LBP
/
gitleaks
mirror da https://github.com/gitleaks/gitleaks.git


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147
							package report

import (
	"os"
	"path/filepath"
	"testing"

	"github.com/stretchr/testify/assert"
	"github.com/stretchr/testify/require"
)

func TestWriteTemplate(t *testing.T) {
	tests := []struct {
		findings       []Finding
		testReportName string
		expected       string
		wantEmpty      bool
	}{
		{
			testReportName: "markdown",
			expected:       filepath.Join(expectPath, "report", "template_markdown.md"),
			findings: []Finding{
				{

					RuleID:      "test-rule",
					Description: "A test rule",
					Match:       "line containing secret",
					Secret:      "a secret",
					StartLine:   1,
					EndLine:     2,
					StartColumn: 1,
					EndColumn:   2,
					Message:     "opps",
					File:        "auth.py",
					Commit:      "0000000000000000",
					Author:      "John Doe",
					Email:       "johndoe@gmail.com",
					Date:        "10-19-2003",
					Tags:        []string{"tag1", "tag2", "tag3"},
				},
			},
		},
		{
			testReportName: "jsonextra",
			expected:       filepath.Join(expectPath, "report", "template_jsonextra.json"),
			findings: []Finding{
				{

					RuleID:      "test-rule",
					Description: "A test rule",
					Line:        "whole line containing secret",
					Match:       "line containing secret",
					Secret:      "a secret",
					StartLine:   1,
					EndLine:     2,
					StartColumn: 1,
					EndColumn:   2,
					Message:     "opps",
					File:        "auth.py",
					Commit:      "0000000000000000",
					Author:      "John Doe",
					Email:       "johndoe@gmail.com",
					Date:        "10-19-2003",
					Tags:        []string{"tag1", "tag2", "tag3"},
				},
			},
		},
	}

	for _, test := range tests {
		t.Run(test.testReportName, func(t *testing.T) {
			reporter, err := NewTemplateReporter(templatePath + test.testReportName + ".tmpl")
			require.NoError(t, err)

			tmpfile, err := os.Create(filepath.Join(t.TempDir(), test.testReportName+filepath.Ext(test.expected)))
			require.NoError(t, err)
			defer tmpfile.Close()

			err = reporter.Write(tmpfile, test.findings)
			require.NoError(t, err)
			assert.FileExists(t, tmpfile.Name())

			got, err := os.ReadFile(tmpfile.Name())
			require.NoError(t, err)
			if test.wantEmpty {
				assert.Empty(t, got)
				return
			}

			want, err := os.ReadFile(test.expected)
			require.NoError(t, err)

			wantStr := lineEndingReplacer.Replace(string(want))
			gotStr := lineEndingReplacer.Replace(string(got))
			assert.Equal(t, wantStr, gotStr)
		})
	}
}

func TestTemplateDangerousFunctions(t *testing.T) {
	tests := []struct {
		name     string
		template string
		wantErr  string
	}{
		{
			name:     "env is blocked",
			template: `{{ env "SECRET" }}`,
			wantErr:  `function "env" not defined`,
		},
		{
			name:     "expandenv is blocked",
			template: `{{ expandenv "$SECRET" }}`,
			wantErr:  `function "expandenv" not defined`,
		},
		{
			name:     "getHostByName is blocked",
			template: `{{ getHostByName "localhost" }}`,
			wantErr:  `function "getHostByName" not defined`,
		},
		{
			name:     "now is allowed (benign)",
			template: `{{ now | date "2006-01-02" }}`,
			wantErr:  "", // should not error on parse
		},
	}

	for _, tt := range tests {
		t.Run(tt.name, func(t *testing.T) {
			tmpfile, err := os.CreateTemp(t.TempDir(), "test*.tmpl")
			require.NoError(t, err)
			defer os.Remove(tmpfile.Name())

			_, err = tmpfile.WriteString(tt.template)
			require.NoError(t, err)
			tmpfile.Close()

			_, err = NewTemplateReporter(tmpfile.Name())
			if tt.wantErr != "" {
				assert.Error(t, err)
				assert.Contains(t, err.Error(), tt.wantErr)
			} else {
				assert.NoError(t, err)
			}
		})
	}
}