github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/internal/adapters/terraform/aws/elb/adapt_test.go (about) 1 package elb 2 3 import ( 4 "testing" 5 6 defsecTypes "github.com/khulnasoft-lab/defsec/pkg/types" 7 8 "github.com/khulnasoft-lab/defsec/pkg/providers/aws/elb" 9 10 "github.com/khulnasoft-lab/defsec/internal/adapters/terraform/tftestutil" 11 12 "github.com/khulnasoft-lab/defsec/test/testutil" 13 "github.com/stretchr/testify/assert" 14 "github.com/stretchr/testify/require" 15 ) 16 17 func Test_Adapt(t *testing.T) { 18 tests := []struct { 19 name string 20 terraform string 21 expected elb.ELB 22 }{ 23 { 24 name: "configured", 25 terraform: ` 26 resource "aws_alb" "example" { 27 name = "good_alb" 28 internal = true 29 load_balancer_type = "application" 30 31 access_logs { 32 bucket = aws_s3_bucket.lb_logs.bucket 33 prefix = "test-lb" 34 enabled = true 35 } 36 37 drop_invalid_header_fields = true 38 } 39 40 resource "aws_alb_listener" "example" { 41 load_balancer_arn = aws_alb.example.arn 42 protocol = "HTTPS" 43 ssl_policy = "ELBSecurityPolicy-TLS-1-1-2017-01" 44 45 default_action { 46 type = "forward" 47 } 48 } 49 `, 50 expected: elb.ELB{ 51 LoadBalancers: []elb.LoadBalancer{ 52 { 53 Metadata: defsecTypes.NewTestMetadata(), 54 Type: defsecTypes.String("application", defsecTypes.NewTestMetadata()), 55 DropInvalidHeaderFields: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), 56 Internal: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), 57 Listeners: []elb.Listener{ 58 { 59 Metadata: defsecTypes.NewTestMetadata(), 60 Protocol: defsecTypes.String("HTTPS", defsecTypes.NewTestMetadata()), 61 TLSPolicy: defsecTypes.String("ELBSecurityPolicy-TLS-1-1-2017-01", defsecTypes.NewTestMetadata()), 62 DefaultActions: []elb.Action{ 63 { 64 Metadata: defsecTypes.NewTestMetadata(), 65 Type: defsecTypes.String("forward", defsecTypes.NewTestMetadata()), 66 }, 67 }, 68 }, 69 }, 70 }, 71 }, 72 }, 73 }, 74 { 75 name: "defaults", 76 terraform: ` 77 resource "aws_alb" "example" { 78 } 79 `, 80 expected: elb.ELB{ 81 LoadBalancers: []elb.LoadBalancer{ 82 { 83 Metadata: defsecTypes.NewTestMetadata(), 84 Type: defsecTypes.String("application", defsecTypes.NewTestMetadata()), 85 DropInvalidHeaderFields: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), 86 Internal: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), 87 Listeners: nil, 88 }, 89 }, 90 }, 91 }, 92 } 93 94 for _, test := range tests { 95 t.Run(test.name, func(t *testing.T) { 96 modules := tftestutil.CreateModulesFromSource(t, test.terraform, ".tf") 97 adapted := Adapt(modules) 98 testutil.AssertDefsecEqual(t, test.expected, adapted) 99 }) 100 } 101 } 102 103 func TestLines(t *testing.T) { 104 src := ` 105 resource "aws_alb" "example" { 106 name = "good_alb" 107 internal = true 108 load_balancer_type = "application" 109 drop_invalid_header_fields = true 110 111 access_logs { 112 bucket = aws_s3_bucket.lb_logs.bucket 113 prefix = "test-lb" 114 enabled = true 115 } 116 } 117 118 resource "aws_alb_listener" "example" { 119 load_balancer_arn = aws_alb.example.arn 120 protocol = "HTTPS" 121 ssl_policy = "ELBSecurityPolicy-TLS-1-1-2017-01" 122 123 default_action { 124 type = "forward" 125 } 126 }` 127 128 modules := tftestutil.CreateModulesFromSource(t, src, ".tf") 129 adapted := Adapt(modules) 130 131 require.Len(t, adapted.LoadBalancers, 1) 132 loadBalancer := adapted.LoadBalancers[0] 133 134 assert.Equal(t, 2, loadBalancer.Metadata.Range().GetStartLine()) 135 assert.Equal(t, 13, loadBalancer.Metadata.Range().GetEndLine()) 136 137 assert.Equal(t, 4, loadBalancer.Internal.GetMetadata().Range().GetStartLine()) 138 assert.Equal(t, 4, loadBalancer.Internal.GetMetadata().Range().GetEndLine()) 139 140 assert.Equal(t, 5, loadBalancer.Type.GetMetadata().Range().GetStartLine()) 141 assert.Equal(t, 5, loadBalancer.Type.GetMetadata().Range().GetEndLine()) 142 143 assert.Equal(t, 6, loadBalancer.DropInvalidHeaderFields.GetMetadata().Range().GetStartLine()) 144 assert.Equal(t, 6, loadBalancer.DropInvalidHeaderFields.GetMetadata().Range().GetEndLine()) 145 146 assert.Equal(t, 15, loadBalancer.Listeners[0].Metadata.Range().GetStartLine()) 147 assert.Equal(t, 23, loadBalancer.Listeners[0].Metadata.Range().GetEndLine()) 148 149 assert.Equal(t, 17, loadBalancer.Listeners[0].Protocol.GetMetadata().Range().GetStartLine()) 150 assert.Equal(t, 17, loadBalancer.Listeners[0].Protocol.GetMetadata().Range().GetEndLine()) 151 152 assert.Equal(t, 18, loadBalancer.Listeners[0].TLSPolicy.GetMetadata().Range().GetStartLine()) 153 assert.Equal(t, 18, loadBalancer.Listeners[0].TLSPolicy.GetMetadata().Range().GetEndLine()) 154 155 assert.Equal(t, 20, loadBalancer.Listeners[0].DefaultActions[0].Metadata.Range().GetStartLine()) 156 assert.Equal(t, 22, loadBalancer.Listeners[0].DefaultActions[0].Metadata.Range().GetEndLine()) 157 158 assert.Equal(t, 21, loadBalancer.Listeners[0].DefaultActions[0].Type.GetMetadata().Range().GetStartLine()) 159 assert.Equal(t, 21, loadBalancer.Listeners[0].DefaultActions[0].Type.GetMetadata().Range().GetEndLine()) 160 161 }