github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/internal/adapters/terraform/cloudstack/compute/adapt_test.go

github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/internal/adapters/terraform/cloudstack/compute/adapt_test.go (about)

     1  package compute
     2  
     3  import (
     4  	"testing"
     5  
     6  	defsecTypes "github.com/khulnasoft-lab/defsec/pkg/types"
     7  
     8  	"github.com/khulnasoft-lab/defsec/pkg/providers/cloudstack/compute"
     9  
    10  	"github.com/khulnasoft-lab/defsec/internal/adapters/terraform/tftestutil"
    11  
    12  	"github.com/khulnasoft-lab/defsec/test/testutil"
    13  	"github.com/stretchr/testify/assert"
    14  	"github.com/stretchr/testify/require"
    15  )
    16  
    17  func Test_adaptInstance(t *testing.T) {
    18  	tests := []struct {
    19  		name      string
    20  		terraform string
    21  		expected  compute.Instance
    22  	}{
    23  		{
    24  			name: "sensitive user data",
    25  			terraform: `
    26  			resource "cloudstack_instance" "web" {
    27  				name             = "server-1"
    28  				user_data        = <<EOF
    29  export DATABASE_PASSWORD=\"SomeSortOfPassword\"
    30  			EOF
    31  			}
    32  `,
    33  			expected: compute.Instance{
    34  				Metadata: defsecTypes.NewTestMetadata(),
    35  				UserData: defsecTypes.String(`export DATABASE_PASSWORD=\"SomeSortOfPassword\"
    36  `, defsecTypes.NewTestMetadata()),
    37  			},
    38  		},
    39  		{
    40  			name: "sensitive user data base64 encoded",
    41  			terraform: `
    42  			resource "cloudstack_instance" "web" {
    43  				name             = "server-1"
    44  				user_data        = "ZXhwb3J0IERBVEFCQVNFX1BBU1NXT1JEPSJTb21lU29ydE9mUGFzc3dvcmQi"
    45  			}
    46  `,
    47  			expected: compute.Instance{
    48  				Metadata: defsecTypes.NewTestMetadata(),
    49  				UserData: defsecTypes.String(`export DATABASE_PASSWORD="SomeSortOfPassword"`, defsecTypes.NewTestMetadata()),
    50  			},
    51  		},
    52  		{
    53  			name: "no user data provided",
    54  			terraform: `
    55  			resource "cloudstack_instance" "web" {
    56  			}
    57  `,
    58  			expected: compute.Instance{
    59  				Metadata: defsecTypes.NewTestMetadata(),
    60  				UserData: defsecTypes.String("", defsecTypes.NewTestMetadata()),
    61  			},
    62  		},
    63  	}
    64  
    65  	for _, test := range tests {
    66  		t.Run(test.name, func(t *testing.T) {
    67  			modules := tftestutil.CreateModulesFromSource(t, test.terraform, ".tf")
    68  			adapted := adaptInstance(modules.GetBlocks()[0])
    69  			testutil.AssertDefsecEqual(t, test.expected, adapted)
    70  		})
    71  	}
    72  }
    73  
    74  func TestLines(t *testing.T) {
    75  	src := `
    76  	resource "cloudstack_instance" "web" {
    77  		name             = "server-1"
    78  		user_data        = <<EOF
    79  export DATABASE_PASSWORD=\"SomeSortOfPassword\"
    80  	EOF
    81  	}`
    82  
    83  	modules := tftestutil.CreateModulesFromSource(t, src, ".tf")
    84  	adapted := Adapt(modules)
    85  
    86  	require.Len(t, adapted.Instances, 1)
    87  	instance := adapted.Instances[0]
    88  
    89  	assert.Equal(t, 4, instance.UserData.GetMetadata().Range().GetStartLine())
    90  	assert.Equal(t, 6, instance.UserData.GetMetadata().Range().GetEndLine())
    91  }