def test_summary(self):
test_files_dir = Path(__file__).parent / "example_RDSIAMAuthentication"
report = Runner().run(root_folder=str(test_files_dir),
runner_filter=RunnerFilter(checks=[check.id]))
summary = report.get_summary()
passing_resources = {
"AWS::RDS::DBInstance.EnabledMysql",
"AWS::RDS::DBInstance.EnabledPostgres",
}
failing_resources = {
"AWS::RDS::DBInstance.DefaultMysql",
"AWS::RDS::DBInstance.DefaultPostgres",
"AWS::RDS::DBInstance.DisabledMysql",
"AWS::RDS::DBInstance.DisabledPostgres",
}
passed_check_resources = set(
[c.resource for c in report.passed_checks])
failed_check_resources = set(
[c.resource for c in report.failed_checks])
self.assertEqual(summary["passed"], 2)
self.assertEqual(summary["failed"], 4)
self.assertEqual(summary["skipped"], 0)
self.assertEqual(summary["parsing_errors"], 0)
self.assertEqual(passing_resources, passed_check_resources)
self.assertEqual(failing_resources, failed_check_resources)
def test_summary(self):
runner = Runner()
current_dir = os.path.dirname(os.path.realpath(__file__))
test_files_dir = current_dir + "/example_RDSMultiAZEnabled"
report = runner.run(root_folder=test_files_dir, runner_filter=RunnerFilter(checks=[check.id]))
summary = report.get_summary()
passing_resources = {
"AWS::RDS::DBInstance.MyDBEnabled",
}
failing_resources = {
"AWS::RDS::DBInstance.MyDBDefault",
"AWS::RDS::DBInstance.MyDBDisabled",
}
passed_check_resources = set([c.resource for c in report.passed_checks])
failed_check_resources = set([c.resource for c in report.failed_checks])
self.assertEqual(summary['passed'], 1)
self.assertEqual(summary['failed'], 2)
self.assertEqual(summary['skipped'], 0)
self.assertEqual(summary['parsing_errors'], 0)
self.assertEqual(passing_resources, passed_check_resources)
self.assertEqual(failing_resources, failed_check_resources)
def test_summary(self):
# given
test_files_dir = Path(__file__).parent / "example_WAFACLCVE202144228"
# when
report = Runner().run(root_folder=str(test_files_dir),
runner_filter=RunnerFilter(checks=[check.id]))
# then
summary = report.get_summary()
passing_resources = {
"AWS::WAFv2::WebACL.Pass",
}
failing_resources = {
"AWS::WAFv2::WebACL.NoRule",
"AWS::WAFv2::WebACL.WrongRule",
"AWS::WAFv2::WebACL.RuleCount",
"AWS::WAFv2::WebACL.RuleGroupCount",
}
passed_check_resources = {c.resource for c in report.passed_checks}
failed_check_resources = {c.resource for c in report.failed_checks}
self.assertEqual(summary["passed"], 1)
self.assertEqual(summary["failed"], 4)
self.assertEqual(summary["skipped"], 0)
self.assertEqual(summary["parsing_errors"], 0)
self.assertEqual(passing_resources, passed_check_resources)
self.assertEqual(failing_resources, failed_check_resources)
def test_summary(self):
runner = Runner()
current_dir = os.path.dirname(os.path.realpath(__file__))
test_files_dir = current_dir + "/example_TimestreamDatabaseKMSKey"
report = runner.run(root_folder=test_files_dir,
runner_filter=RunnerFilter(checks=[check.id]))
summary = report.get_summary()
passing_resources = {
"AWS::Timestream::Database.TimestreamDatabaseEnabled",
}
failing_resources = {
"AWS::Timestream::Database.TimestreamDatabaseDefault",
}
passed_check_resources = set(
[c.resource for c in report.passed_checks])
failed_check_resources = set(
[c.resource for c in report.failed_checks])
self.assertEqual(summary["passed"], 1)
self.assertEqual(summary["failed"], 1)
self.assertEqual(summary["skipped"], 0)
self.assertEqual(summary["parsing_errors"], 0)
self.assertEqual(passing_resources, passed_check_resources)
self.assertEqual(failing_resources, failed_check_resources)
def test_summary(self):
runner = Runner()
current_dir = os.path.dirname(os.path.realpath(__file__))
test_files_dir = current_dir + "/example_APIGatewayV2AccessLogging"
report = runner.run(root_folder=test_files_dir,
runner_filter=RunnerFilter(checks=[check.id]))
summary = report.get_summary()
passing_resources = {
"AWS::ApiGatewayV2::Stage.Enabled",
"AWS::Serverless::HttpApi.Enabled",
}
failing_resources = {
"AWS::ApiGatewayV2::Stage.Default",
"AWS::Serverless::HttpApi.Default",
}
passed_check_resources = {c.resource for c in report.passed_checks}
failed_check_resources = {c.resource for c in report.failed_checks}
self.assertEqual(summary['passed'], 2)
self.assertEqual(summary['failed'], 2)
self.assertEqual(summary['skipped'], 0)
self.assertEqual(summary['parsing_errors'], 0)
self.assertEqual(passing_resources, passed_check_resources)
self.assertEqual(failing_resources, failed_check_resources)
def test_summary(self):
test_files_dir = Path(
__file__).parent / "example_LambdaEnvironmentCredentials"
report = Runner().run(root_folder=str(test_files_dir),
runner_filter=RunnerFilter(checks=[check.id]))
summary = report.get_summary()
passing_resources = {
"AWS::Lambda::Function.NoEnv",
"AWS::Lambda::Function.NoSecret",
"AWS::Serverless::Function.NoEnv",
"AWS::Serverless::Function.NoSecret",
}
failing_resources = {
"AWS::Lambda::Function.Secret",
"AWS::Serverless::Function.Secret",
}
passed_check_resources = {c.resource for c in report.passed_checks}
failed_check_resources = {c.resource for c in report.failed_checks}
self.assertEqual(summary["passed"], 4)
self.assertEqual(summary["failed"], 2)
self.assertEqual(summary["skipped"], 0)
self.assertEqual(summary["parsing_errors"], 0)
self.assertEqual(passing_resources, passed_check_resources)
self.assertEqual(failing_resources, failed_check_resources)
def test_summary(self):
runner = Runner()
current_dir = os.path.dirname(os.path.realpath(__file__))
test_files_dir = current_dir + "/example_CloudWatchLogGroupKMSKey"
report = runner.run(root_folder=test_files_dir,
runner_filter=RunnerFilter(checks=[check.id]))
summary = report.get_summary()
for record in report.failed_checks:
self.assertEqual(record.check_id, check.id)
for record in report.passed_checks:
self.assertEqual(record.check_id, check.id)
passing_resources = {
"AWS::Logs::LogGroup.Pass",
}
failing_resources = {
"AWS::Logs::LogGroup.Fail",
}
passed_check_resources = set(
[c.resource for c in report.passed_checks])
failed_check_resources = set(
[c.resource for c in report.failed_checks])
self.assertEqual(summary['passed'], 1)
self.assertEqual(summary['failed'], 1)
self.assertEqual(summary['skipped'], 0)
self.assertEqual(summary['parsing_errors'], 0)
self.assertEqual(passing_resources, passed_check_resources)
self.assertEqual(failing_resources, failed_check_resources)
def test_summary(self):
test_files_dir = Path(
__file__).parent / "example_QLDBLedgerDeletionProtection"
report = Runner().run(root_folder=str(test_files_dir),
runner_filter=RunnerFilter(checks=[check.id]))
summary = report.get_summary()
passing_resources = {
"AWS::QLDB::Ledger.Default",
"AWS::QLDB::Ledger.Enabled",
}
failing_resources = {
"AWS::QLDB::Ledger.Disabled",
}
passed_check_resources = set(
[c.resource for c in report.passed_checks])
failed_check_resources = set(
[c.resource for c in report.failed_checks])
self.assertEqual(summary["passed"], 2)
self.assertEqual(summary["failed"], 1)
self.assertEqual(summary["skipped"], 0)
self.assertEqual(summary["parsing_errors"], 0)
self.assertEqual(passing_resources, passed_check_resources)
self.assertEqual(failing_resources, failed_check_resources)
def test_summary(self):
runner = Runner()
current_dir = os.path.dirname(os.path.realpath(__file__))
test_files_dir = current_dir + "/example_SecretManagerSecretEncrypted"
report = runner.run(root_folder=test_files_dir,
runner_filter=RunnerFilter(checks=[check.id]))
summary = report.get_summary()
passing_resources = {
"AWS::SecretsManager::Secret.MyCMK",
}
failing_resources = {
"AWS::SecretsManager::Secret.NoKMS",
"AWS::SecretsManager::Secret.AWSKMS0",
"AWS::SecretsManager::Secret.AWSKMS1",
}
passed_check_resources = set(
[c.resource for c in report.passed_checks])
failed_check_resources = set(
[c.resource for c in report.failed_checks])
self.assertEqual(summary["passed"], 1)
self.assertEqual(summary["failed"], 3)
self.assertEqual(summary["skipped"], 0)
self.assertEqual(summary["parsing_errors"], 0)
self.assertEqual(passing_resources, passed_check_resources)
self.assertEqual(failing_resources, failed_check_resources)
def test_summary(self):
# given
test_files_dir = Path(
__file__).parent / "example_GlueSecurityConfigurationEnabled"
# when
report = Runner().run(root_folder=str(test_files_dir),
runner_filter=RunnerFilter(checks=[check.id]))
# then
summary = report.get_summary()
passing_resources = {
"AWS::Glue::Crawler.CrawlerEnabled",
"AWS::Glue::DevEndpoint.DevEndpointEnabled",
"AWS::Glue::Job.JobEnabled",
}
failing_resources = {
"AWS::Glue::Crawler.CrawlerDefault",
"AWS::Glue::DevEndpoint.DevEndpointDefault",
"AWS::Glue::Job.JobDefault",
}
passed_check_resources = {c.resource for c in report.passed_checks}
failed_check_resources = {c.resource for c in report.failed_checks}
self.assertEqual(summary["passed"], 3)
self.assertEqual(summary["failed"], 3)
self.assertEqual(summary["skipped"], 0)
self.assertEqual(summary["parsing_errors"], 0)
self.assertEqual(passing_resources, passed_check_resources)
self.assertEqual(failing_resources, failed_check_resources)
def test_summary(self):
runner = Runner()
current_dir = os.path.dirname(os.path.realpath(__file__))
test_files_dir = current_dir + "/example_CloudFrontTLS12"
report = runner.run(root_folder=test_files_dir,
runner_filter=RunnerFilter(checks=[check.id]))
summary = report.get_summary()
passing_resources = {
'AWS::CloudFront::Distribution.cloudfrontdistributionPASSED1',
'AWS::CloudFront::Distribution.cloudfrontdistributionPASSED2',
'AWS::CloudFront::Distribution.cloudfrontdistributionPASSED3'
}
failing_resources = {
'AWS::CloudFront::Distribution.cloudfrontdistributionFAILED1',
'AWS::CloudFront::Distribution.cloudfrontdistributionFAILED2',
'AWS::CloudFront::Distribution.cloudfrontdistributionFAILED3',
}
passed_check_resources = set(
[c.resource for c in report.passed_checks])
failed_check_resources = set(
[c.resource for c in report.failed_checks])
self.assertEqual(summary['passed'], 3)
self.assertEqual(summary['failed'], 3)
self.assertEqual(summary['skipped'], 0)
self.assertEqual(summary['parsing_errors'], 0)
self.assertEqual(passing_resources, passed_check_resources)
self.assertEqual(failing_resources, failed_check_resources)
def test_summary(self):
runner = Runner()
current_dir = os.path.dirname(os.path.realpath(__file__))
test_files_dir = current_dir + "/example_KinesisStreamEncryptionType"
report = runner.run(root_folder=test_files_dir,
runner_filter=RunnerFilter(checks=[check.id]))
summary = report.get_summary()
for record in report.failed_checks:
self.assertEqual(record.check_id, check.id)
for record in report.passed_checks:
self.assertEqual(record.check_id, check.id)
passing_resources = {"AWS::Kinesis::Stream.KMSEncryption"}
failing_resources = {"AWS::Kinesis::Stream.NoEncryption"}
passed_check_resources = set(
[c.resource for c in report.passed_checks])
failed_check_resources = set(
[c.resource for c in report.failed_checks])
self.assertEqual(summary['passed'], 1)
self.assertEqual(summary['failed'], 1)
self.assertEqual(summary['skipped'], 0)
self.assertEqual(summary['parsing_errors'], 0)
self.assertEqual(passing_resources, passed_check_resources)
self.assertEqual(failing_resources, failed_check_resources)
def test_summary(self):
runner = Runner()
current_dir = os.path.dirname(os.path.realpath(__file__))
test_files_dir = current_dir + "/example_APIGatewayCacheEnable"
report = runner.run(root_folder=test_files_dir,
runner_filter=RunnerFilter(checks=[check.id]))
summary = report.get_summary()
for record in report.failed_checks:
self.assertEqual(record.check_id, check.id)
for record in report.passed_checks:
self.assertEqual(record.check_id, check.id)
passing_resources = {
"AWS::ApiGateway::Stage.CacheTrue",
}
failing_resources = {
"AWS::ApiGateway::Stage.CacheDefault",
"AWS::ApiGateway::Stage.CacheFalse",
}
passed_check_resources = set(
[c.resource for c in report.passed_checks])
failed_check_resources = set(
[c.resource for c in report.failed_checks])
self.assertEqual(summary['passed'], 1)
self.assertEqual(summary['failed'], 2)
self.assertEqual(summary['skipped'], 0)
self.assertEqual(summary['parsing_errors'], 0)
self.assertEqual(passing_resources, passed_check_resources)
self.assertEqual(failing_resources, failed_check_resources)
def test_record_relative_path_with_relative_dir(self):
# test whether the record's repo_file_path is correct, relative to the CWD (with a / at the start).
# this is just constructing the scan dir as normal
current_dir = os.path.dirname(os.path.realpath(__file__))
scan_dir_path = os.path.join(current_dir, "resources")
# this is the relative path to the directory to scan (what would actually get passed to the -d arg)
dir_rel_path = os.path.relpath(scan_dir_path).replace('\\', '/')
runner = Runner()
checks_allowlist = ['CKV_AWS_20']
report = runner.run(root_folder=dir_rel_path,
external_checks_dir=None,
runner_filter=RunnerFilter(
framework='cloudformation',
checks=checks_allowlist))
all_checks = report.failed_checks + report.passed_checks
self.assertGreater(
len(all_checks),
0) # ensure that the assertions below are going to do something
for record in all_checks:
# no need to join with a '/' because the CFN runner adds it to the start of the file path
self.assertEqual(record.repo_file_path,
f'/{dir_rel_path}{record.file_path}')
def test_parsing_error_json(self):
current_dir = os.path.dirname(os.path.realpath(__file__))
scan_file_path = os.path.join(current_dir, "resources", "invalid.json")
runner = Runner()
report = runner.run(root_folder=None, external_checks_dir=None, files=[scan_file_path],
runner_filter=RunnerFilter(framework='cloudformation'))
self.assertEqual(report.parsing_errors, [scan_file_path])
def test_summary(self):
runner = Runner()
current_dir = os.path.dirname(os.path.realpath(__file__))
test_files_dir = current_dir + "/example_LambdaEnvironmentEncryptionSettings"
report = runner.run(root_folder=test_files_dir,
runner_filter=RunnerFilter(checks=[check.id]))
summary = report.get_summary()
for record in report.failed_checks:
self.assertEqual(record.check_id, check.id)
for record in report.passed_checks:
self.assertEqual(record.check_id, check.id)
passing_resources = {
"AWS::Lambda::Function.EnvAndKey",
"AWS::Lambda::Function.NoEnvAndNoKey",
}
failing_resources = {
"AWS::Lambda::Function.EnvAndNoKey",
}
passed_check_resources = set(
[c.resource for c in report.passed_checks])
failed_check_resources = set(
[c.resource for c in report.failed_checks])
self.assertEqual(summary['passed'], 2)
self.assertEqual(summary['failed'], 1)
self.assertEqual(summary['skipped'], 0)
self.assertEqual(summary['parsing_errors'], 0)
self.assertEqual(passing_resources, passed_check_resources)
self.assertEqual(failing_resources, failed_check_resources)
def test_summary(self):
runner = Runner()
current_dir = os.path.dirname(os.path.realpath(__file__))
test_files_dir = current_dir + "/example_IAMRoleAllowsPublicAssume"
report = runner.run(root_folder=test_files_dir,runner_filter=RunnerFilter(checks=[check.id]))
summary = report.get_summary()
for record in report.failed_checks:
self.assertEqual(record.check_id, check.id)
for record in report.passed_checks:
self.assertEqual(record.check_id, check.id)
passing_resources = {
"AWS::IAM::Role.ServiceRole",
"AWS::IAM::Role.DenyIgnore",
}
failing_resources = {
"AWS::IAM::Role.AWSStarPrincipal",
"AWS::IAM::Role.AWSStarPrincipalInList",
}
passed_check_resources = set([c.resource for c in report.passed_checks])
failed_check_resources = set([c.resource for c in report.failed_checks])
self.assertEqual(summary['passed'], 2)
self.assertEqual(summary['failed'], 2)
self.assertEqual(summary['skipped'], 0)
self.assertEqual(summary['parsing_errors'], 0)
self.assertEqual(passing_resources, passed_check_resources)
self.assertEqual(failing_resources, failed_check_resources)
def test_summary(self):
runner = Runner()
current_dir = os.path.dirname(os.path.realpath(__file__))
test_files_dir = current_dir + "/example_TransferServerIsPublic"
report = runner.run(root_folder=test_files_dir, runner_filter=RunnerFilter(checks=[check.id]))
summary = report.get_summary()
passing_resources = {
"AWS::Transfer::Server.VPC",
"AWS::Transfer::Server.VPCENDPOINT",
}
failing_resources = {
"AWS::Transfer::Server.PUBLIC",
"AWS::Transfer::Server.NONE",
}
passed_check_resources = set([c.resource for c in report.passed_checks])
failed_check_resources = set([c.resource for c in report.failed_checks])
self.assertEqual(summary["passed"], 2)
self.assertEqual(summary["failed"], 2)
self.assertEqual(summary["skipped"], 0)
self.assertEqual(summary["parsing_errors"], 0)
self.assertEqual(passing_resources, passed_check_resources)
self.assertEqual(failing_resources, failed_check_resources)
def test_summary(self):
test_files_dir = Path(
__file__).parent / "example_QLDBLedgerPermissionsMode"
report = Runner().run(root_folder=str(test_files_dir),
runner_filter=RunnerFilter(checks=[check.id]))
summary = report.get_summary()
passing_resources = {
"AWS::QLDB::Ledger.Standard",
}
failing_resources = {
"AWS::QLDB::Ledger.AllowAll",
}
passed_check_resources = set(
[c.resource for c in report.passed_checks])
failed_check_resources = set(
[c.resource for c in report.failed_checks])
self.assertEqual(summary["passed"], 1)
self.assertEqual(summary["failed"], 1)
self.assertEqual(summary["skipped"], 0)
self.assertEqual(summary["parsing_errors"], 0)
self.assertEqual(passing_resources, passed_check_resources)
self.assertEqual(failing_resources, failed_check_resources)
def test_summary(self):
runner = Runner()
current_dir = os.path.dirname(os.path.realpath(__file__))
test_files_dir = current_dir + "/example_AmazonMQBrokerPublicAccess"
report = runner.run(root_folder=test_files_dir,runner_filter=RunnerFilter(checks=[check.id]))
summary = report.get_summary()
passing_resources = {
"AWS::AmazonMQ::Broker.PrivateBroker0",
"AWS::AmazonMQ::Broker.PrivateBroker1",
}
failing_resources = {
"AWS::AmazonMQ::Broker.PublicBroker0",
"AWS::AmazonMQ::Broker.PublicBroker1",
}
passed_check_resources = set([c.resource for c in report.passed_checks])
failed_check_resources = set([c.resource for c in report.failed_checks])
self.assertEqual(summary['passed'], 2)
self.assertEqual(summary['failed'], 2)
self.assertEqual(summary['skipped'], 0)
self.assertEqual(summary['parsing_errors'], 0)
self.assertEqual(passing_resources, passed_check_resources)
self.assertEqual(failing_resources, failed_check_resources)
def test_summary(self):
test_files_dir = Path(
__file__).parent / "example_AppSyncFieldLevelLogs"
report = Runner().run(root_folder=str(test_files_dir),
runner_filter=RunnerFilter(checks=[check.id]))
summary = report.get_summary()
passing_resources = {
"AWS::AppSync::GraphQLApi.All",
"AWS::AppSync::GraphQLApi.Error",
}
failing_resources = {
"AWS::AppSync::GraphQLApi.None",
}
passed_check_resources = {c.resource for c in report.passed_checks}
failed_check_resources = {c.resource for c in report.failed_checks}
self.assertEqual(summary["passed"], 2)
self.assertEqual(summary["failed"], 1)
self.assertEqual(summary["skipped"], 0)
self.assertEqual(summary["parsing_errors"], 0)
self.assertEqual(passing_resources, passed_check_resources)
self.assertEqual(failing_resources, failed_check_resources)
def test_summary(self):
runner = Runner()
current_dir = os.path.dirname(os.path.realpath(__file__))
test_files_dir = current_dir + "/example_ECRImageScanning"
report = runner.run(root_folder=test_files_dir,
runner_filter=RunnerFilter(checks=[check.id]))
summary = report.get_summary()
for record in report.failed_checks:
self.assertEqual(record.check_id, check.id)
for record in report.passed_checks:
self.assertEqual(record.check_id, check.id)
passing_resources = {"AWS::ECR::Repository.ImageScanTrue"}
failing_resources = {
"AWS::ECR::Repository.ImageScanFalse",
"AWS::ECR::Repository.ImageScanNotSet"
}
passed_check_resources = set(
[c.resource for c in report.passed_checks])
failed_check_resources = set(
[c.resource for c in report.failed_checks])
self.assertEqual(summary['passed'], 1)
self.assertEqual(summary['failed'], 2)
self.assertEqual(summary['skipped'], 0)
self.assertEqual(summary['parsing_errors'], 0)
self.assertEqual(passing_resources, passed_check_resources)
self.assertEqual(failing_resources, failed_check_resources)
def test_summary(self):
runner = Runner()
current_dir = os.path.dirname(os.path.realpath(__file__))
test_files_dir = current_dir + "/example_DocDBLogging"
report = runner.run(root_folder=test_files_dir,
runner_filter=RunnerFilter(checks=[check.id]))
summary = report.get_summary()
passing_resources = {
"AWS::DocDB::DBCluster.DocDBEnabled",
}
failing_resources = {
"AWS::DocDB::DBCluster.DocDBDefault",
"AWS::DocDB::DBCluster.DocDBAudit",
"AWS::DocDB::DBCluster.DocDBProfiler",
}
passed_check_resources = set(
[c.resource for c in report.passed_checks])
failed_check_resources = set(
[c.resource for c in report.failed_checks])
self.assertEqual(summary["passed"], 1)
self.assertEqual(summary["failed"], 3)
self.assertEqual(summary["skipped"], 0)
self.assertEqual(summary["parsing_errors"], 0)
self.assertEqual(passing_resources, passed_check_resources)
self.assertEqual(failing_resources, failed_check_resources)
def test_record_relative_path_with_abs_file(self):
# test whether the record's repo_file_path is correct, relative to the CWD (with a / at the start).
# this is just constructing the scan dir as normal
current_dir = os.path.dirname(os.path.realpath(__file__))
scan_file_path = os.path.join(current_dir, "resources", "success.json")
file_rel_path = os.path.relpath(scan_file_path)
file_abs_path = os.path.abspath(scan_file_path)
runner = Runner()
checks_allowlist = ['CKV_AWS_20']
report = runner.run(root_folder=None,
external_checks_dir=None,
files=[file_abs_path],
runner_filter=RunnerFilter(
framework='cloudformation',
checks=checks_allowlist))
all_checks = report.failed_checks + report.passed_checks
self.assertTrue(
len(all_checks) >
0) # ensure that the assertions below are going to do something
for record in all_checks:
# no need to join with a '/' because the CFN runner adds it to the start of the file path
self.assertEqual(record.repo_file_path, f'/{file_rel_path}')
def test_summary(self):
runner = Runner()
current_dir = os.path.dirname(os.path.realpath(__file__))
test_files_dir = current_dir + "/example_RedShiftSSL"
report = runner.run(root_folder=test_files_dir,
runner_filter=RunnerFilter(checks=[check.id]))
summary = report.get_summary()
passing_resources = {
"AWS::Redshift::ClusterParameterGroup.RedshiftParameterGroupEnabled",
}
failing_resources = {
"AWS::Redshift::ClusterParameterGroup.RedshiftParameterGroupDefault",
"AWS::Redshift::ClusterParameterGroup.RedshiftParameterGroupDisabled",
}
passed_check_resources = set(
[c.resource for c in report.passed_checks])
failed_check_resources = set(
[c.resource for c in report.failed_checks])
self.assertEqual(summary["passed"], 1)
self.assertEqual(summary["failed"], 2)
self.assertEqual(summary["skipped"], 0)
self.assertEqual(summary["parsing_errors"], 0)
self.assertEqual(passing_resources, passed_check_resources)
self.assertEqual(failing_resources, failed_check_resources)
def test_runner_sam(self):
# given
test_dir_path = Path(
__file__).parent.parent / "graph_builder/resources/sam"
# when
report = Runner().run(
root_folder=str(test_dir_path),
runner_filter=RunnerFilter(checks=["CKV2_AWS_26"]))
# then
summary = report.get_summary()
passing_resources = {
"AWS::Serverless::Function.Function1",
"AWS::Serverless::Function.Function2",
}
passed_check_resources = {c.resource for c in report.passed_checks}
self.assertEqual(summary["passed"], 2)
self.assertEqual(summary["failed"], 0)
self.assertEqual(summary["skipped"], 0)
self.assertEqual(summary["parsing_errors"], 0)
self.assertEqual(passing_resources, passed_check_resources)
def test_summary(self):
test_files_dir = Path(
__file__).parent / "example_RedshiftClusterPubliclyAccessible"
report = Runner().run(root_folder=str(test_files_dir),
runner_filter=RunnerFilter(checks=[check.id]))
summary = report.get_summary()
passing_resources = {
"AWS::Redshift::Cluster.RedshiftClusterEnabled",
}
failing_resources = {
"AWS::Redshift::Cluster.RedshiftClusterDefault",
"AWS::Redshift::Cluster.RedshiftClusterDisabled",
}
passed_check_resources = set(
[c.resource for c in report.passed_checks])
failed_check_resources = set(
[c.resource for c in report.failed_checks])
self.assertEqual(summary["passed"], 1)
self.assertEqual(summary["failed"], 2)
self.assertEqual(summary["skipped"], 0)
self.assertEqual(summary["parsing_errors"], 0)
self.assertEqual(passing_resources, passed_check_resources)
self.assertEqual(failing_resources, failed_check_resources)
def test_summary(self):
runner = Runner()
current_dir = os.path.dirname(os.path.realpath(__file__))
test_files_dir = current_dir + "/example_DynamoDBTablesEncrypted"
report = runner.run(root_folder=test_files_dir, runner_filter=RunnerFilter(checks=[check.id]))
summary = report.get_summary()
for record in report.failed_checks:
self.assertEqual(record.check_id, check.id)
for record in report.passed_checks:
self.assertEqual(record.check_id, check.id)
passing_resources = {
"AWS::DynamoDB::Table.KMSEncryption"
}
failing_resources = {
"AWS::DynamoDB::Table.DefaultEncryption",
"AWS::DynamoDB::Table.EncryptionFalse",
"AWS::DynamoDB::Table.NoEncryptionConfig"
}
passed_check_resources = set([c.resource for c in report.passed_checks])
failed_check_resources = set([c.resource for c in report.failed_checks])
self.assertEqual(summary['passed'], 1)
self.assertEqual(summary['failed'], 3)
self.assertEqual(summary['skipped'], 0)
self.assertEqual(summary['parsing_errors'], 0)
self.assertEqual(passing_resources, passed_check_resources)
self.assertEqual(failing_resources, failed_check_resources)
def test_summary(self):
runner = Runner()
current_dir = os.path.dirname(os.path.realpath(__file__))
test_files_dir = current_dir + "/example_WorkspaceUserVolumeEncrypted"
report = runner.run(root_folder=test_files_dir, runner_filter=RunnerFilter(checks=[check.id]))
summary = report.get_summary()
for record in report.failed_checks:
self.assertEqual(record.check_id, check.id)
for record in report.passed_checks:
self.assertEqual(record.check_id, check.id)
passing_resources = {
"AWS::WorkSpaces::Workspace.Pass",
}
failing_resources = {
"AWS::WorkSpaces::Workspace.FailDefault",
"AWS::WorkSpaces::Workspace.FailExplicit",
}
passed_check_resources = set([c.resource for c in report.passed_checks])
failed_check_resources = set([c.resource for c in report.failed_checks])
self.assertEqual(summary['passed'], 1)
self.assertEqual(summary['failed'], 2)
self.assertEqual(summary['skipped'], 0)
self.assertEqual(summary['parsing_errors'], 0)
self.assertEqual(passing_resources, passed_check_resources)
self.assertEqual(failing_resources, failed_check_resources)
def test_summary(self):
runner = Runner()
current_dir = os.path.dirname(os.path.realpath(__file__))
test_files_dir = current_dir + "/example_ALBListenerTLS12"
report = runner.run(root_folder=test_files_dir,
runner_filter=RunnerFilter(checks=[check.id]))
summary = report.get_summary()
passing_resources = {
'AWS::ElasticLoadBalancingV2::Listener.ListenerHTTPSPASSED1',
'AWS::ElasticLoadBalancingV2::Listener.ListenerHTTPSPASSED2',
'AWS::ElasticLoadBalancingV2::Listener.ListenerHTTPPASSED3'
}
failing_resources = {
'AWS::ElasticLoadBalancingV2::Listener.ListenerHTTPSFAILED1',
'AWS::ElasticLoadBalancingV2::Listener.ListenerHTTPSFAILED2'
}
passed_check_resources = set(
[c.resource for c in report.passed_checks])
failed_check_resources = set(
[c.resource for c in report.failed_checks])
self.assertEqual(summary['passed'], 3)
self.assertEqual(summary['failed'], 2)
self.assertEqual(summary['skipped'], 0)
self.assertEqual(summary['parsing_errors'], 0)
self.assertEqual(passing_resources, passed_check_resources)
self.assertEqual(failing_resources, failed_check_resources)
