def test_verify_no_other_factors(self):
potential_secret = PotentialSecret('test db2', 'test filename', DB2_PASSWORD)
assert Db2Detector().verify(
DB2_PASSWORD,
'password={}'.format(DB2_PASSWORD),
potential_secret,
) == VerifiedResult.UNVERIFIED
def test_analyze_line(self, token, payload, should_flag):
logic = Db2Detector()
output = logic.analyze_line(payload, 1, 'mock_filename')
assert len(output) == int(should_flag)
if len(output) > 0:
assert list(output.keys())[0].secret == token
def test_verify_times_out(self, mock_db2_connect):
mock_db2_connect.side_effect = Exception('Timeout')
potential_secret = PotentialSecret('test db2', 'test filename', DB2_PASSWORD)
assert Db2Detector().verify(
DB2_PASSWORD,
'''user={},
password={},
database={},
host={},
port={}'''.format(DB2_USER, DB2_PASSWORD, DB2_DATABASE, DB2_HOSTNAME, DB2_PORT),
potential_secret,
) == VerifiedResult.UNVERIFIED
mock_db2_connect.assert_called_with(DB2_CONN_STRING, '', '')
def test_verify_invalid_connect_returns_none(self, mock_db2_connect):
mock_db2_connect.return_value = None
potential_secret = PotentialSecret('test db2', 'test filename', DB2_PASSWORD)
assert Db2Detector().verify(
DB2_PASSWORD,
'''user={},
password={},
database={},
host={},
port={}'''.format(DB2_USER, DB2_PASSWORD, DB2_DATABASE, DB2_HOSTNAME, DB2_PORT),
potential_secret,
) == VerifiedResult.VERIFIED_FALSE
mock_db2_connect.assert_called_with(DB2_CONN_STRING, '', '')
def test_verify_db2_url_key(self, mock_db2_connect):
mock_db2_connect.return_value = MagicMock()
potential_secret = PotentialSecret('test db2', 'test filename', DB2_PASSWORD)
assert Db2Detector().verify(
DB2_PASSWORD,
'''jdbc:db2://{}:{}/{}:user={};password={};
'''.format(DB2_HOSTNAME, DB2_PORT, DB2_DATABASE, DB2_USER, DB2_PASSWORD),
potential_secret,
) == VerifiedResult.VERIFIED_TRUE
mock_db2_connect.assert_called_with(DB2_CONN_STRING, '', '')
assert potential_secret.other_factors['database'] == DB2_DATABASE
assert potential_secret.other_factors['hostname'] == DB2_HOSTNAME
assert potential_secret.other_factors['port'] == DB2_PORT
assert potential_secret.other_factors['username'] == DB2_USER
def test_verify_valid_secret_in_double_quotes(self, mock_db2_connect):
mock_db2_connect.return_value = MagicMock()
potential_secret = PotentialSecret('test db2', 'test filename', DB2_PASSWORD)
assert Db2Detector().verify(
DB2_PASSWORD,
'''user="******",
password="******",
database="{}",
host="{}",
port="{}"
'''.format(DB2_USER, DB2_PASSWORD, DB2_DATABASE, DB2_HOSTNAME, DB2_PORT),
potential_secret,
) == VerifiedResult.VERIFIED_TRUE
mock_db2_connect.assert_called_with(DB2_CONN_STRING, '', '')
assert potential_secret.other_factors['database'] == DB2_DATABASE
assert potential_secret.other_factors['hostname'] == DB2_HOSTNAME
assert potential_secret.other_factors['port'] == DB2_PORT
assert potential_secret.other_factors['username'] == DB2_USER
DB2_PASSWORD,
'password={}'.format(DB2_PASSWORD),
potential_secret,
) == VerifiedResult.UNVERIFIED
@pytest.mark.parametrize(
'content, factor_keyword_regex, factor_regex, expected_output',
(
(
textwrap.dedent("""
user = {}
""")[1:-1].format(
DB2_USER,
),
Db2Detector().username_keyword_regex,
Db2Detector().username_regex,
[DB2_USER],
),
(
textwrap.dedent("""
port = {}
""")[1:-1].format(
DB2_PORT,
),
Db2Detector().port_keyword_regex,
Db2Detector().port_regex,
[DB2_PORT],
),
(
textwrap.dedent("""
