forked from quantumlib/OpenFermion
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathprepared_env_security_test.py
More file actions
38 lines (29 loc) · 1.22 KB
/
prepared_env_security_test.py
File metadata and controls
38 lines (29 loc) · 1.22 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
import unittest
from unittest.mock import patch, MagicMock
from dev_tools.prepared_env import PreparedEnv
from dev_tools.github_repository import GithubRepository
class TestPreparedEnvSecurity(unittest.TestCase):
@patch('requests.post')
def test_report_status_to_github_token_in_header(self, mock_post):
# Setup
mock_response = MagicMock()
mock_response.status_code = 201
mock_post.return_value = mock_response
repo = GithubRepository('my-org', 'my-repo', 'my-token')
env = PreparedEnv(repo, 'my-commit', 'compare-commit', None, None)
# Execute
env.report_status_to_github('success', 'desc', 'ctx')
# Verify
args, kwargs = mock_post.call_args
url = args[0]
headers = kwargs.get('headers', {})
# Security check: Token should NOT be in the URL
self.assertNotIn('access_token=my-token', url, "Token should not be passed in the URL")
# Security check: Token should be in the Authorization header
self.assertEqual(
headers.get('Authorization'),
'Bearer my-token',
"Token should be passed in the Authorization header",
)
if __name__ == '__main__':
unittest.main()