MCPcopy
hub / github.com/docker/compose / Test_collectEnvCheckFindings

Function Test_collectEnvCheckFindings

pkg/compose/publish_test.go:293–565  ·  view source on GitHub ↗
(t *testing.T)

Source from the content-addressed store, hash-verified

291}
292
293func Test_collectEnvCheckFindings(t *testing.T) {
294 tests := []struct {
295 name string
296 files map[string]string
297 wantSuspicious map[string][]string // service -> sorted suspicious keys
298 wantEnvFile []string // services with env_file
299 wantLiteralCfgs []string // config names with literal content
300 }{
301 {
302 name: "benign literals are silent",
303 files: map[string]string{
304 "compose.yaml": `name: test
305services:
306 web:
307 image: alpine
308 environment:
309 LOG_LEVEL: info
310 NODE_ENV: production
311 PORT: "8080"
312`,
313 },
314 },
315 {
316 name: "interpolated values are silent even on suspicious keys",
317 files: map[string]string{
318 "compose.yaml": `name: test
319services:
320 web:
321 image: alpine
322 environment:
323 DB_PASSWORD: "${DB_PASSWORD}"
324 API_KEY: "$API_KEY"
325`,
326 },
327 },
328 {
329 name: "literal value on suspicious key is flagged",
330 files: map[string]string{
331 "compose.yaml": `name: test
332services:
333 db:
334 image: mysql
335 environment:
336 MYSQL_ROOT_PASSWORD: toto
337 MYSQL_DATABASE: appdb
338`,
339 },
340 wantSuspicious: map[string][]string{
341 "db": {"MYSQL_ROOT_PASSWORD"},
342 },
343 },
344 {
345 name: "demo placeholder changeme is flagged (security: literal still leaks)",
346 files: map[string]string{
347 "compose.yaml": `name: test
348services:
349 demo:
350 image: postgres

Callers

nothing calls this directly

Calls 3

loadProjectForTestFunction · 0.85
collectEnvCheckFindingsFunction · 0.85
sortedSuspiciousKeysMethod · 0.80

Tested by

no test coverage detected