Initial commit: env-guard CLI tool with CI/CD

tests/secrets_test.rs

@@ -0,0 +1,112 @@
+#[cfg(test)]
+mod secrets_tests {
+    use env_guard::secrets::{
+        scan_file, redact_secret, format_secret_match,
+        get_builtin_patterns, SecretSeverity
+    };
+    use std::fs;
+
+    #[test]
+    fn test_redact_secret_short() {
+        assert_eq!(redact_secret("abc"), "***");
+    }
+
+    #[test]
+    fn test_redact_secret_long() {
+        let result = redact_secret("my-secret-api-key-12345");
+        assert!(result.starts_with("my-s"));
+        assert!(result.contains('*'));
+        assert!(result.len() < 30);
+    }
+
+    #[test]
+    fn test_redact_secret_exact_8_chars() {
+        let result = redact_secret("12345678");
+        assert_eq!(result, "********");
+    }
+
+    #[test]
+    fn test_get_builtin_patterns() {
+        let patterns = get_builtin_patterns();
+        assert!(!patterns.is_empty());
+
+        let has_aws = patterns.iter().any(|p| p.name.contains("AWS"));
+        let has_github = patterns.iter().any(|p| p.name.contains("GitHub"));
+        let has_jwt = patterns.iter().any(|p| p.name.contains("JWT"));
+
+        assert!(has_aws);
+        assert!(has_github);
+        assert!(has_jwt);
+    }
+
+    #[test]
+    fn test_scan_file_with_secrets() {
+        let content = r#"
+const apiKey = "sk-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx";
+const password = "super_secret_password";
+const awsKey = "AKIAIOSFODNN7EXAMPLE";
+"#;
+        let test_file = "test_secrets_temp.txt";
+        fs::write(test_file, content).unwrap();
+
+        let matches = scan_file(test_file, false).unwrap();
+
+        assert!(!matches.is_empty());
+        let has_api_key = matches.iter().any(|m| m.secret_type.contains("API") || m.secret_type.contains("OpenAI"));
+        assert!(has_api_key);
+
+        fs::remove_file(test_file).ok();
+    }
+
+    #[test]
+    fn test_scan_file_without_secrets() {
+        let content = r#"
+const apiUrl = "https://api.example.com";
+const port = 3000;
+const debug = true;
+"#;
+        let test_file = "test_no_secrets_temp.txt";
+        fs::write(test_file, content).unwrap();
+
+        let matches = scan_file(test_file, false).unwrap();
+        assert!(matches.is_empty());
+
+        fs::remove_file(test_file).ok();
+    }
+
+    #[test]
+    fn test_secret_severity_levels() {
+        assert_eq!(SecretSeverity::Critical.as_str(), "CRITICAL");
+        assert_eq!(SecretSeverity::High.as_str(), "HIGH");
+        assert_eq!(SecretSeverity::Medium.as_str(), "MEDIUM");
+        assert_eq!(SecretSeverity::Low.as_str(), "LOW");
+    }
+
+    #[test]
+    fn test_github_token_pattern() {
+        let content = r#"const token = "ghp_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx";"#;
+        let test_file = "test_github_temp.txt";
+        fs::write(test_file, content).unwrap();
+
+        let matches = scan_file(test_file, false).unwrap();
+        let has_github = matches.iter().any(|m| m.secret_type.contains("GitHub"));
+
+        assert!(has_github);
+
+        fs::remove_file(test_file).ok();
+    }
+
+    #[test]
+    fn test_jwt_pattern() {
+        let content = r#"const jwt = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIn0.dozjgNryP4J3jVmNHl0w5N_XgL0n3I9PlFUP0THsR8U";"#;
+        let test_file = "test_jwt_temp.txt";
+        fs::write(test_file, content).unwrap();
+
+        let matches = scan_file(test_file, false).unwrap();
+        let has_jwt = matches.iter().any(|m| m.secret_type.contains("JWT"));
+
+        assert!(has_jwt);
+
+        fs::remove_file(test_file).ok();
+    }
+}