salvacybersec/keyhunter
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
a8bcb44912843cc671dacd065b5a5528a1e8a5b9
keyhunter/pkg/recon/sources/s3scanner_test.go
salvacybersec 13905eb5ee feat(12-03): implement AzureBlobScanner, DOSpacesScanner, and all cloud scanner tests 
- AzureBlobScanner enumerates public Azure Blob containers with XML listing
- DOSpacesScanner enumerates public DO Spaces across 5 regions (S3-compatible XML)
- httptest-based tests for all four scanners: sweep, empty registry, ctx cancel, metadata
- All sources credentialless, compile-time interface assertions
2026-04-06 12:26:01 +03:00

140 lines
3.2 KiB
Go
Raw Blame History

package sources
import (
"context"
"net/http"
"net/http/httptest"
"testing"
"time"
"github.com/salvacybersec/keyhunter/pkg/providers"
"github.com/salvacybersec/keyhunter/pkg/recon"
)
func cloudTestRegistry() *providers.Registry {
return providers.NewRegistryFromProviders([]providers.Provider{
{Name: "testprov", Keywords: []string{"testprov-key"}},
})
}
func s3TestServer() *httptest.Server {
mux := http.NewServeMux()
// Respond to HEAD for the testprov-keys bucket with 200 (public).
mux.HandleFunc("/testprov-keys/", func(w http.ResponseWriter, r *http.Request) {
if r.Method == http.MethodHead {
w.WriteHeader(http.StatusOK)
return
}
// GET — return S3 ListBucketResult XML.
w.Header().Set("Content-Type", "application/xml")
_, _ = w.Write([]byte(`<?xml version="1.0" encoding="UTF-8"?>
<ListBucketResult>
<Contents><Key>.env</Key></Contents>
<Contents><Key>config.yaml</Key></Contents>
<Contents><Key>readme.md</Key></Contents>
<Contents><Key>data/settings.json</Key></Contents>
</ListBucketResult>`))
})
// All other buckets return 404 (not found).
mux.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
w.WriteHeader(http.StatusNotFound)
})
return httptest.NewServer(mux)
}
func TestS3Scanner_Sweep(t *testing.T) {
srv := s3TestServer()
defer srv.Close()
src := &S3Scanner{
Registry: cloudTestRegistry(),
BaseURL: srv.URL + "/%s/",
client: NewClient(),
}
out := make(chan recon.Finding, 32)
ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
defer cancel()
if err := src.Sweep(ctx, "", out); err != nil {
t.Fatalf("Sweep error: %v", err)
}
close(out)
var findings []recon.Finding
for f := range out {
findings = append(findings, f)
}
// .env, config.yaml, data/settings.json match; readme.md does not.
if len(findings) != 3 {
t.Fatalf("expected 3 findings, got %d: %+v", len(findings), findings)
}
for _, f := range findings {
if f.SourceType != "recon:s3" {
t.Errorf("unexpected SourceType: %s", f.SourceType)
}
if f.Confidence != "medium" {
t.Errorf("unexpected Confidence: %s", f.Confidence)
}
}
}
func TestS3Scanner_EmptyRegistry(t *testing.T) {
src := &S3Scanner{
Registry: providers.NewRegistryFromProviders(nil),
Limiters: recon.NewLimiterRegistry(),
client: NewClient(),
}
out := make(chan recon.Finding, 4)
ctx := context.Background()
if err := src.Sweep(ctx, "", out); err != nil {
t.Fatalf("Sweep error: %v", err)
}
close(out)
if len(out) != 0 {
t.Fatal("expected 0 findings with empty registry")
}
}
func TestS3Scanner_CtxCancelled(t *testing.T) {
srv := s3TestServer()
defer srv.Close()
src := &S3Scanner{
Registry: cloudTestRegistry(),
BaseURL: srv.URL + "/%s/",
client: NewClient(),
}
ctx, cancel := context.WithCancel(context.Background())
cancel()
out := make(chan recon.Finding, 4)
if err := src.Sweep(ctx, "", out); err == nil {
t.Fatal("expected ctx error")
}
}
func TestS3Scanner_EnabledAndMeta(t *testing.T) {
s := &S3Scanner{}
if s.Name() != "s3" {
t.Fatalf("unexpected name: %s", s.Name())
}
if !s.Enabled(recon.Config{}) {
t.Fatal("expected Enabled=true")
}
if s.RespectsRobots() {
t.Fatal("expected RespectsRobots=false")
}
if s.Burst() != 3 {
t.Fatal("expected Burst=3")
}
}
Reference in New Issue View Git Blame Copy Permalink