Add mock http calls to DiscordValidatorTests (#523)

* Add Mock validators for Discord Credentials * Fix typo * Remove uneeded newline
microsoft · Aug 3, 2021 · e33d3ca · e33d3ca
1 parent 7b09519
commit e33d3ca
Show file tree

Hide file tree

Showing 2 changed files with 74 additions and 5 deletions.
diff --git a/Src/Plugins/Security/SEC101_046.DiscordApiCredentialsValidator.cs b/Src/Plugins/Security/SEC101_046.DiscordApiCredentialsValidator.cs
@@ -82,9 +82,11 @@ protected override IEnumerable<ValidationResult> IsValidStaticHelper(Dictionary<
             {
                 HttpClient client = CreateOrUseCachedHttpClient();
 
-                var dict = new Dictionary<string, string>();
-                dict.Add("grant_type", "client_credentials");
-                dict.Add("scope", "identify connections");
+                var dict = new Dictionary<string, string>
+                {
+                    { "grant_type", "client_credentials" },
+                    { "scope", "identify connections" },
+                };
 
                 string credentials = Convert.ToBase64String(Encoding.ASCII.GetBytes(string.Format("{0}:{1}", id, secret)));
                 using var request = new HttpRequestMessage(HttpMethod.Post, uri);
@@ -100,12 +102,12 @@ protected override IEnumerable<ValidationResult> IsValidStaticHelper(Dictionary<
                 {
                     case HttpStatusCode.OK:
                     {
-                        return ValidationState.Authorized;
+                        return ReturnAuthorizedAccess(ref message, id);
                     }
 
                     case HttpStatusCode.Unauthorized:
                     {
-                        return ValidationState.Unauthorized;
+                        return ReturnUnauthorizedAccess(ref message, id);
                     }
 
                     default:

diff --git a/Src/Plugins/Tests.Security/Validators/SEC101_046.DiscordApiCredentialsValidatorTests.cs b/Src/Plugins/Tests.Security/Validators/SEC101_046.DiscordApiCredentialsValidatorTests.cs
@@ -2,6 +2,11 @@
 // Licensed under the MIT license. See LICENSE file in the project root for full license information.
 
 using System.Collections.Generic;
+using System.Net;
+using System.Net.Http;
+using System.Text;
+
+using FluentAssertions;
 
 using Microsoft.CodeAnalysis.Sarif.PatternMatcher.Sdk;
 
@@ -30,5 +35,67 @@ public void DiscordApiCredentialsValidator_Test()
                                                           keyValuePairs,
                                                           ref resultLevelKind);
         }
+
+        [Fact]
+        public void DiscordCredentialsValidator_MockHttpTests()
+        {
+            var testCases = new[]
+            {
+                new
+                {
+                    Title = "Testing Valid Credentials",
+                    HttpStatusCode = HttpStatusCode.OK,
+                    ExpectedValidationState = ValidationState.Authorized,
+                    ExpectedMessage = "The compromised asset is 'a'.",
+                    HttpContent = (HttpContent)null,
+                },
+                new
+                {
+                    Title = "Testing Invalid Credentials",
+                    HttpStatusCode = HttpStatusCode.Unauthorized,
+                    ExpectedValidationState = ValidationState.Unauthorized,
+                    ExpectedMessage = "The provided secret is not authorized to access 'a'.",
+                    HttpContent = (HttpContent)null,
+                },
+                new
+                {
+                    Title = "Testing Unknown Status code",
+                    HttpStatusCode = HttpStatusCode.NotFound,
+                    ExpectedValidationState = ValidationState.Unknown,
+                    ExpectedMessage = "An unexpected HTTP response code was received: 'NotFound'.",
+                    HttpContent = (HttpContent)null,
+                },
+            };
+            const string fingerprintText = "[id=a][secret=b]";
+
+            var sb = new StringBuilder();
+            foreach (var testCase in testCases)
+            {
+                string message = string.Empty;
+                ResultLevelKind resultLevelKind = default;
+                var fingerprint = new Fingerprint(fingerprintText);
+                var keyValuePairs = new Dictionary<string, string>();
+
+                MockHelper.ResetStaticInstance<DiscordApiCredentialsValidator>();
+                using var httpClient = new HttpClient(MockHelper.MockHttpMessageHandler(testCase.HttpStatusCode, testCase.HttpContent));
+                DiscordApiCredentialsValidator.Instance.SetHttpClient(httpClient);
+
+                ValidationState currentState = DiscordApiCredentialsValidator.IsValidDynamic(ref fingerprint,
+                                                                                             ref message,
+                                                                                             keyValuePairs,
+                                                                                             ref resultLevelKind);
+                if (currentState != testCase.ExpectedValidationState)
+                {
+                    sb.AppendLine($"The test case '{testCase.Title}' was expecting '{testCase.ExpectedValidationState}' but found '{currentState}'.");
+                }
+
+                if (!message.Equals(testCase.ExpectedMessage))
+                {
+                    sb.AppendLine($"The test case '{testCase.Title}' was expecting '{testCase.ExpectedMessage}' but found '{message}'.");
+                }
+            }
+
+            sb.Length.Should().Be(0, sb.ToString());
+        }
     }
 }