You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Describe the bug
I have observed a scenario where a secret string is not properly detected if the Read() operation returns n > 0 bytes and the EOF flag.
Additional information:
According to the golang v1.22.2 documentation:
a Reader returning a non-zero number of bytes at the end of the input stream may return either err == EOF or err == nil.
The documentation also states that: Callers should always process the n > 0 bytes returned before considering the error err.
To Reproduce
I have implemented the following unit test to help reproducing the issue :
package detect
import (
"fmt"
"io"
"strings"
"testing"
"github.com/stretchr/testify/assert"
)
type mockRead func(secret []byte) (int, error)
func (m mockRead) Read(secret []byte) (int, error) {
return m(secret)
}
// TestDetectReader tests the DetectReader function.
func TestDetectReader(t *testing.T) {
var detector *Detector
var secret = "AKIAIRYLJVKMPEXAMPLE"
testString := strings.NewReader(secret)
tests := []struct {
name string
reader io.Reader
bufSize int
findingsCount int
}{
{
name: "Test case - Reader returns n > 0 bytes and nil error",
bufSize: 10,
findingsCount: 1,
reader: testString,
},
{
name: "Test case - Reader returns n > 0 bytes and io.EOF error", // this test case is failing with the current implementation
bufSize: 10,
findingsCount: 1,
reader: mockRead(func(secret []byte) (int, error) {
return 20, io.EOF
}),
},
}
for _, test := range tests {
fmt.Printf("Running test case: %v\n", test.name)
detector, _ = NewDetectorDefaultConfig()
findings, _ := detector.DetectReader(test.reader, test.bufSize)
assert.Equal(t, test.findingsCount, len(findings))
}
}
Expected behavior
I am expecting the secret to be detected in both of these scenarios:
n > 0 bytes returned, err == nil
n > 0 bytes returned, err == io.EOF
Screenshots
N/A
Basic Info (please complete the following information):
Describe the bug
I have observed a scenario where a secret string is not properly detected if the Read() operation returns n > 0 bytes and the EOF flag.
Additional information:
According to the golang v1.22.2 documentation:
a Reader returning a non-zero number of bytes at the end of the input stream may return either err == EOF or err == nil.
The documentation also states that:
Callers should always process the n > 0 bytes returned before considering the error err.
To Reproduce
I have implemented the following unit test to help reproducing the issue :
Expected behavior
I am expecting the secret to be detected in both of these scenarios:
Screenshots
N/A
Basic Info (please complete the following information):
Additional context
cc @zricethezav
The text was updated successfully, but these errors were encountered: