github.com/devseccon/trivy@v0.47.1-0.20231123133102-bd902a0bd996/pkg/fanal/external/config_scan_test.go (about) 1 package external_test 2 3 import ( 4 "path/filepath" 5 "testing" 6 7 "github.com/stretchr/testify/assert" 8 "github.com/stretchr/testify/require" 9 10 "github.com/devseccon/trivy/pkg/fanal/external" 11 "github.com/devseccon/trivy/pkg/fanal/types" 12 13 _ "github.com/devseccon/trivy/pkg/fanal/analyzer/config/all" 14 ) 15 16 func TestConfigScanner_Scan(t *testing.T) { 17 type fields struct { 18 policyPaths []string 19 dataPaths []string 20 namespaces []string 21 } 22 tests := []struct { 23 name string 24 fields fields 25 inputDir string 26 want []types.Misconfiguration 27 }{ 28 { 29 name: "deny", 30 fields: fields{ 31 policyPaths: []string{filepath.Join("testdata", "deny")}, 32 namespaces: []string{"testdata"}, 33 }, 34 inputDir: filepath.Join("testdata", "deny"), 35 want: []types.Misconfiguration{ 36 { 37 FileType: "dockerfile", 38 FilePath: "Dockerfile", 39 Failures: types.MisconfResults{ 40 types.MisconfResult{ 41 Namespace: "testdata.xyz_200", 42 Query: "data.testdata.xyz_200.deny", 43 Message: "Old image", 44 PolicyMetadata: types.PolicyMetadata{ 45 ID: "XYZ-200", 46 Type: "Dockerfile Security Check", 47 Title: "Old FROM", 48 Description: "Rego module: data.testdata.xyz_200", 49 Severity: "LOW", 50 RecommendedActions: "", 51 References: []string(nil), 52 }, 53 CauseMetadata: types.CauseMetadata{ 54 Resource: "", 55 Provider: "Dockerfile", 56 Service: "general", 57 StartLine: 1, 58 EndLine: 2, 59 Code: types.Code{ 60 Lines: []types.Line{ 61 { 62 Number: 1, 63 Content: "FROM alpine:3.10", 64 Highlighted: "\x1b[38;5;64mFROM\x1b[0m\x1b[38;5;37m alpine:3.10", 65 IsCause: true, 66 Annotation: "", 67 Truncated: false, 68 FirstCause: true, 69 LastCause: false, 70 }, 71 { 72 Number: 2, 73 Content: "", 74 Highlighted: "\x1b[0m", 75 IsCause: true, 76 Annotation: "", 77 Truncated: false, 78 FirstCause: false, 79 LastCause: true, 80 }, 81 }, 82 }, 83 }, Traces: []string(nil), 84 }, 85 }, Warnings: types.MisconfResults(nil), 86 Successes: types.MisconfResults(nil), 87 Exceptions: types.MisconfResults(nil), 88 Layer: types.Layer{ 89 Digest: "", 90 DiffID: "", 91 }, 92 }, 93 }, 94 }, 95 { 96 name: "allow", 97 fields: fields{ 98 policyPaths: []string{filepath.Join("testdata", "allow")}, 99 namespaces: []string{"testdata"}, 100 }, 101 inputDir: filepath.Join("testdata", "allow"), 102 want: []types.Misconfiguration{ 103 { 104 FileType: "dockerfile", 105 FilePath: "Dockerfile", 106 Successes: types.MisconfResults{ 107 { 108 Namespace: "testdata.xyz_200", 109 Query: "data.testdata.xyz_200.deny", 110 PolicyMetadata: types.PolicyMetadata{ 111 ID: "XYZ-200", 112 Type: "Dockerfile Security Check", 113 Title: "Old FROM", 114 Description: "Rego module: data.testdata.xyz_200", 115 Severity: "LOW", 116 }, 117 CauseMetadata: types.CauseMetadata{ 118 Resource: "", 119 Provider: "Dockerfile", 120 Service: "general", 121 StartLine: 0, 122 EndLine: 0, 123 }, 124 }, 125 }, 126 }, 127 }, 128 }, 129 } 130 for _, tt := range tests { 131 t.Run(tt.name, func(t *testing.T) { 132 s, err := external.NewConfigScanner(t.TempDir(), 133 tt.fields.policyPaths, tt.fields.dataPaths, tt.fields.namespaces, false) 134 require.NoError(t, err) 135 136 defer func() { _ = s.Close() }() 137 138 got, err := s.Scan(tt.inputDir) 139 require.NoError(t, err) 140 assert.Equal(t, tt.want, got) 141 }) 142 } 143 }