8c37252c1b
- Add TestTableFormatter_Empty, NoColorInBuffer, Unverified/VerifiedLayout - Add TestTableFormatter_Masking, MetadataSorted, RegisteredUnderTable - Keep legacy PrintFindings tests as backward-compat wrapper coverage
219 lines
6.2 KiB
Go
219 lines
6.2 KiB
Go
package output
|
|
|
|
import (
|
|
"bytes"
|
|
"io"
|
|
"os"
|
|
"regexp"
|
|
"strings"
|
|
"testing"
|
|
|
|
"github.com/stretchr/testify/assert"
|
|
"github.com/stretchr/testify/require"
|
|
|
|
"github.com/salvacybersec/keyhunter/pkg/engine"
|
|
)
|
|
|
|
// ansiRE strips lipgloss/ANSI color escape sequences so assertions can run
|
|
// against plain text regardless of the terminal styling applied at render time.
|
|
var ansiRE = regexp.MustCompile(`\x1b\[[0-9;]*m`)
|
|
|
|
func stripANSI(s string) string { return ansiRE.ReplaceAllString(s, "") }
|
|
|
|
// captureStdout redirects os.Stdout for the duration of fn and returns the
|
|
// captured bytes (ANSI-stripped for convenience). Used by legacy PrintFindings
|
|
// tests that still target stdout for backward compatibility.
|
|
func captureStdout(t *testing.T, fn func()) string {
|
|
t.Helper()
|
|
orig := os.Stdout
|
|
r, w, err := os.Pipe()
|
|
require.NoError(t, err)
|
|
os.Stdout = w
|
|
|
|
done := make(chan struct{})
|
|
var buf bytes.Buffer
|
|
go func() {
|
|
_, _ = io.Copy(&buf, r)
|
|
close(done)
|
|
}()
|
|
|
|
fn()
|
|
|
|
require.NoError(t, w.Close())
|
|
os.Stdout = orig
|
|
<-done
|
|
return stripANSI(buf.String())
|
|
}
|
|
|
|
// --- Legacy PrintFindings wrapper tests (kept for backward compatibility) ---
|
|
|
|
func TestPrintFindings_NoVerification_Unchanged(t *testing.T) {
|
|
findings := []engine.Finding{
|
|
{
|
|
ProviderName: "openai",
|
|
KeyValue: "sk-test-1234567890abcdef",
|
|
KeyMasked: "sk-test-...cdef",
|
|
Confidence: "high",
|
|
Source: "main.go",
|
|
LineNumber: 42,
|
|
},
|
|
}
|
|
out := captureStdout(t, func() { PrintFindings(findings, false) })
|
|
assert.NotContains(t, out, "VERIFY", "VERIFY column must not appear when no findings are verified")
|
|
assert.Contains(t, out, "PROVIDER")
|
|
assert.Contains(t, out, "openai")
|
|
}
|
|
|
|
func TestPrintFindings_LiveVerification_ShowsCheck(t *testing.T) {
|
|
findings := []engine.Finding{
|
|
{
|
|
ProviderName: "openai",
|
|
KeyMasked: "sk-test-...cdef",
|
|
Confidence: "high",
|
|
Source: "main.go",
|
|
LineNumber: 42,
|
|
Verified: true,
|
|
VerifyStatus: "live",
|
|
},
|
|
}
|
|
out := captureStdout(t, func() { PrintFindings(findings, false) })
|
|
assert.Contains(t, out, "VERIFY")
|
|
assert.Contains(t, out, "live")
|
|
}
|
|
|
|
func TestPrintFindings_Metadata_Rendered(t *testing.T) {
|
|
findings := []engine.Finding{
|
|
{
|
|
ProviderName: "openai",
|
|
KeyMasked: "sk-test-...cdef",
|
|
Confidence: "high",
|
|
Source: "main.go",
|
|
LineNumber: 42,
|
|
Verified: true,
|
|
VerifyStatus: "live",
|
|
VerifyMetadata: map[string]string{"org": "Acme", "tier": "plus"},
|
|
},
|
|
}
|
|
out := captureStdout(t, func() { PrintFindings(findings, false) })
|
|
assert.Contains(t, out, "org: Acme")
|
|
assert.Contains(t, out, "tier: plus")
|
|
orgIdx := strings.Index(out, "org: Acme")
|
|
tierIdx := strings.Index(out, "tier: plus")
|
|
require.GreaterOrEqual(t, orgIdx, 0)
|
|
require.GreaterOrEqual(t, tierIdx, 0)
|
|
assert.Less(t, orgIdx, tierIdx, "metadata pairs should be sorted alphabetically")
|
|
}
|
|
|
|
// --- New TableFormatter tests ---
|
|
|
|
func TestTableFormatter_Empty(t *testing.T) {
|
|
var buf bytes.Buffer
|
|
require.NoError(t, TableFormatter{}.Format(nil, &buf, Options{}))
|
|
assert.Equal(t, "No API keys found.\n", buf.String())
|
|
}
|
|
|
|
func TestTableFormatter_NoColorInBuffer(t *testing.T) {
|
|
// bytes.Buffer is not a TTY, so ColorsEnabled should return false and no
|
|
// ANSI escape sequences should be present in the output.
|
|
findings := []engine.Finding{
|
|
{
|
|
ProviderName: "openai",
|
|
KeyMasked: "sk-test-...cdef",
|
|
Confidence: "high",
|
|
Source: "main.go",
|
|
LineNumber: 1,
|
|
},
|
|
{
|
|
ProviderName: "anthropic",
|
|
KeyMasked: "sk-ant-...beef",
|
|
Confidence: "medium",
|
|
Source: "main.go",
|
|
LineNumber: 2,
|
|
Verified: true,
|
|
VerifyStatus: "live",
|
|
},
|
|
}
|
|
var buf bytes.Buffer
|
|
require.NoError(t, TableFormatter{}.Format(findings, &buf, Options{}))
|
|
assert.NotContains(t, buf.String(), "\x1b[", "non-TTY writer must not receive ANSI escape codes")
|
|
assert.Contains(t, buf.String(), "VERIFY")
|
|
assert.Contains(t, buf.String(), "2 key(s) found.")
|
|
}
|
|
|
|
func TestTableFormatter_UnverifiedLayout(t *testing.T) {
|
|
findings := []engine.Finding{
|
|
{ProviderName: "openai", KeyMasked: "x", Confidence: "low", Source: "s", LineNumber: 1},
|
|
}
|
|
var buf bytes.Buffer
|
|
require.NoError(t, TableFormatter{}.Format(findings, &buf, Options{}))
|
|
// First line is the header.
|
|
header := strings.SplitN(buf.String(), "\n", 2)[0]
|
|
assert.NotContains(t, header, "VERIFY")
|
|
}
|
|
|
|
func TestTableFormatter_VerifiedLayout(t *testing.T) {
|
|
findings := []engine.Finding{
|
|
{
|
|
ProviderName: "openai", KeyMasked: "x", Confidence: "high",
|
|
Source: "s", LineNumber: 1, Verified: true, VerifyStatus: "live",
|
|
},
|
|
}
|
|
var buf bytes.Buffer
|
|
require.NoError(t, TableFormatter{}.Format(findings, &buf, Options{}))
|
|
header := strings.SplitN(buf.String(), "\n", 2)[0]
|
|
assert.Contains(t, header, "VERIFY")
|
|
assert.Contains(t, buf.String(), "live")
|
|
}
|
|
|
|
func TestTableFormatter_Masking(t *testing.T) {
|
|
findings := []engine.Finding{
|
|
{
|
|
ProviderName: "openai",
|
|
KeyValue: "sk-FULL-SECRET-VALUE",
|
|
KeyMasked: "sk-FULL-...ALUE",
|
|
Confidence: "high",
|
|
Source: "s",
|
|
LineNumber: 1,
|
|
},
|
|
}
|
|
|
|
var masked bytes.Buffer
|
|
require.NoError(t, TableFormatter{}.Format(findings, &masked, Options{Unmask: false}))
|
|
assert.Contains(t, masked.String(), "sk-FULL-...ALUE")
|
|
assert.NotContains(t, masked.String(), "sk-FULL-SECRET-VALUE")
|
|
|
|
var unmasked bytes.Buffer
|
|
require.NoError(t, TableFormatter{}.Format(findings, &unmasked, Options{Unmask: true}))
|
|
assert.Contains(t, unmasked.String(), "sk-FULL-SECRET-VALUE")
|
|
}
|
|
|
|
func TestTableFormatter_MetadataSorted(t *testing.T) {
|
|
findings := []engine.Finding{
|
|
{
|
|
ProviderName: "openai",
|
|
KeyMasked: "x",
|
|
Confidence: "high",
|
|
Source: "s",
|
|
LineNumber: 1,
|
|
Verified: true,
|
|
VerifyStatus: "live",
|
|
VerifyMetadata: map[string]string{"z": "1", "a": "2"},
|
|
},
|
|
}
|
|
var buf bytes.Buffer
|
|
require.NoError(t, TableFormatter{}.Format(findings, &buf, Options{}))
|
|
out := buf.String()
|
|
aIdx := strings.Index(out, "a: 2")
|
|
zIdx := strings.Index(out, "z: 1")
|
|
require.GreaterOrEqual(t, aIdx, 0)
|
|
require.GreaterOrEqual(t, zIdx, 0)
|
|
assert.Less(t, aIdx, zIdx)
|
|
}
|
|
|
|
func TestTableFormatter_RegisteredUnderTable(t *testing.T) {
|
|
f, err := Get("table")
|
|
require.NoError(t, err)
|
|
_, ok := f.(TableFormatter)
|
|
assert.True(t, ok, "the \"table\" registry entry must be a TableFormatter")
|
|
}
|