add unit test for ignored rule

cx-leonardo-fontes · cx-leonardo-fontes · commit ccbdea976467 · 2025-06-02T11:02:58.000+01:00
diff --git a/pkg/scan_test.go b/pkg/scan_test.go
@@ -16,10 +16,11 @@ import (
 )
 
 const (
-	githubPatPath                    = "testData/secrets/github-pat.txt"
-	jwtPath                          = "testData/secrets/jwt.txt"
-	expectedReportPath               = "testData/expectedReport.json"
-	expectedReportResultsIgnoredPath = "testData/expectedReportWithIgnoredResults.json"
+	githubPatPath                           = "testData/secrets/github-pat.txt"
+	jwtPath                                 = "testData/secrets/jwt.txt"
+	expectedReportPath                      = "testData/expectedReport.json"
+	expectedReportResultsIgnoredResultsPath = "testData/expectedReportWithIgnoredResults.json"
+	expectedReportResultsIgnoredRulePath    = "testData/expectedReportWithIgnoredRule.json"
 )
 
 func TestScan(t *testing.T) {
@@ -135,7 +136,74 @@ func TestScan(t *testing.T) {
 		})
 		assert.NoError(t, err, "scanner encountered an error")
 
-		expectedReportBytes, err := os.ReadFile(expectedReportResultsIgnoredPath)
+		expectedReportBytes, err := os.ReadFile(expectedReportResultsIgnoredResultsPath)
+		assert.NoError(t, err, "failed to read expected report file")
+
+		var expectedReport, actualReportMap map[string]interface{}
+
+		err = json.Unmarshal(expectedReportBytes, &expectedReport)
+		assert.NoError(t, err, "failed to unmarshal expected report JSON")
+
+		actualReportBytes, err := json.Marshal(actualReport)
+		assert.NoError(t, err, "failed to marshal actual report to JSON")
+		err = json.Unmarshal(actualReportBytes, &actualReportMap)
+		assert.NoError(t, err, "failed to unmarshal actual report JSON")
+
+		normalizedExpectedReport, err := utils.NormalizeReportData(expectedReport)
+		assert.NoError(t, err, "Failed to normalize actual report")
+
+		normalizedActualReport, err := utils.NormalizeReportData(actualReportMap)
+		assert.NoError(t, err, "Failed to normalize actual report")
+
+		assert.EqualValues(t, normalizedExpectedReport, normalizedActualReport)
+	})
+	t.Run("Successful scan with multiple items and ignored rule", func(t *testing.T) {
+		cmd.Report = reporting.Init()
+		cmd.SecretsChan = make(chan *secrets.Secret)
+		cmd.SecretsExtrasChan = make(chan *secrets.Secret)
+		cmd.ValidationChan = make(chan *secrets.Secret)
+		cmd.CvssScoreWithoutValidationChan = make(chan *secrets.Secret)
+		cmd.Channels.Items = make(chan plugins.ISourceItem)
+		cmd.Channels.Errors = make(chan error)
+
+		githubPatBytes, err := os.ReadFile(githubPatPath)
+		assert.NoError(t, err, "failed to read github-pat file")
+		githubPatContent := string(githubPatBytes)
+
+		jwtBytes, err := os.ReadFile(jwtPath)
+		assert.NoError(t, err, "failed to read jwt file")
+		jwtContent := string(jwtBytes)
+
+		emptyContent := ""
+		emptyMockPath := "mockPath"
+
+		scanItems := []ScanItem{
+			{
+				Content: &githubPatContent,
+				ID:      fmt.Sprintf("mock-%s", githubPatPath),
+				Source:  githubPatPath,
+			},
+			{
+				Content: &emptyContent,
+				ID:      fmt.Sprintf("mock-%s", emptyMockPath),
+				Source:  emptyMockPath,
+			},
+			{
+				Content: &jwtContent,
+				ID:      fmt.Sprintf("mock-%s", jwtPath),
+				Source:  jwtPath,
+			},
+		}
+
+		testScanner := NewScanner()
+		actualReport, err := testScanner.Scan(scanItems, ScanConfig{
+			IgnoreRules: []string{
+				"github-pat",
+			},
+		})
+		assert.NoError(t, err, "scanner encountered an error")
+
+		expectedReportBytes, err := os.ReadFile(expectedReportResultsIgnoredRulePath)
 		assert.NoError(t, err, "failed to read expected report file")
 
 		var expectedReport, actualReportMap map[string]interface{}
@@ -352,7 +420,7 @@ func TestScanDynamic(t *testing.T) {
 		})
 		assert.NoError(t, err, "scanner encountered an error")
 
-		expectedReportBytes, err := os.ReadFile(expectedReportResultsIgnoredPath)
+		expectedReportBytes, err := os.ReadFile(expectedReportResultsIgnoredResultsPath)
 		assert.NoError(t, err, "failed to read expected report file")
 
 		var expectedReport, actualReportMap map[string]interface{}
@@ -374,7 +442,81 @@ func TestScanDynamic(t *testing.T) {
 
 		assert.EqualValues(t, normalizedExpectedReport, normalizedActualReport)
 	})
+	t.Run("Successful ScanDynamic with Multiple Items and Ignored Rule", func(t *testing.T) {
+		cmd.Report = reporting.Init()
+		cmd.SecretsChan = make(chan *secrets.Secret)
+		cmd.SecretsExtrasChan = make(chan *secrets.Secret)
+		cmd.ValidationChan = make(chan *secrets.Secret)
+		cmd.CvssScoreWithoutValidationChan = make(chan *secrets.Secret)
+		cmd.Channels.Items = make(chan plugins.ISourceItem)
+		cmd.Channels.Errors = make(chan error)
+		cmd.Channels.WaitGroup = &sync.WaitGroup{}
+
+		githubPatBytes, err := os.ReadFile(githubPatPath)
+		assert.NoError(t, err, "failed to read github-pat file")
+		githubPatContent := string(githubPatBytes)
+
+		jwtBytes, err := os.ReadFile(jwtPath)
+		assert.NoError(t, err, "failed to read jwt file")
+		jwtContent := string(jwtBytes)
+
+		emptyContent := ""
+		emptyMockPath := "mockPath"
+
+		scanItems := []ScanItem{
+			{
+				Content: &githubPatContent,
+				ID:      fmt.Sprintf("mock-%s", githubPatPath),
+				Source:  githubPatPath,
+			},
+			{
+				Content: &emptyContent,
+				ID:      fmt.Sprintf("mock-%s", emptyMockPath),
+				Source:  emptyMockPath,
+			},
+			{
+				Content: &jwtContent,
+				ID:      fmt.Sprintf("mock-%s", jwtPath),
+				Source:  jwtPath,
+			},
+		}
 
+		itemsIn := make(chan ScanItem, len(scanItems))
+		for _, item := range scanItems {
+			itemsIn <- item
+		}
+		close(itemsIn)
+
+		testScanner := NewScanner()
+		actualReport, err := testScanner.ScanDynamic(itemsIn, ScanConfig{
+			IgnoreRules: []string{
+				"github-pat",
+			},
+		})
+		assert.NoError(t, err, "scanner encountered an error")
+
+		expectedReportBytes, err := os.ReadFile(expectedReportResultsIgnoredRulePath)
+		assert.NoError(t, err, "failed to read expected report file")
+
+		var expectedReport, actualReportMap map[string]interface{}
+
+		err = json.Unmarshal(expectedReportBytes, &expectedReport)
+		assert.NoError(t, err, "failed to unmarshal expected report JSON")
+
+		actualReportBytes, err := json.Marshal(actualReport)
+		assert.NoError(t, err, "failed to marshal actual report to JSON")
+		err = json.Unmarshal(actualReportBytes, &actualReportMap)
+		assert.NoError(t, err, "failed to unmarshal actual report JSON")
+
+		// Normalize both maps.
+		normalizedExpectedReport, err := utils.NormalizeReportData(expectedReport)
+		assert.NoError(t, err, "Failed to normalize actual report")
+
+		normalizedActualReport, err := utils.NormalizeReportData(actualReportMap)
+		assert.NoError(t, err, "Failed to normalize actual report")
+
+		assert.EqualValues(t, normalizedExpectedReport, normalizedActualReport)
+	})
 	t.Run("error handling should work", func(t *testing.T) {
 		cmd.Report = reporting.Init()
 		cmd.SecretsChan = make(chan *secrets.Secret)
diff --git a/pkg/testData/expectedReportWithIgnoredRule.json b/pkg/testData/expectedReportWithIgnoredRule.json
@@ -0,0 +1,62 @@
+{
+  "totalItemsScanned" : 3,
+  "totalSecretsFound" : 3,
+  "results" : {
+    "a0cd293e6e122a1c7384d5a56781e39ba350c54b" : [ {
+      "id" : "a0cd293e6e122a1c7384d5a56781e39ba350c54b",
+      "source" : "testData/secrets/jwt.txt",
+      "ruleId" : "jwt",
+      "startLine" : 0,
+      "endLine" : 0,
+      "lineContent" : "TextExample eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJtb2NrU3ViMSIsIm5hbWUiOiJtb2NrTmFtZTEifQ.dummysignature1 TextExample eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJtb2NrU3ViMiIsIm5hbWUiOiJtb2NrTmFtZTIifQ.dummysignature2 TextExample\r",
+      "startColumn" : 129,
+      "endColumn" : 232,
+      "value" : "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJtb2NrU3ViMiIsIm5hbWUiOiJtb2NrTmFtZTIifQ.dummysignature2",
+      "ruleDescription" : "Uncovered a JSON Web Token, which may lead to unauthorized access to web applications and sensitive user data.",
+      "extraDetails" : {
+        "secretDetails" : {
+          "name" : "mockName2",
+          "sub" : "mockSub2"
+        }
+      },
+      "cvssScore" : 8.2
+    }, {
+      "id" : "a0cd293e6e122a1c7384d5a56781e39ba350c54b",
+      "source" : "testData/secrets/jwt.txt",
+      "ruleId" : "jwt",
+      "startLine" : 1,
+      "endLine" : 1,
+      "lineContent": "\n           Text_Example =                                     eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJtb2NrU3ViMiIsIm5hbWUiOiJtb2NrTmFtZTIifQ.dummysignature2",
+      "startColumn" : 64,
+      "endColumn" : 167,
+      "value" : "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJtb2NrU3ViMiIsIm5hbWUiOiJtb2NrTmFtZTIifQ.dummysignature2",
+      "ruleDescription" : "Uncovered a JSON Web Token, which may lead to unauthorized access to web applications and sensitive user data.",
+      "extraDetails" : {
+        "secretDetails" : {
+          "name" : "mockName2",
+          "sub" : "mockSub2"
+        }
+      },
+      "cvssScore" : 8.2
+    } ],
+    "f29abe9eacc233a8e5e9c7762bca48589d9c76a2" : [ {
+      "id" : "f29abe9eacc233a8e5e9c7762bca48589d9c76a2",
+      "source" : "testData/secrets/jwt.txt",
+      "ruleId" : "jwt",
+      "startLine" : 0,
+      "endLine" : 0,
+      "lineContent" : "TextExample eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJtb2NrU3ViMSIsIm5hbWUiOiJtb2NrTmFtZTEifQ.dummysignature1 TextExample eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJtb2NrU3ViMiIsIm5hbWUiOiJtb2NrTmFtZTIifQ.dummysignature2 TextExample\r",
+      "startColumn" : 13,
+      "endColumn" : 116,
+      "value" : "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJtb2NrU3ViMSIsIm5hbWUiOiJtb2NrTmFtZTEifQ.dummysignature1",
+      "ruleDescription" : "Uncovered a JSON Web Token, which may lead to unauthorized access to web applications and sensitive user data.",
+      "extraDetails" : {
+        "secretDetails" : {
+          "name" : "mockName1",
+          "sub" : "mockSub1"
+        }
+      },
+      "cvssScore" : 8.2
+    } ]
+  }
+}
