def test_summary(self): test_files_dir = Path(__file__).parent / "example_RDSIAMAuthentication" report = Runner().run(root_folder=str(test_files_dir), runner_filter=RunnerFilter(checks=[check.id])) summary = report.get_summary() passing_resources = { "AWS::RDS::DBInstance.EnabledMysql", "AWS::RDS::DBInstance.EnabledPostgres", } failing_resources = { "AWS::RDS::DBInstance.DefaultMysql", "AWS::RDS::DBInstance.DefaultPostgres", "AWS::RDS::DBInstance.DisabledMysql", "AWS::RDS::DBInstance.DisabledPostgres", } passed_check_resources = set( [c.resource for c in report.passed_checks]) failed_check_resources = set( [c.resource for c in report.failed_checks]) self.assertEqual(summary["passed"], 2) self.assertEqual(summary["failed"], 4) self.assertEqual(summary["skipped"], 0) self.assertEqual(summary["parsing_errors"], 0) self.assertEqual(passing_resources, passed_check_resources) self.assertEqual(failing_resources, failed_check_resources)
def test_summary(self): runner = Runner() current_dir = os.path.dirname(os.path.realpath(__file__)) test_files_dir = current_dir + "/example_RDSMultiAZEnabled" report = runner.run(root_folder=test_files_dir, runner_filter=RunnerFilter(checks=[check.id])) summary = report.get_summary() passing_resources = { "AWS::RDS::DBInstance.MyDBEnabled", } failing_resources = { "AWS::RDS::DBInstance.MyDBDefault", "AWS::RDS::DBInstance.MyDBDisabled", } passed_check_resources = set([c.resource for c in report.passed_checks]) failed_check_resources = set([c.resource for c in report.failed_checks]) self.assertEqual(summary['passed'], 1) self.assertEqual(summary['failed'], 2) self.assertEqual(summary['skipped'], 0) self.assertEqual(summary['parsing_errors'], 0) self.assertEqual(passing_resources, passed_check_resources) self.assertEqual(failing_resources, failed_check_resources)
def test_summary(self): # given test_files_dir = Path(__file__).parent / "example_WAFACLCVE202144228" # when report = Runner().run(root_folder=str(test_files_dir), runner_filter=RunnerFilter(checks=[check.id])) # then summary = report.get_summary() passing_resources = { "AWS::WAFv2::WebACL.Pass", } failing_resources = { "AWS::WAFv2::WebACL.NoRule", "AWS::WAFv2::WebACL.WrongRule", "AWS::WAFv2::WebACL.RuleCount", "AWS::WAFv2::WebACL.RuleGroupCount", } passed_check_resources = {c.resource for c in report.passed_checks} failed_check_resources = {c.resource for c in report.failed_checks} self.assertEqual(summary["passed"], 1) self.assertEqual(summary["failed"], 4) self.assertEqual(summary["skipped"], 0) self.assertEqual(summary["parsing_errors"], 0) self.assertEqual(passing_resources, passed_check_resources) self.assertEqual(failing_resources, failed_check_resources)
def test_summary(self): runner = Runner() current_dir = os.path.dirname(os.path.realpath(__file__)) test_files_dir = current_dir + "/example_TimestreamDatabaseKMSKey" report = runner.run(root_folder=test_files_dir, runner_filter=RunnerFilter(checks=[check.id])) summary = report.get_summary() passing_resources = { "AWS::Timestream::Database.TimestreamDatabaseEnabled", } failing_resources = { "AWS::Timestream::Database.TimestreamDatabaseDefault", } passed_check_resources = set( [c.resource for c in report.passed_checks]) failed_check_resources = set( [c.resource for c in report.failed_checks]) self.assertEqual(summary["passed"], 1) self.assertEqual(summary["failed"], 1) self.assertEqual(summary["skipped"], 0) self.assertEqual(summary["parsing_errors"], 0) self.assertEqual(passing_resources, passed_check_resources) self.assertEqual(failing_resources, failed_check_resources)
def test_summary(self): runner = Runner() current_dir = os.path.dirname(os.path.realpath(__file__)) test_files_dir = current_dir + "/example_APIGatewayV2AccessLogging" report = runner.run(root_folder=test_files_dir, runner_filter=RunnerFilter(checks=[check.id])) summary = report.get_summary() passing_resources = { "AWS::ApiGatewayV2::Stage.Enabled", "AWS::Serverless::HttpApi.Enabled", } failing_resources = { "AWS::ApiGatewayV2::Stage.Default", "AWS::Serverless::HttpApi.Default", } passed_check_resources = {c.resource for c in report.passed_checks} failed_check_resources = {c.resource for c in report.failed_checks} self.assertEqual(summary['passed'], 2) self.assertEqual(summary['failed'], 2) self.assertEqual(summary['skipped'], 0) self.assertEqual(summary['parsing_errors'], 0) self.assertEqual(passing_resources, passed_check_resources) self.assertEqual(failing_resources, failed_check_resources)
def test_summary(self): test_files_dir = Path( __file__).parent / "example_LambdaEnvironmentCredentials" report = Runner().run(root_folder=str(test_files_dir), runner_filter=RunnerFilter(checks=[check.id])) summary = report.get_summary() passing_resources = { "AWS::Lambda::Function.NoEnv", "AWS::Lambda::Function.NoSecret", "AWS::Serverless::Function.NoEnv", "AWS::Serverless::Function.NoSecret", } failing_resources = { "AWS::Lambda::Function.Secret", "AWS::Serverless::Function.Secret", } passed_check_resources = {c.resource for c in report.passed_checks} failed_check_resources = {c.resource for c in report.failed_checks} self.assertEqual(summary["passed"], 4) self.assertEqual(summary["failed"], 2) self.assertEqual(summary["skipped"], 0) self.assertEqual(summary["parsing_errors"], 0) self.assertEqual(passing_resources, passed_check_resources) self.assertEqual(failing_resources, failed_check_resources)
def test_summary(self): runner = Runner() current_dir = os.path.dirname(os.path.realpath(__file__)) test_files_dir = current_dir + "/example_CloudWatchLogGroupKMSKey" report = runner.run(root_folder=test_files_dir, runner_filter=RunnerFilter(checks=[check.id])) summary = report.get_summary() for record in report.failed_checks: self.assertEqual(record.check_id, check.id) for record in report.passed_checks: self.assertEqual(record.check_id, check.id) passing_resources = { "AWS::Logs::LogGroup.Pass", } failing_resources = { "AWS::Logs::LogGroup.Fail", } passed_check_resources = set( [c.resource for c in report.passed_checks]) failed_check_resources = set( [c.resource for c in report.failed_checks]) self.assertEqual(summary['passed'], 1) self.assertEqual(summary['failed'], 1) self.assertEqual(summary['skipped'], 0) self.assertEqual(summary['parsing_errors'], 0) self.assertEqual(passing_resources, passed_check_resources) self.assertEqual(failing_resources, failed_check_resources)
def test_summary(self): test_files_dir = Path( __file__).parent / "example_QLDBLedgerDeletionProtection" report = Runner().run(root_folder=str(test_files_dir), runner_filter=RunnerFilter(checks=[check.id])) summary = report.get_summary() passing_resources = { "AWS::QLDB::Ledger.Default", "AWS::QLDB::Ledger.Enabled", } failing_resources = { "AWS::QLDB::Ledger.Disabled", } passed_check_resources = set( [c.resource for c in report.passed_checks]) failed_check_resources = set( [c.resource for c in report.failed_checks]) self.assertEqual(summary["passed"], 2) self.assertEqual(summary["failed"], 1) self.assertEqual(summary["skipped"], 0) self.assertEqual(summary["parsing_errors"], 0) self.assertEqual(passing_resources, passed_check_resources) self.assertEqual(failing_resources, failed_check_resources)
def test_summary(self): runner = Runner() current_dir = os.path.dirname(os.path.realpath(__file__)) test_files_dir = current_dir + "/example_SecretManagerSecretEncrypted" report = runner.run(root_folder=test_files_dir, runner_filter=RunnerFilter(checks=[check.id])) summary = report.get_summary() passing_resources = { "AWS::SecretsManager::Secret.MyCMK", } failing_resources = { "AWS::SecretsManager::Secret.NoKMS", "AWS::SecretsManager::Secret.AWSKMS0", "AWS::SecretsManager::Secret.AWSKMS1", } passed_check_resources = set( [c.resource for c in report.passed_checks]) failed_check_resources = set( [c.resource for c in report.failed_checks]) self.assertEqual(summary["passed"], 1) self.assertEqual(summary["failed"], 3) self.assertEqual(summary["skipped"], 0) self.assertEqual(summary["parsing_errors"], 0) self.assertEqual(passing_resources, passed_check_resources) self.assertEqual(failing_resources, failed_check_resources)
def test_summary(self): # given test_files_dir = Path( __file__).parent / "example_GlueSecurityConfigurationEnabled" # when report = Runner().run(root_folder=str(test_files_dir), runner_filter=RunnerFilter(checks=[check.id])) # then summary = report.get_summary() passing_resources = { "AWS::Glue::Crawler.CrawlerEnabled", "AWS::Glue::DevEndpoint.DevEndpointEnabled", "AWS::Glue::Job.JobEnabled", } failing_resources = { "AWS::Glue::Crawler.CrawlerDefault", "AWS::Glue::DevEndpoint.DevEndpointDefault", "AWS::Glue::Job.JobDefault", } passed_check_resources = {c.resource for c in report.passed_checks} failed_check_resources = {c.resource for c in report.failed_checks} self.assertEqual(summary["passed"], 3) self.assertEqual(summary["failed"], 3) self.assertEqual(summary["skipped"], 0) self.assertEqual(summary["parsing_errors"], 0) self.assertEqual(passing_resources, passed_check_resources) self.assertEqual(failing_resources, failed_check_resources)
def test_summary(self): runner = Runner() current_dir = os.path.dirname(os.path.realpath(__file__)) test_files_dir = current_dir + "/example_CloudFrontTLS12" report = runner.run(root_folder=test_files_dir, runner_filter=RunnerFilter(checks=[check.id])) summary = report.get_summary() passing_resources = { 'AWS::CloudFront::Distribution.cloudfrontdistributionPASSED1', 'AWS::CloudFront::Distribution.cloudfrontdistributionPASSED2', 'AWS::CloudFront::Distribution.cloudfrontdistributionPASSED3' } failing_resources = { 'AWS::CloudFront::Distribution.cloudfrontdistributionFAILED1', 'AWS::CloudFront::Distribution.cloudfrontdistributionFAILED2', 'AWS::CloudFront::Distribution.cloudfrontdistributionFAILED3', } passed_check_resources = set( [c.resource for c in report.passed_checks]) failed_check_resources = set( [c.resource for c in report.failed_checks]) self.assertEqual(summary['passed'], 3) self.assertEqual(summary['failed'], 3) self.assertEqual(summary['skipped'], 0) self.assertEqual(summary['parsing_errors'], 0) self.assertEqual(passing_resources, passed_check_resources) self.assertEqual(failing_resources, failed_check_resources)
def test_summary(self): runner = Runner() current_dir = os.path.dirname(os.path.realpath(__file__)) test_files_dir = current_dir + "/example_KinesisStreamEncryptionType" report = runner.run(root_folder=test_files_dir, runner_filter=RunnerFilter(checks=[check.id])) summary = report.get_summary() for record in report.failed_checks: self.assertEqual(record.check_id, check.id) for record in report.passed_checks: self.assertEqual(record.check_id, check.id) passing_resources = {"AWS::Kinesis::Stream.KMSEncryption"} failing_resources = {"AWS::Kinesis::Stream.NoEncryption"} passed_check_resources = set( [c.resource for c in report.passed_checks]) failed_check_resources = set( [c.resource for c in report.failed_checks]) self.assertEqual(summary['passed'], 1) self.assertEqual(summary['failed'], 1) self.assertEqual(summary['skipped'], 0) self.assertEqual(summary['parsing_errors'], 0) self.assertEqual(passing_resources, passed_check_resources) self.assertEqual(failing_resources, failed_check_resources)
def test_summary(self): runner = Runner() current_dir = os.path.dirname(os.path.realpath(__file__)) test_files_dir = current_dir + "/example_APIGatewayCacheEnable" report = runner.run(root_folder=test_files_dir, runner_filter=RunnerFilter(checks=[check.id])) summary = report.get_summary() for record in report.failed_checks: self.assertEqual(record.check_id, check.id) for record in report.passed_checks: self.assertEqual(record.check_id, check.id) passing_resources = { "AWS::ApiGateway::Stage.CacheTrue", } failing_resources = { "AWS::ApiGateway::Stage.CacheDefault", "AWS::ApiGateway::Stage.CacheFalse", } passed_check_resources = set( [c.resource for c in report.passed_checks]) failed_check_resources = set( [c.resource for c in report.failed_checks]) self.assertEqual(summary['passed'], 1) self.assertEqual(summary['failed'], 2) self.assertEqual(summary['skipped'], 0) self.assertEqual(summary['parsing_errors'], 0) self.assertEqual(passing_resources, passed_check_resources) self.assertEqual(failing_resources, failed_check_resources)
def test_record_relative_path_with_relative_dir(self): # test whether the record's repo_file_path is correct, relative to the CWD (with a / at the start). # this is just constructing the scan dir as normal current_dir = os.path.dirname(os.path.realpath(__file__)) scan_dir_path = os.path.join(current_dir, "resources") # this is the relative path to the directory to scan (what would actually get passed to the -d arg) dir_rel_path = os.path.relpath(scan_dir_path).replace('\\', '/') runner = Runner() checks_allowlist = ['CKV_AWS_20'] report = runner.run(root_folder=dir_rel_path, external_checks_dir=None, runner_filter=RunnerFilter( framework='cloudformation', checks=checks_allowlist)) all_checks = report.failed_checks + report.passed_checks self.assertGreater( len(all_checks), 0) # ensure that the assertions below are going to do something for record in all_checks: # no need to join with a '/' because the CFN runner adds it to the start of the file path self.assertEqual(record.repo_file_path, f'/{dir_rel_path}{record.file_path}')
def test_parsing_error_json(self): current_dir = os.path.dirname(os.path.realpath(__file__)) scan_file_path = os.path.join(current_dir, "resources", "invalid.json") runner = Runner() report = runner.run(root_folder=None, external_checks_dir=None, files=[scan_file_path], runner_filter=RunnerFilter(framework='cloudformation')) self.assertEqual(report.parsing_errors, [scan_file_path])
def test_summary(self): runner = Runner() current_dir = os.path.dirname(os.path.realpath(__file__)) test_files_dir = current_dir + "/example_LambdaEnvironmentEncryptionSettings" report = runner.run(root_folder=test_files_dir, runner_filter=RunnerFilter(checks=[check.id])) summary = report.get_summary() for record in report.failed_checks: self.assertEqual(record.check_id, check.id) for record in report.passed_checks: self.assertEqual(record.check_id, check.id) passing_resources = { "AWS::Lambda::Function.EnvAndKey", "AWS::Lambda::Function.NoEnvAndNoKey", } failing_resources = { "AWS::Lambda::Function.EnvAndNoKey", } passed_check_resources = set( [c.resource for c in report.passed_checks]) failed_check_resources = set( [c.resource for c in report.failed_checks]) self.assertEqual(summary['passed'], 2) self.assertEqual(summary['failed'], 1) self.assertEqual(summary['skipped'], 0) self.assertEqual(summary['parsing_errors'], 0) self.assertEqual(passing_resources, passed_check_resources) self.assertEqual(failing_resources, failed_check_resources)
def test_summary(self): runner = Runner() current_dir = os.path.dirname(os.path.realpath(__file__)) test_files_dir = current_dir + "/example_IAMRoleAllowsPublicAssume" report = runner.run(root_folder=test_files_dir,runner_filter=RunnerFilter(checks=[check.id])) summary = report.get_summary() for record in report.failed_checks: self.assertEqual(record.check_id, check.id) for record in report.passed_checks: self.assertEqual(record.check_id, check.id) passing_resources = { "AWS::IAM::Role.ServiceRole", "AWS::IAM::Role.DenyIgnore", } failing_resources = { "AWS::IAM::Role.AWSStarPrincipal", "AWS::IAM::Role.AWSStarPrincipalInList", } passed_check_resources = set([c.resource for c in report.passed_checks]) failed_check_resources = set([c.resource for c in report.failed_checks]) self.assertEqual(summary['passed'], 2) self.assertEqual(summary['failed'], 2) self.assertEqual(summary['skipped'], 0) self.assertEqual(summary['parsing_errors'], 0) self.assertEqual(passing_resources, passed_check_resources) self.assertEqual(failing_resources, failed_check_resources)
def test_summary(self): runner = Runner() current_dir = os.path.dirname(os.path.realpath(__file__)) test_files_dir = current_dir + "/example_TransferServerIsPublic" report = runner.run(root_folder=test_files_dir, runner_filter=RunnerFilter(checks=[check.id])) summary = report.get_summary() passing_resources = { "AWS::Transfer::Server.VPC", "AWS::Transfer::Server.VPCENDPOINT", } failing_resources = { "AWS::Transfer::Server.PUBLIC", "AWS::Transfer::Server.NONE", } passed_check_resources = set([c.resource for c in report.passed_checks]) failed_check_resources = set([c.resource for c in report.failed_checks]) self.assertEqual(summary["passed"], 2) self.assertEqual(summary["failed"], 2) self.assertEqual(summary["skipped"], 0) self.assertEqual(summary["parsing_errors"], 0) self.assertEqual(passing_resources, passed_check_resources) self.assertEqual(failing_resources, failed_check_resources)
def test_summary(self): test_files_dir = Path( __file__).parent / "example_QLDBLedgerPermissionsMode" report = Runner().run(root_folder=str(test_files_dir), runner_filter=RunnerFilter(checks=[check.id])) summary = report.get_summary() passing_resources = { "AWS::QLDB::Ledger.Standard", } failing_resources = { "AWS::QLDB::Ledger.AllowAll", } passed_check_resources = set( [c.resource for c in report.passed_checks]) failed_check_resources = set( [c.resource for c in report.failed_checks]) self.assertEqual(summary["passed"], 1) self.assertEqual(summary["failed"], 1) self.assertEqual(summary["skipped"], 0) self.assertEqual(summary["parsing_errors"], 0) self.assertEqual(passing_resources, passed_check_resources) self.assertEqual(failing_resources, failed_check_resources)
def test_summary(self): runner = Runner() current_dir = os.path.dirname(os.path.realpath(__file__)) test_files_dir = current_dir + "/example_AmazonMQBrokerPublicAccess" report = runner.run(root_folder=test_files_dir,runner_filter=RunnerFilter(checks=[check.id])) summary = report.get_summary() passing_resources = { "AWS::AmazonMQ::Broker.PrivateBroker0", "AWS::AmazonMQ::Broker.PrivateBroker1", } failing_resources = { "AWS::AmazonMQ::Broker.PublicBroker0", "AWS::AmazonMQ::Broker.PublicBroker1", } passed_check_resources = set([c.resource for c in report.passed_checks]) failed_check_resources = set([c.resource for c in report.failed_checks]) self.assertEqual(summary['passed'], 2) self.assertEqual(summary['failed'], 2) self.assertEqual(summary['skipped'], 0) self.assertEqual(summary['parsing_errors'], 0) self.assertEqual(passing_resources, passed_check_resources) self.assertEqual(failing_resources, failed_check_resources)
def test_summary(self): test_files_dir = Path( __file__).parent / "example_AppSyncFieldLevelLogs" report = Runner().run(root_folder=str(test_files_dir), runner_filter=RunnerFilter(checks=[check.id])) summary = report.get_summary() passing_resources = { "AWS::AppSync::GraphQLApi.All", "AWS::AppSync::GraphQLApi.Error", } failing_resources = { "AWS::AppSync::GraphQLApi.None", } passed_check_resources = {c.resource for c in report.passed_checks} failed_check_resources = {c.resource for c in report.failed_checks} self.assertEqual(summary["passed"], 2) self.assertEqual(summary["failed"], 1) self.assertEqual(summary["skipped"], 0) self.assertEqual(summary["parsing_errors"], 0) self.assertEqual(passing_resources, passed_check_resources) self.assertEqual(failing_resources, failed_check_resources)
def test_summary(self): runner = Runner() current_dir = os.path.dirname(os.path.realpath(__file__)) test_files_dir = current_dir + "/example_ECRImageScanning" report = runner.run(root_folder=test_files_dir, runner_filter=RunnerFilter(checks=[check.id])) summary = report.get_summary() for record in report.failed_checks: self.assertEqual(record.check_id, check.id) for record in report.passed_checks: self.assertEqual(record.check_id, check.id) passing_resources = {"AWS::ECR::Repository.ImageScanTrue"} failing_resources = { "AWS::ECR::Repository.ImageScanFalse", "AWS::ECR::Repository.ImageScanNotSet" } passed_check_resources = set( [c.resource for c in report.passed_checks]) failed_check_resources = set( [c.resource for c in report.failed_checks]) self.assertEqual(summary['passed'], 1) self.assertEqual(summary['failed'], 2) self.assertEqual(summary['skipped'], 0) self.assertEqual(summary['parsing_errors'], 0) self.assertEqual(passing_resources, passed_check_resources) self.assertEqual(failing_resources, failed_check_resources)
def test_summary(self): runner = Runner() current_dir = os.path.dirname(os.path.realpath(__file__)) test_files_dir = current_dir + "/example_DocDBLogging" report = runner.run(root_folder=test_files_dir, runner_filter=RunnerFilter(checks=[check.id])) summary = report.get_summary() passing_resources = { "AWS::DocDB::DBCluster.DocDBEnabled", } failing_resources = { "AWS::DocDB::DBCluster.DocDBDefault", "AWS::DocDB::DBCluster.DocDBAudit", "AWS::DocDB::DBCluster.DocDBProfiler", } passed_check_resources = set( [c.resource for c in report.passed_checks]) failed_check_resources = set( [c.resource for c in report.failed_checks]) self.assertEqual(summary["passed"], 1) self.assertEqual(summary["failed"], 3) self.assertEqual(summary["skipped"], 0) self.assertEqual(summary["parsing_errors"], 0) self.assertEqual(passing_resources, passed_check_resources) self.assertEqual(failing_resources, failed_check_resources)
def test_record_relative_path_with_abs_file(self): # test whether the record's repo_file_path is correct, relative to the CWD (with a / at the start). # this is just constructing the scan dir as normal current_dir = os.path.dirname(os.path.realpath(__file__)) scan_file_path = os.path.join(current_dir, "resources", "success.json") file_rel_path = os.path.relpath(scan_file_path) file_abs_path = os.path.abspath(scan_file_path) runner = Runner() checks_allowlist = ['CKV_AWS_20'] report = runner.run(root_folder=None, external_checks_dir=None, files=[file_abs_path], runner_filter=RunnerFilter( framework='cloudformation', checks=checks_allowlist)) all_checks = report.failed_checks + report.passed_checks self.assertTrue( len(all_checks) > 0) # ensure that the assertions below are going to do something for record in all_checks: # no need to join with a '/' because the CFN runner adds it to the start of the file path self.assertEqual(record.repo_file_path, f'/{file_rel_path}')
def test_summary(self): runner = Runner() current_dir = os.path.dirname(os.path.realpath(__file__)) test_files_dir = current_dir + "/example_RedShiftSSL" report = runner.run(root_folder=test_files_dir, runner_filter=RunnerFilter(checks=[check.id])) summary = report.get_summary() passing_resources = { "AWS::Redshift::ClusterParameterGroup.RedshiftParameterGroupEnabled", } failing_resources = { "AWS::Redshift::ClusterParameterGroup.RedshiftParameterGroupDefault", "AWS::Redshift::ClusterParameterGroup.RedshiftParameterGroupDisabled", } passed_check_resources = set( [c.resource for c in report.passed_checks]) failed_check_resources = set( [c.resource for c in report.failed_checks]) self.assertEqual(summary["passed"], 1) self.assertEqual(summary["failed"], 2) self.assertEqual(summary["skipped"], 0) self.assertEqual(summary["parsing_errors"], 0) self.assertEqual(passing_resources, passed_check_resources) self.assertEqual(failing_resources, failed_check_resources)
def test_runner_sam(self): # given test_dir_path = Path( __file__).parent.parent / "graph_builder/resources/sam" # when report = Runner().run( root_folder=str(test_dir_path), runner_filter=RunnerFilter(checks=["CKV2_AWS_26"])) # then summary = report.get_summary() passing_resources = { "AWS::Serverless::Function.Function1", "AWS::Serverless::Function.Function2", } passed_check_resources = {c.resource for c in report.passed_checks} self.assertEqual(summary["passed"], 2) self.assertEqual(summary["failed"], 0) self.assertEqual(summary["skipped"], 0) self.assertEqual(summary["parsing_errors"], 0) self.assertEqual(passing_resources, passed_check_resources)
def test_summary(self): test_files_dir = Path( __file__).parent / "example_RedshiftClusterPubliclyAccessible" report = Runner().run(root_folder=str(test_files_dir), runner_filter=RunnerFilter(checks=[check.id])) summary = report.get_summary() passing_resources = { "AWS::Redshift::Cluster.RedshiftClusterEnabled", } failing_resources = { "AWS::Redshift::Cluster.RedshiftClusterDefault", "AWS::Redshift::Cluster.RedshiftClusterDisabled", } passed_check_resources = set( [c.resource for c in report.passed_checks]) failed_check_resources = set( [c.resource for c in report.failed_checks]) self.assertEqual(summary["passed"], 1) self.assertEqual(summary["failed"], 2) self.assertEqual(summary["skipped"], 0) self.assertEqual(summary["parsing_errors"], 0) self.assertEqual(passing_resources, passed_check_resources) self.assertEqual(failing_resources, failed_check_resources)
def test_summary(self): runner = Runner() current_dir = os.path.dirname(os.path.realpath(__file__)) test_files_dir = current_dir + "/example_DynamoDBTablesEncrypted" report = runner.run(root_folder=test_files_dir, runner_filter=RunnerFilter(checks=[check.id])) summary = report.get_summary() for record in report.failed_checks: self.assertEqual(record.check_id, check.id) for record in report.passed_checks: self.assertEqual(record.check_id, check.id) passing_resources = { "AWS::DynamoDB::Table.KMSEncryption" } failing_resources = { "AWS::DynamoDB::Table.DefaultEncryption", "AWS::DynamoDB::Table.EncryptionFalse", "AWS::DynamoDB::Table.NoEncryptionConfig" } passed_check_resources = set([c.resource for c in report.passed_checks]) failed_check_resources = set([c.resource for c in report.failed_checks]) self.assertEqual(summary['passed'], 1) self.assertEqual(summary['failed'], 3) self.assertEqual(summary['skipped'], 0) self.assertEqual(summary['parsing_errors'], 0) self.assertEqual(passing_resources, passed_check_resources) self.assertEqual(failing_resources, failed_check_resources)
def test_summary(self): runner = Runner() current_dir = os.path.dirname(os.path.realpath(__file__)) test_files_dir = current_dir + "/example_WorkspaceUserVolumeEncrypted" report = runner.run(root_folder=test_files_dir, runner_filter=RunnerFilter(checks=[check.id])) summary = report.get_summary() for record in report.failed_checks: self.assertEqual(record.check_id, check.id) for record in report.passed_checks: self.assertEqual(record.check_id, check.id) passing_resources = { "AWS::WorkSpaces::Workspace.Pass", } failing_resources = { "AWS::WorkSpaces::Workspace.FailDefault", "AWS::WorkSpaces::Workspace.FailExplicit", } passed_check_resources = set([c.resource for c in report.passed_checks]) failed_check_resources = set([c.resource for c in report.failed_checks]) self.assertEqual(summary['passed'], 1) self.assertEqual(summary['failed'], 2) self.assertEqual(summary['skipped'], 0) self.assertEqual(summary['parsing_errors'], 0) self.assertEqual(passing_resources, passed_check_resources) self.assertEqual(failing_resources, failed_check_resources)
def test_summary(self): runner = Runner() current_dir = os.path.dirname(os.path.realpath(__file__)) test_files_dir = current_dir + "/example_ALBListenerTLS12" report = runner.run(root_folder=test_files_dir, runner_filter=RunnerFilter(checks=[check.id])) summary = report.get_summary() passing_resources = { 'AWS::ElasticLoadBalancingV2::Listener.ListenerHTTPSPASSED1', 'AWS::ElasticLoadBalancingV2::Listener.ListenerHTTPSPASSED2', 'AWS::ElasticLoadBalancingV2::Listener.ListenerHTTPPASSED3' } failing_resources = { 'AWS::ElasticLoadBalancingV2::Listener.ListenerHTTPSFAILED1', 'AWS::ElasticLoadBalancingV2::Listener.ListenerHTTPSFAILED2' } passed_check_resources = set( [c.resource for c in report.passed_checks]) failed_check_resources = set( [c.resource for c in report.failed_checks]) self.assertEqual(summary['passed'], 3) self.assertEqual(summary['failed'], 2) self.assertEqual(summary['skipped'], 0) self.assertEqual(summary['parsing_errors'], 0) self.assertEqual(passing_resources, passed_check_resources) self.assertEqual(failing_resources, failed_check_resources)