2022-05-21 19:03:56 +02:00
package api
import (
"testing"
"github.com/stretchr/testify/assert"
)
func getRequestData ( ) [ ] byte {
return [ ] byte ( ` { "serverUrl":"https://example.com","status":"SUCCESS","analysedAt":"2022-05-15T16:45:31+0000","revision":"378080777919s07657a07f7a3e2d05dc75f64edd","changedAt":"2022-05-15T16:41:39+0000","project": { "key":"gitea-sonarqube-bot","name":"Gitea SonarQube Bot","url":"https://example.com/dashboard?id=gitea-sonarqube-bot"},"branch": { "name":"PR-1822","type":"PULL_REQUEST","isMain":false,"url":"https://example.com/dashboard?id=gitea-sonarqube-bot&pullRequest=PR-1822"},"qualityGate": { "name":"GiteaSonarQubeBot","status":"OK","conditions":[ { "metric":"new_reliability_rating","operator":"GREATER_THAN","value":"1","status":"OK","errorThreshold":"1"}, { "metric":"new_security_rating","operator":"GREATER_THAN","value":"1","status":"OK","errorThreshold":"1"}, { "metric":"new_maintainability_rating","operator":"GREATER_THAN","value":"1","status":"OK","errorThreshold":"1"}, { "metric":"new_security_hotspots_reviewed","operator":"LESS_THAN","status":"OK","errorThreshold":"100"}]},"properties": { "sonar.analysis.sqbot":"378080777919s07657a07f7a3e2d05dc75f64edd"}} ` )
}
2022-07-12 11:20:08 +02:00
func TestIsValidWebhook ( t * testing . T ) {
t . Run ( "Success" , func ( t * testing . T ) {
actual , _ := isValidWebhook ( getRequestData ( ) , "sonarqube-test-webhook-secret" , "647f2395d30b1b7efcb58d9338be5b69c2addb54faf6bde6314a57ea28f45467" , "test-component" )
assert . True ( t , actual , "Expected successful webhook signature validation" )
} )
t . Run ( "Nothing configured or provided" , func ( t * testing . T ) {
actual , _ := isValidWebhook ( getRequestData ( ) , "" , "" , "test-component" )
assert . True ( t , actual , "Webhook signature validation not skipped" )
} )
t . Run ( "Signature decoding error" , func ( t * testing . T ) {
actual , err := isValidWebhook ( getRequestData ( ) , "sonarqube-test-webhook-secret" , "invalid-signature" , "test-component" )
assert . False ( t , actual )
assert . EqualError ( t , err , "Error decoding signature for test-component webhook." , "Undetected signature encoding error" )
} )
t . Run ( "Signature mismatch" , func ( t * testing . T ) {
actual , err := isValidWebhook ( getRequestData ( ) , "sonarqube-test-webhook-secret" , "fde6a666b7a1a46c27efb1961c17b46b6cf7aa13db5560e5ac95e801a18a92f3" , "test-component" )
assert . False ( t , actual )
assert . EqualError ( t , err , "Signature header does not match the received test-component webhook content. Request rejected." , "Undetected signature mismatch" )
} )
t . Run ( "Empty secret configuration" , func ( t * testing . T ) {
actual , err := isValidWebhook ( getRequestData ( ) , "" , "647f2395d30b1b7efcb58d9338be5b69c2addb54faf6bde6314a57ea28f45467" , "test-component" )
assert . False ( t , actual )
assert . EqualError ( t , err , "Signature header received but no test-component webhook secret configured. Request rejected due to possible configuration mismatch." , "Undetected configuration mismatch (1)" )
} )
t . Run ( "Empty signature configuration" , func ( t * testing . T ) {
actual , err := isValidWebhook ( getRequestData ( ) , "sonarqube-test-webhook-secret" , "" , "test-component" )
assert . False ( t , actual )
assert . EqualError ( t , err , "test-component webhook secret configured but no signature header received. Request rejected due to possible configuration mismatch." , "Undetected configuration mismatch (2)" )
} )
2022-05-21 19:03:56 +02:00
}