github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/internal/adapters/cloud/aws/sqs/sqs_test.go (about) 1 package sqs 2 3 import ( 4 "fmt" 5 6 "github.com/aws/aws-sdk-go-v2/aws" 7 sqsapi "github.com/aws/aws-sdk-go-v2/service/sqs" 8 sqsTypes "github.com/aws/aws-sdk-go-v2/service/sqs/types" 9 "github.com/khulnasoft-lab/defsec/internal/adapters/cloud/aws/test" 10 "github.com/khulnasoft-lab/defsec/pkg/providers/aws/sqs" 11 "github.com/khulnasoft-lab/defsec/pkg/state" 12 localstack "github.com/khulnasoft-lab/go-mock-aws" 13 "github.com/stretchr/testify/assert" 14 "github.com/stretchr/testify/require" 15 16 "testing" 17 18 aws2 "github.com/khulnasoft-lab/defsec/internal/adapters/cloud/aws" 19 ) 20 21 type queueDetails struct { 22 queueName string 23 managedEncryption bool 24 } 25 26 func (q queueDetails) QueueURL(stack *localstack.Stack) string { 27 return fmt.Sprintf("%s/000000000000/%s", stack.EndpointURL(), q.queueName) 28 } 29 30 func Test_SQSQueueEncrypted(t *testing.T) { 31 32 tests := []struct { 33 name string 34 details queueDetails 35 }{ 36 { 37 name: "simple queue with no managed encryption", 38 details: queueDetails{ 39 queueName: "test-queue", 40 managedEncryption: false, 41 }, 42 }, 43 { 44 name: "simple queue with managed encryption", 45 details: queueDetails{ 46 queueName: "test-encrypted-queue", 47 managedEncryption: true, 48 }, 49 }, 50 } 51 52 ra, stack, err := test.CreateLocalstackAdapter(t) 53 defer func() { _ = stack.Stop() }() 54 require.NoError(t, err) 55 56 for _, tt := range tests { 57 t.Run(tt.name, func(t *testing.T) { 58 bootstrapSQSQueue(t, ra, tt.details) 59 60 testState := &state.State{} 61 sqsAdapter := &adapter{} 62 err = sqsAdapter.Adapt(ra, testState) 63 require.NoError(t, err) 64 65 assert.Len(t, testState.AWS.SQS.Queues, 1) 66 var got sqs.Queue 67 for _, q := range testState.AWS.SQS.Queues { 68 if q.QueueURL.EqualTo(tt.details.QueueURL(stack)) { 69 got = q 70 break 71 } 72 } 73 74 assert.Equal(t, tt.details.QueueURL(stack), got.QueueURL.Value()) 75 assert.Equal(t, tt.details.managedEncryption, got.Encryption.ManagedEncryption.Value()) 76 removeQueue(t, ra, tt.details.QueueURL(stack)) 77 }) 78 } 79 } 80 81 func bootstrapSQSQueue(t *testing.T, ra *aws2.RootAdapter, spec queueDetails) { 82 83 api := sqsapi.NewFromConfig(ra.SessionConfig()) 84 85 queueAttributes := make(map[string]string) 86 if spec.managedEncryption { 87 queueAttributes[string(sqsTypes.QueueAttributeNameSqsManagedSseEnabled)] = "SSE-SQS" 88 } 89 90 queue, err := api.CreateQueue(ra.Context(), &sqsapi.CreateQueueInput{ 91 QueueName: aws.String(spec.queueName), 92 }) 93 require.NoError(t, err) 94 95 _, err = api.SetQueueAttributes(ra.Context(), &sqsapi.SetQueueAttributesInput{ 96 QueueUrl: queue.QueueUrl, 97 Attributes: queueAttributes, 98 }) 99 require.NoError(t, err) 100 } 101 102 func removeQueue(t *testing.T, ra *aws2.RootAdapter, queueURL string) { 103 104 api := sqsapi.NewFromConfig(ra.SessionConfig()) 105 106 _, err := api.DeleteQueue(ra.Context(), &sqsapi.DeleteQueueInput{ 107 QueueUrl: aws.String(queueURL), 108 }) 109 require.NoError(t, err) 110 }