github.com/aquasecurity/trivy-iac@v0.8.1-0.20240127024015-3d8e412cf0ab/internal/adapters/terraform/aws/apigateway/adapt_test.go (about) 1 package apigateway 2 3 import ( 4 "testing" 5 6 "github.com/aquasecurity/defsec/pkg/providers/aws/apigateway" 7 v1 "github.com/aquasecurity/defsec/pkg/providers/aws/apigateway/v1" 8 v2 "github.com/aquasecurity/defsec/pkg/providers/aws/apigateway/v2" 9 defsecTypes "github.com/aquasecurity/defsec/pkg/types" 10 "github.com/aquasecurity/trivy-iac/internal/adapters/terraform/tftestutil" 11 "github.com/aquasecurity/trivy-iac/test/testutil" 12 "github.com/stretchr/testify/assert" 13 "github.com/stretchr/testify/require" 14 ) 15 16 func Test_Adapt(t *testing.T) { 17 tests := []struct { 18 name string 19 terraform string 20 expected apigateway.APIGateway 21 }{ 22 { 23 name: "basic", 24 terraform: ` 25 resource "aws_api_gateway_rest_api" "MyDemoAPI" { 26 name = "MyDemoAPI" 27 description = "This is my API for demonstration purposes" 28 } 29 resource "aws_api_gateway_resource" "example" { 30 rest_api_id = aws_api_gateway_rest_api.MyDemoAPI.id 31 } 32 resource "aws_api_gateway_method" "example" { 33 rest_api_id = aws_api_gateway_rest_api.MyDemoAPI.id 34 resource_id = aws_api_gateway_resource.example.id 35 http_method = "GET" 36 authorization = "NONE" 37 } 38 resource "aws_apigatewayv2_api" "example" { 39 name = "tfsec" 40 protocol_type = "HTTP" 41 } 42 43 44 resource "aws_apigatewayv2_stage" "example" { 45 api_id = aws_apigatewayv2_api.example.id 46 name = "tfsec" 47 access_log_settings { 48 destination_arn = "arn:123" 49 } 50 } 51 52 resource "aws_api_gateway_domain_name" "example" { 53 domain_name = "v1.com" 54 security_policy = "TLS_1_0" 55 } 56 57 resource "aws_apigatewayv2_domain_name" "example" { 58 domain_name = "v2.com" 59 domain_name_configuration { 60 security_policy = "TLS_1_2" 61 } 62 } 63 `, 64 expected: apigateway.APIGateway{ 65 V1: v1.APIGateway{ 66 APIs: []v1.API{ 67 { 68 Metadata: defsecTypes.Metadata{}, 69 Name: String("MyDemoAPI"), 70 Resources: []v1.Resource{ 71 { 72 Methods: []v1.Method{ 73 { 74 HTTPMethod: String("GET"), 75 AuthorizationType: String("NONE"), 76 APIKeyRequired: Bool(false), 77 }, 78 }, 79 }, 80 }, 81 }, 82 }, 83 DomainNames: []v1.DomainName{ 84 { 85 Name: String("v1.com"), 86 SecurityPolicy: String("TLS_1_0"), 87 }, 88 }, 89 }, 90 V2: v2.APIGateway{ 91 APIs: []v2.API{ 92 { 93 Name: String("tfsec"), 94 ProtocolType: String("HTTP"), 95 Stages: []v2.Stage{ 96 { 97 Name: String("tfsec"), 98 AccessLogging: v2.AccessLogging{ 99 CloudwatchLogGroupARN: String("arn:123"), 100 }, 101 }, 102 }, 103 }, 104 }, 105 DomainNames: []v2.DomainName{ 106 { 107 Name: String("v2.com"), 108 SecurityPolicy: String("TLS_1_2"), 109 }, 110 }, 111 }, 112 }, 113 }, 114 } 115 116 for _, test := range tests { 117 t.Run(test.name, func(t *testing.T) { 118 modules := tftestutil.CreateModulesFromSource(t, test.terraform, ".tf") 119 adapted := Adapt(modules) 120 testutil.AssertDefsecEqual(t, test.expected, adapted) 121 }) 122 } 123 } 124 125 func Int(i int) defsecTypes.IntValue { 126 return defsecTypes.Int(i, defsecTypes.NewTestMetadata()) 127 } 128 129 func Bool(b bool) defsecTypes.BoolValue { 130 return defsecTypes.Bool(b, defsecTypes.NewTestMetadata()) 131 } 132 133 func String(s string) defsecTypes.StringValue { 134 return defsecTypes.String(s, defsecTypes.NewTestMetadata()) 135 } 136 func TestLines(t *testing.T) { 137 src := ` 138 resource "aws_api_gateway_rest_api" "MyDemoAPI" { 139 name = "MyDemoAPI" 140 description = "This is my API for demonstration purposes" 141 } 142 143 resource "aws_api_gateway_resource" "example" { 144 rest_api_id = aws_api_gateway_rest_api.MyDemoAPI.id 145 } 146 147 resource "aws_api_gateway_method" "example" { 148 rest_api_id = aws_api_gateway_rest_api.MyDemoAPI.id 149 resource_id = aws_api_gateway_resource.example.id 150 http_method = "GET" 151 authorization = "NONE" 152 api_key_required = true 153 } 154 155 resource "aws_apigatewayv2_api" "example" { 156 name = "tfsec" 157 protocol_type = "HTTP" 158 } 159 160 resource "aws_apigatewayv2_stage" "example" { 161 api_id = aws_apigatewayv2_api.example.id 162 name = "tfsec" 163 access_log_settings { 164 destination_arn = "arn:123" 165 } 166 } 167 168 resource "aws_api_gateway_domain_name" "example" { 169 domain_name = "v1.com" 170 security_policy = "TLS_1_0" 171 } 172 173 ` 174 modules := tftestutil.CreateModulesFromSource(t, src, ".tf") 175 adapted := Adapt(modules) 176 177 require.Len(t, adapted.V1.APIs, 1) 178 require.Len(t, adapted.V2.APIs, 1) 179 require.Len(t, adapted.V1.DomainNames, 1) 180 181 apiV1 := adapted.V1.APIs[0] 182 apiV2 := adapted.V2.APIs[0] 183 domainName := adapted.V1.DomainNames[0] 184 185 assert.Equal(t, 2, apiV1.Metadata.Range().GetStartLine()) 186 assert.Equal(t, 5, apiV1.Metadata.Range().GetEndLine()) 187 188 assert.Equal(t, 3, apiV1.Name.GetMetadata().Range().GetStartLine()) 189 assert.Equal(t, 3, apiV1.Name.GetMetadata().Range().GetEndLine()) 190 191 assert.Equal(t, 11, apiV1.Resources[0].Methods[0].Metadata.Range().GetStartLine()) 192 assert.Equal(t, 17, apiV1.Resources[0].Methods[0].Metadata.Range().GetEndLine()) 193 194 assert.Equal(t, 14, apiV1.Resources[0].Methods[0].HTTPMethod.GetMetadata().Range().GetStartLine()) 195 assert.Equal(t, 14, apiV1.Resources[0].Methods[0].HTTPMethod.GetMetadata().Range().GetEndLine()) 196 197 assert.Equal(t, 15, apiV1.Resources[0].Methods[0].AuthorizationType.GetMetadata().Range().GetStartLine()) 198 assert.Equal(t, 15, apiV1.Resources[0].Methods[0].AuthorizationType.GetMetadata().Range().GetEndLine()) 199 200 assert.Equal(t, 16, apiV1.Resources[0].Methods[0].APIKeyRequired.GetMetadata().Range().GetStartLine()) 201 assert.Equal(t, 16, apiV1.Resources[0].Methods[0].APIKeyRequired.GetMetadata().Range().GetEndLine()) 202 203 assert.Equal(t, 19, apiV2.Metadata.Range().GetStartLine()) 204 assert.Equal(t, 22, apiV2.Metadata.Range().GetEndLine()) 205 206 assert.Equal(t, 20, apiV2.Name.GetMetadata().Range().GetStartLine()) 207 assert.Equal(t, 20, apiV2.Name.GetMetadata().Range().GetEndLine()) 208 209 assert.Equal(t, 21, apiV2.ProtocolType.GetMetadata().Range().GetStartLine()) 210 assert.Equal(t, 21, apiV2.ProtocolType.GetMetadata().Range().GetEndLine()) 211 212 assert.Equal(t, 24, apiV2.Stages[0].Metadata.Range().GetStartLine()) 213 assert.Equal(t, 30, apiV2.Stages[0].Metadata.Range().GetEndLine()) 214 215 assert.Equal(t, 26, apiV2.Stages[0].Name.GetMetadata().Range().GetStartLine()) 216 assert.Equal(t, 26, apiV2.Stages[0].Name.GetMetadata().Range().GetEndLine()) 217 218 assert.Equal(t, 27, apiV2.Stages[0].AccessLogging.Metadata.Range().GetStartLine()) 219 assert.Equal(t, 29, apiV2.Stages[0].AccessLogging.Metadata.Range().GetEndLine()) 220 221 assert.Equal(t, 28, apiV2.Stages[0].AccessLogging.CloudwatchLogGroupARN.GetMetadata().Range().GetStartLine()) 222 assert.Equal(t, 28, apiV2.Stages[0].AccessLogging.CloudwatchLogGroupARN.GetMetadata().Range().GetEndLine()) 223 224 assert.Equal(t, 32, domainName.Metadata.Range().GetStartLine()) 225 assert.Equal(t, 35, domainName.Metadata.Range().GetEndLine()) 226 227 assert.Equal(t, 33, domainName.Name.GetMetadata().Range().GetStartLine()) 228 assert.Equal(t, 33, domainName.Name.GetMetadata().Range().GetEndLine()) 229 230 assert.Equal(t, 34, domainName.SecurityPolicy.GetMetadata().Range().GetStartLine()) 231 assert.Equal(t, 34, domainName.SecurityPolicy.GetMetadata().Range().GetEndLine()) 232 233 }