keyhog 0.5.37

keyhog: detects leaked credentials in source trees, git history, and cloud storage
Documentation
//! E2E R5-T-CLI: scan git diff modified tracked file.rs.

use crate::e2e::support::binary;
use std::process::Command;
use tempfile::TempDir;


fn init_git_repo(dir: &std::path::Path) {
    std::process::Command::new("git")
        .args(["init", "-q"])
        .current_dir(dir)
        .status()
        .expect("git init");
    std::process::Command::new("git")
        .args(["config", "user.email", "r5-cli@test"])
        .current_dir(dir)
        .status()
        .expect("git config email");
    std::process::Command::new("git")
        .args(["config", "user.name", "R5 CLI"])
        .current_dir(dir)
        .status()
        .expect("git config name");
}



#[test]
fn scan_git_diff_modified_tracked_file() {
    let dir = TempDir::new().expect("tempdir");
    let repo = dir.path();
    init_git_repo(repo);
    std::fs::write(repo.join("tracked.env"), "SAFE=1\n").unwrap();
    std::process::Command::new("git").args(["add", "tracked.env"]).current_dir(repo).status().expect("git add");
    std::process::Command::new("git").args(["commit", "-m", "init", "-q"]).current_dir(repo).status().expect("git commit");
    std::fs::write(repo.join("tracked.env"), "AWS_ACCESS_KEY_ID=AKIAKPQXRMSNTBVWYZBN\n").unwrap();
    let output = Command::new(binary())
        .args(["scan", "--no-daemon", "--git-diff", "HEAD", "--format", "json", "--no-suppress-test-fixtures"])
        .current_dir(repo).output().expect("spawn");
    assert_eq!(output.status.code(), Some(1));
    let findings: serde_json::Value = serde_json::from_str(&String::from_utf8_lossy(&output.stdout)).expect("json");
    let cited = findings.as_array().unwrap().iter().any(|f| {
        f["location"]["file_path"].as_str().map(|p| p.ends_with("tracked.env")).unwrap_or(false)
    });
    assert!(cited, "finding must cite tracked.env");
}