(
"testbranch"
)