@@ -527,4 +527,156 @@ EOF
527527 # Use real jq here since we want to actually check the file
528528 final_format=$( jq -r ' .bomFormat' " $converted_sbom " )
529529 [ " $final_format " = " CycloneDX"
530- }
530+ }
531+
532+ # ============================================================================
533+ # SANITIZE_INPUTS INTEGRATION TESTS
534+ # ============================================================================
535+
536+ # Test 11: sanitize_inputs processes repository correctly
537+ @test " sanitize_inputs processes repository correctly"
538+ export REPOSITORY=" test-org/test-repo"
539+
540+ run sanitize_inputs
541+ [ " $status " -eq 0 ]
542+ [[ " $output " == * " Sanitized REPOSITORY: test-org/test-repo" * ]]
543+ }
544+
545+ # Test 12: sanitize_inputs processes Mend email correctly
546+ @test " sanitize_inputs processes Mend email correctly"
547+ export SBOM_SOURCE=" mend"
548+ export MEND_EMAIL=" test@example.com"
549+ export MEND_ORG_UUID=" 123e4567-e89b-12d3-a456-426614174000"
550+ export MEND_USER_KEY=" test-key"
551+ export MEND_BASE_URL=" https://api.mend.io"
552+ export MEND_PROJECT_UUID=" 123e4567-e89b-12d3-a456-426614174000"
553+
554+ run sanitize_inputs
555+ [ " $status " -eq 0 ]
556+ [[ " $output " == * " Sanitized MEND_EMAIL: test@example.com" * ]]
557+ }
558+
559+ # Test 13: sanitize_inputs processes S3 bucket correctly
560+ @test " sanitize_inputs processes S3 bucket correctly"
561+ export S3_BUCKET=" My-Test-Bucket"
562+
563+ run sanitize_inputs
564+ [ " $status " -eq 0 ]
565+ [[ " $output " == * " Sanitized S3_BUCKET: my-test-bucket" * ]]
566+ }
567+
568+ # Test 14: sanitize_inputs validates SBOM_SOURCE enum
569+ @test " sanitize_inputs validates SBOM_SOURCE enum"
570+ export SBOM_SOURCE=" invalid-source"
571+
572+ run sanitize_inputs
573+ [ " $status " -eq 1 ]
574+ [[ " $output " == * " Invalid SBOM_SOURCE: invalid-source" * ]]
575+ }
576+
577+ # Test 15: sanitize_inputs validates SBOM_FORMAT enum
578+ @test " sanitize_inputs validates SBOM_FORMAT enum"
579+ export SBOM_FORMAT=" invalid-format"
580+
581+ run sanitize_inputs
582+ [ " $status " -eq 1 ]
583+ [[ " $output " == * " Invalid SBOM_FORMAT: invalid-format" * ]]
584+ }
585+
586+ # Test 16: sanitize_inputs validates MERGE boolean
587+ @test " sanitize_inputs validates MERGE boolean"
588+ export MERGE=" maybe"
589+
590+ run sanitize_inputs
591+ [ " $status " -eq 1 ]
592+ [[ " $output " == * " Invalid MERGE value: maybe" * ]]
593+ }
594+
595+ # Test 17: sanitize_inputs processes include patterns correctly
596+ @test " sanitize_inputs processes include patterns correctly"
597+ export INCLUDE=" *.json , test*.txt , file.log "
598+
599+ run sanitize_inputs
600+ [ " $status " -eq 0 ]
601+ [[ " $output " == * " Sanitized INCLUDE: *.json,test*.txt,file.log" * ]]
602+ }
603+
604+ # Test 18: sanitize_inputs processes exclude patterns correctly
605+ @test " sanitize_inputs processes exclude patterns correctly"
606+ export EXCLUDE=" *-dev.json,*-test.json"
607+
608+ run sanitize_inputs
609+ [ " $status " -eq 0 ]
610+ [[ " $output " == * " Sanitized EXCLUDE: *-dev.json,*-test.json" * ]]
611+ }
612+
613+ # Test 19: sanitize_inputs processes ClickHouse URL correctly
614+ @test " sanitize_inputs processes ClickHouse URL correctly"
615+ export CLICKHOUSE_URL=" https://clickhouse.example.com:8443"
616+
617+ run sanitize_inputs
618+ [ " $status " -eq 0 ]
619+ [[ " $output " == * " Sanitized CLICKHOUSE_URL: https://clickhouse.example.com:8443" * ]]
620+ }
621+
622+ # Test 20: sanitize_inputs processes multiple Mend project UUIDs
623+ @test " sanitize_inputs processes multiple Mend project UUIDs"
624+ export MEND_PROJECT_UUIDS=" 123e4567-e89b-12d3-a456-426614174000, 456e7890-e89b-12d3-a456-426614174000"
625+
626+ run sanitize_inputs
627+ [ " $status " -eq 0 ]
628+ [[ " $output " == * " Sanitized MEND_PROJECT_UUIDS: 123e4567-e89b-12d3-a456-426614174000,456e7890-e89b-12d3-a456-426614174000" * ]]
629+ }
630+
631+ # Test 21: sanitize_inputs processes numeric values with validation
632+ @test " sanitize_inputs processes numeric values with validation"
633+ export MEND_MAX_WAIT_TIME=" 1800"
634+ export MEND_POLL_INTERVAL=" 30"
635+
636+ run sanitize_inputs
637+ [ " $status " -eq 0 ]
638+ [[ " $output " == * " Sanitized MEND_MAX_WAIT_TIME: 1800" * ]]
639+ [[ " $output " == * " Sanitized MEND_POLL_INTERVAL: 30" * ]]
640+ }
641+
642+ # Test 22: sanitize_inputs rejects invalid numeric values
643+ @test " sanitize_inputs rejects invalid numeric values"
644+ export MEND_MAX_WAIT_TIME=" 10000" # Too high
645+
646+ run sanitize_inputs
647+ [ " $status " -eq 1 ]
648+ [[ " $output " == * " Numeric value for MEND_MAX_WAIT_TIME out of range" * ]]
649+ }
650+
651+ # Test 23: sanitize_inputs skips empty values
652+ @test " sanitize_inputs skips empty values"
653+ export REPOSITORY=" "
654+ export MEND_EMAIL=" "
655+
656+ run sanitize_inputs
657+ [ " $status " -eq 0 ]
658+ # Should not contain any sanitization messages for empty values
659+ [[ " $output " != * " Sanitized REPOSITORY:" * ]]
660+ [[ " $output " != * " Sanitized MEND_EMAIL:" * ]]
661+ }
662+
663+ # Test 24: sanitize_inputs redacts sensitive information in logs
664+ @test " sanitize_inputs redacts sensitive information in logs"
665+ export GITHUB_TOKEN=" secret-token"
666+ export AWS_ACCESS_KEY_ID=" secret-key"
667+ export AWS_SECRET_ACCESS_KEY=" secret-access-key"
668+ export CLICKHOUSE_PASSWORD=" secret-password"
669+
670+ run sanitize_inputs
671+ [ " $status " -eq 0 ]
672+ [[ " $output " == * " Sanitized GITHUB_TOKEN: [REDACTED]" * ]]
673+ [[ " $output " == * " Sanitized AWS_ACCESS_KEY_ID: [REDACTED]" * ]]
674+ [[ " $output " == * " Sanitized AWS_SECRET_ACCESS_KEY: [REDACTED]" * ]]
675+ [[ " $output " == * " Sanitized CLICKHOUSE_PASSWORD: [REDACTED]" * ]]
676+
677+ # Make sure actual values are not in the output
678+ [[ " $output " != * " secret-token" * ]]
679+ [[ " $output " != * " secret-key" * ]]
680+ [[ " $output " != * " secret-access-key" * ]]
681+ [[ " $output " != * " secret-password" * ]]
682+ }
0 commit comments