github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/internal/adapters/terraform/aws/iam/adapt_test.go

github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/internal/adapters/terraform/aws/iam/adapt_test.go (about)

     1  package iam
     2  
     3  import (
     4  	"testing"
     5  
     6  	"github.com/khulnasoft-lab/defsec/internal/adapters/terraform/tftestutil"
     7  	"github.com/stretchr/testify/assert"
     8  	"github.com/stretchr/testify/require"
     9  )
    10  
    11  func TestLines(t *testing.T) {
    12  	src := `
    13  	resource "aws_iam_account_password_policy" "strict" {
    14  		minimum_password_length        = 8
    15  		require_lowercase_characters   = true
    16  		require_numbers                = true
    17  		require_uppercase_characters   = true
    18  		require_symbols                = true
    19  	  }
    20  
    21  	resource "aws_iam_group" "my_developers" {
    22  		name = "developers"
    23  		path = "/users/"
    24  	  }
    25  
    26  	  resource "aws_iam_group_policy" "my_developer_policy" {
    27  		name  = "my_developer_policy"
    28  		group = aws_iam_group.my_developers.name
    29  
    30  		policy = <<EOF
    31  		{
    32  		  "Version": "2012-10-17",
    33  		  "Statement": [
    34  		  {
    35  			"Sid": "new policy",
    36  			"Effect": "Allow",
    37  			"Resource": "*",
    38  			"Action": [
    39  				"ec2:Describe*"
    40  			]
    41  		  }
    42  		  ]
    43  		}
    44  		EOF
    45  	  }
    46  
    47  	  resource "aws_iam_user" "lb" {
    48  		name = "loadbalancer"
    49  		path = "/system/"
    50  	  }
    51  
    52  	  resource "aws_iam_user_policy" "policy" {
    53  		name = "test"
    54  		user = aws_iam_user.lb.name
    55  
    56  
    57  		policy = jsonencode({
    58  			Version = "2012-10-17"
    59  			Statement = [
    60  			  {
    61  				Action = [
    62  				  "ec2:Describe*",
    63  				]
    64  				Effect   = "Allow"
    65  				Resource = "*"
    66  			  },
    67  			]
    68  		  })
    69  	  }
    70  	`
    71  	modules := tftestutil.CreateModulesFromSource(t, src, ".tf")
    72  	adapted := Adapt(modules)
    73  
    74  	require.Len(t, adapted.Groups, 1)
    75  	require.Len(t, adapted.Users, 1)
    76  
    77  	group := adapted.Groups[0]
    78  	user := adapted.Users[0]
    79  	policy := adapted.PasswordPolicy
    80  
    81  	assert.Equal(t, 2, policy.Metadata.Range().GetStartLine())
    82  	assert.Equal(t, 8, policy.Metadata.Range().GetEndLine())
    83  
    84  	assert.Equal(t, 3, policy.MinimumLength.GetMetadata().Range().GetStartLine())
    85  	assert.Equal(t, 3, policy.MinimumLength.GetMetadata().Range().GetEndLine())
    86  
    87  	assert.Equal(t, 4, policy.RequireLowercase.GetMetadata().Range().GetStartLine())
    88  	assert.Equal(t, 4, policy.RequireLowercase.GetMetadata().Range().GetEndLine())
    89  
    90  	assert.Equal(t, 5, policy.RequireNumbers.GetMetadata().Range().GetStartLine())
    91  	assert.Equal(t, 5, policy.RequireNumbers.GetMetadata().Range().GetEndLine())
    92  
    93  	assert.Equal(t, 6, policy.RequireUppercase.GetMetadata().Range().GetStartLine())
    94  	assert.Equal(t, 6, policy.RequireUppercase.GetMetadata().Range().GetEndLine())
    95  
    96  	assert.Equal(t, 7, policy.RequireSymbols.GetMetadata().Range().GetStartLine())
    97  	assert.Equal(t, 7, policy.RequireSymbols.GetMetadata().Range().GetEndLine())
    98  
    99  	assert.Equal(t, 10, group.Metadata.Range().GetStartLine())
   100  	assert.Equal(t, 13, group.Metadata.Range().GetEndLine())
   101  
   102  	assert.Equal(t, 11, group.Name.GetMetadata().Range().GetStartLine())
   103  	assert.Equal(t, 11, group.Name.GetMetadata().Range().GetEndLine())
   104  
   105  	assert.Equal(t, 15, group.Policies[0].Metadata.Range().GetStartLine())
   106  	assert.Equal(t, 34, group.Policies[0].Metadata.Range().GetEndLine())
   107  
   108  	assert.Equal(t, 16, group.Policies[0].Name.GetMetadata().Range().GetStartLine())
   109  	assert.Equal(t, 16, group.Policies[0].Name.GetMetadata().Range().GetEndLine())
   110  
   111  	assert.Equal(t, 19, group.Policies[0].Document.Metadata.Range().GetStartLine())
   112  	assert.Equal(t, 33, group.Policies[0].Document.Metadata.Range().GetEndLine())
   113  
   114  	assert.Equal(t, 36, user.Metadata.Range().GetStartLine())
   115  	assert.Equal(t, 39, user.Metadata.Range().GetEndLine())
   116  
   117  	assert.Equal(t, 37, user.Name.GetMetadata().Range().GetStartLine())
   118  	assert.Equal(t, 37, user.Name.GetMetadata().Range().GetEndLine())
   119  
   120  	assert.Equal(t, 41, user.Policies[0].Metadata.Range().GetStartLine())
   121  	assert.Equal(t, 58, user.Policies[0].Metadata.Range().GetEndLine())
   122  
   123  	assert.Equal(t, 42, user.Policies[0].Name.GetMetadata().Range().GetStartLine())
   124  	assert.Equal(t, 42, user.Policies[0].Name.GetMetadata().Range().GetEndLine())
   125  
   126  	assert.Equal(t, 46, user.Policies[0].Document.Metadata.Range().GetStartLine())
   127  	assert.Equal(t, 57, user.Policies[0].Document.Metadata.Range().GetEndLine())
   128  }