def test_summary(self): test_files_dir = Path( __file__).parent / "example_RedshiftClusterPubliclyAccessible" report = Runner().run(root_folder=str(test_files_dir), runner_filter=RunnerFilter(checks=[check.id])) summary = report.get_summary() passing_resources = { "AWS::Redshift::Cluster.RedshiftClusterEnabled", } failing_resources = { "AWS::Redshift::Cluster.RedshiftClusterDefault", "AWS::Redshift::Cluster.RedshiftClusterDisabled", } passed_check_resources = set( [c.resource for c in report.passed_checks]) failed_check_resources = set( [c.resource for c in report.failed_checks]) self.assertEqual(summary["passed"], 1) self.assertEqual(summary["failed"], 2) self.assertEqual(summary["skipped"], 0) self.assertEqual(summary["parsing_errors"], 0) self.assertEqual(passing_resources, passed_check_resources) self.assertEqual(failing_resources, failed_check_resources)
def test_summary(self): # given test_files_dir = Path(__file__).parent / "example_WAFACLCVE202144228" # when report = Runner().run(root_folder=str(test_files_dir), runner_filter=RunnerFilter(checks=[check.id])) # then summary = report.get_summary() passing_resources = { "AWS::WAFv2::WebACL.Pass", } failing_resources = { "AWS::WAFv2::WebACL.NoRule", "AWS::WAFv2::WebACL.WrongRule", "AWS::WAFv2::WebACL.RuleCount", "AWS::WAFv2::WebACL.RuleGroupCount", } passed_check_resources = {c.resource for c in report.passed_checks} failed_check_resources = {c.resource for c in report.failed_checks} self.assertEqual(summary["passed"], 1) self.assertEqual(summary["failed"], 4) self.assertEqual(summary["skipped"], 0) self.assertEqual(summary["parsing_errors"], 0) self.assertEqual(passing_resources, passed_check_resources) self.assertEqual(failing_resources, failed_check_resources)
def test_summary(self): test_files_dir = Path( __file__).parent / "example_QLDBLedgerPermissionsMode" report = Runner().run(root_folder=str(test_files_dir), runner_filter=RunnerFilter(checks=[check.id])) summary = report.get_summary() passing_resources = { "AWS::QLDB::Ledger.Standard", } failing_resources = { "AWS::QLDB::Ledger.AllowAll", } passed_check_resources = set( [c.resource for c in report.passed_checks]) failed_check_resources = set( [c.resource for c in report.failed_checks]) self.assertEqual(summary["passed"], 1) self.assertEqual(summary["failed"], 1) self.assertEqual(summary["skipped"], 0) self.assertEqual(summary["parsing_errors"], 0) self.assertEqual(passing_resources, passed_check_resources) self.assertEqual(failing_resources, failed_check_resources)
def test_summary(self): test_files_dir = Path( __file__).parent / "example_AppSyncFieldLevelLogs" report = Runner().run(root_folder=str(test_files_dir), runner_filter=RunnerFilter(checks=[check.id])) summary = report.get_summary() passing_resources = { "AWS::AppSync::GraphQLApi.All", "AWS::AppSync::GraphQLApi.Error", } failing_resources = { "AWS::AppSync::GraphQLApi.None", } passed_check_resources = {c.resource for c in report.passed_checks} failed_check_resources = {c.resource for c in report.failed_checks} self.assertEqual(summary["passed"], 2) self.assertEqual(summary["failed"], 1) self.assertEqual(summary["skipped"], 0) self.assertEqual(summary["parsing_errors"], 0) self.assertEqual(passing_resources, passed_check_resources) self.assertEqual(failing_resources, failed_check_resources)
def test_runner_sam(self): # given test_dir_path = Path( __file__).parent.parent / "graph_builder/resources/sam" # when report = Runner().run( root_folder=str(test_dir_path), runner_filter=RunnerFilter(checks=["CKV2_AWS_26"])) # then summary = report.get_summary() passing_resources = { "AWS::Serverless::Function.Function1", "AWS::Serverless::Function.Function2", } passed_check_resources = {c.resource for c in report.passed_checks} self.assertEqual(summary["passed"], 2) self.assertEqual(summary["failed"], 0) self.assertEqual(summary["skipped"], 0) self.assertEqual(summary["parsing_errors"], 0) self.assertEqual(passing_resources, passed_check_resources)
def test_summary(self): test_files_dir = Path( __file__).parent / "example_LambdaEnvironmentCredentials" report = Runner().run(root_folder=str(test_files_dir), runner_filter=RunnerFilter(checks=[check.id])) summary = report.get_summary() passing_resources = { "AWS::Lambda::Function.NoEnv", "AWS::Lambda::Function.NoSecret", "AWS::Serverless::Function.NoEnv", "AWS::Serverless::Function.NoSecret", } failing_resources = { "AWS::Lambda::Function.Secret", "AWS::Serverless::Function.Secret", } passed_check_resources = {c.resource for c in report.passed_checks} failed_check_resources = {c.resource for c in report.failed_checks} self.assertEqual(summary["passed"], 4) self.assertEqual(summary["failed"], 2) self.assertEqual(summary["skipped"], 0) self.assertEqual(summary["parsing_errors"], 0) self.assertEqual(passing_resources, passed_check_resources) self.assertEqual(failing_resources, failed_check_resources)
def test_summary(self): test_files_dir = Path( __file__).parent / "example_QLDBLedgerDeletionProtection" report = Runner().run(root_folder=str(test_files_dir), runner_filter=RunnerFilter(checks=[check.id])) summary = report.get_summary() passing_resources = { "AWS::QLDB::Ledger.Default", "AWS::QLDB::Ledger.Enabled", } failing_resources = { "AWS::QLDB::Ledger.Disabled", } passed_check_resources = set( [c.resource for c in report.passed_checks]) failed_check_resources = set( [c.resource for c in report.failed_checks]) self.assertEqual(summary["passed"], 2) self.assertEqual(summary["failed"], 1) self.assertEqual(summary["skipped"], 0) self.assertEqual(summary["parsing_errors"], 0) self.assertEqual(passing_resources, passed_check_resources) self.assertEqual(failing_resources, failed_check_resources)
def test_summary(self): # given test_files_dir = Path( __file__).parent / "example_GlueSecurityConfigurationEnabled" # when report = Runner().run(root_folder=str(test_files_dir), runner_filter=RunnerFilter(checks=[check.id])) # then summary = report.get_summary() passing_resources = { "AWS::Glue::Crawler.CrawlerEnabled", "AWS::Glue::DevEndpoint.DevEndpointEnabled", "AWS::Glue::Job.JobEnabled", } failing_resources = { "AWS::Glue::Crawler.CrawlerDefault", "AWS::Glue::DevEndpoint.DevEndpointDefault", "AWS::Glue::Job.JobDefault", } passed_check_resources = {c.resource for c in report.passed_checks} failed_check_resources = {c.resource for c in report.failed_checks} self.assertEqual(summary["passed"], 3) self.assertEqual(summary["failed"], 3) self.assertEqual(summary["skipped"], 0) self.assertEqual(summary["parsing_errors"], 0) self.assertEqual(passing_resources, passed_check_resources) self.assertEqual(failing_resources, failed_check_resources)
def test_summary(self): test_files_dir = Path(__file__).parent / "example_RDSIAMAuthentication" report = Runner().run(root_folder=str(test_files_dir), runner_filter=RunnerFilter(checks=[check.id])) summary = report.get_summary() passing_resources = { "AWS::RDS::DBInstance.EnabledMysql", "AWS::RDS::DBInstance.EnabledPostgres", } failing_resources = { "AWS::RDS::DBInstance.DefaultMysql", "AWS::RDS::DBInstance.DefaultPostgres", "AWS::RDS::DBInstance.DisabledMysql", "AWS::RDS::DBInstance.DisabledPostgres", } passed_check_resources = set( [c.resource for c in report.passed_checks]) failed_check_resources = set( [c.resource for c in report.failed_checks]) self.assertEqual(summary["passed"], 2) self.assertEqual(summary["failed"], 4) self.assertEqual(summary["skipped"], 0) self.assertEqual(summary["parsing_errors"], 0) self.assertEqual(passing_resources, passed_check_resources) self.assertEqual(failing_resources, failed_check_resources)
def test_skip_parsing(self): current_dir = os.path.dirname(os.path.realpath(__file__)) test_files = f'{current_dir}/skip.yaml' report = Runner().run(None, files=[test_files], runner_filter=RunnerFilter()) summary = report.get_summary() self.assertEqual(summary['passed'], 1) self.assertEqual(summary['failed'], 0) self.assertEqual(summary['skipped'], 1) self.assertEqual(summary['parsing_errors'], 0)
def test_summary(self): test_files_dir = Path(__file__).parent / "example_LambdaDLQConfigured" report = Runner().run(root_folder=str(test_files_dir), runner_filter=RunnerFilter(checks=[check.id])) summary = report.get_summary() passing_resources = { "AWS::Lambda::Function.Enabled", } failing_resources = { "AWS::Lambda::Function.Default", } passed_check_resources = set([c.resource for c in report.passed_checks]) failed_check_resources = set([c.resource for c in report.failed_checks]) self.assertEqual(summary["passed"], 1) self.assertEqual(summary["failed"], 1) self.assertEqual(summary["skipped"], 0) self.assertEqual(summary["parsing_errors"], 0) self.assertEqual(passing_resources, passed_check_resources) self.assertEqual(failing_resources, failed_check_resources)