(Fix): Update gitleaks test data (#900)

Gitleaks [v8.21.2](https://github.com/gitleaks/gitleaks/releases/tag/v8.21.2) added more stringent checking, removing some false positives. Updates our test data to provide more useful tests. "Secrets" are taken from gitleaks repo test data
trunk-io · Oct 29, 2024 · cacbffc · cacbffc
1 parent bedf6e2
commit cacbffc
Show file tree

Hide file tree

Showing 4 changed files with 118 additions and 7 deletions.
diff --git a/linters/gitleaks/test_data/basic.py b/linters/gitleaks/test_data/basic.py
@@ -1,4 +1,11 @@
 aws_access_key_id = "AKIAIO5FODNN7EXAMPLE"
 
+aws_token = "AKIALALEMEL33243OLIA"
 
-aws_access_key_id = "AKIAIO5FODNN7EXAMPLE"
+private_key = """-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
+QyNTUxOQAAACA8YWKYztuuvxUIMomc3zv0OdXCT57Cc2cRYu3TMbX9XAAAAJDiKO3C4ijt
+wgAAAAtzc2gtZWQyNTUxOQAAACA8YWKYztuuvxUIMomc3zv0OdXCT57Cc2cRYu3TMbX9XA
+AAAECzmj8DGxg5YHtBK4AmBttMXDQHsPAaCyYHQjJ4YujRBTxhYpjO266/FQgyiZzfO/Q5
+1cJPnsJzZxFi7dMxtf1cAAAADHJvb3RAZGV2aG9zdAE=
+-----END OPENSSH PRIVATE KEY-----"""
diff --git a/linters/gitleaks/test_data/gitleaks_v8.1.3_basic.check.shot b/linters/gitleaks/test_data/gitleaks_v8.1.3_basic.check.shot
@@ -23,18 +23,36 @@ exports[`Testing linter gitleaks test basic 1`] = `
     },
     {
       "code": "aws-access-token",
-      "column": "23",
+      "column": "15",
       "file": "test_data/basic.py",
       "issueClass": "ISSUE_CLASS_EXISTING",
       "level": "LEVEL_HIGH",
-      "line": "4",
+      "line": "3",
       "linter": "gitleaks",
       "message": "aws-access-token has detected secret for file test_data/basic.py.",
       "ranges": [
         {
           "filePath": "test_data/basic.py",
           "length": "19",
-          "offset": "67",
+          "offset": "58",
+        },
+      ],
+      "targetType": "ALL",
+    },
+    {
+      "code": "OPENSSH-PK",
+      "column": "19",
+      "file": "test_data/basic.py",
+      "issueClass": "ISSUE_CLASS_EXISTING",
+      "level": "LEVEL_HIGH",
+      "line": "5",
+      "linter": "gitleaks",
+      "message": "OPENSSH-PK has detected secret for file test_data/basic.py.",
+      "ranges": [
+        {
+          "filePath": "test_data/basic.py",
+          "length": "34",
+          "offset": "98",
         },
       ],
       "targetType": "ALL",

diff --git a/linters/gitleaks/test_data/gitleaks_v8.21.2_basic.check.shot b/linters/gitleaks/test_data/gitleaks_v8.21.2_basic.check.shot
@@ -0,0 +1,68 @@
+// Jest Snapshot v1, https://goo.gl/fbAQLP
+// trunk-upgrade-validation:RELEASE
+
+exports[`Testing linter gitleaks test basic 1`] = `
+{
+  "issues": [
+    {
+      "code": "aws-access-token",
+      "column": "15",
+      "file": "test_data/basic.py",
+      "issueClass": "ISSUE_CLASS_EXISTING",
+      "level": "LEVEL_HIGH",
+      "line": "3",
+      "linter": "gitleaks",
+      "message": "aws-access-token has detected secret for file test_data/basic.py.",
+      "ranges": [
+        {
+          "filePath": "test_data/basic.py",
+          "length": "20",
+          "offset": "58",
+        },
+      ],
+      "targetType": "ALL",
+    },
+    {
+      "code": "private-key",
+      "column": "19",
+      "file": "test_data/basic.py",
+      "issueClass": "ISSUE_CLASS_EXISTING",
+      "level": "LEVEL_HIGH",
+      "line": "5",
+      "linter": "gitleaks",
+      "message": "private-key has detected secret for file test_data/basic.py.",
+      "ranges": [
+        {
+          "filePath": "test_data/basic.py",
+          "length": "397",
+          "offset": "98",
+        },
+      ],
+      "targetType": "ALL",
+    },
+  ],
+  "lintActions": [
+    {
+      "command": "lint",
+      "fileGroupName": "ALL",
+      "linter": "gitleaks",
+      "paths": [
+        "test_data/basic.py",
+      ],
+      "verb": "TRUNK_VERB_CHECK",
+    },
+    {
+      "command": "lint",
+      "fileGroupName": "ALL",
+      "linter": "gitleaks",
+      "paths": [
+        "test_data/basic.py",
+      ],
+      "upstream": true,
+      "verb": "TRUNK_VERB_CHECK",
+    },
+  ],
+  "taskFailures": [],
+  "unformattedFiles": [],
+}
+`;
diff --git a/linters/gitleaks/test_data/gitleaks_v8.8.7_basic.check.shot b/linters/gitleaks/test_data/gitleaks_v8.8.7_basic.check.shot
@@ -23,18 +23,36 @@ exports[`Testing linter gitleaks test basic 1`] = `
     },
     {
       "code": "aws-access-token",
-      "column": "23",
+      "column": "15",
       "file": "test_data/basic.py",
       "issueClass": "ISSUE_CLASS_EXISTING",
       "level": "LEVEL_HIGH",
-      "line": "4",
+      "line": "3",
       "linter": "gitleaks",
       "message": "aws-access-token has detected secret for file test_data/basic.py.",
       "ranges": [
         {
           "filePath": "test_data/basic.py",
           "length": "19",
-          "offset": "67",
+          "offset": "58",
+        },
+      ],
+      "targetType": "ALL",
+    },
+    {
+      "code": "private-key",
+      "column": "19",
+      "file": "test_data/basic.py",
+      "issueClass": "ISSUE_CLASS_EXISTING",
+      "level": "LEVEL_HIGH",
+      "line": "5",
+      "linter": "gitleaks",
+      "message": "private-key has detected secret for file test_data/basic.py.",
+      "ranges": [
+        {
+          "filePath": "test_data/basic.py",
+          "length": "396",
+          "offset": "98",
         },
       ],
       "targetType": "ALL",