diff --git a/pkg/cli/run_test.go b/pkg/cli/run_test.go index 9599c031b..86f532463 100644 --- a/pkg/cli/run_test.go +++ b/pkg/cli/run_test.go @@ -62,12 +62,12 @@ func TestRun(t *testing.T) { log.SetOutput(ioutil.Discard) } - // kustomizeTestDirPath := filepath.Join(runTestDir, "kustomize-test") + kustomizeTestDirPath := filepath.Join(runTestDir, "kustomize-test") testTerraformFilePath := filepath.Join(runTestDir, "config-only.tf") - // testRemoteModuleFilePath := filepath.Join(runTestDir, "remote-modules.tf") - // testTFJSONFilePath := filepath.Join(runTestDir, "tf-plan.json") + testRemoteModuleFilePath := filepath.Join(runTestDir, "remote-modules.tf") + testTFJSONFilePath := filepath.Join(runTestDir, "tf-plan.json") - // ruleSlice := []string{"AWS.ECR.DataSecurity.High.0579", "AWS.SecurityGroup.NetworkPortsSecurity.Low.0561"} + ruleSlice := []string{"AWS.ECR.DataSecurity.High.0579", "AWS.SecurityGroup.NetworkPortsSecurity.Low.0561"} table := []struct { name string @@ -77,178 +77,178 @@ func TestRun(t *testing.T) { want string wantErr bool }{ - // { - // name: "normal terraform run", - // scanOptions: &ScanOptions{ - // // policy type terraform is not supported, error expected - // policyType: []string{"terraform"}, - // iacDirPath: runTestDir, - // }, - // wantErr: true, - // }, - // { - // name: "normal terraform run with successful output", - // scanOptions: &ScanOptions{ - // policyType: []string{"all"}, - // iacDirPath: runTestDir, - // outputType: "json", - // }, - // }, - // { - // name: "terraform run with --non-recursive flag", - // scanOptions: &ScanOptions{ - // iacType: "terraform", - // policyType: []string{"all"}, - // iacDirPath: testDataDir, - // outputType: "json", - // nonRecursive: true, - // }, - // wantErr: true, - // }, - // { - // name: "normal k8s run", - // scanOptions: &ScanOptions{ - // policyType: []string{"k8s"}, - // // kustomization.y(a)ml file not present under the dir path, error expected - // iacDirPath: runTestDir, - // }, - // wantErr: true, - // }, - // { - // name: "normal k8s run with successful output", - // scanOptions: &ScanOptions{ - // policyType: []string{"k8s"}, - // iacDirPath: kustomizeTestDirPath, - // outputType: "human", - // }, - // }, - // { - // name: "normal k8s run with successful output for junit-xml with passed tests", - // scanOptions: &ScanOptions{ - // policyType: []string{"k8s"}, - // iacDirPath: kustomizeTestDirPath, - // outputType: "junit-xml", - // showPassedRules: true, - // }, - // }, - // { - // name: "config-only flag terraform", - // scanOptions: &ScanOptions{ - // policyType: []string{"all"}, - // iacFilePath: testTerraformFilePath, - // configOnly: true, - // outputType: "yaml", - // }, - // }, - // { - // // test for https://github.com/accurics/terrascan/issues/718 - // // a valid tfplan file is supplied, error is not expected - // name: "iac type is tfplan and -f option used to specify the tfplan.json", - // scanOptions: &ScanOptions{ - // policyType: []string{"all"}, - // iacType: "tfplan", - // iacFilePath: testTFJSONFilePath, - // outputType: "yaml", - // }, - // wantErr: false, - // }, - // { - // name: "config-only flag k8s", - // scanOptions: &ScanOptions{ - // policyType: []string{"k8s"}, - // iacDirPath: kustomizeTestDirPath, - // configOnly: true, - // outputType: "json", - // }, - // }, - // { - // // xml doesn't support config-only, error expected - // // modify the test results when xml supports config-only - // name: "config-only flag true with xml output format", - // scanOptions: &ScanOptions{ - // policyType: []string{"all"}, - // iacFilePath: testTerraformFilePath, - // configOnly: true, - // outputType: "xml", - // }, - // wantErr: true, - // }, - // { - // name: "fail to download remote repository", - // scanOptions: &ScanOptions{ - // policyType: []string{"all"}, - // iacFilePath: testTerraformFilePath, - // remoteURL: "test", - // remoteType: "test", - // }, - // wantErr: true, - // }, - // { - // name: "incorrect config file", - // scanOptions: &ScanOptions{ - // policyType: []string{"all"}, - // iacDirPath: testTerraformFilePath, - // outputType: "json", - // configFile: "invalidFile", - // }, - // wantErr: true, - // }, - // { - // name: "run with skip rules", - // scanOptions: &ScanOptions{ - // policyType: []string{"all"}, - // iacDirPath: runTestDir, - // outputType: "json", - // skipRules: ruleSlice, - // }, - // }, - // { - // name: "run with scan rules", - // scanOptions: &ScanOptions{ - // policyType: []string{"all"}, - // iacDirPath: runTestDir, - // outputType: "yaml", - // scanRules: ruleSlice, - // }, - // }, - // { - // name: "config file with rules", - // scanOptions: &ScanOptions{ - // policyType: []string{"all"}, - // iacDirPath: runTestDir, - // outputType: "yaml", - // configFile: filepath.Join(testDataDir, "configFile.toml"), - // }, - // }, - // { - // name: "scan file with remote module", - // scanOptions: &ScanOptions{ - // policyType: []string{"all"}, - // iacFilePath: testRemoteModuleFilePath, - // outputType: "human", - // configFile: filepath.Join(testDataDir, "configFile.toml"), - // }, - // }, - // { - // name: "invalid remote type", - // scanOptions: &ScanOptions{ - // policyType: []string{"all"}, - // remoteType: "test", - // remoteURL: "test", - // outputType: "human", - // }, - // wantErr: true, - // }, - // { - // name: "valid remote type with invalid remote url", - // scanOptions: &ScanOptions{ - // policyType: []string{"all"}, - // remoteType: "terraform-registry", - // remoteURL: "terraform-aws-modules/eks", - // outputType: "human", - // }, - // wantErr: true, - // }, + { + name: "normal terraform run", + scanOptions: &ScanOptions{ + // policy type terraform is not supported, error expected + policyType: []string{"terraform"}, + iacDirPath: runTestDir, + }, + wantErr: true, + }, + { + name: "normal terraform run with successful output", + scanOptions: &ScanOptions{ + policyType: []string{"all"}, + iacDirPath: runTestDir, + outputType: "json", + }, + }, + { + name: "terraform run with --non-recursive flag", + scanOptions: &ScanOptions{ + iacType: "terraform", + policyType: []string{"all"}, + iacDirPath: testDataDir, + outputType: "json", + nonRecursive: true, + }, + wantErr: true, + }, + { + name: "normal k8s run", + scanOptions: &ScanOptions{ + policyType: []string{"k8s"}, + // kustomization.y(a)ml file not present under the dir path, error expected + iacDirPath: runTestDir, + }, + wantErr: true, + }, + { + name: "normal k8s run with successful output", + scanOptions: &ScanOptions{ + policyType: []string{"k8s"}, + iacDirPath: kustomizeTestDirPath, + outputType: "human", + }, + }, + { + name: "normal k8s run with successful output for junit-xml with passed tests", + scanOptions: &ScanOptions{ + policyType: []string{"k8s"}, + iacDirPath: kustomizeTestDirPath, + outputType: "junit-xml", + showPassedRules: true, + }, + }, + { + name: "config-only flag terraform", + scanOptions: &ScanOptions{ + policyType: []string{"all"}, + iacFilePath: testTerraformFilePath, + configOnly: true, + outputType: "yaml", + }, + }, + { + // test for https://github.com/accurics/terrascan/issues/718 + // a valid tfplan file is supplied, error is not expected + name: "iac type is tfplan and -f option used to specify the tfplan.json", + scanOptions: &ScanOptions{ + policyType: []string{"all"}, + iacType: "tfplan", + iacFilePath: testTFJSONFilePath, + outputType: "yaml", + }, + wantErr: false, + }, + { + name: "config-only flag k8s", + scanOptions: &ScanOptions{ + policyType: []string{"k8s"}, + iacDirPath: kustomizeTestDirPath, + configOnly: true, + outputType: "json", + }, + }, + { + // xml doesn't support config-only, error expected + // modify the test results when xml supports config-only + name: "config-only flag true with xml output format", + scanOptions: &ScanOptions{ + policyType: []string{"all"}, + iacFilePath: testTerraformFilePath, + configOnly: true, + outputType: "xml", + }, + wantErr: true, + }, + { + name: "fail to download remote repository", + scanOptions: &ScanOptions{ + policyType: []string{"all"}, + iacFilePath: testTerraformFilePath, + remoteURL: "test", + remoteType: "test", + }, + wantErr: true, + }, + { + name: "incorrect config file", + scanOptions: &ScanOptions{ + policyType: []string{"all"}, + iacDirPath: testTerraformFilePath, + outputType: "json", + configFile: "invalidFile", + }, + wantErr: true, + }, + { + name: "run with skip rules", + scanOptions: &ScanOptions{ + policyType: []string{"all"}, + iacDirPath: runTestDir, + outputType: "json", + skipRules: ruleSlice, + }, + }, + { + name: "run with scan rules", + scanOptions: &ScanOptions{ + policyType: []string{"all"}, + iacDirPath: runTestDir, + outputType: "yaml", + scanRules: ruleSlice, + }, + }, + { + name: "config file with rules", + scanOptions: &ScanOptions{ + policyType: []string{"all"}, + iacDirPath: runTestDir, + outputType: "yaml", + configFile: filepath.Join(testDataDir, "configFile.toml"), + }, + }, + { + name: "scan file with remote module", + scanOptions: &ScanOptions{ + policyType: []string{"all"}, + iacFilePath: testRemoteModuleFilePath, + outputType: "human", + configFile: filepath.Join(testDataDir, "configFile.toml"), + }, + }, + { + name: "invalid remote type", + scanOptions: &ScanOptions{ + policyType: []string{"all"}, + remoteType: "test", + remoteURL: "test", + outputType: "human", + }, + wantErr: true, + }, + { + name: "valid remote type with invalid remote url", + scanOptions: &ScanOptions{ + policyType: []string{"all"}, + remoteType: "terraform-registry", + remoteURL: "terraform-aws-modules/eks", + outputType: "human", + }, + wantErr: true, + }, { name: "config-with-error flag terraform", scanOptions: &ScanOptions{ diff --git a/pkg/http-server/file-scan.go b/pkg/http-server/file-scan.go index 78757f121..81e1dea9c 100644 --- a/pkg/http-server/file-scan.go +++ b/pkg/http-server/file-scan.go @@ -139,7 +139,7 @@ func (g *APIHandler) scanFile(w http.ResponseWriter, r *http.Request) { if configWithErrorValue != "" { configWithError, err = strconv.ParseBool(configWithErrorValue) if err != nil { - errMsg := fmt.Sprintf("error while reading 'config_only' value. error: '%v'", err) + errMsg := fmt.Sprintf("error while reading 'config_with_error' value. error: '%v'", err) zap.S().Error(errMsg) apiErrorResponse(w, errMsg, http.StatusBadRequest) return diff --git a/pkg/http-server/file-scan_test.go b/pkg/http-server/file-scan_test.go index 81af1f44d..789f55f9b 100644 --- a/pkg/http-server/file-scan_test.go +++ b/pkg/http-server/file-scan_test.go @@ -44,6 +44,8 @@ func TestUpload(t *testing.T) { findVulnerabilities bool notificationWebhookURL string notificationWebhookToken string + configWithError bool + invalidConfigWithError bool }{ { name: "valid file scan", @@ -273,6 +275,25 @@ func TestUpload(t *testing.T) { notificationWebhookURL: "https://httpbin.org/post", notificationWebhookToken: "token", }, + { + name: "test for config with erorr invalid", + path: testFilePath, + param: testParamName, + iacType: testIacType, + cloudType: testCloudType, + wantStatus: http.StatusBadRequest, + invalidConfigWithError: true, + }, + { + name: "test for config with eror", + path: testFilePath, + param: testParamName, + iacType: testIacType, + cloudType: testCloudType, + wantStatus: http.StatusOK, + invalidConfigWithError: false, + configWithError: true, + }, } for _, tt := range table { @@ -378,6 +399,18 @@ func TestUpload(t *testing.T) { } } + if !tt.invalidConfigWithError { + if err = writer.WriteField("config_with_error", strconv.FormatBool(tt.configWithError)); err != nil { + writer.Close() + t.Error(err) + } + } else { + if err = writer.WriteField("config_with_error", "invalid"); err != nil { + writer.Close() + t.Error(err) + } + } + writer.Close() // http request of the type "/v1/{iacType}/{iacVersion}/{cloudType}/file/scan" diff --git a/pkg/http-server/remote-repo_test.go b/pkg/http-server/remote-repo_test.go index 429d18acf..37f4aa4c8 100644 --- a/pkg/http-server/remote-repo_test.go +++ b/pkg/http-server/remote-repo_test.go @@ -92,18 +92,19 @@ func TestScanRemoteRepoHandler(t *testing.T) { testCloudType := "aws" table := []struct { - name string - iacType string - iacVersion string - cloudType string - remoteURL string - remoteType string - scanRules []string - skipRules []string - showPassed bool - configOnly bool - nonRecursive bool - wantStatus int + name string + iacType string + iacVersion string + cloudType string + remoteURL string + remoteType string + scanRules []string + skipRules []string + showPassed bool + configOnly bool + configWithError bool + nonRecursive bool + wantStatus int }{ { name: "empty url and type", @@ -174,6 +175,17 @@ func TestScanRemoteRepoHandler(t *testing.T) { configOnly: true, wantStatus: http.StatusOK, }, + { + name: "test show config with error", + iacType: testIacType, + iacVersion: testIacVersion, + cloudType: testCloudType, + remoteURL: validRepo, + remoteType: "git", + showPassed: false, + configWithError: true, + wantStatus: http.StatusOK, + }, } for _, tt := range table { @@ -186,13 +198,14 @@ func TestScanRemoteRepoHandler(t *testing.T) { // request body s := scanRemoteRepoReq{ - RemoteURL: tt.remoteURL, - RemoteType: tt.remoteType, - ScanRules: tt.scanRules, - SkipRules: tt.skipRules, - ShowPassed: tt.showPassed, - ConfigOnly: tt.configOnly, - NonRecursive: tt.nonRecursive, + RemoteURL: tt.remoteURL, + RemoteType: tt.remoteType, + ScanRules: tt.scanRules, + SkipRules: tt.skipRules, + ShowPassed: tt.showPassed, + ConfigOnly: tt.configOnly, + ConfigWithError: tt.configWithError, + NonRecursive: tt.nonRecursive, } reqBody, _ := json.Marshal(s)