def test_summary(self):
test_files_dir = Path(
__file__).parent / "example_RedshiftClusterPubliclyAccessible"
report = Runner().run(root_folder=str(test_files_dir),
runner_filter=RunnerFilter(checks=[check.id]))
summary = report.get_summary()
passing_resources = {
"AWS::Redshift::Cluster.RedshiftClusterEnabled",
}
failing_resources = {
"AWS::Redshift::Cluster.RedshiftClusterDefault",
"AWS::Redshift::Cluster.RedshiftClusterDisabled",
}
passed_check_resources = set(
[c.resource for c in report.passed_checks])
failed_check_resources = set(
[c.resource for c in report.failed_checks])
self.assertEqual(summary["passed"], 1)
self.assertEqual(summary["failed"], 2)
self.assertEqual(summary["skipped"], 0)
self.assertEqual(summary["parsing_errors"], 0)
self.assertEqual(passing_resources, passed_check_resources)
self.assertEqual(failing_resources, failed_check_resources)
def test_summary(self):
# given
test_files_dir = Path(__file__).parent / "example_WAFACLCVE202144228"
# when
report = Runner().run(root_folder=str(test_files_dir),
runner_filter=RunnerFilter(checks=[check.id]))
# then
summary = report.get_summary()
passing_resources = {
"AWS::WAFv2::WebACL.Pass",
}
failing_resources = {
"AWS::WAFv2::WebACL.NoRule",
"AWS::WAFv2::WebACL.WrongRule",
"AWS::WAFv2::WebACL.RuleCount",
"AWS::WAFv2::WebACL.RuleGroupCount",
}
passed_check_resources = {c.resource for c in report.passed_checks}
failed_check_resources = {c.resource for c in report.failed_checks}
self.assertEqual(summary["passed"], 1)
self.assertEqual(summary["failed"], 4)
self.assertEqual(summary["skipped"], 0)
self.assertEqual(summary["parsing_errors"], 0)
self.assertEqual(passing_resources, passed_check_resources)
self.assertEqual(failing_resources, failed_check_resources)
def test_summary(self):
test_files_dir = Path(
__file__).parent / "example_QLDBLedgerPermissionsMode"
report = Runner().run(root_folder=str(test_files_dir),
runner_filter=RunnerFilter(checks=[check.id]))
summary = report.get_summary()
passing_resources = {
"AWS::QLDB::Ledger.Standard",
}
failing_resources = {
"AWS::QLDB::Ledger.AllowAll",
}
passed_check_resources = set(
[c.resource for c in report.passed_checks])
failed_check_resources = set(
[c.resource for c in report.failed_checks])
self.assertEqual(summary["passed"], 1)
self.assertEqual(summary["failed"], 1)
self.assertEqual(summary["skipped"], 0)
self.assertEqual(summary["parsing_errors"], 0)
self.assertEqual(passing_resources, passed_check_resources)
self.assertEqual(failing_resources, failed_check_resources)
def test_summary(self):
test_files_dir = Path(
__file__).parent / "example_AppSyncFieldLevelLogs"
report = Runner().run(root_folder=str(test_files_dir),
runner_filter=RunnerFilter(checks=[check.id]))
summary = report.get_summary()
passing_resources = {
"AWS::AppSync::GraphQLApi.All",
"AWS::AppSync::GraphQLApi.Error",
}
failing_resources = {
"AWS::AppSync::GraphQLApi.None",
}
passed_check_resources = {c.resource for c in report.passed_checks}
failed_check_resources = {c.resource for c in report.failed_checks}
self.assertEqual(summary["passed"], 2)
self.assertEqual(summary["failed"], 1)
self.assertEqual(summary["skipped"], 0)
self.assertEqual(summary["parsing_errors"], 0)
self.assertEqual(passing_resources, passed_check_resources)
self.assertEqual(failing_resources, failed_check_resources)
def test_runner_sam(self):
# given
test_dir_path = Path(
__file__).parent.parent / "graph_builder/resources/sam"
# when
report = Runner().run(
root_folder=str(test_dir_path),
runner_filter=RunnerFilter(checks=["CKV2_AWS_26"]))
# then
summary = report.get_summary()
passing_resources = {
"AWS::Serverless::Function.Function1",
"AWS::Serverless::Function.Function2",
}
passed_check_resources = {c.resource for c in report.passed_checks}
self.assertEqual(summary["passed"], 2)
self.assertEqual(summary["failed"], 0)
self.assertEqual(summary["skipped"], 0)
self.assertEqual(summary["parsing_errors"], 0)
self.assertEqual(passing_resources, passed_check_resources)
def test_summary(self):
test_files_dir = Path(
__file__).parent / "example_LambdaEnvironmentCredentials"
report = Runner().run(root_folder=str(test_files_dir),
runner_filter=RunnerFilter(checks=[check.id]))
summary = report.get_summary()
passing_resources = {
"AWS::Lambda::Function.NoEnv",
"AWS::Lambda::Function.NoSecret",
"AWS::Serverless::Function.NoEnv",
"AWS::Serverless::Function.NoSecret",
}
failing_resources = {
"AWS::Lambda::Function.Secret",
"AWS::Serverless::Function.Secret",
}
passed_check_resources = {c.resource for c in report.passed_checks}
failed_check_resources = {c.resource for c in report.failed_checks}
self.assertEqual(summary["passed"], 4)
self.assertEqual(summary["failed"], 2)
self.assertEqual(summary["skipped"], 0)
self.assertEqual(summary["parsing_errors"], 0)
self.assertEqual(passing_resources, passed_check_resources)
self.assertEqual(failing_resources, failed_check_resources)
def test_summary(self):
test_files_dir = Path(
__file__).parent / "example_QLDBLedgerDeletionProtection"
report = Runner().run(root_folder=str(test_files_dir),
runner_filter=RunnerFilter(checks=[check.id]))
summary = report.get_summary()
passing_resources = {
"AWS::QLDB::Ledger.Default",
"AWS::QLDB::Ledger.Enabled",
}
failing_resources = {
"AWS::QLDB::Ledger.Disabled",
}
passed_check_resources = set(
[c.resource for c in report.passed_checks])
failed_check_resources = set(
[c.resource for c in report.failed_checks])
self.assertEqual(summary["passed"], 2)
self.assertEqual(summary["failed"], 1)
self.assertEqual(summary["skipped"], 0)
self.assertEqual(summary["parsing_errors"], 0)
self.assertEqual(passing_resources, passed_check_resources)
self.assertEqual(failing_resources, failed_check_resources)
def test_summary(self):
# given
test_files_dir = Path(
__file__).parent / "example_GlueSecurityConfigurationEnabled"
# when
report = Runner().run(root_folder=str(test_files_dir),
runner_filter=RunnerFilter(checks=[check.id]))
# then
summary = report.get_summary()
passing_resources = {
"AWS::Glue::Crawler.CrawlerEnabled",
"AWS::Glue::DevEndpoint.DevEndpointEnabled",
"AWS::Glue::Job.JobEnabled",
}
failing_resources = {
"AWS::Glue::Crawler.CrawlerDefault",
"AWS::Glue::DevEndpoint.DevEndpointDefault",
"AWS::Glue::Job.JobDefault",
}
passed_check_resources = {c.resource for c in report.passed_checks}
failed_check_resources = {c.resource for c in report.failed_checks}
self.assertEqual(summary["passed"], 3)
self.assertEqual(summary["failed"], 3)
self.assertEqual(summary["skipped"], 0)
self.assertEqual(summary["parsing_errors"], 0)
self.assertEqual(passing_resources, passed_check_resources)
self.assertEqual(failing_resources, failed_check_resources)
def test_summary(self):
test_files_dir = Path(__file__).parent / "example_RDSIAMAuthentication"
report = Runner().run(root_folder=str(test_files_dir),
runner_filter=RunnerFilter(checks=[check.id]))
summary = report.get_summary()
passing_resources = {
"AWS::RDS::DBInstance.EnabledMysql",
"AWS::RDS::DBInstance.EnabledPostgres",
}
failing_resources = {
"AWS::RDS::DBInstance.DefaultMysql",
"AWS::RDS::DBInstance.DefaultPostgres",
"AWS::RDS::DBInstance.DisabledMysql",
"AWS::RDS::DBInstance.DisabledPostgres",
}
passed_check_resources = set(
[c.resource for c in report.passed_checks])
failed_check_resources = set(
[c.resource for c in report.failed_checks])
self.assertEqual(summary["passed"], 2)
self.assertEqual(summary["failed"], 4)
self.assertEqual(summary["skipped"], 0)
self.assertEqual(summary["parsing_errors"], 0)
self.assertEqual(passing_resources, passed_check_resources)
self.assertEqual(failing_resources, failed_check_resources)
def test_skip_parsing(self):
current_dir = os.path.dirname(os.path.realpath(__file__))
test_files = f'{current_dir}/skip.yaml'
report = Runner().run(None, files=[test_files], runner_filter=RunnerFilter())
summary = report.get_summary()
self.assertEqual(summary['passed'], 1)
self.assertEqual(summary['failed'], 0)
self.assertEqual(summary['skipped'], 1)
self.assertEqual(summary['parsing_errors'], 0)
def test_summary(self):
test_files_dir = Path(__file__).parent / "example_LambdaDLQConfigured"
report = Runner().run(root_folder=str(test_files_dir), runner_filter=RunnerFilter(checks=[check.id]))
summary = report.get_summary()
passing_resources = {
"AWS::Lambda::Function.Enabled",
}
failing_resources = {
"AWS::Lambda::Function.Default",
}
passed_check_resources = set([c.resource for c in report.passed_checks])
failed_check_resources = set([c.resource for c in report.failed_checks])
self.assertEqual(summary["passed"], 1)
self.assertEqual(summary["failed"], 1)
self.assertEqual(summary["skipped"], 0)
self.assertEqual(summary["parsing_errors"], 0)
self.assertEqual(passing_resources, passed_check_resources)
self.assertEqual(failing_resources, failed_check_resources)
