Coverage for tests / unit / tools / gitleaks / test_options.py: 100%

66 statements  

« prev     ^ index     » next       coverage.py v7.13.0, created at 2026-04-03 18:53 +0000

1"""Unit tests for gitleaks plugin options and command building.""" 

2 

3from __future__ import annotations 

4 

5import pytest 

6from assertpy import assert_that 

7 

8from lintro.tools.definitions.gitleaks import ( 

9 GITLEAKS_DEFAULT_TIMEOUT, 

10 GITLEAKS_OUTPUT_FORMAT, 

11 GitleaksPlugin, 

12) 

13 

14# Tests for default options 

15 

16 

17@pytest.mark.parametrize( 

18 ("option_name", "expected_value"), 

19 [ 

20 ("timeout", GITLEAKS_DEFAULT_TIMEOUT), 

21 ("no_git", True), 

22 ("config", None), 

23 ("baseline_path", None), 

24 ("redact", True), 

25 ("max_target_megabytes", None), 

26 ], 

27 ids=[ 

28 "timeout_equals_default", 

29 "no_git_is_true", 

30 "config_is_none", 

31 "baseline_path_is_none", 

32 "redact_is_true", 

33 "max_target_megabytes_is_none", 

34 ], 

35) 

36def test_default_options_values( 

37 gitleaks_plugin: GitleaksPlugin, 

38 option_name: str, 

39 expected_value: object, 

40) -> None: 

41 """Default options have correct values. 

42 

43 Args: 

44 gitleaks_plugin: The GitleaksPlugin instance to test. 

45 option_name: The name of the option to check. 

46 expected_value: The expected value for the option. 

47 """ 

48 assert_that( 

49 gitleaks_plugin.definition.default_options[option_name], 

50 ).is_equal_to(expected_value) 

51 

52 

53# Tests for GitleaksPlugin.set_options method - valid options 

54 

55 

56@pytest.mark.parametrize( 

57 ("option_name", "option_value"), 

58 [ 

59 ("no_git", False), 

60 ("config", "/path/to/.gitleaks.toml"), 

61 ("baseline_path", "/path/to/baseline.json"), 

62 ("redact", False), 

63 ("max_target_megabytes", 100), 

64 ], 

65 ids=[ 

66 "no_git_false", 

67 "config_path", 

68 "baseline_path", 

69 "redact_false", 

70 "max_target_megabytes_100", 

71 ], 

72) 

73def test_set_options_valid( 

74 gitleaks_plugin: GitleaksPlugin, 

75 option_name: str, 

76 option_value: object, 

77) -> None: 

78 """Set valid options correctly. 

79 

80 Args: 

81 gitleaks_plugin: The GitleaksPlugin instance to test. 

82 option_name: The name of the option to set. 

83 option_value: The value to set for the option. 

84 """ 

85 gitleaks_plugin.set_options(**{option_name: option_value}) # type: ignore[arg-type] 

86 assert_that(gitleaks_plugin.options.get(option_name)).is_equal_to(option_value) 

87 

88 

89# Tests for GitleaksPlugin.set_options method - invalid types 

90 

91 

92@pytest.mark.parametrize( 

93 ("option_name", "invalid_value", "error_match"), 

94 [ 

95 ("no_git", "yes", "no_git must be a boolean"), 

96 ("no_git", 1, "no_git must be a boolean"), 

97 ("config", 123, "config must be a string"), 

98 ("config", True, "config must be a string"), 

99 ("baseline_path", 456, "baseline_path must be a string"), 

100 ("max_target_megabytes", "large", "max_target_megabytes must be an integer"), 

101 ("max_target_megabytes", -1, "max_target_megabytes must be positive"), 

102 ("max_target_megabytes", 0, "max_target_megabytes must be positive"), 

103 ("redact", "true", "redact must be a boolean"), 

104 ], 

105 ids=[ 

106 "invalid_no_git_string", 

107 "invalid_no_git_int", 

108 "invalid_config_int", 

109 "invalid_config_bool", 

110 "invalid_baseline_path_int", 

111 "invalid_max_target_megabytes_string", 

112 "invalid_max_target_megabytes_negative", 

113 "invalid_max_target_megabytes_zero", 

114 "invalid_redact_string", 

115 ], 

116) 

117def test_set_options_invalid_type( 

118 gitleaks_plugin: GitleaksPlugin, 

119 option_name: str, 

120 invalid_value: object, 

121 error_match: str, 

122) -> None: 

123 """Raise ValueError for invalid option types. 

124 

125 Args: 

126 gitleaks_plugin: The GitleaksPlugin instance to test. 

127 option_name: The name of the option being tested. 

128 invalid_value: An invalid value for the option. 

129 error_match: Pattern expected in the error message. 

130 """ 

131 with pytest.raises(ValueError, match=error_match): 

132 gitleaks_plugin.set_options(**{option_name: invalid_value}) # type: ignore[arg-type] 

133 

134 

135# Tests for GitleaksPlugin._build_check_command method 

136 

137 

138def test_build_check_command_basic(gitleaks_plugin: GitleaksPlugin) -> None: 

139 """Build basic command with default options. 

140 

141 Args: 

142 gitleaks_plugin: The GitleaksPlugin instance to test. 

143 """ 

144 cmd = gitleaks_plugin._build_check_command( 

145 source_path="/path/to/source", 

146 report_path="/tmp/report.json", 

147 ) 

148 

149 assert_that(cmd).contains("gitleaks") 

150 assert_that(cmd).contains("detect") 

151 assert_that(cmd).contains("--source") 

152 assert_that(cmd).contains("/path/to/source") 

153 # Default no_git=True should add --no-git 

154 assert_that(cmd).contains("--no-git") 

155 # Default redact=True should add --redact 

156 assert_that(cmd).contains("--redact") 

157 # Output format should be JSON 

158 assert_that(cmd).contains("--report-format") 

159 assert_that(cmd).contains(GITLEAKS_OUTPUT_FORMAT) 

160 # Report path should be included 

161 assert_that(cmd).contains("--report-path") 

162 assert_that(cmd).contains("/tmp/report.json") 

163 

164 

165def test_build_check_command_with_no_git_false(gitleaks_plugin: GitleaksPlugin) -> None: 

166 """Build command without --no-git flag when no_git=False. 

167 

168 Args: 

169 gitleaks_plugin: The GitleaksPlugin instance to test. 

170 """ 

171 gitleaks_plugin.set_options(no_git=False) 

172 cmd = gitleaks_plugin._build_check_command( 

173 source_path="/path/to/source", 

174 report_path="/tmp/report.json", 

175 ) 

176 

177 assert_that(cmd).does_not_contain("--no-git") 

178 

179 

180def test_build_check_command_with_config(gitleaks_plugin: GitleaksPlugin) -> None: 

181 """Build command with config file path. 

182 

183 Args: 

184 gitleaks_plugin: The GitleaksPlugin instance to test. 

185 """ 

186 gitleaks_plugin.set_options(config="/path/to/.gitleaks.toml") 

187 cmd = gitleaks_plugin._build_check_command( 

188 source_path="/path/to/source", 

189 report_path="/tmp/report.json", 

190 ) 

191 

192 assert_that(cmd).contains("--config") 

193 config_idx = cmd.index("--config") 

194 assert_that(cmd[config_idx + 1]).is_equal_to("/path/to/.gitleaks.toml") 

195 

196 

197def test_build_check_command_with_baseline_path( 

198 gitleaks_plugin: GitleaksPlugin, 

199) -> None: 

200 """Build command with baseline path. 

201 

202 Args: 

203 gitleaks_plugin: The GitleaksPlugin instance to test. 

204 """ 

205 gitleaks_plugin.set_options(baseline_path="/path/to/baseline.json") 

206 cmd = gitleaks_plugin._build_check_command( 

207 source_path="/path/to/source", 

208 report_path="/tmp/report.json", 

209 ) 

210 

211 assert_that(cmd).contains("--baseline-path") 

212 baseline_idx = cmd.index("--baseline-path") 

213 assert_that(cmd[baseline_idx + 1]).is_equal_to("/path/to/baseline.json") 

214 

215 

216def test_build_check_command_with_max_target_megabytes( 

217 gitleaks_plugin: GitleaksPlugin, 

218) -> None: 

219 """Build command with max target megabytes. 

220 

221 Args: 

222 gitleaks_plugin: The GitleaksPlugin instance to test. 

223 """ 

224 gitleaks_plugin.set_options(max_target_megabytes=100) 

225 cmd = gitleaks_plugin._build_check_command( 

226 source_path="/path/to/source", 

227 report_path="/tmp/report.json", 

228 ) 

229 

230 assert_that(cmd).contains("--max-target-megabytes") 

231 max_mb_idx = cmd.index("--max-target-megabytes") 

232 assert_that(cmd[max_mb_idx + 1]).is_equal_to("100") 

233 

234 

235def test_build_check_command_with_redact_false( 

236 gitleaks_plugin: GitleaksPlugin, 

237) -> None: 

238 """Build command without --redact flag when redact=False. 

239 

240 Args: 

241 gitleaks_plugin: The GitleaksPlugin instance to test. 

242 """ 

243 gitleaks_plugin.set_options(redact=False) 

244 cmd = gitleaks_plugin._build_check_command( 

245 source_path="/path/to/source", 

246 report_path="/tmp/report.json", 

247 ) 

248 

249 assert_that(cmd).does_not_contain("--redact") 

250 

251 

252def test_build_check_command_with_all_options(gitleaks_plugin: GitleaksPlugin) -> None: 

253 """Build command with all options set. 

254 

255 Args: 

256 gitleaks_plugin: The GitleaksPlugin instance to test. 

257 """ 

258 gitleaks_plugin.set_options( 

259 no_git=False, 

260 config="/path/to/.gitleaks.toml", 

261 baseline_path="/path/to/baseline.json", 

262 redact=True, 

263 max_target_megabytes=50, 

264 ) 

265 cmd = gitleaks_plugin._build_check_command( 

266 source_path="/path/to/source", 

267 report_path="/tmp/report.json", 

268 ) 

269 

270 assert_that(cmd).contains("gitleaks") 

271 assert_that(cmd).contains("detect") 

272 assert_that(cmd).does_not_contain("--no-git") 

273 assert_that(cmd).contains("--config") 

274 assert_that(cmd).contains("--baseline-path") 

275 assert_that(cmd).contains("--redact") 

276 assert_that(cmd).contains("--max-target-megabytes") 

277 assert_that(cmd).contains("--report-format") 

278 assert_that(cmd).contains(GITLEAKS_OUTPUT_FORMAT) 

279 assert_that(cmd).contains("--report-path")