package github import ( "context" "encoding/json" "net/http" "testing" "github.com/github/github-mcp-server/internal/toolsnaps" "github.com/github/github-mcp-server/pkg/translations" "github.com/google/go-github/v82/github" "github.com/google/jsonschema-go/jsonschema" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" ) func Test_GetSecretScanningAlert(t *testing.T) { toolDef := GetSecretScanningAlert(translations.NullTranslationHelper) require.NoError(t, toolsnaps.Test(toolDef.Tool.Name, toolDef.Tool)) assert.Equal(t, "get_secret_scanning_alert", toolDef.Tool.Name) assert.NotEmpty(t, toolDef.Tool.Description) // Verify InputSchema structure schema, ok := toolDef.Tool.InputSchema.(*jsonschema.Schema) require.True(t, ok, "InputSchema should be *jsonschema.Schema") assert.Contains(t, schema.Properties, "owner") assert.Contains(t, schema.Properties, "repo") assert.Contains(t, schema.Properties, "alertNumber") assert.ElementsMatch(t, schema.Required, []string{"owner", "repo", "alertNumber"}) // Setup mock alert for success case mockAlert := &github.SecretScanningAlert{ Number: github.Ptr(42), State: github.Ptr("open"), HTMLURL: github.Ptr("https://github.com/owner/private-repo/security/secret-scanning/42"), } tests := []struct { name string mockedClient *http.Client requestArgs map[string]any expectError bool expectedAlert *github.SecretScanningAlert expectedErrMsg string }{ { name: "successful alert fetch", mockedClient: MockHTTPClientWithHandlers(map[string]http.HandlerFunc{ GetReposSecretScanningAlertsByOwnerByRepoByAlertNumber: mockResponse(t, http.StatusOK, mockAlert), }), requestArgs: map[string]any{ "owner": "owner", "repo": "repo", "alertNumber": float64(42), }, expectError: false, expectedAlert: mockAlert, }, { name: "alert fetch fails", mockedClient: MockHTTPClientWithHandlers(map[string]http.HandlerFunc{ GetReposSecretScanningAlertsByOwnerByRepoByAlertNumber: http.HandlerFunc(func(w http.ResponseWriter, _ *http.Request) { w.WriteHeader(http.StatusNotFound) _, _ = w.Write([]byte(`{"message": "Not Found"}`)) }), }), requestArgs: map[string]any{ "owner": "owner", "repo": "repo", "alertNumber": float64(9999), }, expectError: true, expectedErrMsg: "failed to get alert", }, } for _, tc := range tests { t.Run(tc.name, func(t *testing.T) { // Setup client with mock client := github.NewClient(tc.mockedClient) deps := BaseDeps{ Client: client, } handler := toolDef.Handler(deps) // Create call request request := createMCPRequest(tc.requestArgs) // Call handler result, err := handler(ContextWithDeps(context.Background(), deps), &request) // Verify results if tc.expectError { require.NoError(t, err) require.True(t, result.IsError) errorContent := getErrorResult(t, result) assert.Contains(t, errorContent.Text, tc.expectedErrMsg) return } require.NoError(t, err) require.False(t, result.IsError) // Parse the result and get the text content if no error textContent := getTextResult(t, result) // Unmarshal and verify the result var returnedAlert github.Alert err = json.Unmarshal([]byte(textContent.Text), &returnedAlert) assert.NoError(t, err) assert.Equal(t, *tc.expectedAlert.Number, *returnedAlert.Number) assert.Equal(t, *tc.expectedAlert.State, *returnedAlert.State) assert.Equal(t, *tc.expectedAlert.HTMLURL, *returnedAlert.HTMLURL) }) } } func Test_ListSecretScanningAlerts(t *testing.T) { // Verify tool definition once toolDef := ListSecretScanningAlerts(translations.NullTranslationHelper) require.NoError(t, toolsnaps.Test(toolDef.Tool.Name, toolDef.Tool)) assert.Equal(t, "list_secret_scanning_alerts", toolDef.Tool.Name) assert.NotEmpty(t, toolDef.Tool.Description) // Verify InputSchema structure schema, ok := toolDef.Tool.InputSchema.(*jsonschema.Schema) require.True(t, ok, "InputSchema should be *jsonschema.Schema") assert.Contains(t, schema.Properties, "owner") assert.Contains(t, schema.Properties, "repo") assert.Contains(t, schema.Properties, "state") assert.Contains(t, schema.Properties, "secret_type") assert.Contains(t, schema.Properties, "resolution") assert.ElementsMatch(t, schema.Required, []string{"owner", "repo"}) // Setup mock alerts for success case resolvedAlert := github.SecretScanningAlert{ Number: github.Ptr(2), HTMLURL: github.Ptr("https://github.com/owner/private-repo/security/secret-scanning/2"), State: github.Ptr("resolved"), Resolution: github.Ptr("false_positive"), SecretType: github.Ptr("adafruit_io_key"), } openAlert := github.SecretScanningAlert{ Number: github.Ptr(2), HTMLURL: github.Ptr("https://github.com/owner/private-repo/security/secret-scanning/3"), State: github.Ptr("open"), Resolution: github.Ptr("false_positive"), SecretType: github.Ptr("adafruit_io_key"), } tests := []struct { name string mockedClient *http.Client requestArgs map[string]any expectError bool expectedAlerts []*github.SecretScanningAlert expectedErrMsg string }{ { name: "successful resolved alerts listing", mockedClient: MockHTTPClientWithHandlers(map[string]http.HandlerFunc{ GetReposSecretScanningAlertsByOwnerByRepo: expectQueryParams(t, map[string]string{ "state": "resolved", }).andThen( mockResponse(t, http.StatusOK, []*github.SecretScanningAlert{&resolvedAlert}), ), }), requestArgs: map[string]any{ "owner": "owner", "repo": "repo", "state": "resolved", }, expectError: false, expectedAlerts: []*github.SecretScanningAlert{&resolvedAlert}, }, { name: "successful alerts listing", mockedClient: MockHTTPClientWithHandlers(map[string]http.HandlerFunc{ GetReposSecretScanningAlertsByOwnerByRepo: expectQueryParams(t, map[string]string{}).andThen( mockResponse(t, http.StatusOK, []*github.SecretScanningAlert{&resolvedAlert, &openAlert}), ), }), requestArgs: map[string]any{ "owner": "owner", "repo": "repo", }, expectError: false, expectedAlerts: []*github.SecretScanningAlert{&resolvedAlert, &openAlert}, }, { name: "alerts listing fails", mockedClient: MockHTTPClientWithHandlers(map[string]http.HandlerFunc{ GetReposSecretScanningAlertsByOwnerByRepo: http.HandlerFunc(func(w http.ResponseWriter, _ *http.Request) { w.WriteHeader(http.StatusUnauthorized) _, _ = w.Write([]byte(`{"message": "Unauthorized access"}`)) }), }), requestArgs: map[string]any{ "owner": "owner", "repo": "repo", }, expectError: true, expectedErrMsg: "failed to list alerts", }, } for _, tc := range tests { t.Run(tc.name, func(t *testing.T) { client := github.NewClient(tc.mockedClient) deps := BaseDeps{ Client: client, } handler := toolDef.Handler(deps) request := createMCPRequest(tc.requestArgs) result, err := handler(ContextWithDeps(context.Background(), deps), &request) if tc.expectError { require.NoError(t, err) require.True(t, result.IsError) errorContent := getErrorResult(t, result) assert.Contains(t, errorContent.Text, tc.expectedErrMsg) return } require.NoError(t, err) require.False(t, result.IsError) textContent := getTextResult(t, result) // Unmarshal and verify the result var returnedAlerts []*github.SecretScanningAlert err = json.Unmarshal([]byte(textContent.Text), &returnedAlerts) assert.NoError(t, err) assert.Len(t, returnedAlerts, len(tc.expectedAlerts)) for i, alert := range returnedAlerts { assert.Equal(t, *tc.expectedAlerts[i].Number, *alert.Number) assert.Equal(t, *tc.expectedAlerts[i].HTMLURL, *alert.HTMLURL) assert.Equal(t, *tc.expectedAlerts[i].State, *alert.State) assert.Equal(t, *tc.expectedAlerts[i].Resolution, *alert.Resolution) assert.Equal(t, *tc.expectedAlerts[i].SecretType, *alert.SecretType) } }) } }