github.com/aquasecurity/trivy-iac@v0.8.1-0.20240127024015-3d8e412cf0ab/pkg/scanners/yaml/scanner_test.go (about) 1 package yaml 2 3 import ( 4 "context" 5 "testing" 6 7 "github.com/aquasecurity/defsec/pkg/framework" 8 "github.com/aquasecurity/defsec/pkg/scan" 9 "github.com/aquasecurity/defsec/pkg/scanners/options" 10 "github.com/aquasecurity/trivy-iac/test/testutil" 11 "github.com/stretchr/testify/assert" 12 "github.com/stretchr/testify/require" 13 ) 14 15 func Test_BasicScan(t *testing.T) { 16 17 fs := testutil.CreateFS(t, map[string]string{ 18 "/code/data.yaml": `--- 19 x: 20 y: 123 21 z: 22 - a 23 - b 24 - c 25 `, 26 "/rules/rule.rego": `package builtin.yaml.lol 27 28 __rego_metadata__ := { 29 "id": "ABC123", 30 "avd_id": "AVD-AB-0123", 31 "title": "title", 32 "short_code": "short", 33 "severity": "CRITICAL", 34 "type": "YAML Check", 35 "description": "description", 36 "recommended_actions": "actions", 37 "url": "https://example.com", 38 } 39 40 __rego_input__ := { 41 "combine": false, 42 "selector": [{"type": "yaml"}], 43 } 44 45 deny[res] { 46 input.x.y == 123 47 res := { 48 "msg": "oh no", 49 "startline": 1, 50 "endline": 2, 51 } 52 } 53 54 `, 55 }) 56 57 scanner := NewScanner(options.ScannerWithPolicyDirs("rules")) 58 59 results, err := scanner.ScanFS(context.TODO(), fs, "code") 60 require.NoError(t, err) 61 62 require.Len(t, results.GetFailed(), 1) 63 64 assert.Equal(t, scan.Rule{ 65 AVDID: "AVD-AB-0123", 66 Aliases: []string{"ABC123"}, 67 ShortCode: "short", 68 Summary: "title", 69 Explanation: "description", 70 Impact: "", 71 Resolution: "actions", 72 Provider: "yaml", 73 Service: "general", 74 Links: []string{"https://example.com"}, 75 Severity: "CRITICAL", 76 Terraform: &scan.EngineMetadata{}, 77 CloudFormation: &scan.EngineMetadata{}, 78 CustomChecks: scan.CustomChecks{ 79 Terraform: (*scan.TerraformCustomCheck)(nil)}, 80 RegoPackage: "data.builtin.yaml.lol", 81 Frameworks: map[framework.Framework][]string{}, 82 }, 83 results.GetFailed()[0].Rule(), 84 ) 85 }