github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/pkg/formatters/sarif_test.go (about) 1 package formatters 2 3 import ( 4 "bytes" 5 "testing" 6 7 "github.com/khulnasoft-lab/defsec/pkg/providers/aws/ec2" 8 defsecTypes "github.com/khulnasoft-lab/defsec/pkg/types" 9 10 "github.com/khulnasoft-lab/defsec/pkg/severity" 11 12 "github.com/khulnasoft-lab/defsec/pkg/scan" 13 14 "github.com/khulnasoft-lab/defsec/pkg/providers" 15 "github.com/khulnasoft-lab/defsec/pkg/providers/aws/dynamodb" 16 17 "github.com/stretchr/testify/assert" 18 "github.com/stretchr/testify/require" 19 ) 20 21 func Test_SARIF(t *testing.T) { 22 want := `{ 23 "version": "2.1.0", 24 "$schema": "https://json.schemastore.org/sarif-2.1.0-rtm.5.json", 25 "runs": [ 26 { 27 "tool": { 28 "driver": { 29 "informationUri": "https://github.com/khulnasoft-lab/defsec", 30 "name": "defsec", 31 "rules": [ 32 { 33 "id": "aws-dynamodb-enable-at-rest-encryption", 34 "shortDescription": { 35 "text": "summary" 36 }, 37 "helpUri": "https://google.com" 38 } 39 ] 40 } 41 }, 42 "results": [ 43 { 44 "ruleId": "aws-dynamodb-enable-at-rest-encryption", 45 "ruleIndex": 0, 46 "level": "error", 47 "message": { 48 "text": "Cluster encryption is not enabled." 49 }, 50 "locations": [ 51 { 52 "physicalLocation": { 53 "artifactLocation": { 54 "uri": "test.test" 55 }, 56 "region": { 57 "startLine": 123, 58 "endLine": 123 59 } 60 } 61 } 62 ] 63 } 64 ] 65 } 66 ] 67 }` 68 buffer := bytes.NewBuffer([]byte{}) 69 formatter := New().AsSARIF().WithWriter(buffer).Build() 70 var results scan.Results 71 results.Add("Cluster encryption is not enabled.", 72 dynamodb.ServerSideEncryption{ 73 Metadata: defsecTypes.NewTestMetadata(), 74 Enabled: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), 75 }) 76 results.SetRule(scan.Rule{ 77 AVDID: "AVD-AA-9999", 78 ShortCode: "enable-at-rest-encryption", 79 Summary: "summary", 80 Explanation: "explanation", 81 Impact: "impact", 82 Resolution: "resolution", 83 Provider: providers.AWSProvider, 84 Service: "dynamodb", 85 Links: []string{ 86 "https://google.com", 87 }, 88 Severity: severity.High, 89 }) 90 require.NoError(t, formatter.Output(results)) 91 assert.Equal(t, want, buffer.String()) 92 } 93 94 func Test_SARIF_nested_paths(t *testing.T) { 95 want := `{ 96 "version": "2.1.0", 97 "$schema": "https://json.schemastore.org/sarif-2.1.0-rtm.5.json", 98 "runs": [ 99 { 100 "tool": { 101 "driver": { 102 "informationUri": "https://github.com/khulnasoft-lab/defsec", 103 "name": "defsec", 104 "rules": [ 105 { 106 "id": "aws-ec2-add-description-to-security-group-rule", 107 "shortDescription": { 108 "text": "summary" 109 }, 110 "helpUri": "link" 111 } 112 ] 113 } 114 }, 115 "results": [ 116 { 117 "ruleId": "aws-ec2-add-description-to-security-group-rule", 118 "ruleIndex": 0, 119 "level": "note", 120 "message": { 121 "text": "Security group rule does not have a description." 122 }, 123 "locations": [ 124 { 125 "physicalLocation": { 126 "artifactLocation": { 127 "uri": "test.test" 128 }, 129 "region": { 130 "startLine": 123, 131 "endLine": 123 132 } 133 } 134 } 135 ] 136 } 137 ] 138 } 139 ] 140 }` 141 buffer := bytes.NewBuffer([]byte{}) 142 formatter := New().AsSARIF().WithWriter(buffer).Build() 143 var results scan.Results 144 145 parentMetadata := defsecTypes.NewTestMetadata() 146 parentMetadata.SetRange(defsecTypes.NewRange("main.tf", 1, 2, "", nil)) 147 148 nestedMetadata := defsecTypes.NewTestMetadata().WithParent(parentMetadata) 149 150 results.Add("Security group rule does not have a description.", 151 ec2.SecurityGroup{ 152 Metadata: nestedMetadata, 153 }, 154 ) 155 results.SetRule(scan.Rule{ 156 AVDID: "AVD-AWS-0124", 157 ShortCode: "add-description-to-security-group-rule", 158 Summary: "summary", 159 Explanation: "explanation", 160 Impact: "impact", 161 Resolution: "resolution", 162 Provider: providers.AWSProvider, 163 Service: "ec2", 164 Links: []string{ 165 "link", 166 }, 167 Severity: severity.Low, 168 }) 169 require.NoError(t, formatter.Output(results)) 170 assert.Equal(t, want, buffer.String()) 171 }