def test_summary(self): # given test_files_dir = Path( __file__).parent / "example_MariaDBSSLEnforcementEnabled" # when report = Runner().run(root_folder=str(test_files_dir), runner_filter=RunnerFilter(checks=[check.id])) # then summary = report.get_summary() passing_resources = { "Microsoft.DBforMariaDB/servers.enabled", } failing_resources = { "Microsoft.DBforMariaDB/servers.default", "Microsoft.DBforMariaDB/servers.disabled", } passed_check_resources = {c.resource for c in report.passed_checks} failed_check_resources = {c.resource for c in report.failed_checks} self.assertEqual(summary["passed"], 1) self.assertEqual(summary["failed"], 2) self.assertEqual(summary["skipped"], 0) self.assertEqual(summary["parsing_errors"], 0) self.assertEqual(passing_resources, passed_check_resources) self.assertEqual(failing_resources, failed_check_resources)
def test_record_relative_path_with_abs_file(self): # test whether the record's repo_file_path is correct, relative to the CWD (with a / at the start). # this is just constructing the scan dir as normal current_dir = os.path.dirname(os.path.realpath(__file__)) scan_file_path = os.path.join(current_dir, "resources", "example.json") file_rel_path = os.path.relpath(scan_file_path) file_abs_path = os.path.abspath(scan_file_path) runner = Runner() checks_allowlist = ['CKV_AZURE_18'] report = runner.run(root_folder=None, external_checks_dir=None, files=[file_abs_path], runner_filter=RunnerFilter( framework='arm', checks=checks_allowlist)) all_checks = report.failed_checks + report.passed_checks self.assertTrue( len(all_checks) > 0) # ensure that the assertions below are going to do something for record in all_checks: # no need to join with a '/' because the CFN runner adds it to the start of the file path self.assertEqual(record.repo_file_path, f'/{file_rel_path}')
def test_summary(self): # given test_files_dir = Path(__file__).parent / "example_AzureScaleSetPassword" # when report = Runner().run(root_folder=str(test_files_dir), runner_filter=RunnerFilter(checks=[check.id])) # then summary = report.get_summary() passing_resources = { "Microsoft.Compute/virtualMachineScaleSets.enabled", } failing_resources = { "Microsoft.Compute/virtualMachineScaleSets.default", } passed_check_resources = {c.resource for c in report.passed_checks} failed_check_resources = {c.resource for c in report.failed_checks} self.assertEqual(summary["passed"], 1) self.assertEqual(summary["failed"], 1) self.assertEqual(summary["skipped"], 0) self.assertEqual(summary["parsing_errors"], 0) self.assertEqual(summary["resource_count"], 3) # 1 unknown self.assertEqual(passing_resources, passed_check_resources) self.assertEqual(failing_resources, failed_check_resources)
def test_record_relative_path_with_relative_dir(self): # test whether the record's repo_file_path is correct, relative to the CWD (with a / at the start). # this is just constructing the scan dir as normal current_dir = os.path.dirname(os.path.realpath(__file__)) scan_dir_path = os.path.join(current_dir, "resources") # this is the relative path to the directory to scan (what would actually get passed to the -d arg) dir_rel_path = os.path.relpath(scan_dir_path).replace('\\', '/') runner = Runner() checks_allowlist = ['CKV_AZURE_18'] report = runner.run(root_folder=dir_rel_path, external_checks_dir=None, runner_filter=RunnerFilter( framework='arm', checks=checks_allowlist)) all_checks = report.failed_checks + report.passed_checks self.assertGreater( len(all_checks), 0) # ensure that the assertions below are going to do something for record in all_checks: # no need to join with a '/' because the CFN runner adds it to the start of the file path self.assertEqual(record.repo_file_path, f'/{dir_rel_path}{record.file_path}')
def test_summary(self): # given test_files_dir = Path( __file__).parent / "example_AppServiceMinTLSVersion" # when report = Runner().run(root_folder=str(test_files_dir), runner_filter=RunnerFilter(checks=[check.id])) # then summary = report.get_summary() passing_resources = { "Microsoft.Web/sites.tls-12", } failing_resources = { "Microsoft.Web/sites.default", "Microsoft.Web/sites.tls-11", "Microsoft.Web/sites.null", } passed_check_resources = {c.resource for c in report.passed_checks} failed_check_resources = {c.resource for c in report.failed_checks} self.assertEqual(summary["passed"], 1) self.assertEqual(summary["failed"], 3) self.assertEqual(summary["skipped"], 0) self.assertEqual(summary["parsing_errors"], 0) self.assertEqual(passing_resources, passed_check_resources) self.assertEqual(failing_resources, failed_check_resources)
def test_summary(self): runner = Runner() current_dir = os.path.dirname(os.path.realpath(__file__)) test_files_dir = current_dir + "/example_AzureInstancePassword" report = runner.run(root_folder=test_files_dir,runner_filter=RunnerFilter(checks=[check.id])) summary = report.get_summary() self.assertEqual(summary['passed'], 2) self.assertEqual(summary['failed'], 1) self.assertEqual(summary['skipped'], 0) self.assertEqual(summary['parsing_errors'], 0)
def test_summary(self): runner = Runner() current_dir = os.path.dirname(os.path.realpath(__file__)) test_files_dir = current_dir + "/example_PostgreSQLServerSSLEnforcementEnabled" report = runner.run(root_folder=test_files_dir,runner_filter=RunnerFilter(checks=[check.id])) summary = report.get_summary() self.assertEqual(summary['passed'], 1) self.assertEqual(summary['failed'], 2) self.assertEqual(summary['skipped'], 0) self.assertEqual(summary['parsing_errors'], 0)
def test_summary(self): runner = Runner() current_dir = os.path.dirname(os.path.realpath(__file__)) test_files_dir = current_dir + "/example_StorageAccountDefaultNetworkAccessDeny" report = runner.run(root_folder=test_files_dir,runner_filter=RunnerFilter(checks=[check.id])) summary = report.get_summary() self.assertEqual(summary['passed'], 2) self.assertEqual(summary['failed'], 4) self.assertEqual(summary['skipped'], 0) self.assertEqual(summary['parsing_errors'], 0)
def test_summary(self): runner = Runner() current_dir = os.path.dirname(os.path.realpath(__file__)) test_files_dir = current_dir + "/example_AKSApiServerAuthorizedIpRanges" report = runner.run(root_folder=test_files_dir,runner_filter=RunnerFilter(checks=[check.id])) summary = report.get_summary() self.assertEqual(summary['passed'], 2) self.assertEqual(summary['failed'], 4) self.assertEqual(summary['skipped'], 0) self.assertEqual(summary['parsing_errors'], 0)
def test_summary(self): runner = Runner() current_dir = os.path.dirname(os.path.realpath(__file__)) test_files_dir = current_dir + "/example_SQLServerAuditingRetention90Days" report = runner.run(root_folder=test_files_dir,runner_filter=RunnerFilter(checks=[check.id])) summary = report.get_summary() self.assertEqual(summary['passed'], 1) self.assertEqual(summary['failed'], 3) self.assertEqual(summary['skipped'], 0) self.assertEqual(summary['parsing_errors'], 0)
def test_summary(self): runner = Runner() current_dir = os.path.dirname(os.path.realpath(__file__)) test_files_dir = current_dir + "/example_CustomRoleDefinitionSubscriptionOwner" report = runner.run(root_folder=test_files_dir, runner_filter=RunnerFilter(checks=[check.id])) summary = report.get_summary() self.assertEqual(summary['passed'], 1) self.assertEqual(summary['failed'], 1) self.assertEqual(summary['skipped'], 0) self.assertEqual(summary['parsing_errors'], 0)
def test_summary(self): runner = Runner() current_dir = os.path.dirname(os.path.realpath(__file__)) test_files_dir = current_dir + "/example_StorageBlobServiceContainerPrivateAccess" report = runner.run(root_folder=test_files_dir, runner_filter=RunnerFilter(checks=[check.id])) summary = report.get_summary() self.assertEqual(summary['passed'], 2) self.assertEqual(summary['failed'], 1) self.assertEqual(summary['skipped'], 0) self.assertEqual(summary['parsing_errors'], 0)
def test_summary(self): runner = Runner() current_dir = os.path.dirname(os.path.realpath(__file__)) test_files_dir = current_dir + "/test_SecureStringParameterNoHardcodedValue" report = runner.run(root_folder=test_files_dir, runner_filter=RunnerFilter(checks=[check.id])) summary = report.get_summary() self.assertEqual(summary['passed'], 2) self.assertEqual(summary['failed'], 1) self.assertEqual(summary['skipped'], 0) self.assertEqual(summary['parsing_errors'], 0)
def test_summary(self): runner = Runner() current_dir = os.path.dirname(os.path.realpath(__file__)) test_files_dir = current_dir + "/example_CosmosDBDisableAccessKeyWrite" report = runner.run(root_folder=test_files_dir, runner_filter=RunnerFilter(checks=[check.id])) summary = report.get_summary() self.assertEqual(summary['passed'], 1) self.assertEqual(summary['failed'], 1) self.assertEqual(summary['skipped'], 0) self.assertEqual(summary['parsing_errors'], 0)
def test_summary(self): runner = Runner() current_dir = os.path.dirname(os.path.realpath(__file__)) check = ArmCheck() test_files_dir = current_dir + "/example_WildcardEntities" report = runner.run(root_folder=test_files_dir, runner_filter=RunnerFilter(checks=[check.id])) summary = report.get_summary() registry.wildcard_checks['Microsoft.KeyVault/vaults*'].remove(check) registry.wildcard_checks['*servers*'].remove(check) # Only for resource and nof for data "aws_iam_policy_document" self.assertEqual(summary['passed'], 3) self.assertEqual(summary['failed'], 0) self.assertEqual(summary['skipped'], 0) self.assertEqual(summary['parsing_errors'], 0)