fix(test/snowflake): Snowflake flaky pattern test (#4083)

abmussani · web-flow · commit 6e99a9a1646d · 2025-05-05T15:04:22.000+05:00
* replace gofakeit by default patterns in snowflake test.

* use a random password generator for snowflake test which guaranteed inclusion of allowed characters.
diff --git a/pkg/detectors/snowflake/snowflake_test.go b/pkg/detectors/snowflake/snowflake_test.go
@@ -3,6 +3,7 @@ package snowflake
 import (
 	"context"
 	"fmt"
+	"math/rand"
 	"testing"
 
 	"github.com/brianvoe/gofakeit/v7"
@@ -11,9 +12,67 @@ import (
 	"github.com/trufflesecurity/trufflehog/v3/pkg/engine/ahocorasick"
 )
 
+// GoFakeIt Password generator does not guarantee inclusion of characters.
+// Using a custom Password gennerator with guaranteed inclusions (atleast) of lower, upper and numeric characters
+func generatePassword(lower, upper, numeric bool, length int) string {
+	if length < 1 {
+		return ""
+	}
+
+	var password []rune
+	var required []rune
+	var allowed []rune
+
+	lowerChars := []rune("abcdefghijklmnopqrstuvwxyz")
+	upperChars := []rune("ABCDEFGHIJKLMNOPQRSTUVWXYZ")
+	numberChars := []rune("0123456789")
+
+	// Ensure inclusion from each requested category
+	if lower {
+		ch := lowerChars[rand.Intn(len(lowerChars))]
+		required = append(required, ch)
+		allowed = append(allowed, lowerChars...)
+	}
+	if upper {
+		ch := upperChars[rand.Intn(len(upperChars))]
+		required = append(required, ch)
+		allowed = append(allowed, upperChars...)
+	}
+	if numeric {
+		ch := numberChars[rand.Intn(len(numberChars))]
+		required = append(required, ch)
+		allowed = append(allowed, numberChars...)
+	}
+
+	if len(allowed) == 0 {
+		return "" // No character sets enabled
+	}
+
+	// Fill the rest of the password
+	for i := 0; i < length-len(required); i++ {
+		ch := allowed[rand.Intn(len(allowed))]
+		password = append(password, ch)
+	}
+
+	// Combine required and random characters, then shuffle
+	password = append(password, required...)
+	rand.Shuffle(len(password), func(i, j int) {
+		password[i], password[j] = password[j], password[i]
+	})
+
+	return string(password)
+}
+
 func TestSnowflake_Pattern(t *testing.T) {
-	username := gofakeit.Username()
-	password := gofakeit.Password(true, true, true, false, false, 10)
+
+	validAccount := "tuacoip-zt74995"
+	validPrivateLinkAccount := "tuacoip-zt74995.privatelink"
+	validSingleCharacterAccount := "tuacoip-z"
+	validUsername := gofakeit.Username()
+	invalidUsername := "Spencer@5091.com" // special characters not allowed
+
+	validPassword := generatePassword(true, true, true, 10)
+	invalidPassword := "!12" // invalid length
 
 	d := Scanner{}
 	ahoCorasickCore := ahocorasick.NewAhoCorasickCore([]detectors.Detector{d})
@@ -24,26 +83,30 @@ func TestSnowflake_Pattern(t *testing.T) {
 	}{
 		{
 			name:  "Snowflake Credentials",
-			input: fmt.Sprintf("snowflake: \n account=%s \n username=%s \n password=%s \n database=SNOWFLAKE", "tuacoip-zt74995", username, password),
+			input: fmt.Sprintf("snowflake: \n account=%s \n username=%s \n password=%s \n database=SNOWFLAKE", validAccount, validUsername, validPassword),
 			want: [][]string{
-				[]string{"tuacoip-zt74995", username, password},
+				{validAccount, validUsername, validPassword},
 			},
 		},
 		{
 			name:  "Private Snowflake Credentials",
-			input: fmt.Sprintf("snowflake: \n account=%s \n username=%s \n password=%s \n database=SNOWFLAKE", "tuacoip-zt74995.privatelink", username, password),
+			input: fmt.Sprintf("snowflake: \n account=%s \n username=%s \n password=%s \n database=SNOWFLAKE", validPrivateLinkAccount, validUsername, validPassword),
 			want: [][]string{
-				[]string{"tuacoip-zt74995.privatelink", username, password},
+				{validPrivateLinkAccount, validUsername, validPassword},
 			},
 		},
-
 		{
 			name:  "Snowflake Credentials - Single Character account",
-			input: fmt.Sprintf("snowflake: \n account=%s \n username=%s \n password=%s \n database=SNOWFLAKE", "tuacoip-z", username, password),
+			input: fmt.Sprintf("snowflake: \n account=%s \n username=%s \n password=%s \n database=SNOWFLAKE", validSingleCharacterAccount, validUsername, validPassword),
 			want: [][]string{
-				[]string{"tuacoip-z", username, password},
+				{validSingleCharacterAccount, validUsername, validPassword},
 			},
 		},
+		{
+			name:  "Snowflake Credentials - Invalid Username & Password",
+			input: fmt.Sprintf("snowflake: \n account=%s \n username=%s \n password=%s \n database=SNOWFLAKE", validAccount, invalidUsername, invalidPassword),
+			want:  [][]string{},
+		},
 	}
 
 	for _, test := range tests {
