github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/internal/adapters/terraform/aws/lambda/adapt_test.go (about) 1 package lambda 2 3 import ( 4 "testing" 5 6 defsecTypes "github.com/khulnasoft-lab/defsec/pkg/types" 7 8 "github.com/khulnasoft-lab/defsec/pkg/providers/aws/lambda" 9 "github.com/stretchr/testify/assert" 10 "github.com/stretchr/testify/require" 11 12 "github.com/khulnasoft-lab/defsec/internal/adapters/terraform/tftestutil" 13 "github.com/khulnasoft-lab/defsec/test/testutil" 14 ) 15 16 func Test_Adapt(t *testing.T) { 17 tests := []struct { 18 name string 19 terraform string 20 expected lambda.Lambda 21 }{ 22 { 23 name: "reference arn", 24 terraform: ` 25 resource "aws_lambda_function" "example" { 26 filename = "lambda_function_payload.zip" 27 function_name = "lambda_function_name" 28 role = aws_iam_role.iam_for_lambda.arn 29 runtime = "nodejs12.x" 30 31 tracing_config { 32 mode = "Passthrough" 33 } 34 } 35 36 resource "aws_lambda_permission" "example" { 37 statement_id = "AllowExecutionFromSNS" 38 action = "lambda:InvokeFunction" 39 function_name = aws_lambda_function.example.function_name 40 principal = "sns.amazonaws.com" 41 source_arn = aws_sns_topic.default.arn 42 } 43 `, 44 expected: lambda.Lambda{ 45 Functions: []lambda.Function{ 46 { 47 Metadata: defsecTypes.NewTestMetadata(), 48 Tracing: lambda.Tracing{ 49 Metadata: defsecTypes.NewTestMetadata(), 50 Mode: defsecTypes.String("Passthrough", defsecTypes.NewTestMetadata()), 51 }, 52 Permissions: []lambda.Permission{ 53 { 54 Metadata: defsecTypes.NewTestMetadata(), 55 Principal: defsecTypes.String("sns.amazonaws.com", defsecTypes.NewTestMetadata()), 56 SourceARN: defsecTypes.String("default", defsecTypes.NewTestMetadata()), 57 }, 58 }, 59 }, 60 }, 61 }, 62 }, 63 { 64 name: "defaults (with an orphan)", 65 terraform: ` 66 resource "aws_lambda_function" "example" { 67 tracing_config { 68 } 69 } 70 71 resource "aws_lambda_permission" "example" { 72 } 73 `, 74 expected: lambda.Lambda{ 75 Functions: []lambda.Function{ 76 { 77 Metadata: defsecTypes.NewTestMetadata(), 78 Tracing: lambda.Tracing{ 79 Metadata: defsecTypes.NewTestMetadata(), 80 Mode: defsecTypes.String("", defsecTypes.NewTestMetadata()), 81 }, 82 }, 83 { 84 Metadata: defsecTypes.NewTestMetadata(), 85 Tracing: lambda.Tracing{ 86 Metadata: defsecTypes.NewTestMetadata(), 87 Mode: defsecTypes.String("", defsecTypes.NewTestMetadata()), 88 }, 89 Permissions: []lambda.Permission{ 90 { 91 Metadata: defsecTypes.NewTestMetadata(), 92 Principal: defsecTypes.String("", defsecTypes.NewTestMetadata()), 93 SourceARN: defsecTypes.String("", defsecTypes.NewTestMetadata()), 94 }, 95 }, 96 }, 97 }, 98 }, 99 }, 100 } 101 102 for _, test := range tests { 103 t.Run(test.name, func(t *testing.T) { 104 modules := tftestutil.CreateModulesFromSource(t, test.terraform, ".tf") 105 adapted := Adapt(modules) 106 testutil.AssertDefsecEqual(t, test.expected, adapted) 107 }) 108 } 109 } 110 111 func TestLines(t *testing.T) { 112 src := ` 113 resource "aws_lambda_function" "example" { 114 filename = "lambda_function_payload.zip" 115 function_name = "lambda_function_name" 116 role = aws_iam_role.iam_for_lambda.arn 117 runtime = "nodejs12.x" 118 119 tracing_config { 120 mode = "Passthrough" 121 } 122 } 123 124 resource "aws_lambda_permission" "example" { 125 statement_id = "AllowExecutionFromSNS" 126 action = "lambda:InvokeFunction" 127 function_name = aws_lambda_function.example.function_name 128 principal = "sns.amazonaws.com" 129 source_arn = "string arn" 130 }` 131 132 modules := tftestutil.CreateModulesFromSource(t, src, ".tf") 133 adapted := Adapt(modules) 134 135 require.Len(t, adapted.Functions, 1) 136 function := adapted.Functions[0] 137 138 assert.Equal(t, 2, function.Metadata.Range().GetStartLine()) 139 assert.Equal(t, 11, function.Metadata.Range().GetEndLine()) 140 141 assert.Equal(t, 8, function.Tracing.Metadata.Range().GetStartLine()) 142 assert.Equal(t, 10, function.Tracing.Metadata.Range().GetEndLine()) 143 144 assert.Equal(t, 9, function.Tracing.Mode.GetMetadata().Range().GetStartLine()) 145 assert.Equal(t, 9, function.Tracing.Mode.GetMetadata().Range().GetEndLine()) 146 147 assert.Equal(t, 13, function.Permissions[0].Metadata.Range().GetStartLine()) 148 assert.Equal(t, 19, function.Permissions[0].Metadata.Range().GetEndLine()) 149 150 assert.Equal(t, 17, function.Permissions[0].Principal.GetMetadata().Range().GetStartLine()) 151 assert.Equal(t, 17, function.Permissions[0].Principal.GetMetadata().Range().GetEndLine()) 152 153 assert.Equal(t, 18, function.Permissions[0].SourceARN.GetMetadata().Range().GetStartLine()) 154 assert.Equal(t, 18, function.Permissions[0].SourceARN.GetMetadata().Range().GetEndLine()) 155 }