github.com/aquasecurity/trivy-iac@v0.8.1-0.20240127024015-3d8e412cf0ab/pkg/scanners/cloudformation/parser/fn_sub_test.go (about) 1 package parser 2 3 import ( 4 "testing" 5 6 "github.com/stretchr/testify/assert" 7 "github.com/stretchr/testify/require" 8 ) 9 10 func Test_resolve_sub_value(t *testing.T) { 11 source := `--- 12 Resources: 13 TestInstance: 14 Type: AWS::EC2::Instance 15 Properties: 16 ImageId: "ami-79fd7eee" 17 KeyName: "testkey" 18 UserData: 19 !Sub | 20 #!/bin/bash -xe 21 yum update -y aws-cfn-bootstrap 22 /opt/aws/bin/cfn-init -v --stack ${AWS::StackName} --resource LaunchConfig --configsets wordpress_install --region ${AWS::Region} 23 /opt/aws/bin/cfn-signal -e $? --stack ${AWS::StackName} --resource WebServerGroup --region ${AWS::Region} 24 ` 25 ctx := createTestFileContext(t, source) 26 require.NotNil(t, ctx) 27 28 testRes := ctx.GetResourceByLogicalID("TestInstance") 29 require.NotNil(t, testRes) 30 31 userDataProp := testRes.GetProperty("UserData") 32 require.NotNil(t, userDataProp) 33 34 assert.Equal(t, "#!/bin/bash -xe\nyum update -y aws-cfn-bootstrap\n/opt/aws/bin/cfn-init -v --stack cfsec-test-stack --resource LaunchConfig --configsets wordpress_install --region eu-west-1\n/opt/aws/bin/cfn-signal -e $? --stack cfsec-test-stack --resource WebServerGroup --region eu-west-1\n", userDataProp.AsString()) 35 } 36 37 func Test_resolve_sub_value_with_base64(t *testing.T) { 38 39 source := `--- 40 Resources: 41 TestInstance: 42 Type: AWS::EC2::Instance 43 Properties: 44 ImageId: "ami-79fd7eee" 45 KeyName: "testkey" 46 UserData: 47 Fn::Base64: 48 !Sub | 49 #!/bin/bash -xe 50 yum update -y aws-cfn-bootstrap 51 /opt/aws/bin/cfn-init -v --stack ${AWS::StackName} --resource LaunchConfig --configsets wordpress_install --region ${AWS::Region} 52 /opt/aws/bin/cfn-signal -e $? --stack ${AWS::StackName} --resource WebServerGroup --region ${AWS::Region}` 53 ctx := createTestFileContext(t, source) 54 require.NotNil(t, ctx) 55 56 testRes := ctx.GetResourceByLogicalID("TestInstance") 57 require.NotNil(t, testRes) 58 59 userDataProp := testRes.GetProperty("UserData") 60 require.NotNil(t, userDataProp) 61 62 assert.Equal(t, "IyEvYmluL2Jhc2ggLXhlCnl1bSB1cGRhdGUgLXkgYXdzLWNmbi1ib290c3RyYXAKL29wdC9hd3MvYmluL2Nmbi1pbml0IC12IC0tc3RhY2sgY2ZzZWMtdGVzdC1zdGFjayAtLXJlc291cmNlIExhdW5jaENvbmZpZyAtLWNvbmZpZ3NldHMgd29yZHByZXNzX2luc3RhbGwgLS1yZWdpb24gZXUtd2VzdC0xCi9vcHQvYXdzL2Jpbi9jZm4tc2lnbmFsIC1lICQ/IC0tc3RhY2sgY2ZzZWMtdGVzdC1zdGFjayAtLXJlc291cmNlIFdlYlNlcnZlckdyb3VwIC0tcmVnaW9uIGV1LXdlc3QtMQ==", userDataProp.AsString()) 63 } 64 65 func Test_resolve_sub_value_with_map(t *testing.T) { 66 67 source := `--- 68 Parameters: 69 RootDomainName: 70 Type: String 71 Default: somedomain.com 72 Resources: 73 TestDistribution: 74 Type: AWS::CloudFront::Distribution 75 Properties: 76 DistributionConfig: 77 DefaultCacheBehavior: 78 TargetOriginId: target 79 ViewerProtocolPolicy: https-only 80 Enabled: true 81 Origins: 82 - DomainName: 83 !Sub 84 - www.${Domain} 85 - { Domain: !Ref RootDomainName } 86 Id: somedomain1 87 88 89 ` 90 ctx := createTestFileContext(t, source) 91 require.NotNil(t, ctx) 92 93 testRes := ctx.GetResourceByLogicalID("TestDistribution") 94 require.NotNil(t, testRes) 95 96 originsList := testRes.GetProperty("DistributionConfig.Origins") 97 98 domainNameProp := originsList.AsList()[0].GetProperty("DomainName") 99 require.NotNil(t, domainNameProp) 100 101 assert.Equal(t, "www.somedomain.com", domainNameProp.AsString()) 102 103 }