Added additional tests for coverage

cx-anjali-deore · cx-anjali-deore · commit 993c6b206ca3 · 2025-06-10T13:58:45.000+05:30
diff --git a/test/integration/data/pre-receive-data/excludeFile.yaml b/test/integration/data/pre-receive-data/excludeFile.yaml
@@ -0,0 +1,2 @@
+exclude_path:
+  - "*.txt"
diff --git a/test/integration/data/pre-receive-data/excludeFolder.yaml b/test/integration/data/pre-receive-data/excludeFolder.yaml
@@ -0,0 +1,2 @@
+exclude_path:
+  - "integration/*"
diff --git a/test/integration/data/pre-receive-data/ignoreResultId.yaml b/test/integration/data/pre-receive-data/ignoreResultId.yaml
@@ -0,0 +1,3 @@
+ignore_result_id:
+  - "986e5d5a73bcc5972e2d697ec0846db79b03dd75"
+  - "976014fdd1ef77be2c2ff1c1b6a3fe63d2b237f4"
diff --git a/test/integration/data/pre-receive-data/ignoreRuleId.yaml b/test/integration/data/pre-receive-data/ignoreRuleId.yaml
@@ -0,0 +1,2 @@
+ignore_rule_id:
+  - "github-pat"
diff --git a/test/integration/pre-receive_test.go b/test/integration/pre-receive_test.go
@@ -12,8 +12,15 @@ import (
 	"github.com/stretchr/testify/assert"
 )
 
+const (
+	ignoreRuleId   = "ignoreRuleId.yaml"
+	ignoreResultId = "ignoreResultId.yaml"
+	ignoreFiles    = "excludeFile.yaml"
+	ignoreFolder   = "excludeFolder.yaml"
+)
+
 func TestPreReceive_PushSecrets(t *testing.T) {
-	workDir, cleanUp := setUpPreReceiveHookDir(t)
+	workDir, cleanUp := setUpPreReceiveHookDir(t, "")
 	defer cleanUp()
 	assert.NoError(t, os.Chdir(workDir))
 	setGlobalGitAccount(t, workDir)
@@ -47,7 +54,7 @@ func TestPreReceive_PushSecrets(t *testing.T) {
 }
 
 func TestPreReceive_PushWithoutSecrets(t *testing.T) {
-	workDir, cleanUp := setUpPreReceiveHookDir(t)
+	workDir, cleanUp := setUpPreReceiveHookDir(t, "")
 	defer cleanUp()
 	assert.NoError(t, os.Chdir(workDir))
 	setGlobalGitAccount(t, workDir)
@@ -80,7 +87,7 @@ func TestPreReceive_PushWithoutSecrets(t *testing.T) {
 }
 
 func TestPreReceive_PushSecrets_and_NoSecretsFile(t *testing.T) {
-	workDir, cleanUp := setUpPreReceiveHookDir(t)
+	workDir, cleanUp := setUpPreReceiveHookDir(t, "")
 	defer cleanUp()
 	assert.NoError(t, os.Chdir(workDir))
 	setGlobalGitAccount(t, workDir)
@@ -115,6 +122,154 @@ func TestPreReceive_PushSecrets_and_NoSecretsFile(t *testing.T) {
 	assert.Contains(t, outputString, "Detected 1 secret across 1 commit")
 }
 
+func TestPreReceive_IgnoreRuleId_ConfigFile(t *testing.T) {
+	configFileName := ignoreRuleId
+	workDir, cleanUp := setUpPreReceiveHookDir(t, configFileName)
+	defer cleanUp()
+	assert.NoError(t, os.Chdir(workDir))
+	setGlobalGitAccount(t, workDir)
+
+	//create a secret file
+	secretFile := filepath.Join(workDir, "secret1.txt")
+	err := os.WriteFile(secretFile, []byte("ghp_DDDDDDDDDDDDDDDDDDDDDDDDDDDADDADDDAD"), 0644)
+	assert.NoError(t, err)
+	// Git add
+	outputCmd := exec.Command("git", "add", "secret1.txt")
+	// making it workingDir
+	outputCmd.Dir = workDir
+
+	output, err := outputCmd.CombinedOutput()
+	assert.NoError(t, err, "failed to add files in staging :%s", string(output))
+
+	// Add commit
+	commitCmd := exec.Command("git", "commit", "-m", "added without secrets file")
+	commitCmd.Dir = workDir
+	output, err = commitCmd.CombinedOutput()
+	assert.NoError(t, err, "Filed to commit :%s", string(output))
+	//Pushing
+	cmdPush := exec.Command("git", "push")
+	cmdPush.Dir = workDir
+	output, err = cmdPush.CombinedOutput()
+	outputString := string(output)
+	// ignoring the secrets as per ruleId and successfully pushing
+	assert.NotContains(t, outputString, "[remote rejected]")
+	assert.NotContains(t, outputString, "(pre-receive hook declined)")
+	assert.NotContains(t, outputString, "Detected 1 secret across 1 commit")
+}
+
+func TestPreReceive_IgnoreResultId_ConfigFile(t *testing.T) {
+	configFileName := ignoreResultId
+	workDir, cleanUp := setUpPreReceiveHookDir(t, configFileName)
+	defer cleanUp()
+	assert.NoError(t, os.Chdir(workDir))
+	setGlobalGitAccount(t, workDir)
+
+	//create a secret file
+	file1 := filepath.Join(workDir, "secretsFile.txt")
+	err := os.WriteFile(file1, []byte("ghp_DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD"), 0644)
+	assert.NoError(t, err)
+	// Git add
+	outputCmd := exec.Command("git", "add", "secretsFile.txt")
+	// making it workingDir
+	outputCmd.Dir = workDir
+
+	output, err := outputCmd.CombinedOutput()
+	assert.NoError(t, err, "failed to add files in staging :%s", string(output))
+
+	// Add commit
+	commitCmd := exec.Command("git", "commit", "-m", "added without secrets file")
+	commitCmd.Dir = workDir
+	output, err = commitCmd.CombinedOutput()
+	assert.NoError(t, err, "Filed to commit :%s", string(output))
+	//Pushing
+	cmdPush := exec.Command("git", "push")
+	cmdPush.Dir = workDir
+	output, err = cmdPush.CombinedOutput()
+	outputString := string(output)
+	// ignoring the secrets as resultId matches in configFile and successfully pushing
+	assert.NotContains(t, outputString, "[remote rejected]")
+	assert.NotContains(t, outputString, "(pre-receive hook declined)")
+	assert.NotContains(t, outputString, "Detected 1 secret across 1 commit")
+}
+
+func TestPreReceive_IgnoreFileExclusion_ConfigFile(t *testing.T) {
+	//Adding config file with file exclusion params
+	configFileName := ignoreFiles
+	workDir, cleanUp := setUpPreReceiveHookDir(t, configFileName)
+	defer cleanUp()
+	assert.NoError(t, os.Chdir(workDir))
+	setGlobalGitAccount(t, workDir)
+
+	//create a secret file
+	file1 := filepath.Join(workDir, "secretsFile.txt")
+	err := os.WriteFile(file1, []byte("ghp_DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD"), 0644)
+	assert.NoError(t, err)
+	// Git add
+	outputCmd := exec.Command("git", "add", "secretsFile.txt")
+	// making it workingDir
+	outputCmd.Dir = workDir
+
+	output, err := outputCmd.CombinedOutput()
+	assert.NoError(t, err, "failed to add files in staging :%s", string(output))
+
+	// Add commit
+	commitCmd := exec.Command("git", "commit", "-m", "added without secrets file")
+	commitCmd.Dir = workDir
+	output, err = commitCmd.CombinedOutput()
+	assert.NoError(t, err, "Filed to commit :%s", string(output))
+	//Pushing
+	cmdPush := exec.Command("git", "push")
+	cmdPush.Dir = workDir
+	output, err = cmdPush.CombinedOutput()
+	outputString := string(output)
+	// ignoring the secrets as resultId matches in configFile and successfully pushing
+	assert.NotContains(t, outputString, "[remote rejected]")
+	assert.NotContains(t, outputString, "(pre-receive hook declined)")
+	assert.NotContains(t, outputString, "Detected 1 secret across 1 commit")
+	assert.Contains(t, outputString, "No secrets detected by Cx Secret Scanner")
+
+}
+
+func TestPreReceive_IgnoreFolderExclusion_ConfigFile(t *testing.T) {
+	//Adding config file with folder exclusion params
+	configFileName := ignoreFolder
+	workDir, cleanUp := setUpPreReceiveHookDir(t, configFileName)
+	defer cleanUp()
+	assert.NoError(t, os.Chdir(workDir))
+	setGlobalGitAccount(t, workDir)
+
+	//create a secret file
+	folderPath := filepath.Join(workDir, "integration")
+	err := os.MkdirAll(folderPath, os.ModePerm)
+	assert.NoError(t, err)
+	file1 := filepath.Join(folderPath, "secretsFile.txt")
+	err = os.WriteFile(file1, []byte("ghp_DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD"), 0644)
+	assert.NoError(t, err)
+	// Git add
+	outputCmd := exec.Command("git", "add", "integration/secretsFile.txt")
+	// making it workingDir
+	outputCmd.Dir = workDir
+
+	output, err := outputCmd.CombinedOutput()
+	assert.NoError(t, err, "failed to add files in staging :%s", string(output))
+
+	// Add commit
+	commitCmd := exec.Command("git", "commit", "-m", "added without secrets file")
+	commitCmd.Dir = workDir
+	output, err = commitCmd.CombinedOutput()
+	assert.NoError(t, err, "Filed to commit :%s", string(output))
+	//Pushing
+	cmdPush := exec.Command("git", "push")
+	cmdPush.Dir = workDir
+	output, err = cmdPush.CombinedOutput()
+	outputString := string(output)
+	// ignoring the secrets as resultId matches in configFile and successfully pushing
+	assert.NotContains(t, outputString, "[remote rejected]")
+	assert.NotContains(t, outputString, "(pre-receive hook declined)")
+	assert.NotContains(t, outputString, "Detected 1 secret across 1 commit")
+	assert.Contains(t, outputString, "No secrets detected by Cx Secret Scanner")
+}
+
 func setGlobalGitAccount(t *testing.T, repoName string) {
 	// Set global git config
 	username := os.Getenv("GITHUB_ACTOR")
@@ -123,22 +278,29 @@ func setGlobalGitAccount(t *testing.T, repoName string) {
 	assert.NoError(t, err)
 }
 
-func setUpPreReceiveHookDir(t *testing.T) (workdir string, cleanup func()) {
+func setUpPreReceiveHookDir(t *testing.T, fileName string) (workdir string, cleanup func()) {
 	orgWorkDir, err := os.Getwd()
 	assert.NoError(t, err)
 	tempDir := t.TempDir()
-	fmt.Println("the current dir" + orgWorkDir)
 
 	//Init a bare repo
 
 	err = exec.Command("git", "init", "--bare", filepath.Join(tempDir, "server")).Run()
 	assert.NoError(t, err)
 	cxPath := filepath.Join(orgWorkDir, "..", "..", "bin", "cx")
+	yamlPath := filepath.Join(orgWorkDir, "data", "pre-receive-data", fileName)
+	fmt.Println("yaml path" + yamlPath)
 	fmt.Println("the current dir" + cxPath)
 
 	preReceivePath := filepath.Join(tempDir, "server", "hooks", "pre-receive")
+	configFlags := ""
+	if fileName != "" {
+		configFlags = fmt.Sprintf(` --config "%s"`, yamlPath)
+	}
+
 	script := fmt.Sprintf(`#!/bin/bash
-							  "%s" hooks pre-receive secrets-scan`, cxPath)
+"%s" hooks pre-receive secrets-scan%s`, cxPath, configFlags)
+
 	err = os.WriteFile(preReceivePath, []byte(script), 0755)
 	assert.NoError(t, err)
 

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,2 @@`
	`1`	`+exclude_path:`
	`2`	`+ - "integration/*"`
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+ignore_result_id:`
	`2`	`+ - "986e5d5a73bcc5972e2d697ec0846db79b03dd75"`
	`3`	`+ - "976014fdd1ef77be2c2ff1c1b6a3fe63d2b237f4"`