github.com/aquasecurity/trivy-iac@v0.8.1-0.20240127024015-3d8e412cf0ab/internal/adapters/terraform/aws/cloudfront/adapt_test.go (about) 1 package cloudfront 2 3 import ( 4 "testing" 5 6 defsecTypes "github.com/aquasecurity/defsec/pkg/types" 7 8 "github.com/aquasecurity/defsec/pkg/providers/aws/cloudfront" 9 10 "github.com/aquasecurity/trivy-iac/internal/adapters/terraform/tftestutil" 11 12 "github.com/aquasecurity/trivy-iac/test/testutil" 13 "github.com/stretchr/testify/assert" 14 "github.com/stretchr/testify/require" 15 ) 16 17 func Test_adaptDistribution(t *testing.T) { 18 tests := []struct { 19 name string 20 terraform string 21 expected cloudfront.Distribution 22 }{ 23 { 24 name: "configured", 25 terraform: ` 26 resource "aws_cloudfront_distribution" "example" { 27 logging_config { 28 bucket = "mylogs.s3.amazonaws.com" 29 } 30 31 web_acl_id = "waf_id" 32 33 default_cache_behavior { 34 viewer_protocol_policy = "redirect-to-https" 35 } 36 37 ordered_cache_behavior { 38 viewer_protocol_policy = "redirect-to-https" 39 } 40 41 viewer_certificate { 42 cloudfront_default_certificate = true 43 minimum_protocol_version = "TLSv1.2_2021" 44 ssl_support_method = "sni-only" 45 } 46 } 47 `, 48 expected: cloudfront.Distribution{ 49 Metadata: defsecTypes.NewTestMetadata(), 50 WAFID: defsecTypes.String("waf_id", defsecTypes.NewTestMetadata()), 51 Logging: cloudfront.Logging{ 52 Metadata: defsecTypes.NewTestMetadata(), 53 Bucket: defsecTypes.String("mylogs.s3.amazonaws.com", defsecTypes.NewTestMetadata()), 54 }, 55 DefaultCacheBehaviour: cloudfront.CacheBehaviour{ 56 Metadata: defsecTypes.NewTestMetadata(), 57 ViewerProtocolPolicy: defsecTypes.String("redirect-to-https", defsecTypes.NewTestMetadata()), 58 }, 59 OrdererCacheBehaviours: []cloudfront.CacheBehaviour{ 60 { 61 Metadata: defsecTypes.NewTestMetadata(), 62 ViewerProtocolPolicy: defsecTypes.String("redirect-to-https", defsecTypes.NewTestMetadata()), 63 }, 64 }, 65 ViewerCertificate: cloudfront.ViewerCertificate{ 66 Metadata: defsecTypes.NewTestMetadata(), 67 MinimumProtocolVersion: defsecTypes.String("TLSv1.2_2021", defsecTypes.NewTestMetadata()), 68 CloudfrontDefaultCertificate: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), 69 SSLSupportMethod: defsecTypes.String("sni-only", defsecTypes.NewTestMetadata()), 70 }, 71 }, 72 }, 73 { 74 name: "defaults", 75 terraform: ` 76 resource "aws_cloudfront_distribution" "example" { 77 } 78 `, 79 expected: cloudfront.Distribution{ 80 Metadata: defsecTypes.NewTestMetadata(), 81 WAFID: defsecTypes.String("", defsecTypes.NewTestMetadata()), 82 Logging: cloudfront.Logging{ 83 Metadata: defsecTypes.NewTestMetadata(), 84 Bucket: defsecTypes.String("", defsecTypes.NewTestMetadata()), 85 }, 86 DefaultCacheBehaviour: cloudfront.CacheBehaviour{ 87 Metadata: defsecTypes.NewTestMetadata(), 88 ViewerProtocolPolicy: defsecTypes.String("allow-all", defsecTypes.NewTestMetadata()), 89 }, 90 91 ViewerCertificate: cloudfront.ViewerCertificate{ 92 Metadata: defsecTypes.NewTestMetadata(), 93 MinimumProtocolVersion: defsecTypes.String("TLSv1", defsecTypes.NewTestMetadata()), 94 }, 95 }, 96 }, 97 } 98 99 for _, test := range tests { 100 t.Run(test.name, func(t *testing.T) { 101 modules := tftestutil.CreateModulesFromSource(t, test.terraform, ".tf") 102 adapted := adaptDistribution(modules.GetBlocks()[0]) 103 testutil.AssertDefsecEqual(t, test.expected, adapted) 104 }) 105 } 106 } 107 108 func TestLines(t *testing.T) { 109 src := ` 110 resource "aws_cloudfront_distribution" "example" { 111 logging_config { 112 bucket = "mylogs.s3.amazonaws.com" 113 } 114 115 web_acl_id = "waf_id" 116 117 default_cache_behavior { 118 viewer_protocol_policy = "redirect-to-https" 119 } 120 121 ordered_cache_behavior { 122 viewer_protocol_policy = "redirect-to-https" 123 } 124 125 viewer_certificate { 126 cloudfront_default_certificate = true 127 minimum_protocol_version = "TLSv1.2_2021" 128 } 129 }` 130 131 modules := tftestutil.CreateModulesFromSource(t, src, ".tf") 132 adapted := Adapt(modules) 133 134 require.Len(t, adapted.Distributions, 1) 135 distribution := adapted.Distributions[0] 136 137 assert.Equal(t, 2, distribution.Metadata.Range().GetStartLine()) 138 assert.Equal(t, 21, distribution.Metadata.Range().GetEndLine()) 139 140 assert.Equal(t, 3, distribution.Logging.Metadata.Range().GetStartLine()) 141 assert.Equal(t, 5, distribution.Logging.Metadata.Range().GetEndLine()) 142 143 assert.Equal(t, 7, distribution.WAFID.GetMetadata().Range().GetStartLine()) 144 assert.Equal(t, 7, distribution.WAFID.GetMetadata().Range().GetEndLine()) 145 146 assert.Equal(t, 9, distribution.DefaultCacheBehaviour.Metadata.Range().GetStartLine()) 147 assert.Equal(t, 11, distribution.DefaultCacheBehaviour.Metadata.Range().GetEndLine()) 148 149 assert.Equal(t, 10, distribution.DefaultCacheBehaviour.ViewerProtocolPolicy.GetMetadata().Range().GetStartLine()) 150 assert.Equal(t, 10, distribution.DefaultCacheBehaviour.ViewerProtocolPolicy.GetMetadata().Range().GetEndLine()) 151 152 assert.Equal(t, 13, distribution.OrdererCacheBehaviours[0].Metadata.Range().GetStartLine()) 153 assert.Equal(t, 15, distribution.OrdererCacheBehaviours[0].Metadata.Range().GetEndLine()) 154 155 assert.Equal(t, 14, distribution.OrdererCacheBehaviours[0].ViewerProtocolPolicy.GetMetadata().Range().GetStartLine()) 156 assert.Equal(t, 14, distribution.OrdererCacheBehaviours[0].ViewerProtocolPolicy.GetMetadata().Range().GetEndLine()) 157 158 assert.Equal(t, 17, distribution.ViewerCertificate.Metadata.Range().GetStartLine()) 159 assert.Equal(t, 20, distribution.ViewerCertificate.Metadata.Range().GetEndLine()) 160 161 assert.Equal(t, 19, distribution.ViewerCertificate.MinimumProtocolVersion.GetMetadata().Range().GetStartLine()) 162 assert.Equal(t, 19, distribution.ViewerCertificate.MinimumProtocolVersion.GetMetadata().Range().GetEndLine()) 163 }