From 78a74efd053ed3c8da9ad4573ad77966d9f279b7 Mon Sep 17 00:00:00 2001 From: Nikita Pivkin Date: Thu, 22 Aug 2024 16:33:40 +0600 Subject: [PATCH] test: initialise tests in each test file Signed-off-by: Nikita Pivkin --- test/rego/aws_access_analyzer_test.go | 4 ++ test/rego/aws_athena_test.go | 4 ++ test/rego/aws_cloudtrail_test.go | 4 ++ test/rego/aws_codebuild_test.go | 4 ++ test/rego/aws_config_test.go | 4 ++ test/rego/aws_document_db_test.go | 4 ++ test/rego/aws_dynamodb_test.go | 4 ++ test/rego/aws_s3_test.go | 4 ++ test/rego/azure_appservice_test.go | 4 ++ test/rego/azure_authorization_test.go | 4 ++ test/rego/azure_compute_test.go | 4 ++ test/rego/azure_container_test.go | 4 ++ test/rego/azure_database_test.go | 4 ++ test/rego/azure_datafactory_test.go | 4 ++ test/rego/azure_datalake_test.go | 4 ++ test/rego/azure_keyvault_test.go | 4 ++ test/rego/azure_monitor_test.go | 4 ++ test/rego/azure_network_test.go | 4 ++ test/rego/azure_securitycenter_test.go | 4 ++ test/rego/azure_synapse_test.go | 4 ++ test/rego/digitalocean_spaces_test.go | 4 ++ test/rego/github_test.go | 4 ++ test/rego/google_bigquery_test.go | 4 ++ test/rego/google_dns_test.go | 4 ++ test/rego/google_kms_test.go | 4 ++ test/rego/nifcloud_dns_test.go | 4 ++ test/rego/nifcloud_network_test.go | 4 ++ test/rego/nifcloud_sslcertificate_test.go | 4 ++ test/rego/oracle_test.go | 4 ++ test/rego/rego_checks_test.go | 83 +++++++---------------- 30 files changed, 142 insertions(+), 57 deletions(-) diff --git a/test/rego/aws_access_analyzer_test.go b/test/rego/aws_access_analyzer_test.go index 3b73af68..ac51db58 100644 --- a/test/rego/aws_access_analyzer_test.go +++ b/test/rego/aws_access_analyzer_test.go @@ -7,6 +7,10 @@ import ( trivyTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) +func init() { + addTests(awsAccessAnalyzerTestCases) +} + var awsAccessAnalyzerTestCases = testCases{ "AVD-AWS-0175": { // TODO: Trivy does not export empty structures into Rego diff --git a/test/rego/aws_athena_test.go b/test/rego/aws_athena_test.go index 82bf1a5e..aa52037c 100644 --- a/test/rego/aws_athena_test.go +++ b/test/rego/aws_athena_test.go @@ -7,6 +7,10 @@ import ( trivyTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) +func init() { + addTests(awsAthenaTestCases) +} + var awsAthenaTestCases = testCases{ "AVD-AWS-0006": { { diff --git a/test/rego/aws_cloudtrail_test.go b/test/rego/aws_cloudtrail_test.go index 0b5ac9f8..325fda1a 100644 --- a/test/rego/aws_cloudtrail_test.go +++ b/test/rego/aws_cloudtrail_test.go @@ -8,6 +8,10 @@ import ( trivyTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) +func init() { + addTests(awsCloudTrailTestCases) +} + var awsCloudTrailTestCases = testCases{ "AVD-AWS-0014": { { diff --git a/test/rego/aws_codebuild_test.go b/test/rego/aws_codebuild_test.go index 991e0dc1..1b157bf4 100644 --- a/test/rego/aws_codebuild_test.go +++ b/test/rego/aws_codebuild_test.go @@ -7,6 +7,10 @@ import ( trivyTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) +func init() { + addTests(awsCodeBuildTestCases) +} + var awsCodeBuildTestCases = testCases{ "AVD-AWS-0018": { { diff --git a/test/rego/aws_config_test.go b/test/rego/aws_config_test.go index 48939c4f..2ba2945a 100644 --- a/test/rego/aws_config_test.go +++ b/test/rego/aws_config_test.go @@ -7,6 +7,10 @@ import ( trivyTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) +func init() { + addTests(awsConfigTestCases) +} + var awsConfigTestCases = testCases{ "AVD-AWS-0019": { { diff --git a/test/rego/aws_document_db_test.go b/test/rego/aws_document_db_test.go index b5a24cc9..a8ae49eb 100644 --- a/test/rego/aws_document_db_test.go +++ b/test/rego/aws_document_db_test.go @@ -7,6 +7,10 @@ import ( trivyTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) +func init() { + addTests(awsDocumentDBTestCases) +} + var awsDocumentDBTestCases = testCases{ "AVD-AWS-0020": { { diff --git a/test/rego/aws_dynamodb_test.go b/test/rego/aws_dynamodb_test.go index 5400c1c2..7e630709 100644 --- a/test/rego/aws_dynamodb_test.go +++ b/test/rego/aws_dynamodb_test.go @@ -7,6 +7,10 @@ import ( trivyTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) +func init() { + addTests(awsDynamodbTestCases) +} + var awsDynamodbTestCases = testCases{ "AVD-AWS-0023": { { diff --git a/test/rego/aws_s3_test.go b/test/rego/aws_s3_test.go index f7fae0b7..8045a09a 100644 --- a/test/rego/aws_s3_test.go +++ b/test/rego/aws_s3_test.go @@ -8,6 +8,10 @@ import ( trivyTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) +func init() { + addTests(awsS3TestCases) +} + var awsS3TestCases = testCases{ "AVD-AWS-0086": { { diff --git a/test/rego/azure_appservice_test.go b/test/rego/azure_appservice_test.go index f423b0f3..a0d6a250 100644 --- a/test/rego/azure_appservice_test.go +++ b/test/rego/azure_appservice_test.go @@ -7,6 +7,10 @@ import ( trivyTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) +func init() { + addTests(azureAppServiceTestCases) +} + var azureAppServiceTestCases = testCases{ "AVD-AZU-0002": { { diff --git a/test/rego/azure_authorization_test.go b/test/rego/azure_authorization_test.go index ba0a3cda..833fc7df 100644 --- a/test/rego/azure_authorization_test.go +++ b/test/rego/azure_authorization_test.go @@ -7,6 +7,10 @@ import ( trivyTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) +func init() { + addTests(azureAuthorizationTestCases) +} + var azureAuthorizationTestCases = testCases{ "AVD-AZU-0030": { { diff --git a/test/rego/azure_compute_test.go b/test/rego/azure_compute_test.go index 2d71e68d..5cb3ef48 100644 --- a/test/rego/azure_compute_test.go +++ b/test/rego/azure_compute_test.go @@ -7,6 +7,10 @@ import ( trivyTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) +func init() { + addTests(azureComputeTestCases) +} + var azureComputeTestCases = testCases{ "AVD-AZU-0039": { { diff --git a/test/rego/azure_container_test.go b/test/rego/azure_container_test.go index 8714be20..3f6e181c 100644 --- a/test/rego/azure_container_test.go +++ b/test/rego/azure_container_test.go @@ -7,6 +7,10 @@ import ( trivyTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) +func init() { + addTests(azureContainerTestCases) +} + var azureContainerTestCases = testCases{ "AVD-AZU-0043": { { diff --git a/test/rego/azure_database_test.go b/test/rego/azure_database_test.go index 743c50a8..5ef6dd41 100644 --- a/test/rego/azure_database_test.go +++ b/test/rego/azure_database_test.go @@ -7,6 +7,10 @@ import ( trivyTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) +func init() { + addTests(azureDatabaseTestCases) +} + var azureDatabaseTestCases = testCases{ "AVD-AZU-0028": { { diff --git a/test/rego/azure_datafactory_test.go b/test/rego/azure_datafactory_test.go index 7d6108eb..41d1c027 100644 --- a/test/rego/azure_datafactory_test.go +++ b/test/rego/azure_datafactory_test.go @@ -7,6 +7,10 @@ import ( trivyTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) +func init() { + addTests(azureDataFactoryTestCases) +} + var azureDataFactoryTestCases = testCases{ "AVD-AZU-0035": { { diff --git a/test/rego/azure_datalake_test.go b/test/rego/azure_datalake_test.go index 3dedf9f1..967598a5 100644 --- a/test/rego/azure_datalake_test.go +++ b/test/rego/azure_datalake_test.go @@ -7,6 +7,10 @@ import ( trivyTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) +func init() { + addTests(azureDataLakeTestCases) +} + var azureDataLakeTestCases = testCases{ "AVD-AZU-0036": { { diff --git a/test/rego/azure_keyvault_test.go b/test/rego/azure_keyvault_test.go index 7717815b..4010fb08 100644 --- a/test/rego/azure_keyvault_test.go +++ b/test/rego/azure_keyvault_test.go @@ -9,6 +9,10 @@ import ( trivyTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) +func init() { + addTests(azureKeyVaultTestCases) +} + var azureKeyVaultTestCases = testCases{ "AVD-AZU-0015": { { diff --git a/test/rego/azure_monitor_test.go b/test/rego/azure_monitor_test.go index f650a49b..9c0cb73d 100644 --- a/test/rego/azure_monitor_test.go +++ b/test/rego/azure_monitor_test.go @@ -7,6 +7,10 @@ import ( trivyTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) +func init() { + addTests(azureMonitorTestCases) +} + var azureMonitorTestCases = testCases{ "AVD-AZU-0031": { { diff --git a/test/rego/azure_network_test.go b/test/rego/azure_network_test.go index 3318f9f8..a1c5a818 100644 --- a/test/rego/azure_network_test.go +++ b/test/rego/azure_network_test.go @@ -7,6 +7,10 @@ import ( trivyTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) +func init() { + addTests(azureNetworkTestCases) +} + var azureNetworkTestCases = testCases{ "AVD-AZU-0048": { { diff --git a/test/rego/azure_securitycenter_test.go b/test/rego/azure_securitycenter_test.go index 277fb22a..19b84ff1 100644 --- a/test/rego/azure_securitycenter_test.go +++ b/test/rego/azure_securitycenter_test.go @@ -7,6 +7,10 @@ import ( trivyTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) +func init() { + addTests(azureSecurityCenterTestCases) +} + var azureSecurityCenterTestCases = testCases{ "AVD-AZU-0044": { { diff --git a/test/rego/azure_synapse_test.go b/test/rego/azure_synapse_test.go index 9e50650b..ad7074cc 100644 --- a/test/rego/azure_synapse_test.go +++ b/test/rego/azure_synapse_test.go @@ -7,6 +7,10 @@ import ( trivyTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) +func init() { + addTests(azureSynapseTestCases) +} + var azureSynapseTestCases = testCases{ "AVD-AZU-0034": { { diff --git a/test/rego/digitalocean_spaces_test.go b/test/rego/digitalocean_spaces_test.go index ed03b7f3..c7298629 100644 --- a/test/rego/digitalocean_spaces_test.go +++ b/test/rego/digitalocean_spaces_test.go @@ -7,6 +7,10 @@ import ( trivyTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) +func init() { + addTests(digitalOceanSpacesTestCases) +} + var digitalOceanSpacesTestCases = testCases{ "AVD-DIG-0006": { { diff --git a/test/rego/github_test.go b/test/rego/github_test.go index 907e9f2e..23b07b62 100644 --- a/test/rego/github_test.go +++ b/test/rego/github_test.go @@ -6,6 +6,10 @@ import ( trivyTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) +func init() { + addTests(githubTestCases) +} + var githubTestCases = testCases{ "AVD-GIT-0004": { { diff --git a/test/rego/google_bigquery_test.go b/test/rego/google_bigquery_test.go index 6e33b3cc..6dc1b3e9 100644 --- a/test/rego/google_bigquery_test.go +++ b/test/rego/google_bigquery_test.go @@ -7,6 +7,10 @@ import ( trivyTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) +func init() { + addTests(googleBigQueryTestCases) +} + var googleBigQueryTestCases = testCases{ "AVD-GCP-0046": { { diff --git a/test/rego/google_dns_test.go b/test/rego/google_dns_test.go index f598cbc1..e8680a9e 100644 --- a/test/rego/google_dns_test.go +++ b/test/rego/google_dns_test.go @@ -7,6 +7,10 @@ import ( trivyTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) +func init() { + addTests(googleDnsTestCases) +} + var googleDnsTestCases = testCases{ "AVD-GCP-0013": { { diff --git a/test/rego/google_kms_test.go b/test/rego/google_kms_test.go index 6c0165d5..d91b0d6e 100644 --- a/test/rego/google_kms_test.go +++ b/test/rego/google_kms_test.go @@ -7,6 +7,10 @@ import ( trivyTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) +func init() { + addTests(googleKmsTestCases) +} + var googleKmsTestCases = testCases{ "AVD-GCP-0065": { { diff --git a/test/rego/nifcloud_dns_test.go b/test/rego/nifcloud_dns_test.go index d7b8c30d..82e9115c 100644 --- a/test/rego/nifcloud_dns_test.go +++ b/test/rego/nifcloud_dns_test.go @@ -7,6 +7,10 @@ import ( trivyTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) +func init() { + addTests(nifcloudDnsTestCases) +} + var nifcloudDnsTestCases = testCases{ "AVD-NIF-0007": { { diff --git a/test/rego/nifcloud_network_test.go b/test/rego/nifcloud_network_test.go index fd6897e5..19cb1005 100644 --- a/test/rego/nifcloud_network_test.go +++ b/test/rego/nifcloud_network_test.go @@ -7,6 +7,10 @@ import ( trivyTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) +func init() { + addTests(nifcloudNetworkTestCases) +} + var nifcloudNetworkTestCases = testCases{ "AVD-NIF-0016": { { diff --git a/test/rego/nifcloud_sslcertificate_test.go b/test/rego/nifcloud_sslcertificate_test.go index e57784dd..3e2f740a 100644 --- a/test/rego/nifcloud_sslcertificate_test.go +++ b/test/rego/nifcloud_sslcertificate_test.go @@ -9,6 +9,10 @@ import ( trivyTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) +func init() { + addTests(nifcloudSslCertificateTestCases) +} + var nifcloudSslCertificateTestCases = testCases{ "AVD-NIF-0006": { { diff --git a/test/rego/oracle_test.go b/test/rego/oracle_test.go index 17dfcee5..7f237498 100644 --- a/test/rego/oracle_test.go +++ b/test/rego/oracle_test.go @@ -6,6 +6,10 @@ import ( trivyTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) +func init() { + addTests(oracleTestCases) +} + var oracleTestCases = testCases{ "AVD-OCI-0001": { { diff --git a/test/rego/rego_checks_test.go b/test/rego/rego_checks_test.go index 16538613..0b23a313 100644 --- a/test/rego/rego_checks_test.go +++ b/test/rego/rego_checks_test.go @@ -16,26 +16,6 @@ import ( "github.com/stretchr/testify/require" ) -func scanState(t *testing.T, regoScanner *rego.Scanner, s state.State, checkID string, expected bool) { - results, err := regoScanner.ScanInput(context.TODO(), rego.Input{ - Contents: s.ToRego(), - }) - require.NoError(t, err) - - var found bool - for _, result := range results { - if result.Status() == scan.StatusFailed && result.Rule().AVDID == checkID { - found = true - } - } - - if expected { - assert.True(t, found, "Rule should have been found") - } else { - assert.False(t, found, "Rule should not have been found") - } -} - type testCase struct { name string input state.State @@ -44,44 +24,13 @@ type testCase struct { type testCases map[string][]testCase -func TestRegoChecks(t *testing.T) { - tests := lo.Assign( - awsAccessAnalyzerTestCases, - awsAthenaTestCases, - awsCloudTrailTestCases, - awsCodeBuildTestCases, - awsConfigTestCases, - awsDocumentDBTestCases, - awsDynamodbTestCases, - awsS3TestCases, - - azureMonitorTestCases, - azureNetworkTestCases, - azureSynapseTestCases, - azureSecurityCenterTestCases, - azureDataFactoryTestCases, - azureDataLakeTestCases, - azureKeyVaultTestCases, - azureAppServiceTestCases, - azureAuthorizationTestCases, - azureContainerTestCases, - azureDatabaseTestCases, - azureComputeTestCases, - - googleDnsTestCases, - googleKmsTestCases, - googleBigQueryTestCases, - - githubTestCases, - - nifcloudDnsTestCases, - nifcloudNetworkTestCases, - nifcloudSslCertificateTestCases, - - digitalOceanSpacesTestCases, - oracleTestCases, - ) +var tests = make(testCases) + +func addTests(tc testCases) { + tests = lo.Assign(tests, tc) +} +func TestRegoChecks(t *testing.T) { regoScanner := rego.NewScanner(trivyTypes.SourceCloud) err := regoScanner.LoadPolicies(true, false, checks.EmbeddedPolicyFileSystem, []string{"."}, nil) require.NoError(t, err) @@ -100,6 +49,26 @@ func TestRegoChecks(t *testing.T) { } } +func scanState(t *testing.T, regoScanner *rego.Scanner, s state.State, checkID string, expected bool) { + results, err := regoScanner.ScanInput(context.TODO(), rego.Input{ + Contents: s.ToRego(), + }) + require.NoError(t, err) + + var found bool + for _, result := range results { + if result.Status() == scan.StatusFailed && result.Rule().AVDID == checkID { + found = true + } + } + + if expected { + assert.True(t, found, "Rule should have been found") + } else { + assert.False(t, found, "Rule should not have been found") + } +} + func getMigratedChecksIDs() []string { allChecks := rules.GetRegistered()