salvacybersec/keyhunter
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
76601b11b539d946526033721d8d4cc5e199d824
keyhunter/pkg/recon/sources/cratesio_test.go
salvacybersec 9907e2497a feat(13-01): implement CratesIOSource and RubyGemsSource with httptest tests 
- CratesIOSource searches crates.io JSON API with custom User-Agent header
- RubyGemsSource searches rubygems.org search.json API for gem matches
- Both credentialless; CratesIO 1 req/s burst 1, RubyGems 1 req/2s burst 2
- Tests verify User-Agent header, Sweep findings, ctx cancellation, metadata
2026-04-06 12:53:41 +03:00

138 lines
3.4 KiB
Go
Raw Blame History

package sources
import (
"context"
"net/http"
"net/http/httptest"
"testing"
"time"
"github.com/salvacybersec/keyhunter/pkg/providers"
"github.com/salvacybersec/keyhunter/pkg/recon"
)
func cratesTestRegistry() *providers.Registry {
return providers.NewRegistryFromProviders([]providers.Provider{
{Name: "openai", Keywords: []string{"sk-proj-"}},
})
}
const cratesFixtureJSON = `{
"crates": [
{"id": "openai-rs", "name": "openai-rs", "repository": "https://github.com/example/openai-rs"},
{"id": "sk-proj-crate", "name": "sk-proj-crate", "repository": ""}
]
}`
func newCratesIOTestSource(srvURL string) *CratesIOSource {
return &CratesIOSource{
BaseURL: srvURL,
Registry: cratesTestRegistry(),
Limiters: recon.NewLimiterRegistry(),
Client: NewClient(),
}
}
func TestCratesIO_Sweep_ExtractsFindings(t *testing.T) {
var hits int
var gotUserAgent string
srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
if r.URL.Path != "/api/v1/crates" {
t.Errorf("unexpected path: %s", r.URL.Path)
}
if r.URL.Query().Get("q") == "" {
t.Errorf("missing q param")
}
gotUserAgent = r.Header.Get("User-Agent")
hits++
w.Header().Set("Content-Type", "application/json")
_, _ = w.Write([]byte(cratesFixtureJSON))
}))
defer srv.Close()
src := newCratesIOTestSource(srv.URL)
out := make(chan recon.Finding, 16)
ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
defer cancel()
if err := src.Sweep(ctx, "", out); err != nil {
t.Fatalf("Sweep err: %v", err)
}
close(out)
var findings []recon.Finding
for f := range out {
findings = append(findings, f)
}
if len(findings) != 2 {
t.Fatalf("expected 2 findings, got %d", len(findings))
}
got := map[string]bool{}
for _, f := range findings {
got[f.Source] = true
if f.SourceType != "recon:crates" {
t.Errorf("unexpected SourceType: %s", f.SourceType)
}
if f.Confidence != "low" {
t.Errorf("unexpected Confidence: %s", f.Confidence)
}
}
if !got["https://crates.io/crates/openai-rs"] {
t.Error("missing openai-rs finding")
}
if !got["https://crates.io/crates/sk-proj-crate"] {
t.Error("missing sk-proj-crate finding")
}
if hits == 0 {
t.Fatal("server was never hit")
}
// Verify custom User-Agent header.
if gotUserAgent != "keyhunter-recon/1.0 (https://github.com/salvacybersec/keyhunter)" {
t.Errorf("unexpected User-Agent: %s", gotUserAgent)
}
}
func TestCratesIO_EnabledAlwaysTrue(t *testing.T) {
s := &CratesIOSource{}
if !s.Enabled(recon.Config{}) {
t.Fatal("expected Enabled=true")
}
}
func TestCratesIO_Sweep_CtxCancelled(t *testing.T) {
srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
time.Sleep(500 * time.Millisecond)
_, _ = w.Write([]byte(cratesFixtureJSON))
}))
defer srv.Close()
src := newCratesIOTestSource(srv.URL)
ctx, cancel := context.WithCancel(context.Background())
cancel()
out := make(chan recon.Finding, 4)
if err := src.Sweep(ctx, "", out); err == nil {
t.Fatal("expected ctx error")
}
}
func TestCratesIO_NameAndRate(t *testing.T) {
s := &CratesIOSource{}
if s.Name() != "crates" {
t.Errorf("unexpected name: %s", s.Name())
}
if s.Burst() != 1 {
t.Errorf("burst: %d", s.Burst())
}
if s.RespectsRobots() {
t.Error("expected RespectsRobots=false")
}
want := float64(1) / 1
got := float64(s.RateLimit())
if got < want-0.01 || got > want+0.01 {
t.Errorf("rate limit=%v want~%v", got, want)
}
}
Reference in New Issue View Git Blame Copy Permalink