github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/internal/adapters/cloud/aws/sns/sns_test.go

github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/internal/adapters/cloud/aws/sns/sns_test.go (about)

     1  package sns
     2  
     3  import (
     4  	"fmt"
     5  
     6  	"github.com/aws/aws-sdk-go-v2/aws"
     7  	snsapi "github.com/aws/aws-sdk-go-v2/service/sns"
     8  	"github.com/khulnasoft-lab/defsec/internal/adapters/cloud/aws/test"
     9  	"github.com/khulnasoft-lab/defsec/pkg/providers/aws/sns"
    10  	"github.com/khulnasoft-lab/defsec/pkg/state"
    11  	"github.com/stretchr/testify/assert"
    12  	"github.com/stretchr/testify/require"
    13  
    14  	"testing"
    15  
    16  	aws2 "github.com/khulnasoft-lab/defsec/internal/adapters/cloud/aws"
    17  )
    18  
    19  type topicDetails struct {
    20  	topicName string
    21  	kmsKeyID  string
    22  }
    23  
    24  func (q topicDetails) TopicARN() string {
    25  	return fmt.Sprintf("arn:aws:sns:us-east-1:000000000000:%s", q.topicName)
    26  }
    27  
    28  func Test_SNSTopicEncryption(t *testing.T) {
    29  
    30  	tests := []struct {
    31  		name    string
    32  		details topicDetails
    33  	}{
    34  		{
    35  			name: "simple queue with no encryption",
    36  			details: topicDetails{
    37  				topicName: "test-topic",
    38  			},
    39  		},
    40  		{
    41  			name: "simple queue with encryption",
    42  			details: topicDetails{
    43  				topicName: "test-encrypted-topic",
    44  				kmsKeyID:  "alias/sns",
    45  			},
    46  		},
    47  	}
    48  
    49  	ra, stack, err := test.CreateLocalstackAdapter(t)
    50  	defer func() { _ = stack.Stop() }()
    51  	require.NoError(t, err)
    52  
    53  	for _, tt := range tests {
    54  		t.Run(tt.name, func(t *testing.T) {
    55  			bootstrapSNSTopic(t, ra, tt.details)
    56  
    57  			testState := &state.State{}
    58  			adapter := &adapter{}
    59  			err = adapter.Adapt(ra, testState)
    60  			require.NoError(t, err)
    61  
    62  			assert.Len(t, testState.AWS.SNS.Topics, 1)
    63  			var got sns.Topic
    64  			for _, q := range testState.AWS.SNS.Topics {
    65  				if q.ARN.EqualTo(tt.details.TopicARN()) {
    66  					got = q
    67  					break
    68  				}
    69  			}
    70  
    71  			assert.Equal(t, tt.details.TopicARN(), got.ARN.Value())
    72  			assert.Equal(t, tt.details.kmsKeyID, got.Encryption.KMSKeyID.Value())
    73  			removeTopic(t, ra, tt.details.TopicARN())
    74  		})
    75  	}
    76  }
    77  
    78  func bootstrapSNSTopic(t *testing.T, ra *aws2.RootAdapter, spec topicDetails) {
    79  
    80  	api := snsapi.NewFromConfig(ra.SessionConfig())
    81  
    82  	topicAttributes := make(map[string]string)
    83  	if spec.kmsKeyID != "" {
    84  		topicAttributes["KmsMasterKeyId"] = spec.kmsKeyID
    85  	}
    86  
    87  	_, err := api.CreateTopic(ra.Context(), &snsapi.CreateTopicInput{
    88  		Name:       aws.String(spec.topicName),
    89  		Attributes: topicAttributes,
    90  	})
    91  	require.NoError(t, err)
    92  
    93  }
    94  
    95  func removeTopic(t *testing.T, ra *aws2.RootAdapter, topicARN string) {
    96  
    97  	api := snsapi.NewFromConfig(ra.SessionConfig())
    98  
    99  	_, err := api.DeleteTopic(ra.Context(), &snsapi.DeleteTopicInput{
   100  		TopicArn: aws.String(topicARN),
   101  	})
   102  	require.NoError(t, err)
   103  }