github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/internal/adapters/terraform/aws/cloudfront/adapt_test.go (about) 1 package cloudfront 2 3 import ( 4 "testing" 5 6 defsecTypes "github.com/khulnasoft-lab/defsec/pkg/types" 7 8 "github.com/khulnasoft-lab/defsec/pkg/providers/aws/cloudfront" 9 10 "github.com/khulnasoft-lab/defsec/internal/adapters/terraform/tftestutil" 11 12 "github.com/khulnasoft-lab/defsec/test/testutil" 13 "github.com/stretchr/testify/assert" 14 "github.com/stretchr/testify/require" 15 ) 16 17 func Test_adaptDistribution(t *testing.T) { 18 tests := []struct { 19 name string 20 terraform string 21 expected cloudfront.Distribution 22 }{ 23 { 24 name: "configured", 25 terraform: ` 26 resource "aws_cloudfront_distribution" "example" { 27 logging_config { 28 bucket = "mylogs.s3.amazonaws.com" 29 } 30 31 web_acl_id = "waf_id" 32 33 default_cache_behavior { 34 viewer_protocol_policy = "redirect-to-https" 35 } 36 37 ordered_cache_behavior { 38 viewer_protocol_policy = "redirect-to-https" 39 } 40 41 viewer_certificate { 42 cloudfront_default_certificate = true 43 minimum_protocol_version = "TLSv1.2_2021" 44 } 45 } 46 `, 47 expected: cloudfront.Distribution{ 48 Metadata: defsecTypes.NewTestMetadata(), 49 WAFID: defsecTypes.String("waf_id", defsecTypes.NewTestMetadata()), 50 Logging: cloudfront.Logging{ 51 Metadata: defsecTypes.NewTestMetadata(), 52 Bucket: defsecTypes.String("mylogs.s3.amazonaws.com", defsecTypes.NewTestMetadata()), 53 }, 54 DefaultCacheBehaviour: cloudfront.CacheBehaviour{ 55 Metadata: defsecTypes.NewTestMetadata(), 56 ViewerProtocolPolicy: defsecTypes.String("redirect-to-https", defsecTypes.NewTestMetadata()), 57 }, 58 OrdererCacheBehaviours: []cloudfront.CacheBehaviour{ 59 { 60 Metadata: defsecTypes.NewTestMetadata(), 61 ViewerProtocolPolicy: defsecTypes.String("redirect-to-https", defsecTypes.NewTestMetadata()), 62 }, 63 }, 64 ViewerCertificate: cloudfront.ViewerCertificate{ 65 Metadata: defsecTypes.NewTestMetadata(), 66 MinimumProtocolVersion: defsecTypes.String("TLSv1.2_2021", defsecTypes.NewTestMetadata()), 67 }, 68 }, 69 }, 70 { 71 name: "defaults", 72 terraform: ` 73 resource "aws_cloudfront_distribution" "example" { 74 } 75 `, 76 expected: cloudfront.Distribution{ 77 Metadata: defsecTypes.NewTestMetadata(), 78 WAFID: defsecTypes.String("", defsecTypes.NewTestMetadata()), 79 Logging: cloudfront.Logging{ 80 Metadata: defsecTypes.NewTestMetadata(), 81 Bucket: defsecTypes.String("", defsecTypes.NewTestMetadata()), 82 }, 83 DefaultCacheBehaviour: cloudfront.CacheBehaviour{ 84 Metadata: defsecTypes.NewTestMetadata(), 85 ViewerProtocolPolicy: defsecTypes.String("allow-all", defsecTypes.NewTestMetadata()), 86 }, 87 88 ViewerCertificate: cloudfront.ViewerCertificate{ 89 Metadata: defsecTypes.NewTestMetadata(), 90 MinimumProtocolVersion: defsecTypes.String("TLSv1", defsecTypes.NewTestMetadata()), 91 }, 92 }, 93 }, 94 } 95 96 for _, test := range tests { 97 t.Run(test.name, func(t *testing.T) { 98 modules := tftestutil.CreateModulesFromSource(t, test.terraform, ".tf") 99 adapted := adaptDistribution(modules.GetBlocks()[0]) 100 testutil.AssertDefsecEqual(t, test.expected, adapted) 101 }) 102 } 103 } 104 105 func TestLines(t *testing.T) { 106 src := ` 107 resource "aws_cloudfront_distribution" "example" { 108 logging_config { 109 bucket = "mylogs.s3.amazonaws.com" 110 } 111 112 web_acl_id = "waf_id" 113 114 default_cache_behavior { 115 viewer_protocol_policy = "redirect-to-https" 116 } 117 118 ordered_cache_behavior { 119 viewer_protocol_policy = "redirect-to-https" 120 } 121 122 viewer_certificate { 123 cloudfront_default_certificate = true 124 minimum_protocol_version = "TLSv1.2_2021" 125 } 126 }` 127 128 modules := tftestutil.CreateModulesFromSource(t, src, ".tf") 129 adapted := Adapt(modules) 130 131 require.Len(t, adapted.Distributions, 1) 132 distribution := adapted.Distributions[0] 133 134 assert.Equal(t, 2, distribution.Metadata.Range().GetStartLine()) 135 assert.Equal(t, 21, distribution.Metadata.Range().GetEndLine()) 136 137 assert.Equal(t, 3, distribution.Logging.Metadata.Range().GetStartLine()) 138 assert.Equal(t, 5, distribution.Logging.Metadata.Range().GetEndLine()) 139 140 assert.Equal(t, 7, distribution.WAFID.GetMetadata().Range().GetStartLine()) 141 assert.Equal(t, 7, distribution.WAFID.GetMetadata().Range().GetEndLine()) 142 143 assert.Equal(t, 9, distribution.DefaultCacheBehaviour.Metadata.Range().GetStartLine()) 144 assert.Equal(t, 11, distribution.DefaultCacheBehaviour.Metadata.Range().GetEndLine()) 145 146 assert.Equal(t, 10, distribution.DefaultCacheBehaviour.ViewerProtocolPolicy.GetMetadata().Range().GetStartLine()) 147 assert.Equal(t, 10, distribution.DefaultCacheBehaviour.ViewerProtocolPolicy.GetMetadata().Range().GetEndLine()) 148 149 assert.Equal(t, 13, distribution.OrdererCacheBehaviours[0].Metadata.Range().GetStartLine()) 150 assert.Equal(t, 15, distribution.OrdererCacheBehaviours[0].Metadata.Range().GetEndLine()) 151 152 assert.Equal(t, 14, distribution.OrdererCacheBehaviours[0].ViewerProtocolPolicy.GetMetadata().Range().GetStartLine()) 153 assert.Equal(t, 14, distribution.OrdererCacheBehaviours[0].ViewerProtocolPolicy.GetMetadata().Range().GetEndLine()) 154 155 assert.Equal(t, 17, distribution.ViewerCertificate.Metadata.Range().GetStartLine()) 156 assert.Equal(t, 20, distribution.ViewerCertificate.Metadata.Range().GetEndLine()) 157 158 assert.Equal(t, 19, distribution.ViewerCertificate.MinimumProtocolVersion.GetMetadata().Range().GetStartLine()) 159 assert.Equal(t, 19, distribution.ViewerCertificate.MinimumProtocolVersion.GetMetadata().Range().GetEndLine()) 160 }