github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/rules/cloud/policies/aws/ec2/no_secrets_in_user_data_test.go (about) 1 package ec2 2 3 import ( 4 "testing" 5 6 defsecTypes "github.com/khulnasoft-lab/defsec/pkg/types" 7 8 "github.com/khulnasoft-lab/defsec/pkg/state" 9 10 "github.com/khulnasoft-lab/defsec/pkg/providers/aws/ec2" 11 "github.com/khulnasoft-lab/defsec/pkg/scan" 12 13 "github.com/stretchr/testify/assert" 14 ) 15 16 func TestCheckNoSecretsInUserData(t *testing.T) { 17 tests := []struct { 18 name string 19 input ec2.EC2 20 expected bool 21 }{ 22 { 23 name: "positive result", 24 input: ec2.EC2{ 25 Instances: []ec2.Instance{ 26 { 27 Metadata: defsecTypes.NewTestMetadata(), 28 UserData: defsecTypes.String(`<<EOF 29 export AWS_ACCESS_KEY_ID=AKIAIOSFODNN7EXAMPLE 30 export AWS_SECRET_ACCESS_KEY=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY 31 export AWS_DEFAULT_REGION=us-west-2 32 EOF`, defsecTypes.NewTestMetadata()), 33 }, 34 }, 35 }, 36 expected: true, 37 }, 38 { 39 name: "negative result", 40 input: ec2.EC2{ 41 Instances: []ec2.Instance{ 42 { 43 Metadata: defsecTypes.NewTestMetadata(), 44 UserData: defsecTypes.String(`<<EOF 45 export GREETING=hello 46 EOF`, defsecTypes.NewTestMetadata()), 47 }, 48 }, 49 }, 50 expected: false, 51 }, 52 } 53 for _, test := range tests { 54 t.Run(test.name, func(t *testing.T) { 55 var testState state.State 56 testState.AWS.EC2 = test.input 57 results := CheckNoSecretsInUserData.Evaluate(&testState) 58 var found bool 59 for _, result := range results { 60 if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckNoSecretsInUserData.Rule().LongID() { 61 found = true 62 } 63 } 64 if test.expected { 65 assert.True(t, found, "Rule should have been found") 66 } else { 67 assert.False(t, found, "Rule should not have been found") 68 } 69 }) 70 } 71 }