test(05-03): add failing tests for HTTPVerifier single-key verification

- 10 test cases covering live/dead/rate-limited/unknown/error classification - Key substitution in header/body/URL via {{KEY}} template - JSON metadata extraction via gjson paths - HTTPS-only enforcement and per-call timeout
2026-04-05 15:46:15 +03:00
parent 260e342f2f
commit 3ceccd98ad
3 changed files with 242 additions and 0 deletions
--- a/pkg/verify/verifier.go
+++ b/pkg/verify/verifier.go
@@ -0,0 +1,24 @@
+package verify
+
+import (
+	"context"
+	"net/http"
+	"time"
+
+	"github.com/salvacybersec/keyhunter/pkg/engine"
+	"github.com/salvacybersec/keyhunter/pkg/providers"
+)
+
+// Stub for RED step — always returns StatusUnknown.
+type HTTPVerifier struct {
+	Client  *http.Client
+	Timeout time.Duration
+}
+
+func NewHTTPVerifier(timeout time.Duration) *HTTPVerifier {
+	return &HTTPVerifier{Client: &http.Client{Timeout: timeout}, Timeout: timeout}
+}
+
+func (v *HTTPVerifier) Verify(ctx context.Context, f engine.Finding, p providers.Provider) Result {
+	return Result{ProviderName: f.ProviderName, KeyMasked: f.KeyMasked, Status: StatusUnknown}
+}