github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/rules/cloud/policies/aws/cloudwatch/require_org_changes_alarm_test.go

github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/rules/cloud/policies/aws/cloudwatch/require_org_changes_alarm_test.go (about)

     1  package cloudwatch
     2  
     3  import (
     4  	"testing"
     5  
     6  	"github.com/khulnasoft-lab/defsec/pkg/providers/aws/cloudtrail"
     7  
     8  	defsecTypes "github.com/khulnasoft-lab/defsec/pkg/types"
     9  
    10  	"github.com/khulnasoft-lab/defsec/pkg/providers/aws/cloudwatch"
    11  	"github.com/khulnasoft-lab/defsec/pkg/scan"
    12  	"github.com/khulnasoft-lab/defsec/pkg/state"
    13  	"github.com/stretchr/testify/assert"
    14  )
    15  
    16  func TestCheckRequireOrgChangesAlarm(t *testing.T) {
    17  	tests := []struct {
    18  		name       string
    19  		cloudtrail cloudtrail.CloudTrail
    20  		cloudwatch cloudwatch.CloudWatch
    21  		expected   bool
    22  	}{
    23  		{
    24  			name: "alarm exists",
    25  			cloudtrail: cloudtrail.CloudTrail{
    26  				Trails: []cloudtrail.Trail{
    27  					{
    28  						Metadata:                  defsecTypes.NewTestMetadata(),
    29  						CloudWatchLogsLogGroupArn: defsecTypes.String("arn:aws:cloudwatch:us-east-1:123456789012:log-group:cloudtrail-logging", defsecTypes.NewTestMetadata()),
    30  						IsLogging:                 defsecTypes.Bool(true, defsecTypes.NewTestMetadata()),
    31  						IsMultiRegion:             defsecTypes.Bool(true, defsecTypes.NewTestMetadata()),
    32  					},
    33  				},
    34  			},
    35  			cloudwatch: cloudwatch.CloudWatch{
    36  				LogGroups: []cloudwatch.LogGroup{
    37  					{
    38  						Arn: defsecTypes.String("arn:aws:cloudwatch:us-east-1:123456789012:log-group:cloudtrail-logging", defsecTypes.NewTestMetadata()),
    39  						MetricFilters: []cloudwatch.MetricFilter{
    40  							{
    41  								FilterName:    defsecTypes.String("OrganizationEvents", defsecTypes.NewTestMetadata()),
    42  								FilterPattern: defsecTypes.String("{ $.eventSource = \"organizations.amazonaws.com\" }", defsecTypes.NewTestMetadata()),
    43  							},
    44  						},
    45  					},
    46  				},
    47  				Alarms: []cloudwatch.Alarm{
    48  					{
    49  						Metadata:   defsecTypes.NewTestMetadata(),
    50  						MetricName: defsecTypes.String("OrganizationEvents", defsecTypes.NewTestMetadata()),
    51  					},
    52  				},
    53  			},
    54  			expected: false,
    55  		},
    56  		{
    57  			name: "metric filter does not exist",
    58  			cloudtrail: cloudtrail.CloudTrail{
    59  				Trails: []cloudtrail.Trail{
    60  					{
    61  						Metadata:                  defsecTypes.NewTestMetadata(),
    62  						CloudWatchLogsLogGroupArn: defsecTypes.String("arn:aws:cloudwatch:us-east-1:123456789012:log-group:cloudtrail-logging", defsecTypes.NewTestMetadata()),
    63  						IsLogging:                 defsecTypes.Bool(true, defsecTypes.NewTestMetadata()),
    64  						IsMultiRegion:             defsecTypes.Bool(true, defsecTypes.NewTestMetadata()),
    65  					},
    66  				},
    67  			},
    68  			cloudwatch: cloudwatch.CloudWatch{
    69  				LogGroups: []cloudwatch.LogGroup{
    70  					{
    71  						Arn: defsecTypes.String("arn:aws:cloudwatch:us-east-1:123456789012:log-group:cloudtrail-logging", defsecTypes.NewTestMetadata()),
    72  					},
    73  				},
    74  			},
    75  			expected: true,
    76  		},
    77  		{
    78  			name: "alarm does not exist",
    79  			cloudtrail: cloudtrail.CloudTrail{
    80  				Trails: []cloudtrail.Trail{
    81  					{
    82  						Metadata:                  defsecTypes.NewTestMetadata(),
    83  						CloudWatchLogsLogGroupArn: defsecTypes.String("arn:aws:cloudwatch:us-east-1:123456789012:log-group:cloudtrail-logging", defsecTypes.NewTestMetadata()),
    84  						IsLogging:                 defsecTypes.Bool(true, defsecTypes.NewTestMetadata()),
    85  						IsMultiRegion:             defsecTypes.Bool(true, defsecTypes.NewTestMetadata()),
    86  					},
    87  				},
    88  			},
    89  			cloudwatch: cloudwatch.CloudWatch{
    90  				LogGroups: []cloudwatch.LogGroup{
    91  					{
    92  						Arn: defsecTypes.String("arn:aws:cloudwatch:us-east-1:123456789012:log-group:cloudtrail-logging", defsecTypes.NewTestMetadata()),
    93  						MetricFilters: []cloudwatch.MetricFilter{
    94  							{
    95  								FilterName:    defsecTypes.String("OrganizationEvents", defsecTypes.NewTestMetadata()),
    96  								FilterPattern: defsecTypes.String("{ $.eventSource = \"organizations.amazonaws.com\" }", defsecTypes.NewTestMetadata()),
    97  							},
    98  						},
    99  					},
   100  				},
   101  			},
   102  			expected: true,
   103  		},
   104  	}
   105  	for _, test := range tests {
   106  		t.Run(test.name, func(t *testing.T) {
   107  			var testState state.State
   108  			testState.AWS.CloudTrail = test.cloudtrail
   109  			testState.AWS.CloudWatch = test.cloudwatch
   110  			results := CheckRequireOrgChangesAlarm.Evaluate(&testState)
   111  			var found bool
   112  			for _, result := range results {
   113  				if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckRequireOrgChangesAlarm.Rule().LongID() {
   114  					found = true
   115  				}
   116  			}
   117  			if test.expected {
   118  				assert.True(t, found, "Rule should have been found")
   119  			} else {
   120  				assert.False(t, found, "Rule should not have been found")
   121  			}
   122  		})
   123  	}
   124  }