test: add more invalid and valid tests, specially from original code …

…and user feedback
SaadBazaz · Sep 29, 2024 · 5d5477c · 5d5477c
1 parent 045319b
commit 5d5477c
Show file tree

Hide file tree

Showing 2 changed files with 42 additions and 0 deletions.
diff --git a/crates/biome_js_analyze/tests/specs/nursery/noSecrets/invalid.js b/crates/biome_js_analyze/tests/specs/nursery/noSecrets/invalid.js
@@ -11,3 +11,11 @@ const genericApiKey = "api_key_1234567890abcdefghijklmnopqrstuvwxyz";
 const slackKey = "https://hooks.slack.com/services/T12345678/B12345678/abcdefghijklmnopqrstuvwx"
 const twilioApiKey = "SK1234567890abcdefghijklmnopqrstuv";
 const dbUrl = "postgres://user:[email protected]:5432/dbname";
+const A_SECRET = "ZWVTjPQSdhwRgl204Hc51YCsritMIzn8B=/p9UyeX7xu6KkAGqfm3FJ+oObLDNEva";
+const A_LOWERCASE_SECRET = "zwvtjpqsdhwrgl204hc51ycsritmizn8b=/p9uyex7xu6kkagqfm3fj+oobldneva";
+const A_BEARER_TOKEN = "AAAAAAAAAAAAAAAAAAAAAMLheAAAAAAA0%2BuSeid%2BULvsea4JtiGRiSDSJSI%3DEUifiRBkKG5E2XzMDjRfl76ZC9Ub0wnz4XsNiRVBChTYbJcE3F";
+const VAULT = {
+  token: "AAAAAAAAAAAAAAAAAAAAAMLheAAAAAAA0%2BuSeid%2BULvsea4JtiGRiSDSJSI%3DEUifiRBkKG5E2XzMDjRfl76ZC9Ub0wnz4XsNiRVBChTYbJcE3F"
+};
+const BASIC_AUTH_HEADER = "Authorization: Basic QWxhZGRpbjpPcGVuU2VzYW1l";
+// const password = "ZWVTjPQSdhwRgl204Hc51YCsritMIzn8B=/p9UyeX7xu6KkAGqfm3FJ+oObLDNEva";
diff --git a/crates/biome_js_analyze/tests/specs/nursery/noSecrets/valid.js b/crates/biome_js_analyze/tests/specs/nursery/noSecrets/valid.js
@@ -4,3 +4,37 @@ const count = 10;
 const nonSecret = "hello world"
 const nonSecretLong = "hello world, this is a looong string which I needed to create for some reason"
 const dbUrl = `postgres://user:${process.env.DB_PASSWORD}@example.com:5432/dbname`;
+const NOT_A_SECRET = "I'm not a secret, I think";
+const webpackFriendlyConsole = require('./config/webpack/webpackFriendlyConsole');
+const NOT_A_SECRET_TEMPLATE = `A template that isn't a secret. ${1+1} = 2`;
+const CSS_CLASSNAME = "hey-it-s-a-css-class-not-a-secret and-neither-this-one";
+const BASE64_CHARS = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=";
+const NAMESPACE_CLASSNAME = 'Validation.JSONSchemaValidationUtilsImplFactory';
+
+// Ignored secrets (not actually a secret, ignored via config)
+const NOT_A_SECRET_IN_VAULT = {
+  NOT_A_SECRET: "ZWVTjPQSdhwRgl204Hc51YCsritMIzn8B=/p9UyeX7xu6KkAGqfm3FJ+oObLDNEva"
+};
+const NOT_A_SECRET_VAR = "ZWVTjPQSdhwRgl204Hc51YCsritMIzn8B=/p9UyeX7xu6KkAGqfm3FJ+oObLDNEva"; // Ignored via variable name
+class A {
+  constructor(){
+    this.secret = "ZWVTjPQSdhwRgl204Hc51YCsritMIzn8B=/p9UyeX7xu6KkAGqfm3FJ+oObLDNEva"; // Ignored via class field
+  }
+}
+
+
+// From user tests
+const codeCheck = "\nconst DEFAULT_CONFIG = /* @__PURE__ */ bare.Config({})\n";
+const otpCheck = 'Verify OTP Google Mobile Authenticator (2FAS)'
+const bitcoinString = {
+	key: "0 USD,,. for {bitlocus|string}.",
+};
+const textString = {
+    key: 'Verifying takes 15 approved the following 3.'
+};
+const facebookAndAwsString = {
+    key: 'facebook.com |console.aws.amazon.com'
+};
+const IsoString = {
+    key: 'ISO-27001 information , GDPR'
+};