github.com/aquasecurity/trivy-iac@v0.8.1-0.20240127024015-3d8e412cf0ab/pkg/scanners/cloudformation/parser/fn_ref_test.go

github.com/aquasecurity/trivy-iac@v0.8.1-0.20240127024015-3d8e412cf0ab/pkg/scanners/cloudformation/parser/fn_ref_test.go (about)

     1  package parser
     2  
     3  import (
     4  	"testing"
     5  
     6  	"github.com/aquasecurity/defsec/pkg/types"
     7  
     8  	"github.com/aquasecurity/trivy-iac/pkg/scanners/cloudformation/cftypes"
     9  
    10  	"github.com/stretchr/testify/assert"
    11  	"github.com/stretchr/testify/require"
    12  )
    13  
    14  func Test_resolve_referenced_value(t *testing.T) {
    15  
    16  	property := &Property{
    17  		ctx: &FileContext{
    18  			filepath: "",
    19  			Parameters: map[string]*Parameter{
    20  				"BucketName": {
    21  					inner: parameterInner{
    22  						Type:    "string",
    23  						Default: "someBucketName",
    24  					},
    25  				},
    26  			},
    27  		},
    28  		name: "BucketName",
    29  		rng:  types.NewRange("testfile", 1, 1, "", nil),
    30  		Inner: PropertyInner{
    31  			Type: cftypes.Map,
    32  			Value: map[string]*Property{
    33  				"Ref": {
    34  					Inner: PropertyInner{
    35  						Type:  cftypes.String,
    36  						Value: "BucketName",
    37  					},
    38  				},
    39  			},
    40  		},
    41  	}
    42  
    43  	resolvedProperty, success := ResolveIntrinsicFunc(property)
    44  	require.True(t, success)
    45  
    46  	assert.Equal(t, "someBucketName", resolvedProperty.AsString())
    47  }
    48  
    49  func Test_property_value_correct_when_not_reference(t *testing.T) {
    50  
    51  	property := &Property{
    52  		ctx: &FileContext{
    53  			filepath: "",
    54  		},
    55  		name: "BucketName",
    56  		rng:  types.NewRange("testfile", 1, 1, "", nil),
    57  		Inner: PropertyInner{
    58  			Type:  cftypes.String,
    59  			Value: "someBucketName",
    60  		},
    61  	}
    62  
    63  	// should fail when trying to resolve function that is not in fact a function
    64  	resolvedProperty, success := ResolveIntrinsicFunc(property)
    65  	require.False(t, success)
    66  
    67  	assert.Equal(t, "someBucketName", resolvedProperty.AsString())
    68  }
    69  
    70  func Test_resolve_ref_with_pseudo_value(t *testing.T) {
    71  	source := `---
    72  Resources:
    73    TestInstance:
    74      Type: AWS::EC2::Instance
    75      Properties:
    76        ImageId: "ami-79fd7eee"
    77        KeyName: !Join [":", ["aws", !Ref AWS::Region, "key" ]]
    78  `
    79  	ctx := createTestFileContext(t, source)
    80  	require.NotNil(t, ctx)
    81  
    82  	testRes := ctx.GetResourceByLogicalID("TestInstance")
    83  	require.NotNil(t, testRes)
    84  
    85  	keyNameProp := testRes.GetProperty("KeyName")
    86  	require.NotNil(t, keyNameProp)
    87  
    88  	assert.Equal(t, "aws:eu-west-1:key", keyNameProp.AsString())
    89  }