tea/browsertrix
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
04c2f050df
browsertrix/scripts/test/test_check_passwords.py
Anish Lakhwara b5a9c42df1
feat: add pre-commit to check we don't have real passwords in yml files (#990) 
* feat: use existing pre-commit framework

* feat(ci): add github action for password_check

* feat: add some simple tests to password_check.py

* fix: set `backend_password_secret` in default values.yaml to an allowed password
2023-07-26 13:29:37 -07:00

80 lines
2.3 KiB
Python
Raw Blame History

import pytest
import yaml
from os import listdir
# Import hacking for script
import sys
sys.path.insert(0, '.')
import check_passwords
@pytest.fixture
def yaml_files(tmp_path):
with_password = """
nested:
deep:
in_the_land:
is_a_password: thisislegit!
not_nested_password: uh_oh_i_commited_creds
"""
with_allowed_password = """
nested:
deep:
in_the_land:
is_a_password: PassW0rd!
not_nested_password: password
"""
example_yaml = """
doe: "a deer, a female deer"
ray: "a drop of golden sun"
pi: 3.14159
xmas: true
french-hens: 3
calling-birds:
- huey
- dewey
- louie
- fred
xmas-fifth-day:
calling-birds: four
french-hens: 3
golden-rings: 5
partridges:
count: 1
location: "a pear tree"
turtle-doves: two
"""
with open(tmp_path / "with_password.yaml", 'w') as fobj:
fobj.write(with_password)
with open(tmp_path / "with_allowed_password.yaml", 'w') as fobj:
fobj.write(with_allowed_password)
with open(tmp_path / "example.yaml", 'w') as fobj:
fobj.write(example_yaml)
return tmp_path
class TestCheckPasswords:
def test_find_passwords(self, yaml_files):
with open(yaml_files / "with_password.yaml", 'r') as fobj:
yml = yaml.safe_load(fobj)
gen = check_passwords.key_finder(yml)
assert ('nested', 'is_a_password', "thisislegit!") == next(gen)
assert ('not_nested_password', 'uh_oh_i_commited_creds') == next(gen)
def test_dont_find_passwords(self, yaml_files):
with open(yaml_files / "with_allowed_password.yaml", 'r') as fobj:
yml = yaml.safe_load(fobj)
gen = check_passwords.key_finder(yml)
(_, _, password) = next(gen)
assert password in ["PassW0rd!", "password"]
(_, password) = next(gen)
assert password in ["PassW0rd!", "password"]
with pytest.raises(StopIteration):
next(gen)
def test_parsing_yaml(self, yaml_files):
with open(yaml_files / "example.yaml", 'r') as fobj:
yml = yaml.safe_load(fobj)
gen = check_passwords.key_finder(yml)
with pytest.raises(StopIteration):
next(gen)
Reference in New Issue View Git Blame Copy Permalink