47 lines
3.4 KiB
Go
47 lines
3.4 KiB
Go
package api
|
|
|
|
import (
|
|
"testing"
|
|
|
|
"github.com/stretchr/testify/assert"
|
|
)
|
|
|
|
func getRequestData() []byte {
|
|
return []byte(`{"serverUrl":"https://example.com","status":"SUCCESS","analysedAt":"2022-05-15T16:45:31+0000","revision":"378080777919s07657a07f7a3e2d05dc75f64edd","changedAt":"2022-05-15T16:41:39+0000","project":{"key":"gitea-sonarqube-bot","name":"Gitea SonarQube Bot","url":"https://example.com/dashboard?id=gitea-sonarqube-bot"},"branch":{"name":"PR-1822","type":"PULL_REQUEST","isMain":false,"url":"https://example.com/dashboard?id=gitea-sonarqube-bot&pullRequest=PR-1822"},"qualityGate":{"name":"GiteaSonarQubeBot","status":"OK","conditions":[{"metric":"new_reliability_rating","operator":"GREATER_THAN","value":"1","status":"OK","errorThreshold":"1"},{"metric":"new_security_rating","operator":"GREATER_THAN","value":"1","status":"OK","errorThreshold":"1"},{"metric":"new_maintainability_rating","operator":"GREATER_THAN","value":"1","status":"OK","errorThreshold":"1"},{"metric":"new_security_hotspots_reviewed","operator":"LESS_THAN","status":"OK","errorThreshold":"100"}]},"properties":{"sonar.analysis.sqbot":"378080777919s07657a07f7a3e2d05dc75f64edd"}}`)
|
|
}
|
|
|
|
func TestIsValidWebhookSuccess(t *testing.T) {
|
|
actual, _ := isValidWebhook(getRequestData(), "sonarqube-test-webhook-secret", "647f2395d30b1b7efcb58d9338be5b69c2addb54faf6bde6314a57ea28f45467", "test-component")
|
|
assert.True(t, actual, "Expected successful webhook signature validation")
|
|
}
|
|
|
|
func TestIsValidWebhookNothingConfiguredOrProvidedSuccess(t *testing.T) {
|
|
actual, _ := isValidWebhook(getRequestData(), "", "", "test-component")
|
|
assert.True(t, actual, "Webhook signature validation not skipped")
|
|
}
|
|
|
|
func TestIsValidWebhookSignatureDecodingFailure(t *testing.T) {
|
|
actual, err := isValidWebhook(getRequestData(), "sonarqube-test-webhook-secret", "invalid-signature", "test-component")
|
|
assert.False(t, actual)
|
|
assert.EqualError(t, err, "Error decoding signature for test-component webhook.", "Undetected signature encoding error")
|
|
}
|
|
|
|
func TestIsValidWebhookSignatureMismatchFailure(t *testing.T) {
|
|
actual, err := isValidWebhook(getRequestData(), "sonarqube-test-webhook-secret", "fde6a666b7a1a46c27efb1961c17b46b6cf7aa13db5560e5ac95e801a18a92f3", "test-component")
|
|
assert.False(t, actual)
|
|
assert.EqualError(t, err, "Signature header does not match the received test-component webhook content. Request rejected.", "Undetected signature mismatch")
|
|
// assert.EqualError(t, err, "Signature header received but no test-component webhook secret configured. Request rejected due to possible configuration mismatch.", "Undetected configuration mismatch (1)")
|
|
}
|
|
|
|
func TestIsValidWebhookEmptySecretConfigurationFailure(t *testing.T) {
|
|
actual, err := isValidWebhook(getRequestData(), "", "647f2395d30b1b7efcb58d9338be5b69c2addb54faf6bde6314a57ea28f45467", "test-component")
|
|
assert.False(t, actual)
|
|
assert.EqualError(t, err, "Signature header received but no test-component webhook secret configured. Request rejected due to possible configuration mismatch.", "Undetected configuration mismatch (1)")
|
|
}
|
|
|
|
func TestIsValidWebhookEmptySignatureConfigurationFailure(t *testing.T) {
|
|
actual, err := isValidWebhook(getRequestData(), "sonarqube-test-webhook-secret", "", "test-component")
|
|
assert.False(t, actual)
|
|
assert.EqualError(t, err, "test-component webhook secret configured but no signature header received. Request rejected due to possible configuration mismatch.", "Undetected configuration mismatch (2)")
|
|
}
|