Add e2e tests

Author: cx-miguel-neiva

engine/engine.go

@@ -3,14 +3,15 @@ package engine
 import (
 	"crypto/sha1"
 	"fmt"
-	"github.com/checkmarx/2ms/engine/linecontent"
-	"github.com/checkmarx/2ms/engine/score"
 	"os"
 	"regexp"
 	"strings"
 	"sync"
 	"text/tabwriter"
 
+	"github.com/checkmarx/2ms/engine/linecontent"
+	"github.com/checkmarx/2ms/engine/score"
+
 	"github.com/checkmarx/2ms/engine/rules"
 	"github.com/checkmarx/2ms/engine/validation"
 	"github.com/checkmarx/2ms/lib/secrets"
@@ -85,6 +86,8 @@ func (e *Engine) Detect(item plugins.ISourceItem, secretsChannel chan *secrets.S
 		Raw:      *item.GetContent(),
 		FilePath: item.GetSource(),
 	}
+
+	fragment.Raw += "\n"
 	for _, value := range e.detector.Detect(fragment) {
 		itemId := getFindingId(item, value)
 		var startLine, endLine int

tests/e2e.go

@@ -9,6 +9,7 @@ import (
 	"os"
 	"os/exec"
 	"path"
+	"path/filepath"
 	"runtime"
 
 	"github.com/checkmarx/2ms/lib/reporting"
@@ -20,7 +21,11 @@ type cli struct {
 }
 
 func createCLI(outputDir string) (cli, error) {
-	executable := path.Join(outputDir, "2ms")
+	executableName := "2ms"
+	if runtime.GOOS == "windows" {
+		executableName += ".exe"
+	}
+	executable := filepath.Join(outputDir, executableName)
 	lib, err := build.Import("github.com/checkmarx/2ms", "", build.FindOnly)
 	if err != nil {
 		return cli{}, fmt.Errorf("failed to import 2ms: %s", err)

tests/e2e_test.go

@@ -1,6 +1,13 @@
 package tests
 
-import "testing"
+import (
+	"encoding/json"
+	"os"
+	"testing"
+
+	"github.com/checkmarx/2ms/lib/reporting"
+	"github.com/google/go-cmp/cmp"
+)
 
 func TestIntegration(t *testing.T) {
 	if testing.Short() {
@@ -79,3 +86,74 @@ func TestIntegration(t *testing.T) {
 		}
 	})
 }
+
+func TestSecretsEdgeCases(t *testing.T) {
+	if testing.Short() {
+		t.Skip("skipping edge cases test")
+	}
+
+	tests := []struct {
+		Name               string
+		ScanTarget         string
+		TargetPath         string
+		ExpectedReportPath string
+	}{
+		{
+			Name:               "secret at end without newline (filesystem)",
+			ScanTarget:         "filesystem",
+			TargetPath:         "testData/input/secret_at_end.txt",
+			ExpectedReportPath: "testData/expectedReport/report1.json",
+		},
+		{
+			Name:               "secret at end with multiLine (filesystem)",
+			ScanTarget:         "filesystem",
+			TargetPath:         "testData/input/multi_line_secret.txt",
+			ExpectedReportPath: "testData/expectedReport/report2.json",
+		},
+		{
+			Name:               "secret at end with backspace in newline (filesystem)",
+			ScanTarget:         "filesystem",
+			TargetPath:         "testData/input/secret_at_end_with_newline.txt",
+			ExpectedReportPath: "testData/expectedReport/report3.json",
+		},
+	}
+
+	for _, tc := range tests {
+		t.Run(tc.Name, func(t *testing.T) {
+			executable, err := createCLI(t.TempDir())
+			if err != nil {
+				t.Fatalf("failed to build CLI: %s", err)
+			}
+
+			args := []string{tc.ScanTarget}
+			if tc.ScanTarget == "filesystem" {
+				args = append(args, "--path", tc.TargetPath)
+			} else {
+				args = append(args, tc.TargetPath)
+			}
+			args = append(args, "--ignore-on-exit", "results")
+
+			if err := executable.run(args[0], args[1:]...); err != nil {
+				t.Fatalf("error running scan with args: %v, got: %v", args, err)
+			}
+
+			actualReport, err := executable.getReport()
+			if err != nil {
+				t.Fatalf("failed to get report: %s", err)
+			}
+
+			expectedBytes, err := os.ReadFile(tc.ExpectedReportPath)
+			if err != nil {
+				t.Fatalf("failed to read expected report: %s", err)
+			}
+			var expectedReport reporting.Report
+			if err := json.Unmarshal(expectedBytes, &expectedReport); err != nil {
+				t.Fatalf("failed to unmarshal expected report: %s", err)
+			}
+
+			if !cmp.Equal(expectedReport, actualReport) {
+				t.Errorf("Scan report does not match expected report:\n%s", cmp.Diff(expectedReport, actualReport))
+			}
+		})
+	}
+}

tests/testData/expectedReport/report1.json

@@ -0,0 +1,36 @@
+{
+    "totalItemsScanned": 1,
+    "totalSecretsFound": 2,
+    "results": {
+     "6a3e642795e27b989c54ac0c91147fe8e9a405b4": [
+      {
+       "id": "6a3e642795e27b989c54ac0c91147fe8e9a405b4",
+       "source": "testData/input/secret_at_end.txt",
+       "ruleId": "generic-api-key",
+       "startLine": 2,
+       "endLine": 2,
+       "lineContent": "\n\t\t`\"client_secret\" : \"6da89121079f83b2eb6acccf8219ea982c3d79bccc3e9c6a85856480661f8fde\",`",
+       "startColumn": 6,
+       "endColumn": 88,
+       "value": "6da89121079f83b2eb6acccf8219ea982c3d79bccc3e9c6a85856480661f8fde",
+       "ruleDescription": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations.",
+       "cvssScore": 8.2
+      }
+     ],
+     "84bc054139c2363b37538209055a2d9c23026fab": [
+      {
+       "id": "84bc054139c2363b37538209055a2d9c23026fab",
+       "source": "testData/input/secret_at_end.txt",
+       "ruleId": "generic-api-key",
+       "startLine": 1,
+       "endLine": 1,
+       "lineContent": "`\"client_id\" : \"0afae57f3ccfd9d7f5767067bc48b30f719e271ba470488056e37ab35d4b6506\"`,\r",
+       "startColumn": 3,
+       "endColumn": 81,
+       "value": "0afae57f3ccfd9d7f5767067bc48b30f719e271ba470488056e37ab35d4b6506",
+       "ruleDescription": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations.",
+       "cvssScore": 8.2
+      }
+     ]
+    }
+   }

tests/testData/expectedReport/report2.json

@@ -0,0 +1,51 @@
+{
+    "totalItemsScanned": 1,
+    "totalSecretsFound": 3,
+    "results": {
+     "1ef1c6a736cb0725175ac969776c3fe0b4602389": [
+      {
+       "id": "1ef1c6a736cb0725175ac969776c3fe0b4602389",
+       "source": "testData/input/multi_line_secret.txt",
+       "ruleId": "private-key",
+       "startLine": 3,
+       "endLine": 4,
+       "lineContent": "\n        -----BEGIN RSA PRIVATE KEY----- MIIBOgIBAAJBAKj34GkxFhD90vcNLYLInFEX6Ppy1tPf9Cnzj4p4WGeKLs1Pt8Qu KUpRKfFLfRYC9AIKjbJTWit+Cq\r\n        vjWYzvQwECAwEAAQJAIJLixBy2qpFoS4DSmoEm o3qGy0t6z09AIJtH+5OeRV1be+N4cDYJKffGzDa88vQENZiRm0GRq6a+HPGQMd2k TQIhAKMSvzIBnni7ot/OSie2TmJLY4SwTQAevXysE2RbFDYdAiEBCUEaRQnMnbp79mxDXDf6AU0cN/RPBjb9qSHDcWZHGzUCIG2Es59z8ugGrDY+pxLQnwfotadxd+Uy v/Ow5T0q5gIJAiEAyS4RaI9YG8EWx/2w0T67ZUVAw8eOMB6BIUg0Xcu+3okCIBOs /5OiPgoTdSy7bcF9IGpSE8ZgGKzgYQVZeN97YE00 -----END RSA PRIVATE KEY-----\r",
+       "startColumn": 10,
+       "endColumn": 377,
+       "value": "-----BEGIN RSA PRIVATE KEY----- MIIBOgIBAAJBAKj34GkxFhD90vcNLYLInFEX6Ppy1tPf9Cnzj4p4WGeKLs1Pt8Qu KUpRKfFLfRYC9AIKjbJTWit+Cq\r\n        vjWYzvQwECAwEAAQJAIJLixBy2qpFoS4DSmoEm o3qGy0t6z09AIJtH+5OeRV1be+N4cDYJKffGzDa88vQENZiRm0GRq6a+HPGQMd2k TQIhAKMSvzIBnni7ot/OSie2TmJLY4SwTQAevXysE2RbFDYdAiEBCUEaRQnMnbp79mxDXDf6AU0cN/RPBjb9qSHDcWZHGzUCIG2Es59z8ugGrDY+pxLQnwfotadxd+Uy v/Ow5T0q5gIJAiEAyS4RaI9YG8EWx/2w0T67ZUVAw8eOMB6BIUg0Xcu+3okCIBOs /5OiPgoTdSy7bcF9IGpSE8ZgGKzgYQVZeN97YE00 -----END RSA PRIVATE KEY-----",
+       "ruleDescription": "Identified a Private Key, which may compromise cryptographic security and sensitive data encryption.",
+       "cvssScore": 8.2
+      }
+     ],
+     "58e5a02e5571db6dc1f9c0fdba8d86e254225bf1": [
+      {
+       "id": "58e5a02e5571db6dc1f9c0fdba8d86e254225bf1",
+       "source": "testData/input/multi_line_secret.txt",
+       "ruleId": "generic-api-key",
+       "startLine": 1,
+       "endLine": 1,
+       "lineContent": "`\"client_id\" : \"0afae57f3ccfd9d7f5767067bc48b30f719e271ba470488056e37ab35d4b6506\"`,\r",
+       "startColumn": 3,
+       "endColumn": 81,
+       "value": "0afae57f3ccfd9d7f5767067bc48b30f719e271ba470488056e37ab35d4b6506",
+       "ruleDescription": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations.",
+       "cvssScore": 8.2
+      }
+     ],
+     "ed47a9a9052d119d91763ce84d689370fdbccf1f": [
+      {
+       "id": "ed47a9a9052d119d91763ce84d689370fdbccf1f",
+       "source": "testData/input/multi_line_secret.txt",
+       "ruleId": "generic-api-key",
+       "startLine": 2,
+       "endLine": 2,
+       "lineContent": "\n\t\t`\"client_secret\" : \"6da89121079f83b2eb6acccf8219ea982c3d79bccc3e9c6a85856480661f8fde\",`\r",
+       "startColumn": 6,
+       "endColumn": 88,
+       "value": "6da89121079f83b2eb6acccf8219ea982c3d79bccc3e9c6a85856480661f8fde",
+       "ruleDescription": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations.",
+       "cvssScore": 8.2
+      }
+     ]
+    }
+   }

tests/testData/expectedReport/report3.json

@@ -0,0 +1,36 @@
+{
+    "totalItemsScanned": 1,
+    "totalSecretsFound": 2,
+    "results": {
+     "6af9b6df67e2971f45e6e27d4e068c2a515d2961": [
+      {
+       "id": "6af9b6df67e2971f45e6e27d4e068c2a515d2961",
+       "source": "testData/input/secret_at_end_with_newline.txt",
+       "ruleId": "generic-api-key",
+       "startLine": 2,
+       "endLine": 2,
+       "lineContent": "\n\t\t`\"client_secret\" : \"6da89121079f83b2eb6acccf8219ea982c3d79bccc3e9c6a85856480661f8fde\",`\r",
+       "startColumn": 6,
+       "endColumn": 88,
+       "value": "6da89121079f83b2eb6acccf8219ea982c3d79bccc3e9c6a85856480661f8fde",
+       "ruleDescription": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations.",
+       "cvssScore": 8.2
+      }
+     ],
+     "f4b4bf79a4000811227225e3c556ea3862cfcb1a": [
+      {
+       "id": "f4b4bf79a4000811227225e3c556ea3862cfcb1a",
+       "source": "testData/input/secret_at_end_with_newline.txt",
+       "ruleId": "generic-api-key",
+       "startLine": 1,
+       "endLine": 1,
+       "lineContent": "`\"client_id\" : \"0afae57f3ccfd9d7f5767067bc48b30f719e271ba470488056e37ab35d4b6506\"`,\r",
+       "startColumn": 3,
+       "endColumn": 81,
+       "value": "0afae57f3ccfd9d7f5767067bc48b30f719e271ba470488056e37ab35d4b6506",
+       "ruleDescription": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations.",
+       "cvssScore": 8.2
+      }
+     ]
+    }
+   }

tests/testData/input/multi_line_secret.txt

@@ -0,0 +1,5 @@
+`"client_id" : "0afae57f3ccfd9d7f5767067bc48b30f719e271ba470488056e37ab35d4b6506"`,
+		`"client_secret" : "6da89121079f83b2eb6acccf8219ea982c3d79bccc3e9c6a85856480661f8fde",`
+        -----BEGIN RSA PRIVATE KEY----- MIIBOgIBAAJBAKj34GkxFhD90vcNLYLInFEX6Ppy1tPf9Cnzj4p4WGeKLs1Pt8Qu KUpRKfFLfRYC9AIKjbJTWit+Cq
+        vjWYzvQwECAwEAAQJAIJLixBy2qpFoS4DSmoEm o3qGy0t6z09AIJtH+5OeRV1be+N4cDYJKffGzDa88vQENZiRm0GRq6a+HPGQMd2k TQIhAKMSvzIBnni7ot/OSie2TmJLY4SwTQAevXysE2RbFDYdAiEBCUEaRQnMnbp79mxDXDf6AU0cN/RPBjb9qSHDcWZHGzUCIG2Es59z8ugGrDY+pxLQnwfotadxd+Uy v/Ow5T0q5gIJAiEAyS4RaI9YG8EWx/2w0T67ZUVAw8eOMB6BIUg0Xcu+3okCIBOs /5OiPgoTdSy7bcF9IGpSE8ZgGKzgYQVZeN97YE00 -----END RSA PRIVATE KEY-----
+        

tests/testData/input/secret_at_end.txt

@@ -0,0 +1,2 @@
+`"client_id" : "0afae57f3ccfd9d7f5767067bc48b30f719e271ba470488056e37ab35d4b6506"`,
+		`"client_secret" : "6da89121079f83b2eb6acccf8219ea982c3d79bccc3e9c6a85856480661f8fde",`

tests/testData/input/secret_at_end_with_newline.txt

@@ -0,0 +1,3 @@
+`"client_id" : "0afae57f3ccfd9d7f5767067bc48b30f719e271ba470488056e37ab35d4b6506"`,
+		`"client_secret" : "6da89121079f83b2eb6acccf8219ea982c3d79bccc3e9c6a85856480661f8fde",`
+