github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/internal/adapters/terraform/azure/appservice/adapt_test.go (about) 1 package appservice 2 3 import ( 4 "testing" 5 6 defsecTypes "github.com/khulnasoft-lab/defsec/pkg/types" 7 8 "github.com/khulnasoft-lab/defsec/pkg/providers/azure/appservice" 9 10 "github.com/khulnasoft-lab/defsec/internal/adapters/terraform/tftestutil" 11 12 "github.com/khulnasoft-lab/defsec/test/testutil" 13 "github.com/stretchr/testify/assert" 14 "github.com/stretchr/testify/require" 15 ) 16 17 func Test_adaptService(t *testing.T) { 18 tests := []struct { 19 name string 20 terraform string 21 expected appservice.Service 22 }{ 23 { 24 name: "configured", 25 terraform: ` 26 resource "azurerm_app_service" "my_example" { 27 name = "example-app-service" 28 client_cert_enabled = true 29 30 identity { 31 type = "UserAssigned" 32 identity_ids = "webapp1" 33 } 34 site_config { 35 http2_enabled = true 36 min_tls_version = "1.0" 37 38 } 39 auth_settings { 40 enabled = true 41 } 42 } 43 `, 44 expected: appservice.Service{ 45 Metadata: defsecTypes.NewTestMetadata(), 46 EnableClientCert: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), 47 Identity: struct{ Type defsecTypes.StringValue }{ 48 Type: defsecTypes.String("UserAssigned", defsecTypes.NewTestMetadata()), 49 }, 50 Authentication: struct{ Enabled defsecTypes.BoolValue }{ 51 Enabled: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), 52 }, 53 Site: struct { 54 EnableHTTP2 defsecTypes.BoolValue 55 MinimumTLSVersion defsecTypes.StringValue 56 }{ 57 EnableHTTP2: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), 58 MinimumTLSVersion: defsecTypes.String("1.0", defsecTypes.NewTestMetadata()), 59 }, 60 }, 61 }, 62 { 63 name: "defaults", 64 terraform: ` 65 resource "azurerm_app_service" "my_example" { 66 } 67 `, 68 expected: appservice.Service{ 69 Metadata: defsecTypes.NewTestMetadata(), 70 EnableClientCert: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), 71 Identity: struct{ Type defsecTypes.StringValue }{ 72 Type: defsecTypes.String("", defsecTypes.NewTestMetadata()), 73 }, 74 Authentication: struct{ Enabled defsecTypes.BoolValue }{ 75 Enabled: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), 76 }, 77 Site: struct { 78 EnableHTTP2 defsecTypes.BoolValue 79 MinimumTLSVersion defsecTypes.StringValue 80 }{ 81 EnableHTTP2: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), 82 MinimumTLSVersion: defsecTypes.String("1.2", defsecTypes.NewTestMetadata()), 83 }, 84 }, 85 }, 86 } 87 88 for _, test := range tests { 89 t.Run(test.name, func(t *testing.T) { 90 modules := tftestutil.CreateModulesFromSource(t, test.terraform, ".tf") 91 adapted := adaptService(modules.GetBlocks()[0]) 92 testutil.AssertDefsecEqual(t, test.expected, adapted) 93 }) 94 } 95 } 96 97 func Test_adaptFunctionApp(t *testing.T) { 98 tests := []struct { 99 name string 100 terraform string 101 expected appservice.FunctionApp 102 }{ 103 { 104 name: "configured", 105 terraform: ` 106 resource "azurerm_function_app" "my_example" { 107 name = "test-azure-functions" 108 https_only = true 109 } 110 `, 111 expected: appservice.FunctionApp{ 112 Metadata: defsecTypes.NewTestMetadata(), 113 HTTPSOnly: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), 114 }, 115 }, 116 { 117 name: "defaults", 118 terraform: ` 119 resource "azurerm_function_app" "my_example" { 120 } 121 `, 122 expected: appservice.FunctionApp{ 123 Metadata: defsecTypes.NewTestMetadata(), 124 HTTPSOnly: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), 125 }, 126 }, 127 } 128 129 for _, test := range tests { 130 t.Run(test.name, func(t *testing.T) { 131 modules := tftestutil.CreateModulesFromSource(t, test.terraform, ".tf") 132 adapted := adaptFunctionApp(modules.GetBlocks()[0]) 133 testutil.AssertDefsecEqual(t, test.expected, adapted) 134 }) 135 } 136 } 137 138 func TestLines(t *testing.T) { 139 src := ` 140 resource "azurerm_app_service" "my_example" { 141 name = "example-app-service" 142 client_cert_enabled = true 143 144 identity { 145 type = "UserAssigned" 146 identity_ids = "webapp1" 147 } 148 site_config { 149 http2_enabled = true 150 min_tls_version = "1.0" 151 } 152 auth_settings { 153 enabled = true 154 } 155 } 156 157 resource "azurerm_function_app" "my_example" { 158 name = "test-azure-functions" 159 https_only = true 160 }` 161 162 modules := tftestutil.CreateModulesFromSource(t, src, ".tf") 163 adapted := Adapt(modules) 164 165 require.Len(t, adapted.Services, 1) 166 require.Len(t, adapted.FunctionApps, 1) 167 168 service := adapted.Services[0] 169 functionApp := adapted.FunctionApps[0] 170 171 assert.Equal(t, 4, service.EnableClientCert.GetMetadata().Range().GetStartLine()) 172 assert.Equal(t, 4, service.EnableClientCert.GetMetadata().Range().GetEndLine()) 173 174 assert.Equal(t, 7, service.Identity.Type.GetMetadata().Range().GetStartLine()) 175 assert.Equal(t, 7, service.Identity.Type.GetMetadata().Range().GetEndLine()) 176 177 assert.Equal(t, 11, service.Site.EnableHTTP2.GetMetadata().Range().GetStartLine()) 178 assert.Equal(t, 11, service.Site.EnableHTTP2.GetMetadata().Range().GetEndLine()) 179 180 assert.Equal(t, 12, service.Site.MinimumTLSVersion.GetMetadata().Range().GetStartLine()) 181 assert.Equal(t, 12, service.Site.MinimumTLSVersion.GetMetadata().Range().GetEndLine()) 182 183 assert.Equal(t, 15, service.Authentication.Enabled.GetMetadata().Range().GetStartLine()) 184 assert.Equal(t, 15, service.Authentication.Enabled.GetMetadata().Range().GetEndLine()) 185 186 assert.Equal(t, 21, functionApp.HTTPSOnly.GetMetadata().Range().GetStartLine()) 187 assert.Equal(t, 21, functionApp.HTTPSOnly.GetMetadata().Range().GetEndLine()) 188 }