github.com/aquasecurity/trivy-iac@v0.8.1-0.20240127024015-3d8e412cf0ab/pkg/scanners/json/scanner_test.go (about) 1 package json 2 3 import ( 4 "context" 5 "testing" 6 7 "github.com/aquasecurity/defsec/pkg/framework" 8 "github.com/aquasecurity/defsec/pkg/scan" 9 "github.com/aquasecurity/defsec/pkg/scanners/options" 10 "github.com/aquasecurity/trivy-iac/test/testutil" 11 "github.com/stretchr/testify/assert" 12 "github.com/stretchr/testify/require" 13 ) 14 15 func Test_BasicScan(t *testing.T) { 16 17 fs := testutil.CreateFS(t, map[string]string{ 18 "/code/data.json": `{ "x": { "y": 123, "z": ["a", "b", "c"]}}`, 19 "/rules/rule.rego": `package builtin.json.lol 20 21 __rego_metadata__ := { 22 "id": "ABC123", 23 "avd_id": "AVD-AB-0123", 24 "title": "title", 25 "short_code": "short", 26 "severity": "CRITICAL", 27 "type": "JSON Check", 28 "description": "description", 29 "recommended_actions": "actions", 30 "url": "https://example.com", 31 } 32 33 __rego_input__ := { 34 "combine": false, 35 "selector": [{"type": "json"}], 36 } 37 38 deny[res] { 39 input.x.y == 123 40 res := { 41 "msg": "oh no", 42 "startline": 1, 43 "endline": 2, 44 } 45 } 46 47 `, 48 }) 49 50 scanner := NewScanner(options.ScannerWithPolicyDirs("rules")) 51 52 results, err := scanner.ScanFS(context.TODO(), fs, "code") 53 require.NoError(t, err) 54 55 require.Len(t, results.GetFailed(), 1) 56 57 assert.Equal(t, scan.Rule{ 58 AVDID: "AVD-AB-0123", 59 Aliases: []string{"ABC123"}, 60 ShortCode: "short", 61 Summary: "title", 62 Explanation: "description", 63 Impact: "", 64 Resolution: "actions", 65 Provider: "json", 66 Service: "general", 67 Links: []string{"https://example.com"}, 68 Severity: "CRITICAL", 69 Terraform: &scan.EngineMetadata{}, 70 CloudFormation: &scan.EngineMetadata{}, 71 CustomChecks: scan.CustomChecks{ 72 Terraform: (*scan.TerraformCustomCheck)(nil), 73 }, 74 RegoPackage: "data.builtin.json.lol", 75 Frameworks: map[framework.Framework][]string{}, 76 }, results.GetFailed()[0].Rule()) 77 }