github.com/devseccon/trivy@v0.47.1-0.20231123133102-bd902a0bd996/pkg/compliance/spec/mapper_test.go (about) 1 package spec_test 2 3 import ( 4 "testing" 5 6 "github.com/stretchr/testify/assert" 7 8 "github.com/devseccon/trivy/pkg/compliance/spec" 9 "github.com/devseccon/trivy/pkg/fanal/secret" 10 ftypes "github.com/devseccon/trivy/pkg/fanal/types" 11 "github.com/devseccon/trivy/pkg/types" 12 ) 13 14 func TestMapSpecCheckIDToFilteredResults(t *testing.T) { 15 checkIDs := map[types.Scanner][]string{ 16 types.MisconfigScanner: { 17 "AVD-KSV012", 18 "AVD-1.2.31", 19 "AVD-1.2.32", 20 }, 21 types.VulnerabilityScanner: { 22 "CVE-9999-9999", 23 "VULN-CRITICAL", 24 }, 25 types.SecretScanner: { 26 "SECRET-CRITICAL", 27 }, 28 } 29 tests := []struct { 30 name string 31 checkIDs map[types.Scanner][]string 32 result types.Result 33 want map[string]types.Results 34 }{ 35 { 36 name: "misconfiguration", 37 checkIDs: checkIDs, 38 result: types.Result{ 39 Target: "target", 40 Class: types.ClassConfig, 41 Type: ftypes.Kubernetes, 42 Misconfigurations: []types.DetectedMisconfiguration{ 43 { 44 AVDID: "AVD-KSV012", 45 Status: types.StatusFailure, 46 }, 47 { 48 AVDID: "AVD-KSV013", 49 Status: types.StatusFailure, 50 }, 51 { 52 AVDID: "AVD-1.2.31", 53 Status: types.StatusFailure, 54 }, 55 }, 56 }, 57 want: map[string]types.Results{ 58 "AVD-KSV012": { 59 { 60 Target: "target", 61 Class: types.ClassConfig, 62 Type: ftypes.Kubernetes, 63 MisconfSummary: &types.MisconfSummary{ 64 Successes: 0, 65 Failures: 1, 66 Exceptions: 0, 67 }, 68 Misconfigurations: []types.DetectedMisconfiguration{ 69 { 70 AVDID: "AVD-KSV012", 71 Status: types.StatusFailure, 72 }, 73 }, 74 }, 75 }, 76 "AVD-1.2.31": { 77 { 78 Target: "target", 79 Class: types.ClassConfig, 80 Type: ftypes.Kubernetes, 81 MisconfSummary: &types.MisconfSummary{ 82 Successes: 0, 83 Failures: 1, 84 Exceptions: 0, 85 }, 86 Misconfigurations: []types.DetectedMisconfiguration{ 87 { 88 AVDID: "AVD-1.2.31", 89 Status: types.StatusFailure, 90 }, 91 }, 92 }, 93 }, 94 }, 95 }, 96 { 97 name: "secret", 98 checkIDs: checkIDs, 99 result: types.Result{ 100 Target: "target", 101 Class: types.ClassSecret, 102 Secrets: []ftypes.SecretFinding{ 103 { 104 RuleID: "aws-access-key-id", 105 Category: secret.CategoryAWS, 106 Severity: "CRITICAL", 107 Title: "AWS Access Key ID", 108 Code: ftypes.Code{ 109 Lines: []ftypes.Line{ 110 { 111 Number: 2, 112 Content: "AWS_ACCESS_KEY_ID=*****", 113 }, 114 }, 115 }, 116 }, 117 { 118 RuleID: "aws-account-id", 119 Category: secret.CategoryAWS, 120 Severity: "HIGH", 121 Title: "AWS Account ID", 122 Code: ftypes.Code{ 123 Lines: []ftypes.Line{ 124 { 125 Number: 1, 126 Content: "AWS_ACCOUNT_ID=*****", 127 }, 128 }, 129 }, 130 }, 131 }, 132 }, 133 want: map[string]types.Results{ 134 "SECRET-CRITICAL": { 135 { 136 Target: "target", 137 Class: types.ClassSecret, 138 Secrets: []ftypes.SecretFinding{ 139 { 140 RuleID: "aws-access-key-id", 141 Category: secret.CategoryAWS, 142 Severity: "CRITICAL", 143 Title: "AWS Access Key ID", 144 Code: ftypes.Code{ 145 Lines: []ftypes.Line{ 146 { 147 Number: 2, 148 Content: "AWS_ACCESS_KEY_ID=*****", 149 }, 150 }, 151 }, 152 }, 153 }, 154 }, 155 }, 156 }, 157 }, 158 } 159 for _, tt := range tests { 160 t.Run(tt.name, func(t *testing.T) { 161 got := spec.MapSpecCheckIDToFilteredResults(tt.result, tt.checkIDs) 162 assert.Equalf(t, tt.want, got, "MapSpecCheckIDToFilteredResults()") 163 }) 164 } 165 }