github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/internal/adapters/terraform/aws/sqs/adapt_test.go (about) 1 package sqs 2 3 import ( 4 "testing" 5 6 defsecTypes "github.com/khulnasoft-lab/defsec/pkg/types" 7 8 "github.com/khulnasoft-lab/defsec/pkg/providers/aws/iam" 9 "github.com/khulnasoft-lab/defsec/pkg/providers/aws/sqs" 10 11 "github.com/khulnasoft-lab/defsec/internal/adapters/terraform/tftestutil" 12 13 "github.com/khulnasoft-lab/defsec/test/testutil" 14 "github.com/liamg/iamgo" 15 "github.com/stretchr/testify/assert" 16 "github.com/stretchr/testify/require" 17 ) 18 19 func Test_Adapt(t *testing.T) { 20 tests := []struct { 21 name string 22 terraform string 23 expected sqs.SQS 24 }{ 25 { 26 name: "np kms key", 27 terraform: ` 28 resource "aws_sqs_queue" "good_example" { 29 30 policy = <<POLICY 31 { 32 "Statement": [ 33 { 34 "Effect": "Allow", 35 "Action": "*" 36 } 37 ] 38 } 39 POLICY 40 }`, 41 expected: sqs.SQS{ 42 Queues: []sqs.Queue{ 43 { 44 Metadata: defsecTypes.NewTestMetadata(), 45 QueueURL: defsecTypes.String("", defsecTypes.NewTestMetadata()), 46 Encryption: sqs.Encryption{ 47 Metadata: defsecTypes.NewTestMetadata(), 48 ManagedEncryption: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), 49 KMSKeyID: defsecTypes.String("", defsecTypes.NewTestMetadata()), 50 }, 51 Policies: func() []iam.Policy { 52 sb := iamgo.NewStatementBuilder() 53 sb.WithEffect("Allow") 54 sb.WithActions([]string{ 55 "*", 56 }) 57 58 builder := iamgo.NewPolicyBuilder() 59 builder.WithStatement(sb.Build()) 60 61 return []iam.Policy{ 62 { 63 Metadata: defsecTypes.NewTestMetadata(), 64 Name: defsecTypes.StringDefault("", defsecTypes.NewTestMetadata()), 65 Document: iam.Document{ 66 Metadata: defsecTypes.NewTestMetadata(), 67 Parsed: builder.Build(), 68 }, 69 Builtin: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), 70 }, 71 } 72 }(), 73 }, 74 }, 75 }, 76 }, 77 { 78 name: "no policy", 79 terraform: ` 80 resource "aws_sqs_queue" "good_example" { 81 kms_master_key_id = "/blah" 82 }`, 83 expected: sqs.SQS{ 84 Queues: []sqs.Queue{ 85 { 86 Metadata: defsecTypes.NewTestMetadata(), 87 QueueURL: defsecTypes.String("", defsecTypes.NewTestMetadata()), 88 Encryption: sqs.Encryption{ 89 Metadata: defsecTypes.NewTestMetadata(), 90 ManagedEncryption: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), 91 KMSKeyID: defsecTypes.String("/blah", defsecTypes.NewTestMetadata()), 92 }, 93 Policies: nil, 94 }, 95 }, 96 }, 97 }, 98 } 99 100 for _, test := range tests { 101 t.Run(test.name, func(t *testing.T) { 102 modules := tftestutil.CreateModulesFromSource(t, test.terraform, ".tf") 103 adapted := Adapt(modules) 104 testutil.AssertDefsecEqual(t, test.expected, adapted) 105 }) 106 } 107 } 108 109 func TestLines(t *testing.T) { 110 src := ` 111 resource "aws_sqs_queue" "good_example" { 112 kms_master_key_id = "key" 113 114 policy = <<POLICY 115 { 116 "Statement": [ 117 { 118 "Effect": "Allow", 119 "Action": "*" 120 } 121 ] 122 } 123 POLICY 124 }` 125 126 modules := tftestutil.CreateModulesFromSource(t, src, ".tf") 127 adapted := Adapt(modules) 128 129 require.Len(t, adapted.Queues, 1) 130 queue := adapted.Queues[0] 131 132 assert.Equal(t, 2, queue.Metadata.Range().GetStartLine()) 133 assert.Equal(t, 15, queue.Metadata.Range().GetEndLine()) 134 135 assert.Equal(t, 3, queue.Encryption.KMSKeyID.GetMetadata().Range().GetStartLine()) 136 assert.Equal(t, 3, queue.Encryption.KMSKeyID.GetMetadata().Range().GetEndLine()) 137 138 assert.Equal(t, 5, queue.Policies[0].Metadata.Range().GetStartLine()) 139 assert.Equal(t, 14, queue.Policies[0].Metadata.Range().GetEndLine()) 140 }