def test_all_commits_are_passed_to_diff_worker(self, mock_worker, mock_repo): # Expose a "master" branch for our "repo" branches = mock_repo.return_value.remotes.origin.fetch master_branch = mock.MagicMock(name="master") branches.side_effect = [[master_branch]] # Expose 3 commits for our "repo" commit_1 = mock.MagicMock(name="third commit") commit_2 = mock.MagicMock(name="second commit") commit_3 = mock.MagicMock(name="first commit") mock_repo.return_value.iter_commits.return_value = [ commit_1, commit_2, commit_3, ] scanner.find_strings( "/fake/repo", print_json=True, suppress_output=False, ) call_1 = mock.call( commit_2.diff.return_value, None, True, False, True, False, None, None, commit_1, master_branch.name, ) call_2 = mock.call( commit_3.diff.return_value, None, True, False, True, False, None, None, commit_2, master_branch.name, ) call_3 = mock.call( commit_3.diff.return_value, None, True, False, True, False, None, None, commit_3, master_branch.name, ) mock_worker.assert_has_calls((call_1, call_2, call_3), any_order=True)
def test_return_correct_commit_hash(self): """FIXME: Split this test out into multiple smaller tests w/o real clone FIXME: Also, this test will continue to grow slower the more times we commit Necessary: * Make sure all commits are checked (done) * Make sure all branches are checked * Make sure `diff_worker` flags bad diffs * Make sure all bad diffs are returned """ # Start at commit d15627104d07846ac2914a976e8e347a663bbd9b, which # is immediately followed by a secret inserting commit: # https://github.com/dxa4481/truffleHog/commit/9ed54617547cfca783e0f81f8dc5c927e3d1e345 since_commit = "d15627104d07846ac2914a976e8e347a663bbd9b" commit_w_secret = "9ed54617547cfca783e0f81f8dc5c927e3d1e345" xcheck_commit_w_scrt_comment = "OH no a secret" tmp_stdout = six.StringIO() bak_stdout = sys.stdout # Redirect STDOUT, run scan and re-establish STDOUT sys.stdout = tmp_stdout try: # We have to clone tartufo mostly because TravisCI only does a shallow clone repo_path = util.clone_git_repo("https://github.com/godaddy/tartufo.git") try: scanner.find_strings( str(repo_path), since_commit=since_commit, print_json=True, suppress_output=False, ) finally: shutil.rmtree(repo_path) finally: sys.stdout = bak_stdout json_result_list = tmp_stdout.getvalue().split("\n") results = [json.loads(r) for r in json_result_list if bool(r.strip())] filtered_results = [ result for result in results if result["commit_hash"] == commit_w_secret ] self.assertEqual(1, len(filtered_results)) self.assertEqual(commit_w_secret, filtered_results[0]["commit_hash"]) # Additionally, we cross-validate the commit comment matches the expected comment self.assertEqual( xcheck_commit_w_scrt_comment, filtered_results[0]["commit_message"].strip() )
def get_org_repos(orgname, page): response = requests.get( url="https://api.github.com/users/{}/repos?page={}".format(orgname, page) ) json = response.json() if not json: return for item in json: if item["fork"] is False: # and reached: print("searching " + item["html_url"]) results = scanner.find_strings( item["html_url"], do_regex=True, custom_regexes=RULES, do_entropy=False, max_depth=100000, ) for issue in results: # FIXME: This does not at all work with the new code structure. data = loads(open(issue).read()) data["github_url"] = "{}/blob/{}/{}".format( item["html_url"], data["commitHash"], data["path"] ) data["github_commit_url"] = "{}/commit/{}".format( item["html_url"], data["commitHash"] ) data["diff"] = data["diff"][0:200] data["printDiff"] = data["printDiff"][0:200] print(dumps(data, indent=4)) get_org_repos(orgname, page + 1)
def test_return_correct_commit_hash(self): """FIXME: Split this test out into multiple smaller tests w/o real clone FIXME: Also, this test will continue to grow slower the more times we commit Necessary: * Make sure all commits are checked (done) * Make sure all branches are checked * Make sure `diff_worker` flags bad diffs * Make sure all bad diffs are returned """ # Start at commit d15627104d07846ac2914a976e8e347a663bbd9b, which # is immediately followed by a secret inserting commit: # https://github.com/dxa4481/truffleHog/commit/9ed54617547cfca783e0f81f8dc5c927e3d1e345 since_commit = "d15627104d07846ac2914a976e8e347a663bbd9b" commit_w_secret = "9ed54617547cfca783e0f81f8dc5c927e3d1e345" xcheck_commit_w_scrt_comment = "OH no a secret" # We have to clone tartufo mostly because TravisCI only does a shallow clone repo_path = util.clone_git_repo( "https://github.com/godaddy/tartufo.git") try: issues = scanner.find_strings( repo_path, since_commit=since_commit, ) filtered_results = [ result for result in issues if result.commit_hash == commit_w_secret ] self.assertEqual(1, len(filtered_results)) self.assertEqual(commit_w_secret, filtered_results[0].commit_hash) # Additionally, we cross-validate the commit comment matches the expected comment self.assertEqual(xcheck_commit_w_scrt_comment, filtered_results[0].commit_message.strip()) finally: shutil.rmtree(repo_path)
def test_find_strings_checks_out_branch_when_specified(self, mock_repo): scanner.find_strings("test_repo", branch="testbranch") mock_repo.return_value.remotes.origin.fetch.assert_called_once_with( "testbranch" )