Exemplo n.º 1
0
    def test(self):
        runner = Runner()
        current_dir = os.path.dirname(os.path.realpath(__file__))

        test_files_dir = current_dir + "/example_S3BucketObjectLock"
        report = runner.run(root_folder=test_files_dir,
                            runner_filter=RunnerFilter(checks=[check.id]))
        summary = report.get_summary()

        passing_resources = {
            "aws_s3_bucket.enabled_via_object",
            "aws_s3_bucket.enabled_via_block",
        }
        failing_resources = {
            "aws_s3_bucket.disabled_via_object",
            "aws_s3_bucket.disabled_via_block",
        }

        passed_check_resources = set(
            [c.resource for c in report.passed_checks])
        failed_check_resources = set(
            [c.resource for c in report.failed_checks])

        self.assertEqual(summary["passed"], 2)
        self.assertEqual(summary["failed"], 2)
        self.assertEqual(summary["skipped"], 0)
        self.assertEqual(summary["parsing_errors"], 0)

        self.assertEqual(passing_resources, passed_check_resources)
        self.assertEqual(failing_resources, failed_check_resources)
    def test(self):
        runner = Runner()
        current_dir = os.path.dirname(os.path.realpath(__file__))

        test_files_dir = current_dir + "/example_SSMSessionManagerDocumentEncryption"
        report = runner.run(root_folder=test_files_dir,
                            runner_filter=RunnerFilter(checks=[check.id]))
        summary = report.get_summary()

        passing_resources = {
            "aws_ssm_document.enabled", "aws_ssm_document.enabled_yaml"
        }
        failing_resources = {
            "aws_ssm_document.disabled", "aws_ssm_document.disabled_yaml"
        }

        passed_check_resources = set(
            [c.resource for c in report.passed_checks])
        failed_check_resources = set(
            [c.resource for c in report.failed_checks])

        self.assertEqual(summary["passed"], 2)
        self.assertEqual(summary["failed"], 2)
        self.assertEqual(summary["skipped"], 0)
        self.assertEqual(summary["parsing_errors"], 0)

        self.assertEqual(passing_resources, passed_check_resources)
        self.assertEqual(failing_resources, failed_check_resources)
    def test(self):
        runner = Runner()
        current_dir = os.path.dirname(os.path.realpath(__file__))

        test_files_dir = current_dir + "/example_CodeBuildProjectEncryption"
        report = runner.run(root_folder=test_files_dir,
                            runner_filter=RunnerFilter(checks=[check.id]))
        summary = report.get_summary()

        passing_resources = {
            "aws_codebuild_project.success_no_encryption_disabled",
            "aws_codebuild_project.success"
        }
        failing_resources = {
            "aws_codebuild_project.fail",
        }

        passed_check_resources = set(
            [c.resource for c in report.passed_checks])
        failed_check_resources = set(
            [c.resource for c in report.failed_checks])

        self.assertEqual(summary["passed"], 2)
        self.assertEqual(summary["failed"], 1)
        self.assertEqual(summary["parsing_errors"], 0)

        self.assertEqual(passing_resources, passed_check_resources)
        self.assertEqual(failing_resources, failed_check_resources)
Exemplo n.º 4
0
    def test(self):
        runner = Runner()
        current_dir = os.path.dirname(os.path.realpath(__file__))

        test_files_dir = current_dir + "/example_ElasticacheReplicationGroupEncryptedWithCMK"
        report = runner.run(root_folder=test_files_dir,
                            runner_filter=RunnerFilter(checks=[check.id]))
        summary = report.get_summary()

        passing_resources = {
            "aws_elasticache_replication_group.pass",
        }
        failing_resources = {
            "aws_elasticache_replication_group.fail",
        }

        passed_check_resources = set(
            [c.resource for c in report.passed_checks])
        failed_check_resources = set(
            [c.resource for c in report.failed_checks])

        self.assertEqual(summary["passed"], 1)
        self.assertEqual(summary["failed"], 1)
        self.assertEqual(summary["skipped"], 0)
        self.assertEqual(summary["parsing_errors"], 0)

        self.assertEqual(passing_resources, passed_check_resources)
        self.assertEqual(failing_resources, failed_check_resources)
Exemplo n.º 5
0
    def test(self):
        # given
        test_files_dir = Path(__file__).parent / "example_SecretsEncrypted"

        # when
        report = Runner().run(root_folder=str(test_files_dir),
                              runner_filter=RunnerFilter(checks=[check.id]))

        # then
        summary = report.get_summary()

        passing_resources = {
            "github_actions_environment_secret.pass",
            "github_actions_organization_secret.pass",
            "github_actions_secret.pass",
            "github_actions_secret.value_ref",
        }
        failing_resources = {
            "github_actions_environment_secret.fail",
            "github_actions_organization_secret.fail",
            "github_actions_secret.fail",
        }

        passed_check_resources = {c.resource for c in report.passed_checks}
        failed_check_resources = {c.resource for c in report.failed_checks}

        self.assertEqual(summary["passed"], 4)
        self.assertEqual(summary["failed"], 3)
        self.assertEqual(summary["skipped"], 0)
        self.assertEqual(summary["parsing_errors"], 0)

        self.assertEqual(passing_resources, passed_check_resources)
        self.assertEqual(failing_resources, failed_check_resources)
    def test(self):
        # given
        test_files_dir = Path(
            __file__).parent / "example_GlueSecurityConfigurationEnabled"

        # when
        report = Runner().run(root_folder=str(test_files_dir),
                              runner_filter=RunnerFilter(checks=[check.id]))

        # then
        summary = report.get_summary()

        passing_resources = {
            "aws_glue_crawler.enabled",
            "aws_glue_dev_endpoint.enabled",
            "aws_glue_job.enabled",
        }
        failing_resources = {
            "aws_glue_crawler.default",
            "aws_glue_dev_endpoint.default",
            "aws_glue_job.default",
        }

        passed_check_resources = {c.resource for c in report.passed_checks}
        failed_check_resources = {c.resource for c in report.failed_checks}

        self.assertEqual(summary["passed"], 3)
        self.assertEqual(summary["failed"], 3)
        self.assertEqual(summary["skipped"], 0)
        self.assertEqual(summary["parsing_errors"], 0)

        self.assertEqual(passing_resources, passed_check_resources)
        self.assertEqual(failing_resources, failed_check_resources)
Exemplo n.º 7
0
    def test(self):
        runner = Runner()
        current_dir = os.path.dirname(os.path.realpath(__file__))

        test_files_dir = current_dir + "/example_IMDSv1Disabled"
        report = runner.run(root_folder=test_files_dir,
                            runner_filter=RunnerFilter(checks=[check.id]))
        summary = report.get_summary()

        passing_resources = {
            "aws_instance.required", "aws_launch_configuration.required_lc",
            "aws_instance.disabled"
        }
        failing_resources = {
            "aws_instance.defaults", "aws_instance.optional_token",
            "aws_launch_configuration.optional_lc",
            "aws_launch_template.optional_lt", "aws_launch_template.default_lt"
        }

        passed_check_resources = set(
            [c.resource for c in report.passed_checks])
        failed_check_resources = set(
            [c.resource for c in report.failed_checks])

        self.assertEqual(summary["passed"], 3)
        self.assertEqual(summary["failed"], 5)
        self.assertEqual(summary["skipped"], 0)
        self.assertEqual(summary["parsing_errors"], 0)

        self.assertEqual(passing_resources, passed_check_resources)
        self.assertEqual(failing_resources, failed_check_resources)
Exemplo n.º 8
0
    def test(self):
        runner = Runner()
        current_dir = os.path.dirname(os.path.realpath(__file__))

        test_files_dir = os.path.join(current_dir, "example_OSSBucketPublic")
        report = runner.run(root_folder=test_files_dir,
                            runner_filter=RunnerFilter(checks=[check.id]))
        summary = report.get_summary()

        passing_resources = {
            'alicloud_oss_bucket.good-bucket',
            'alicloud_oss_bucket.good-bucket2',
        }
        failing_resources = {
            'alicloud_oss_bucket.bad-bucket',
            'alicloud_oss_bucket.bad-bucket2',
        }
        skipped_resources = {}

        passed_check_resources = set([c.resource for c in report.passed_checks])
        failed_check_resources = set([c.resource for c in report.failed_checks])

        self.assertEqual(summary['passed'], len(passing_resources))
        self.assertEqual(summary['failed'], len(failing_resources))
        self.assertEqual(summary['skipped'], len(skipped_resources))
        self.assertEqual(summary['parsing_errors'], 0)

        self.assertEqual(passing_resources, passed_check_resources)
        self.assertEqual(failing_resources, failed_check_resources)
    def test(self):
        # given
        test_files_dir = Path(__file__).parent / "example_CloudMySqlLocalInfileOff"

        # when
        report = Runner().run(root_folder=str(test_files_dir), runner_filter=RunnerFilter(checks=[check.id]))

        # then
        summary = report.get_summary()

        passing_resources = {
            "google_sql_database_instance.pass",
            "google_sql_database_instance.pass2",
            "google_sql_database_instance.pass3",
            "google_sql_database_instance.pass4",
        }

        failing_resources = {
            "google_sql_database_instance.fail",
        }

        passed_check_resources = {c.resource for c in report.passed_checks}
        failed_check_resources = {c.resource for c in report.failed_checks}

        self.assertEqual(summary["passed"], 4)
        self.assertEqual(summary["failed"], 1)
        self.assertEqual(summary["skipped"], 0)
        self.assertEqual(summary["parsing_errors"], 0)

        self.assertEqual(passing_resources, passed_check_resources)
        self.assertEqual(failing_resources, failed_check_resources)
Exemplo n.º 10
0
    def test(self):
        runner = Runner()
        current_dir = os.path.dirname(os.path.realpath(__file__))

        test_files_dir = current_dir + "/example_BatchJobIsNotPrivileged"
        report = runner.run(root_folder=test_files_dir, runner_filter=RunnerFilter(checks=[check.id]))
        summary = report.get_summary()

        passing_resources = {
            "aws_batch_job_definition.pass",
            "aws_batch_job_definition.pass2",
            "aws_batch_job_definition.pass3",
        }
        failing_resources = {
            "aws_batch_job_definition.fail",
        }

        passed_check_resources = set([c.resource for c in report.passed_checks])
        failed_check_resources = set([c.resource for c in report.failed_checks])

        self.assertEqual(summary["passed"], 3)
        self.assertEqual(summary["failed"], 1)
        self.assertEqual(summary["skipped"], 0)
        self.assertEqual(summary["parsing_errors"], 0)

        self.assertEqual(passing_resources, passed_check_resources)
        self.assertEqual(failing_resources, failed_check_resources)
    def test(self):
        runner = Runner()
        current_dir = os.path.dirname(os.path.realpath(__file__))

        test_files_dir = current_dir + "/example_DynamoDBTablesEncrypted"
        report = runner.run(root_folder=test_files_dir,
                            runner_filter=RunnerFilter(checks=[check.id]))
        summary = report.get_summary()

        passing_resources = {
            "aws_dynamodb_table.cmk",
        }
        failing_resources = {
            "aws_dynamodb_table.default",
            "aws_dynamodb_table.encrypted_false",
            "aws_dynamodb_table.encrypted_no_cmk",
        }

        passed_check_resources = set(
            [c.resource for c in report.passed_checks])
        failed_check_resources = set(
            [c.resource for c in report.failed_checks])

        self.assertEqual(summary["passed"], 1)
        self.assertEqual(summary["failed"], 3)
        self.assertEqual(summary["skipped"], 0)
        self.assertEqual(summary["parsing_errors"], 0)

        self.assertEqual(passing_resources, passed_check_resources)
        self.assertEqual(failing_resources, failed_check_resources)
    def test(self):
        test_files_dir = Path(
            __file__).parent / "example_AzureInstanceExtensions"

        report = Runner().run(root_folder=str(test_files_dir),
                              runner_filter=RunnerFilter(checks=[check.id]))
        summary = report.get_summary()

        passing_resources = {
            "azurerm_linux_virtual_machine.disabled",
            "azurerm_windows_virtual_machine.disabled",
        }
        failing_resources = {
            "azurerm_linux_virtual_machine.default",
            "azurerm_linux_virtual_machine.enabled",
            "azurerm_windows_virtual_machine.default",
            "azurerm_windows_virtual_machine.enabled",
        }

        passed_check_resources = {c.resource for c in report.passed_checks}
        failed_check_resources = {c.resource for c in report.failed_checks}

        self.assertEqual(summary["passed"], 2)
        self.assertEqual(summary["failed"], 4)
        self.assertEqual(summary["skipped"], 0)
        self.assertEqual(summary["parsing_errors"], 0)

        self.assertEqual(passing_resources, passed_check_resources)
        self.assertEqual(failing_resources, failed_check_resources)
    def test(self):
        runner = Runner()
        current_dir = os.path.dirname(os.path.realpath(__file__))

        test_files_dir = current_dir + "/example_CloudsearchDomainEnforceHttps"
        report = runner.run(root_folder=test_files_dir, runner_filter=RunnerFilter(checks=[check.id]))
        summary = report.get_summary()

        passing_resources = {
            "aws_cloudsearch_domain.pass",
        }
        failing_resources = {
            "aws_cloudsearch_domain.fail",
            "aws_cloudsearch_domain.fail2",
        }

        passed_check_resources = set([c.resource for c in report.passed_checks])
        failed_check_resources = set([c.resource for c in report.failed_checks])

        self.assertEqual(summary["passed"], 1)
        self.assertEqual(summary["failed"], 2)
        self.assertEqual(summary["skipped"], 0)
        self.assertEqual(summary["parsing_errors"], 0)

        self.assertEqual(passing_resources, passed_check_resources)
        self.assertEqual(failing_resources, failed_check_resources)
Exemplo n.º 14
0
    def test(self):
        runner = Runner()
        current_dir = os.path.dirname(os.path.realpath(__file__))

        test_files_dir = current_dir + "/example_APIGatewayDomainNameTLS"
        report = runner.run(root_folder=test_files_dir,
                            runner_filter=RunnerFilter(checks=[check.id]))
        summary = report.get_summary()

        passing_resources = {
            "aws_api_gateway_domain_name.pass",
        }
        failing_resources = {
            "aws_api_gateway_domain_name.fail",
        }

        passed_check_resources = set(
            [c.resource for c in report.passed_checks])
        failed_check_resources = set(
            [c.resource for c in report.failed_checks])

        self.assertEqual(summary["passed"], 1)
        self.assertEqual(summary["failed"], 1)
        self.assertEqual(summary["skipped"], 0)
        self.assertEqual(summary["parsing_errors"], 0)

        self.assertEqual(passing_resources, passed_check_resources)
        self.assertEqual(failing_resources, failed_check_resources)
    def test(self):
        runner = Runner()
        current_dir = os.path.dirname(os.path.realpath(__file__))

        test_files_dir = current_dir + "/example_IAMPasswordPolicyUpperCase"
        report = runner.run(root_folder=test_files_dir, runner_filter=RunnerFilter(checks=[check.id]))
        summary = report.get_summary()

        passing_resources = {
            "oci_identity_authentication_policy.pass",
        }
        failing_resources = {
            "oci_identity_authentication_policy.fail",
        }

        passed_check_resources = set([c.resource for c in report.passed_checks])
        failed_check_resources = set([c.resource for c in report.failed_checks])

        self.assertEqual(summary["passed"], 1)
        self.assertEqual(summary["failed"], 1)
        self.assertEqual(summary["skipped"], 0)
        self.assertEqual(summary["parsing_errors"], 0)

        self.assertEqual(passing_resources, passed_check_resources)
        self.assertEqual(failing_resources, failed_check_resources)
Exemplo n.º 16
0
 def test_build_graph(self):
     resources_path = os.path.join(
         os.path.dirname(os.path.dirname(__file__)), "resources",
         "graph_files_test")
     source_files = ["pass_s3.tf", "variables.tf"]
     runner = Runner()
     report = runner.run(None,
                         None,
                         files=list(
                             map(lambda f: f'{resources_path}/{f}',
                                 source_files)))
     tf_definitions = runner.tf_definitions
     self.assertEqual(4, len(report.failed_checks))
     for file, definitions in tf_definitions.items():
         if file.endswith('pass_s3.tf'):
             s3_bucket_config = definitions['resource'][0]['aws_s3_bucket'][
                 'bucket_with_versioning']
             # Evaluation succeeded for included vars
             self.assertTrue(
                 s3_bucket_config['versioning'][0]['enabled'][0])
             # Evaluation does not run for un-included vars
             self.assertEqual(
                 s3_bucket_config['server_side_encryption_configuration'][0]
                 ['rule'][0]['apply_server_side_encryption_by_default'][0]
                 ['sse_algorithm'][0], 'var.encryption')
Exemplo n.º 17
0
    def test(self):
        runner = Runner()
        current_dir = os.path.dirname(os.path.realpath(__file__))

        test_files_dir = current_dir + "/test_GKEEnableShieldedNodes"
        report = runner.run(root_folder=test_files_dir,
                            runner_filter=RunnerFilter(checks=[check.id]))
        summary = report.get_summary()

        passing_resources = {'google_container_cluster.success'}
        failing_resources = {
            'google_container_cluster.fail1', 'google_container_cluster.fail2'
        }

        passed_check_resources = set(
            [c.resource for c in report.passed_checks])
        failed_check_resources = set(
            [c.resource for c in report.failed_checks])

        self.assertEqual(summary['passed'], 1)
        self.assertEqual(summary['failed'], 2)
        self.assertEqual(summary['skipped'], 0)
        self.assertEqual(summary['parsing_errors'], 0)

        self.assertEqual(passing_resources, passed_check_resources)
        self.assertEqual(failing_resources, failed_check_resources)
Exemplo n.º 18
0
    def test_module_and_variables(self):
        resources_path = os.path.join(
            os.path.dirname(os.path.dirname(__file__)), "resources",
            "modules-and-vars")
        runner = Runner()
        report = runner.run(root_folder=resources_path)
        self.assertLessEqual(3, len(report.failed_checks))
        self.assertLessEqual(12, len(report.passed_checks))
        self.assertEqual(0, len(report.skipped_checks))

        found_versioning_failure = False

        for record in report.failed_checks:
            if record.check_id != 'CKV_AWS_40':
                self.assertIsNotNone(record.breadcrumbs)
            if record.check_id == 'CKV_AWS_21':
                found_versioning_failure = True
                bc = record.breadcrumbs.get('versioning.enabled')
                self.assertEqual(len(bc), 2)
                bc = bc[0]
                self.assertEqual(bc.get('type'), 'module')
                self.assertEqual(
                    os.path.relpath(bc.get('path'), resources_path),
                    'examples/complete/main.tf')

        self.assertTrue(found_versioning_failure)
Exemplo n.º 19
0
    def test(self):
        # given
        test_files_dir = Path(__file__).parent / "example_WAFACLCVE202144228"

        # when
        report = Runner().run(root_folder=str(test_files_dir),
                              runner_filter=RunnerFilter(checks=[check.id]))

        # then
        summary = report.get_summary()

        passing_resources = {
            "aws_wafv2_web_acl.pass",
            "aws_wafv2_web_acl.multi_rules",
        }

        failing_resources = {
            "aws_wafv2_web_acl.no_rule",
            "aws_wafv2_web_acl.wrong_rule",
            "aws_wafv2_web_acl.rule_count",
            "aws_wafv2_web_acl.rule_group_count",
        }

        passed_check_resources = {c.resource for c in report.passed_checks}
        failed_check_resources = {c.resource for c in report.failed_checks}

        self.assertEqual(summary["passed"], 2)
        self.assertEqual(summary["failed"], 4)
        self.assertEqual(summary["skipped"], 0)
        self.assertEqual(summary["parsing_errors"], 0)

        self.assertEqual(passing_resources, passed_check_resources)
        self.assertEqual(failing_resources, failed_check_resources)
Exemplo n.º 20
0
    def test(self):
        runner = Runner()
        current_dir = os.path.dirname(os.path.realpath(__file__))

        test_files_dir = current_dir + "/example_SecretManagerSecretEncrypted"
        report = runner.run(root_folder=test_files_dir,
                            runner_filter=RunnerFilter(checks=[check.id]))
        summary = report.get_summary()

        passing_resources = {
            "aws_secretsmanager_secret.enabled1",
            "aws_secretsmanager_secret.enabled2",
        }
        failing_resources = {
            "aws_secretsmanager_secret.default",
            "aws_secretsmanager_secret.default_explicit",
        }

        passed_check_resources = set(
            [c.resource for c in report.passed_checks])
        failed_check_resources = set(
            [c.resource for c in report.failed_checks])

        self.assertEqual(summary["passed"], 2)
        self.assertEqual(summary["failed"], 2)
        self.assertEqual(summary["skipped"], 0)
        self.assertEqual(summary["parsing_errors"], 0)

        self.assertEqual(passing_resources, passed_check_resources)
        self.assertEqual(failing_resources, failed_check_resources)
Exemplo n.º 21
0
    def test(self):
        runner = Runner()
        current_dir = os.path.dirname(os.path.realpath(__file__))

        test_files_dir = current_dir + "/example_VertexAIPrivateInstance"
        report = runner.run(root_folder=test_files_dir,
                            runner_filter=RunnerFilter(checks=[check.id]))
        summary = report.get_summary()

        passing_resources = {
            'google_notebooks_instance.pass1',
        }
        failing_resources = {
            'google_notebooks_instance.fail1',
            'google_notebooks_instance.fail2',
        }

        passed_check_resources = set(
            [c.resource for c in report.passed_checks])
        failed_check_resources = set(
            [c.resource for c in report.failed_checks])

        self.assertEqual(summary['passed'], 1)
        self.assertEqual(summary['failed'], 2)
        self.assertEqual(summary['skipped'], 0)
        self.assertEqual(summary['parsing_errors'], 0)

        self.assertEqual(passing_resources, passed_check_resources)
        self.assertEqual(failing_resources, failed_check_resources)
    def test(self):
        runner = Runner()
        current_dir = os.path.dirname(os.path.realpath(__file__))

        test_files_dir = current_dir + "/example_InstanceMetadataServiceEnabled"
        report = runner.run(root_folder=test_files_dir,
                            runner_filter=RunnerFilter(checks=[check.id]))
        summary = report.get_summary()

        passing_resources = {
            "oci_core_instance.pass",
        }
        failing_resources = {
            "oci_core_instance.fail",
            "oci_core_instance.fail2",
        }

        passed_check_resources = set(
            [c.resource for c in report.passed_checks])
        failed_check_resources = set(
            [c.resource for c in report.failed_checks])

        self.assertEqual(summary["passed"], 1)
        self.assertEqual(summary["failed"], 2)
        self.assertEqual(summary["skipped"], 0)
        self.assertEqual(summary["parsing_errors"], 0)

        self.assertEqual(passing_resources, passed_check_resources)
        self.assertEqual(failing_resources, failed_check_resources)
    def test(self):
        runner = Runner()
        current_dir = os.path.dirname(os.path.realpath(__file__))

        test_files_dir = os.path.join(current_dir,
                                      "example_RedisCacheMinTLSVersion")
        report = runner.run(root_folder=test_files_dir,
                            runner_filter=RunnerFilter(checks=[check.id]))
        summary = report.get_summary()

        passing_resources = {
            'azurerm_redis_cache.pass',
        }
        failing_resources = {
            'azurerm_redis_cache.fail', 'azurerm_redis_cache.fail2'
        }
        skipped_resources = {}

        passed_check_resources = set(
            [c.resource for c in report.passed_checks])
        failed_check_resources = set(
            [c.resource for c in report.failed_checks])

        self.assertEqual(summary['passed'], len(passing_resources))
        self.assertEqual(summary['failed'], len(failing_resources))
        self.assertEqual(summary['skipped'], len(skipped_resources))
        self.assertEqual(summary['parsing_errors'], 0)

        self.assertEqual(passing_resources, passed_check_resources)
        self.assertEqual(failing_resources, failed_check_resources)
Exemplo n.º 24
0
    def test(self):
        test_files_dir = Path(__file__).parent / "example_AdminPolicyDocument"

        report = Runner().run(root_folder=test_files_dir, runner_filter=RunnerFilter(checks=[check.id]))
        summary = report.get_summary()

        passing_resources = {
            "aws_iam_policy_document.list",
            "aws_iam_policy_document.pass",
        }
        failing_resources = {
            "aws_iam_policy_document.fail",
            "aws_iam_policy_document.no_effect",
        }

        passed_check_resources = set([c.resource for c in report.passed_checks])
        failed_check_resources = set([c.resource for c in report.failed_checks])

        self.assertEqual(summary["passed"], 2)
        self.assertEqual(summary["failed"], 2)
        self.assertEqual(summary["skipped"], 0)
        self.assertEqual(summary["parsing_errors"], 0)

        self.assertEqual(passing_resources, passed_check_resources)
        self.assertEqual(failing_resources, failed_check_resources)
Exemplo n.º 25
0
    def test(self):
        # given
        test_files_dir = Path(__file__).parent / "example_WAFEnabled"

        # when
        report = Runner().run(root_folder=str(test_files_dir),
                              runner_filter=RunnerFilter(checks=[check.id]))

        # then
        summary = report.get_summary()

        passing_resources = {
            "aws_cloudfront_distribution.pass",
        }

        failing_resources = {
            "aws_cloudfront_distribution.fail",
        }

        passed_check_resources = {c.resource for c in report.passed_checks}
        failed_check_resources = {c.resource for c in report.failed_checks}

        self.assertEqual(summary["passed"], 1)
        self.assertEqual(summary["failed"], 1)
        self.assertEqual(summary["skipped"], 0)
        self.assertEqual(summary["parsing_errors"], 0)

        self.assertEqual(passing_resources, passed_check_resources)
        self.assertEqual(failing_resources, failed_check_resources)
Exemplo n.º 26
0
    def test(self):
        runner = Runner()
        current_dir = os.path.dirname(os.path.realpath(__file__))

        test_files_dir = current_dir + "/example_DropletSSHKeys"
        report = runner.run(root_folder=test_files_dir, runner_filter=RunnerFilter(checks=[check.id]))
        summary = report.get_summary()

        passing_resources = {
            "digitalocean_droplet.pass",
        }
        failing_resources = {
            "digitalocean_droplet.fail",
        }

        passed_check_resources = set([c.resource for c in report.passed_checks])
        failed_check_resources = set([c.resource for c in report.failed_checks])

        self.assertEqual(summary["passed"], 1)
        self.assertEqual(summary["failed"], 1)
        self.assertEqual(summary["skipped"], 0)
        self.assertEqual(summary["parsing_errors"], 0)

        self.assertEqual(passing_resources, passed_check_resources)
        self.assertEqual(failing_resources, failed_check_resources)
    def test(self):
        runner = Runner()
        current_dir = os.path.dirname(os.path.realpath(__file__))

        test_files_dir = os.path.join(current_dir,
                                      "example_CosmosDBLocalAuthDisabled")
        report = runner.run(root_folder=test_files_dir,
                            runner_filter=RunnerFilter(checks=[check.id]))
        summary = report.get_summary()

        passing_resources = {'azurerm_cosmosdb_account.ckv_unittest_pass'}
        failing_resources = {
            'azurerm_cosmosdb_account.ckv_unittest_fail',
            'azurerm_cosmosdb_account.ckv_unittest_fail_2'
        }
        skipped_resources = {}

        passed_check_resources = set(
            [c.resource for c in report.passed_checks])
        failed_check_resources = set(
            [c.resource for c in report.failed_checks])

        self.assertEqual(summary['passed'], len(passing_resources))
        self.assertEqual(summary['failed'], len(failing_resources))
        self.assertEqual(summary['skipped'], len(skipped_resources))
        self.assertEqual(summary['parsing_errors'], 0)

        self.assertEqual(passing_resources, passed_check_resources)
        self.assertEqual(failing_resources, failed_check_resources)
Exemplo n.º 28
0
    def test(self):
        # given
        test_files_dir = Path(__file__).parent / "example_EBSEncryption"

        # when
        report = Runner().run(root_folder=str(test_files_dir),
                              runner_filter=RunnerFilter(checks=[check.id]))

        # then
        summary = report.get_summary()

        passing_resources = {
            "aws_ebs_volume.enabled",
        }
        failing_resources = {
            "aws_ebs_volume.default",
            "aws_ebs_volume.disabled",
        }

        passed_check_resources = {c.resource for c in report.passed_checks}
        failed_check_resources = {c.resource for c in report.failed_checks}

        self.assertEqual(summary["passed"], 1)
        self.assertEqual(summary["failed"], 2)
        self.assertEqual(summary["skipped"], 0)
        self.assertEqual(summary["parsing_errors"], 0)

        self.assertEqual(passing_resources, passed_check_resources)
        self.assertEqual(failing_resources, failed_check_resources)
Exemplo n.º 29
0
    def test(self):
        test_files_dir = Path(__file__).parent / "example_EC2PublicIP"
        report = Runner().run(root_folder=str(test_files_dir),
                              runner_filter=RunnerFilter(checks=[check.id]))
        summary = report.get_summary()

        passing_resources = {
            "aws_instance.default",
            "aws_instance.private",
            "aws_launch_template.default",
            "aws_launch_template.private",
        }
        failing_resources = {
            "aws_instance.public",
            "aws_launch_template.public",
        }

        passed_check_resources = {c.resource for c in report.passed_checks}
        failed_check_resources = {c.resource for c in report.failed_checks}

        self.assertEqual(summary["passed"], 4)
        self.assertEqual(summary["failed"], 2)
        self.assertEqual(summary["skipped"], 0)
        self.assertEqual(summary["parsing_errors"], 0)

        self.assertEqual(passing_resources, passed_check_resources)
        self.assertEqual(failing_resources, failed_check_resources)
Exemplo n.º 30
0
    def test(self):
        runner = Runner()
        current_dir = os.path.dirname(os.path.realpath(__file__))

        test_files_dir = current_dir + "/example_PubSubPrivateTopic"
        report = runner.run(root_folder=test_files_dir, runner_filter=RunnerFilter(checks=[check.id]))
        summary = report.get_summary()

        passing_resources = {
            'google_pubsub_topic_iam_binding.pass1',
            'google_pubsub_topic_iam_binding.pass2',
            'google_pubsub_topic_iam_member.pass1',
            'google_pubsub_topic_iam_member.pass2',

        }
        failing_resources = {
            'google_pubsub_topic_iam_binding.fail1',
            'google_pubsub_topic_iam_binding.fail2',
            'google_pubsub_topic_iam_binding.fail3',
            'google_pubsub_topic_iam_binding.fail4',
            'google_pubsub_topic_iam_member.fail1',
            'google_pubsub_topic_iam_member.fail2',
        }

        passed_check_resources = set([c.resource for c in report.passed_checks])
        failed_check_resources = set([c.resource for c in report.failed_checks])

        self.assertEqual(summary['passed'], 4)
        self.assertEqual(summary['failed'], 6)
        self.assertEqual(summary['skipped'], 0)
        self.assertEqual(summary['parsing_errors'], 0)

        self.assertEqual(passing_resources, passed_check_resources)
        self.assertEqual(failing_resources, failed_check_resources)