Coverage for tests / integration / tools / gitleaks / test_check.py: 100%

26 statements  

« prev     ^ index     » next       coverage.py v7.13.0, created at 2026-04-03 18:53 +0000

1"""Integration tests for GitleaksPlugin check command.""" 

2 

3from __future__ import annotations 

4 

5import shutil 

6from collections.abc import Callable 

7from pathlib import Path 

8from typing import TYPE_CHECKING 

9 

10import pytest 

11from assertpy import assert_that 

12 

13if TYPE_CHECKING: 

14 from lintro.plugins.base import BaseToolPlugin 

15 

16# Skip all tests if gitleaks is not installed 

17pytestmark = pytest.mark.skipif( 

18 shutil.which("gitleaks") is None, 

19 reason="gitleaks not installed", 

20) 

21 

22 

23def test_check_file_with_secrets( 

24 get_plugin: Callable[[str], BaseToolPlugin], 

25 gitleaks_violation_file: str, 

26) -> None: 

27 """Verify gitleaks check detects secrets in problematic files. 

28 

29 Runs gitleaks on a file containing deliberate secrets 

30 and verifies that issues are found. 

31 

32 Args: 

33 get_plugin: Fixture factory to get plugin instances. 

34 gitleaks_violation_file: Path to file with secrets from test_samples. 

35 """ 

36 gitleaks_plugin = get_plugin("gitleaks") 

37 result = gitleaks_plugin.check([gitleaks_violation_file], {}) 

38 

39 assert_that(result).is_not_none() 

40 assert_that(result.name).is_equal_to("gitleaks") 

41 # Gitleaks should detect at least one secret pattern 

42 assert_that(result.issues_count).is_greater_than(0) 

43 

44 

45def test_check_clean_file( 

46 get_plugin: Callable[[str], BaseToolPlugin], 

47 gitleaks_clean_file: str, 

48) -> None: 

49 """Verify gitleaks check passes on clean files. 

50 

51 Runs gitleaks on a file without secrets and verifies no issues. 

52 

53 Args: 

54 get_plugin: Fixture factory to get plugin instances. 

55 gitleaks_clean_file: Path to file with no secrets from test_samples. 

56 """ 

57 gitleaks_plugin = get_plugin("gitleaks") 

58 result = gitleaks_plugin.check([gitleaks_clean_file], {}) 

59 

60 assert_that(result).is_not_none() 

61 assert_that(result.name).is_equal_to("gitleaks") 

62 assert_that(result.issues_count).is_equal_to(0) 

63 

64 

65def test_check_empty_directory( 

66 get_plugin: Callable[[str], BaseToolPlugin], 

67 tmp_path: Path, 

68) -> None: 

69 """Verify gitleaks check handles empty directories gracefully. 

70 

71 Runs gitleaks on an empty directory and verifies a result is returned 

72 without errors. 

73 

74 Args: 

75 get_plugin: Fixture factory to get plugin instances. 

76 tmp_path: Pytest fixture providing a temporary directory. 

77 """ 

78 gitleaks_plugin = get_plugin("gitleaks") 

79 result = gitleaks_plugin.check([str(tmp_path)], {}) 

80 

81 assert_that(result).is_not_none() 

82 assert_that(result.name).is_equal_to("gitleaks") 

83 assert_that(result.issues_count).is_equal_to(0)