feat(15-03): add Grafana and Sentry ReconSource implementations

- GrafanaSource: search dashboards via /api/search, fetch detail via /api/dashboards/uid - SentrySource: search issues via /api/0/issues, fetch events for key detection - Register all 5 log aggregator sources in RegisterAll (67 sources total) - Tests use httptest mocks for each API endpoint
2026-04-06 16:31:14 +03:00
parent bc63ca1f2f
commit d02cdcc7e0
4 changed files with 532 additions and 0 deletions
--- a/pkg/recon/sources/sentry_test.go
+++ b/pkg/recon/sources/sentry_test.go
@@ -0,0 +1,118 @@
+package sources
+
+import (
+	"context"
+	"net/http"
+	"net/http/httptest"
+	"testing"
+	"time"
+
+	"github.com/salvacybersec/keyhunter/pkg/providers"
+	"github.com/salvacybersec/keyhunter/pkg/recon"
+)
+
+func TestSentry_Name(t *testing.T) {
+	s := &SentrySource{}
+	if s.Name() != "sentry" {
+		t.Fatalf("expected sentry, got %s", s.Name())
+	}
+}
+
+func TestSentry_Enabled(t *testing.T) {
+	s := &SentrySource{}
+	if !s.Enabled(recon.Config{}) {
+		t.Fatal("SentrySource should always be enabled")
+	}
+}
+
+func TestSentry_Sweep(t *testing.T) {
+	mux := http.NewServeMux()
+	mux.HandleFunc("/api/0/issues/", func(w http.ResponseWriter, r *http.Request) {
+		w.Header().Set("Content-Type", "application/json")
+		// Route between issues list and events based on path depth.
+		if r.URL.Path == "/api/0/issues/" {
+			_, _ = w.Write([]byte(`[{"id":"42","title":"KeyError in handler"}]`))
+			return
+		}
+		// Events endpoint: /api/0/issues/42/events/
+		_, _ = w.Write([]byte(`[{
+			"eventID": "evt-001",
+			"tags": [{"key": "api_key", "value": "sk-proj-ABCDEF1234567890abcdef"}],
+			"context": {"api_key": "sk-proj-ABCDEF1234567890abcdef"},
+			"entries": [{"type": "request", "data": {"api_key": "sk-proj-ABCDEF1234567890abcdef"}}]
+		}]`))
+	})
+
+	srv := httptest.NewServer(mux)
+	defer srv.Close()
+
+	reg := providers.NewRegistryFromProviders([]providers.Provider{
+		{Name: "openai", Keywords: []string{"sk-proj-"}},
+	})
+
+	s := &SentrySource{
+		BaseURL:  srv.URL,
+		Registry: reg,
+		Client:   NewClient(),
+	}
+
+	out := make(chan recon.Finding, 10)
+	ctx, cancel := context.WithTimeout(context.Background(), 5*time.Second)
+	defer cancel()
+
+	err := s.Sweep(ctx, "", out)
+	close(out)
+	if err != nil {
+		t.Fatalf("Sweep error: %v", err)
+	}
+
+	var findings []recon.Finding
+	for f := range out {
+		findings = append(findings, f)
+	}
+	if len(findings) == 0 {
+		t.Fatal("expected at least one finding from Sentry")
+	}
+	if findings[0].SourceType != "recon:sentry" {
+		t.Fatalf("expected recon:sentry, got %s", findings[0].SourceType)
+	}
+}
+
+func TestSentry_Sweep_NoIssues(t *testing.T) {
+	mux := http.NewServeMux()
+	mux.HandleFunc("/api/0/issues/", func(w http.ResponseWriter, r *http.Request) {
+		w.Header().Set("Content-Type", "application/json")
+		_, _ = w.Write([]byte(`[]`))
+	})
+
+	srv := httptest.NewServer(mux)
+	defer srv.Close()
+
+	reg := providers.NewRegistryFromProviders([]providers.Provider{
+		{Name: "openai", Keywords: []string{"sk-proj-"}},
+	})
+
+	s := &SentrySource{
+		BaseURL:  srv.URL,
+		Registry: reg,
+		Client:   NewClient(),
+	}
+
+	out := make(chan recon.Finding, 10)
+	ctx, cancel := context.WithTimeout(context.Background(), 5*time.Second)
+	defer cancel()
+
+	err := s.Sweep(ctx, "", out)
+	close(out)
+	if err != nil {
+		t.Fatalf("Sweep error: %v", err)
+	}
+
+	var findings []recon.Finding
+	for f := range out {
+		findings = append(findings, f)
+	}
+	if len(findings) != 0 {
+		t.Fatalf("expected no findings, got %d", len(findings))
+	}
+}