adding wip for tests

tonytrg · tonytrg · commit 5dbfaa8e4235 · 2025-04-15T15:33:57.000+02:00
diff --git a/.gitignore b/.gitignore
@@ -1,6 +1,12 @@
 .idea
 cmd/github-mcp-server/github-mcp-server
+
+# VSCode
 .vscode/mcp.json
+
 # Added by goreleaser init:
 dist/
-__debug_bin*
+__debug_bin*
+
+# Go 
+vendor
diff --git a/pkg/github/secret_scanning.go b/pkg/github/secret_scanning.go
@@ -16,6 +16,7 @@ import (
 func GetSecretScanningAlert(getClient GetClientFn, t translations.TranslationHelperFunc) (tool mcp.Tool, handler server.ToolHandlerFunc) {
 	return mcp.NewTool(
 			"get_secret_scanning_alert",
+			mcp.WithDescription(t("TOOL_GET_SECRET_SCANNING_ALERT_DESCRIPTION", "Get details of a specific secret scanning alert in a GitHub repository.")),
 			mcp.WithString("owner",
 				mcp.Required(),
 				mcp.Description("The owner of the repository."),
@@ -74,6 +75,7 @@ func GetSecretScanningAlert(getClient GetClientFn, t translations.TranslationHel
 func ListSecretScanningAlerts(getClient GetClientFn, t translations.TranslationHelperFunc) (tool mcp.Tool, handler server.ToolHandlerFunc) {
 	return mcp.NewTool(
 			"list_secret_scanning_alerts",
+			mcp.WithDescription(t("TOOL_LIST_SECRET_SCANNING_ALERTS_DESCRIPTION", "List secret scanning alerts in a GitHub repository.")),
 			mcp.WithString("owner",
 				mcp.Required(),
 				mcp.Description("The owner of the repository."),
diff --git a/pkg/github/secret_scanning_test.go b/pkg/github/secret_scanning_test.go
@@ -1 +1,233 @@
 package github
+
+import (
+	"context"
+	"encoding/json"
+	"net/http"
+	"testing"
+
+	"github.com/github/github-mcp-server/pkg/translations"
+	"github.com/google/go-github/v69/github"
+	"github.com/migueleliasweb/go-github-mock/src/mock"
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+func Test_GetSecretScanningAlert(t *testing.T) {
+	mockClient := github.NewClient(nil)
+	tool, _ := GetSecretScanningAlert(stubGetClientFn(mockClient), translations.NullTranslationHelper)
+
+	assert.Equal(t, "get_secret_scanning_alert", tool.Name)
+	assert.NotEmpty(t, tool.Description)
+	assert.Contains(t, tool.InputSchema.Properties, "owner")
+	assert.Contains(t, tool.InputSchema.Properties, "repo")
+	assert.Contains(t, tool.InputSchema.Properties, "alertNumber")
+	assert.ElementsMatch(t, tool.InputSchema.Required, []string{"owner", "repo", "alertNumber"})
+
+	// Setup mock alert for success case
+	mockAlert := &github.SecretScanningAlert{
+		Number: github.Ptr(42),
+		State: github.Ptr("open"),
+		HTMLURL: github.Ptr("https://github.com/owner/private-repo/security/secret-scanning/42"),
+	}
+
+	tests := []struct {
+		name           string
+		mockedClient   *http.Client
+		requestArgs    map[string]interface{}
+		expectError    bool
+		expectedAlert  *github.SecretScanningAlert
+		expectedErrMsg string
+	}{
+		{
+			name: "successful alert fetch",
+			mockedClient: mock.NewMockedHTTPClient(
+				mock.WithRequestMatch(
+					mock.GetReposSecretScanningAlertsByOwnerByRepoByAlertNumber,
+					mockAlert,
+				),
+			),
+			requestArgs: map[string]interface{}{
+				"owner":       "owner",
+				"repo":        "repo",
+				"alertNumber": float64(42),
+			},
+			expectError:   false,
+			expectedAlert: mockAlert,
+		},
+		{
+			name: "alert fetch fails",
+			mockedClient: mock.NewMockedHTTPClient(
+				mock.WithRequestMatchHandler(
+					mock.GetReposSecretScanningAlertsByOwnerByRepoByAlertNumber,
+					http.HandlerFunc(func(w http.ResponseWriter, _ *http.Request) {
+						w.WriteHeader(http.StatusNotFound)
+						_, _ = w.Write([]byte(`{"message": "Not Found"}`))
+					}),
+				),
+			),
+			requestArgs: map[string]interface{}{
+				"owner":       "owner",
+				"repo":        "repo",
+				"alertNumber": float64(9999),
+			},
+			expectError:    true,
+			expectedErrMsg: "failed to get alert",
+		},
+	}
+
+	for _, tc := range tests {
+		t.Run(tc.name, func(t *testing.T) {
+			// Setup client with mock
+			client := github.NewClient(tc.mockedClient)
+			_, handler := GetSecretScanningAlert(stubGetClientFn(client), translations.NullTranslationHelper)
+
+			// Create call request
+			request := createMCPRequest(tc.requestArgs)
+
+			// Call handler
+			result, err := handler(context.Background(), request)
+
+			// Verify results
+			if tc.expectError {
+				require.Error(t, err)
+				assert.Contains(t, err.Error(), tc.expectedErrMsg)
+				return
+			}
+
+			require.NoError(t, err)
+
+			// Parse the result and get the text content if no error
+			textContent := getTextResult(t, result)
+
+			// Unmarshal and verify the result
+			var returnedAlert github.Alert
+			err = json.Unmarshal([]byte(textContent.Text), &returnedAlert)
+			assert.NoError(t, err)
+			assert.Equal(t, *tc.expectedAlert.Number, *returnedAlert.Number)
+			assert.Equal(t, *tc.expectedAlert.State, *returnedAlert.State)
+			assert.Equal(t, *tc.expectedAlert.HTMLURL, *returnedAlert.HTMLURL)
+
+		})
+	}
+}
+
+func Test_ListSecretScanningAlerts(t *testing.T) {
+	// Verify tool definition once
+	mockClient := github.NewClient(nil)
+	tool, _ := ListSecretScanningAlerts(stubGetClientFn(mockClient), translations.NullTranslationHelper)
+
+	assert.Equal(t, "list_secret_scanning_alerts", tool.Name)
+	assert.NotEmpty(t, tool.Description)
+	assert.Contains(t, tool.InputSchema.Properties, "owner")
+	assert.Contains(t, tool.InputSchema.Properties, "repo")
+	assert.Contains(t, tool.InputSchema.Properties, "state")
+	assert.Contains(t, tool.InputSchema.Properties, "secret_type")
+	assert.Contains(t, tool.InputSchema.Properties, "resolution")
+	assert.Contains(t, tool.InputSchema.Properties, "sort")
+	assert.Contains(t, tool.InputSchema.Properties, "direction")
+	assert.ElementsMatch(t, tool.InputSchema.Required, []string{"owner", "repo"})
+
+	// Setup mock alerts for success case
+	mockAlerts := []*github.SecretScanningAlert{
+		{
+			Number:  github.Ptr(42),
+			State:   github.Ptr("open"),
+			HTMLURL: github.Ptr("https://github.com/owner/repo/security/code-scanning/42"),
+		},
+		{
+			Number:  github.Ptr(43),
+			State:   github.Ptr("fixed"),
+			HTMLURL: github.Ptr("https://github.com/owner/repo/security/code-scanning/43"),
+		},
+	}
+
+	tests := []struct {
+		name           string
+		mockedClient   *http.Client
+		requestArgs    map[string]interface{}
+		expectError    bool
+		expectedAlerts []*github.SecretScanningAlert
+		expectedErrMsg string
+	}{
+		{
+			name: "successful alerts listing",
+			mockedClient: mock.NewMockedHTTPClient(
+				mock.WithRequestMatchHandler(
+					mock.GetReposSecretScanningAlertsByOwnerByRepoByAlertNumber,
+					expectQueryParams(t, map[string]string{
+						"ref":      "main",
+						"state":    "open",
+						"severity": "high",
+					}).andThen(
+						mockResponse(t, http.StatusOK, mockAlerts),
+					),
+				),
+			),
+			requestArgs: map[string]interface{}{
+				"owner":    "owner",
+				"repo":     "repo",
+				"ref":      "main",
+				"state":    "open",
+				"severity": "high",
+			},
+			expectError:    false,
+			expectedAlerts: mockAlerts,
+		},
+		{
+			name: "alerts listing fails",
+			mockedClient: mock.NewMockedHTTPClient(
+				mock.WithRequestMatchHandler(
+					mock.GetReposSecretScanningAlertsByOwnerByRepo,
+					http.HandlerFunc(func(w http.ResponseWriter, _ *http.Request) {
+						w.WriteHeader(http.StatusUnauthorized)
+						_, _ = w.Write([]byte(`{"message": "Unauthorized access"}`))
+					}),
+				),
+			),
+			requestArgs: map[string]interface{}{
+				"owner": "owner",
+				"repo":  "repo",
+			},
+			expectError:    true,
+			expectedErrMsg: "failed to list alerts",
+		},
+	}
+
+	for _, tc := range tests {
+		t.Run(tc.name, func(t *testing.T) {
+			// Setup client with mock
+			client := github.NewClient(tc.mockedClient)
+			_, handler := ListSecretScanningAlerts(stubGetClientFn(client), translations.NullTranslationHelper)
+
+			// Create call request
+			request := createMCPRequest(tc.requestArgs)
+
+			// Call handler
+			result, err := handler(context.Background(), request)
+
+			// Verify results
+			if tc.expectError {
+				require.Error(t, err)
+				assert.Contains(t, err.Error(), tc.expectedErrMsg)
+				return
+			}
+
+			require.NoError(t, err)
+
+			// Parse the result and get the text content if no error
+			textContent := getTextResult(t, result)
+
+			// Unmarshal and verify the result
+			var returnedAlerts []*github.Alert
+			err = json.Unmarshal([]byte(textContent.Text), &returnedAlerts)
+			assert.NoError(t, err)
+			assert.Len(t, returnedAlerts, len(tc.expectedAlerts))
+			for i, alert := range returnedAlerts {
+				assert.Equal(t, *tc.expectedAlerts[i].Number, *alert.Number)
+				assert.Equal(t, *tc.expectedAlerts[i].State, *alert.State)
+				assert.Equal(t, *tc.expectedAlerts[i].HTMLURL, *alert.HTMLURL)
+			}
+		})
+	}
+}
diff --git a/pkg/github/tools.go b/pkg/github/tools.go
@@ -73,6 +73,11 @@ func InitToolsets(passedToolsets []string, readOnly bool, getClient GetClientFn,
 			toolsets.NewServerTool(GetCodeScanningAlert(getClient, t)),
 			toolsets.NewServerTool(ListCodeScanningAlerts(getClient, t)),
 		)
+	secretSecurity := toolsets.NewToolset("secret_security", "Secret security related tools, such as GitHub Secret Scanning").
+		AddReadTools(
+			toolsets.NewServerTool(GetSecretScanningAlert(getClient, t)),
+			toolsets.NewServerTool(ListSecretScanningAlerts(getClient, t)),
+		)
 	// Keep experiments alive so the system doesn't error out when it's always enabled
 	experiments := toolsets.NewToolset("experiments", "Experimental features that are not considered stable yet")
 
@@ -82,6 +87,7 @@ func InitToolsets(passedToolsets []string, readOnly bool, getClient GetClientFn,
 	tsg.AddToolset(users)
 	tsg.AddToolset(pullRequests)
 	tsg.AddToolset(codeSecurity)
+	tsg.AddToolset(secretSecurity)
 	tsg.AddToolset(experiments)
 	// Enable the requested features
 
