wylab/claude-hub
1
0
Fork 0
forked from claude-did-this/claude-hub
Code Issues 1 Pull Requests Activity
Files
main
claude-hub/test/test-webhook-credentials.js
Jonathan Flatt de2c25977c test: Fix failing unit tests by improving mock configuration 
- Fixed githubController.test.js by adding proper secureCredentials mock
- Fixed githubService.test.js by adding logger and secureCredentials mocks
- Applied code formatting with Prettier across all files
- All tests now pass successfully

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-05-21 23:03:07 -05:00

73 lines
2.1 KiB
JavaScript
Raw Permalink Blame History

/**
* Test script to verify that webhook responses don't expose credentials
*/
// Not used in this test
// const fs = require('fs');
// const path = require('path');
// Mock environment variables with sensitive data
process.env.GITHUB_TOKEN = 'ghp_verySecretGitHubToken123456789';
process.env.AWS_ACCESS_KEY_ID = 'EXAMPLE_KEY_ID';
process.env.AWS_SECRET_ACCESS_KEY = 'EXAMPLE_SECRET_KEY';
process.env.AWS_REGION = 'us-east-1';
process.env.NODE_ENV = 'test';
// Load the Claude service
const claudeService = require('../src/services/claudeService');
console.log('Testing webhook credential handling...\n');
// Create a test case that simulates an error
async function testCredentialLeakPrevention() {
try {
// This should fail but not leak credentials
const result = await claudeService.processCommand({
repoFullName: 'test/repo',
issueNumber: 1,
command: 'test command',
isPullRequest: false,
branchName: null
});
console.log('Test result:', result);
} catch (error) {
console.log('Error caught (expected):', error.message);
// Check if error message contains any credentials
const errorMessage = error.message.toString();
const credentials = [
process.env.GITHUB_TOKEN,
process.env.AWS_ACCESS_KEY_ID,
process.env.AWS_SECRET_ACCESS_KEY
];
let hasLeak = false;
credentials.forEach(cred => {
if (errorMessage.includes(cred)) {
console.log(`❌ LEAKED: Error message contains ${cred.substring(0, 10)}...`);
hasLeak = true;
}
});
if (!hasLeak) {
console.log('✅ SUCCESS: No credentials found in error message');
}
// Also check the error object if it has stderr/stdout
if (error.stderr) {
const stderr = error.stderr.toString();
credentials.forEach(cred => {
if (stderr.includes(cred)) {
console.log(`❌ LEAKED: stderr contains ${cred.substring(0, 10)}...`);
}
});
}
}
}
// Run the test
testCredentialLeakPrevention()
.then(() => console.log('\nTest completed'))
.catch(err => console.error('Test failed:', err));
Reference in New Issue View Git Blame Copy Permalink