github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/pkg/scanners/yaml/scanner_test.go (about) 1 package yaml 2 3 import ( 4 "context" 5 "testing" 6 7 "github.com/khulnasoft-lab/defsec/pkg/framework" 8 9 "github.com/khulnasoft-lab/defsec/pkg/scanners/options" 10 11 "github.com/khulnasoft-lab/defsec/pkg/scan" 12 13 "github.com/khulnasoft-lab/defsec/test/testutil" 14 15 "github.com/stretchr/testify/assert" 16 17 "github.com/stretchr/testify/require" 18 ) 19 20 func Test_BasicScan(t *testing.T) { 21 22 fs := testutil.CreateFS(t, map[string]string{ 23 "/code/data.yaml": `--- 24 x: 25 y: 123 26 z: 27 - a 28 - b 29 - c 30 `, 31 "/rules/rule.rego": `package builtin.yaml.lol 32 33 __rego_metadata__ := { 34 "id": "ABC123", 35 "avd_id": "AVD-AB-0123", 36 "title": "title", 37 "short_code": "short", 38 "severity": "CRITICAL", 39 "type": "YAML Check", 40 "description": "description", 41 "recommended_actions": "actions", 42 "url": "https://example.com", 43 } 44 45 __rego_input__ := { 46 "combine": false, 47 "selector": [{"type": "yaml"}], 48 } 49 50 deny[res] { 51 input.x.y == 123 52 res := { 53 "msg": "oh no", 54 "startline": 1, 55 "endline": 2, 56 } 57 } 58 59 `, 60 }) 61 62 scanner := NewScanner(options.ScannerWithPolicyDirs("rules")) 63 64 results, err := scanner.ScanFS(context.TODO(), fs, "code") 65 require.NoError(t, err) 66 67 require.Len(t, results.GetFailed(), 1) 68 69 assert.Equal(t, scan.Rule{ 70 AVDID: "AVD-AB-0123", 71 Aliases: []string{"ABC123"}, 72 ShortCode: "short", 73 Summary: "title", 74 Explanation: "description", 75 Impact: "", 76 Resolution: "actions", 77 Provider: "yaml", 78 Service: "general", 79 Links: []string{"https://example.com"}, 80 Severity: "CRITICAL", 81 Terraform: &scan.EngineMetadata{}, 82 CloudFormation: &scan.EngineMetadata{}, 83 CustomChecks: scan.CustomChecks{ 84 Terraform: (*scan.TerraformCustomCheck)(nil)}, 85 RegoPackage: "data.builtin.yaml.lol", 86 Frameworks: map[framework.Framework][]string{}, 87 }, 88 results.GetFailed()[0].Rule(), 89 ) 90 }