|
| 1 | +use scanner_core::*; |
| 2 | +use std::fs; |
| 3 | +use std::path::PathBuf; |
| 4 | +use std::sync::Arc; |
| 5 | +use std::time::{SystemTime, UNIX_EPOCH}; |
| 6 | + |
| 7 | +fn write_file(dir: &PathBuf, rel: &str, contents: &str) { |
| 8 | + let path = dir.join(rel); |
| 9 | + if let Some(parent) = path.parent() { |
| 10 | + fs::create_dir_all(parent).unwrap(); |
| 11 | + } |
| 12 | + fs::write(path, contents).unwrap(); |
| 13 | +} |
| 14 | + |
| 15 | +fn tmp_dir(prefix: &str) -> PathBuf { |
| 16 | + let mut base = std::env::temp_dir(); |
| 17 | + let ts = SystemTime::now().duration_since(UNIX_EPOCH).unwrap().as_nanos(); |
| 18 | + let pid = std::process::id(); |
| 19 | + base.push(format!("cipherscope_test_{}_{}_{}", prefix, pid, ts)); |
| 20 | + fs::create_dir_all(&base).unwrap(); |
| 21 | + base |
| 22 | +} |
| 23 | + |
| 24 | +#[test] |
| 25 | +fn tink_requires_import_and_api() { |
| 26 | + let workspace = PathBuf::from(env!("CARGO_MANIFEST_DIR")).join("../.."); |
| 27 | + let patterns_path = workspace.join("patterns.toml"); |
| 28 | + let patterns = fs::read_to_string(patterns_path).unwrap(); |
| 29 | + let reg = Arc::new(PatternRegistry::load(&patterns).unwrap()); |
| 30 | + let dets: Vec<Box<dyn Detector>> = vec![Box::new(PatternDetector::new( |
| 31 | + "detector-java", |
| 32 | + &[Language::Java], |
| 33 | + reg.clone(), |
| 34 | + ))]; |
| 35 | + let scanner = Scanner::new(®, dets, Config::default()); |
| 36 | + |
| 37 | + // 1) Import only: should NOT report Tink |
| 38 | + let dir_import_only = tmp_dir("tink_import_only"); |
| 39 | + write_file( |
| 40 | + &dir_import_only, |
| 41 | + "src/ImportOnly.java", |
| 42 | + r#"package test; |
| 43 | +import com.google.crypto.tink.aead.AeadConfig; // import present |
| 44 | +public class ImportOnly { |
| 45 | + public static void main(String[] args) { System.out.println("hello"); } |
| 46 | +} |
| 47 | +"#, |
| 48 | + ); |
| 49 | + let findings = scanner.run(std::slice::from_ref(&dir_import_only)).unwrap(); |
| 50 | + assert!( |
| 51 | + !findings |
| 52 | + .iter() |
| 53 | + .any(|f| f.library == "Google Tink (Java)"), |
| 54 | + "Tink should not be reported with import only" |
| 55 | + ); |
| 56 | + |
| 57 | + // 2) API only: should NOT report Tink |
| 58 | + let dir_api_only = tmp_dir("tink_api_only"); |
| 59 | + write_file( |
| 60 | + &dir_api_only, |
| 61 | + "src/ApiOnly.java", |
| 62 | + r#"package test; |
| 63 | +public class ApiOnly { |
| 64 | + public static void main(String[] args) { |
| 65 | + // Mention API symbol without import |
| 66 | + String s = "Aead Mac HybridEncrypt"; // matches pattern by word, but no import |
| 67 | + System.out.println(s); |
| 68 | + } |
| 69 | +} |
| 70 | +"#, |
| 71 | + ); |
| 72 | + let findings = scanner.run(std::slice::from_ref(&dir_api_only)).unwrap(); |
| 73 | + assert!( |
| 74 | + !findings |
| 75 | + .iter() |
| 76 | + .any(|f| f.library == "Google Tink (Java)"), |
| 77 | + "Tink should not be reported with API mentions only" |
| 78 | + ); |
| 79 | + |
| 80 | + // 3) Import + API: should report Tink |
| 81 | + let dir_both = tmp_dir("tink_both"); |
| 82 | + write_file( |
| 83 | + &dir_both, |
| 84 | + "src/Both.java", |
| 85 | + r#"package test; |
| 86 | +import com.google.crypto.tink.aead.AeadConfig; // import present |
| 87 | +public class Both { |
| 88 | + public static void main(String[] args) { |
| 89 | + // Include an API token |
| 90 | + String s = "Aead"; |
| 91 | + System.out.println(s); |
| 92 | + } |
| 93 | +} |
| 94 | +"#, |
| 95 | + ); |
| 96 | + let findings = scanner.run(std::slice::from_ref(&dir_both)).unwrap(); |
| 97 | + assert!( |
| 98 | + findings |
| 99 | + .iter() |
| 100 | + .any(|f| f.library == "Google Tink (Java)"), |
| 101 | + "Tink should be reported when import and API are present" |
| 102 | + ); |
| 103 | +} |
| 104 | + |
0 commit comments