salvacybersec/keyhunter
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
095b90ec07e8d72d21bc6b2b767eacb1087a0c9a
keyhunter/pkg/recon/sources/githubactions_test.go
salvacybersec e0f267f7bf feat(14-01): add 5 CI/CD log sources (GitHubActions, TravisCI, CircleCI, Jenkins, GitLabCI) 
- GitHubActionsSource: searches GitHub code search for workflow files with provider keywords (token-gated)
- TravisCISource: queries Travis CI v3 API for public build logs (credentialless)
- CircleCISource: queries CircleCI v2 pipeline API for build pipelines (token-gated)
- JenkinsSource: queries open Jenkins /api/json for job build consoles (credentialless)
- GitLabCISource: queries GitLab projects API for CI-enabled projects (token-gated)
- RegisterAll extended to 45 sources (40 Phase 10-13 + 5 Phase 14)
- Integration test updated with fixtures for all 5 new sources
- cmd/recon.go wires CIRCLECI_TOKEN env var
2026-04-06 13:17:31 +03:00

111 lines
2.7 KiB
Go
Raw Blame History

package sources
import (
"context"
"net/http"
"net/http/httptest"
"testing"
"time"
"github.com/salvacybersec/keyhunter/pkg/providers"
"github.com/salvacybersec/keyhunter/pkg/recon"
)
const ghActionsFixtureJSON = `{
"items": [
{
"html_url": "https://github.com/alice/repo/blob/main/.github/workflows/ci.yml",
"repository": {"full_name": "alice/repo"}
},
{
"html_url": "https://github.com/bob/app/blob/main/.github/workflows/deploy.yml",
"repository": {"full_name": "bob/app"}
}
]
}`
func TestGitHubActions_Sweep_ExtractsFindings(t *testing.T) {
srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
if r.URL.Path != "/search/code" {
t.Errorf("unexpected path: %s", r.URL.Path)
}
if r.Header.Get("Authorization") == "" {
t.Error("missing Authorization header")
}
w.Header().Set("Content-Type", "application/json")
_, _ = w.Write([]byte(ghActionsFixtureJSON))
}))
defer srv.Close()
src := &GitHubActionsSource{
Token: "ghp-test",
BaseURL: srv.URL,
Registry: providers.NewRegistryFromProviders([]providers.Provider{
{Name: "openai", Keywords: []string{"sk-proj-"}},
}),
Limiters: recon.NewLimiterRegistry(),
client: NewClient(),
}
out := make(chan recon.Finding, 16)
ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
defer cancel()
if err := src.Sweep(ctx, "", out); err != nil {
t.Fatalf("Sweep err: %v", err)
}
close(out)
var findings []recon.Finding
for f := range out {
findings = append(findings, f)
}
if len(findings) != 2 {
t.Fatalf("expected 2 findings, got %d", len(findings))
}
for _, f := range findings {
if f.SourceType != "recon:github_actions" {
t.Errorf("unexpected SourceType: %s", f.SourceType)
}
if f.Confidence != "low" {
t.Errorf("unexpected Confidence: %s", f.Confidence)
}
}
}
func TestGitHubActions_EnabledOnlyWithToken(t *testing.T) {
s := &GitHubActionsSource{}
if s.Enabled(recon.Config{}) {
t.Fatal("expected Enabled=false without token")
}
s.Token = "test"
if !s.Enabled(recon.Config{}) {
t.Fatal("expected Enabled=true with token")
}
}
func TestGitHubActions_Sweep_SkipsWhenNoToken(t *testing.T) {
src := &GitHubActionsSource{}
out := make(chan recon.Finding, 4)
if err := src.Sweep(context.Background(), "", out); err != nil {
t.Fatalf("expected nil, got: %v", err)
}
close(out)
if len(out) != 0 {
t.Fatal("expected no findings without token")
}
}
func TestGitHubActions_NameAndRate(t *testing.T) {
s := &GitHubActionsSource{}
if s.Name() != "github_actions" {
t.Errorf("unexpected name: %s", s.Name())
}
if s.Burst() != 2 {
t.Errorf("burst: %d", s.Burst())
}
if s.RespectsRobots() {
t.Error("expected RespectsRobots=false")
}
}
Reference in New Issue View Git Blame Copy Permalink