e0f267f7bf
- GitHubActionsSource: searches GitHub code search for workflow files with provider keywords (token-gated) - TravisCISource: queries Travis CI v3 API for public build logs (credentialless) - CircleCISource: queries CircleCI v2 pipeline API for build pipelines (token-gated) - JenkinsSource: queries open Jenkins /api/json for job build consoles (credentialless) - GitLabCISource: queries GitLab projects API for CI-enabled projects (token-gated) - RegisterAll extended to 45 sources (40 Phase 10-13 + 5 Phase 14) - Integration test updated with fixtures for all 5 new sources - cmd/recon.go wires CIRCLECI_TOKEN env var
102 lines
2.4 KiB
Go
102 lines
2.4 KiB
Go
package sources
|
|
|
|
import (
|
|
"reflect"
|
|
"testing"
|
|
|
|
"github.com/salvacybersec/keyhunter/pkg/providers"
|
|
"github.com/salvacybersec/keyhunter/pkg/recon"
|
|
)
|
|
|
|
// registerTestRegistry builds a minimal registry with one synthetic provider so
|
|
// BuildQueries inside individual sources does not panic.
|
|
func registerTestRegistry() *providers.Registry {
|
|
return providers.NewRegistryFromProviders([]providers.Provider{
|
|
{Name: "openai", Keywords: []string{"sk-proj-"}},
|
|
})
|
|
}
|
|
|
|
// TestRegisterAll_WiresAllFortyFiveSources asserts that RegisterAll registers
|
|
// every Phase 10 + Phase 11 + Phase 12 + Phase 13 + Phase 14 source by its
|
|
// stable name on a fresh engine.
|
|
func TestRegisterAll_WiresAllFortyFiveSources(t *testing.T) {
|
|
eng := recon.NewEngine()
|
|
cfg := SourcesConfig{
|
|
Registry: registerTestRegistry(),
|
|
Limiters: recon.NewLimiterRegistry(),
|
|
}
|
|
RegisterAll(eng, cfg)
|
|
|
|
got := eng.List()
|
|
want := []string{
|
|
"azureblob",
|
|
"binaryedge",
|
|
"bing",
|
|
"bitbucket",
|
|
"brave",
|
|
"censys",
|
|
"circleci",
|
|
"codeberg",
|
|
"codesandbox",
|
|
"crates",
|
|
"dockerhub",
|
|
"duckduckgo",
|
|
"fofa",
|
|
"gcs",
|
|
"gist",
|
|
"gistpaste",
|
|
"github",
|
|
"github_actions",
|
|
"gitlab",
|
|
"gitlab_ci",
|
|
"google",
|
|
"goproxy",
|
|
"helm",
|
|
"huggingface",
|
|
"jenkins",
|
|
"k8s",
|
|
"kaggle",
|
|
"maven",
|
|
"netlas",
|
|
"npm",
|
|
"nuget",
|
|
"packagist",
|
|
"pastebin",
|
|
"pastesites",
|
|
"pypi",
|
|
"replit",
|
|
"rubygems",
|
|
"s3",
|
|
"sandboxes",
|
|
"shodan",
|
|
"spaces",
|
|
"terraform",
|
|
"travisci",
|
|
"yandex",
|
|
"zoomeye",
|
|
}
|
|
if !reflect.DeepEqual(got, want) {
|
|
t.Fatalf("RegisterAll names mismatch\n got: %v\nwant: %v", got, want)
|
|
}
|
|
}
|
|
|
|
// TestRegisterAll_MissingCredsStillRegistered asserts that sources whose
|
|
// credentials are absent are still registered (so eng.List() reports them),
|
|
// but their Enabled() returns false. This keeps the CLI surface uniform
|
|
// regardless of which tokens are configured.
|
|
func TestRegisterAll_MissingCredsStillRegistered(t *testing.T) {
|
|
eng := recon.NewEngine()
|
|
RegisterAll(eng, SourcesConfig{
|
|
Registry: registerTestRegistry(),
|
|
Limiters: recon.NewLimiterRegistry(),
|
|
})
|
|
|
|
if n := len(eng.List()); n != 45 {
|
|
t.Fatalf("expected 45 sources registered, got %d: %v", n, eng.List())
|
|
}
|
|
|
|
// SweepAll with an empty config should filter out cred-gated sources
|
|
// (github, gitlab, bitbucket, gist, kaggle) and still run the credless
|
|
// ones. We only check List() here; the integration test covers Sweep.
|
|
}
|