github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/rules/cloud/policies/aws/ec2/no_sensitive_info_test.go (about) 1 package ec2 2 3 import ( 4 "testing" 5 6 defsecTypes "github.com/khulnasoft-lab/defsec/pkg/types" 7 8 "github.com/khulnasoft-lab/defsec/pkg/providers/aws/ec2" 9 10 "github.com/khulnasoft-lab/defsec/pkg/state" 11 12 "github.com/khulnasoft-lab/defsec/pkg/scan" 13 14 "github.com/stretchr/testify/assert" 15 ) 16 17 func TestCheckNoSensitiveInfo(t *testing.T) { 18 tests := []struct { 19 name string 20 input ec2.EC2 21 expected bool 22 }{ 23 { 24 name: "Launch configuration with sensitive info in user data", 25 input: ec2.EC2{ 26 LaunchConfigurations: []ec2.LaunchConfiguration{ 27 { 28 Metadata: defsecTypes.NewTestMetadata(), 29 UserData: defsecTypes.String(` 30 export AWS_ACCESS_KEY_ID=AKIAIOSFODNN7EXAMPLE 31 export AWS_SECRET_ACCESS_KEY=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY 32 export AWS_DEFAULT_REGION=us-west-2 33 `, defsecTypes.NewTestMetadata()), 34 }, 35 }, 36 }, 37 expected: true, 38 }, 39 { 40 name: "Launch configuration with no sensitive info in user data", 41 input: ec2.EC2{ 42 LaunchConfigurations: []ec2.LaunchConfiguration{ 43 { 44 Metadata: defsecTypes.NewTestMetadata(), 45 UserData: defsecTypes.String(` 46 export GREETING=hello 47 `, defsecTypes.NewTestMetadata()), 48 }, 49 }, 50 }, 51 expected: false, 52 }, 53 } 54 for _, test := range tests { 55 t.Run(test.name, func(t *testing.T) { 56 var testState state.State 57 testState.AWS.EC2 = test.input 58 results := CheckNoSensitiveInfo.Evaluate(&testState) 59 var found bool 60 for _, result := range results { 61 if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckNoSensitiveInfo.Rule().LongID() { 62 found = true 63 } 64 } 65 if test.expected { 66 assert.True(t, found, "Rule should have been found") 67 } else { 68 assert.False(t, found, "Rule should not have been found") 69 } 70 }) 71 } 72 }