Skip to content

Commit

Permalink
fix tests
Browse files Browse the repository at this point in the history
  • Loading branch information
simar7 committed Mar 16, 2023
1 parent 735f549 commit b313458
Show file tree
Hide file tree
Showing 5 changed files with 45 additions and 36 deletions.
8 changes: 5 additions & 3 deletions pkg/cloud/aws/commands/run_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,8 @@ import (
"testing"
"time"

defsecTypes "github.com/aquasecurity/defsec/pkg/types"

dbTypes "github.com/aquasecurity/trivy-db/pkg/types"
"github.com/aquasecurity/trivy/pkg/compliance/spec"
"github.com/aquasecurity/trivy/pkg/flag"
Expand Down Expand Up @@ -649,18 +651,18 @@ deny[res] {
},
ReportOptions: flag.ReportOptions{
Compliance: spec.ComplianceSpec{
Spec: spec.Spec{
Spec: defsecTypes.Spec{
// TODO: refactor defsec so that the parsed spec can be passed
ID: "@testdata/example-spec.yaml",
Title: "my-custom-spec",
Description: "My fancy spec",
Version: "1.2",
Controls: []spec.Control{
Controls: []defsecTypes.Control{
{
ID: "1.1",
Name: "Unencrypted S3 bucket",
Description: "S3 Buckets should be encrypted to protect the data that is stored within them if access is compromised.",
Checks: []spec.SpecCheck{
Checks: []defsecTypes.SpecCheck{
{ID: "AVD-AWS-0088"},
},
Severity: "HIGH",
Expand Down
12 changes: 7 additions & 5 deletions pkg/compliance/report/report_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,8 @@ import (
"fmt"
"testing"

defsecTypes "github.com/aquasecurity/defsec/pkg/types"

"github.com/stretchr/testify/assert"

dbTypes "github.com/aquasecurity/trivy-db/pkg/types"
Expand Down Expand Up @@ -97,21 +99,21 @@ func TestBuildComplianceReport(t *testing.T) {
},
},
cs: spec.ComplianceSpec{
Spec: spec.Spec{
Spec: defsecTypes.Spec{
ID: "1234",
Title: "NSA",
Description: "National Security Agency - Kubernetes Hardening Guidance",
Version: "1.0",
RelatedResources: []string{
"https://example.com",
},
Controls: []spec.Control{
Controls: []defsecTypes.Control{
{
ID: "1.0",
Name: "Non-root containers",
Description: "Check that container is not running as root",
Severity: "MEDIUM",
Checks: []spec.SpecCheck{
Checks: []defsecTypes.SpecCheck{
{ID: "AVD-KSV-0001"},
},
},
Expand All @@ -120,7 +122,7 @@ func TestBuildComplianceReport(t *testing.T) {
Name: "Immutable container file systems",
Description: "Check that container root file system is immutable",
Severity: "LOW",
Checks: []spec.SpecCheck{
Checks: []defsecTypes.SpecCheck{
{ID: "AVD-KSV-0002"},
},
},
Expand All @@ -129,7 +131,7 @@ func TestBuildComplianceReport(t *testing.T) {
Name: "tzdata - new upstream version",
Description: "Bad tzdata package",
Severity: "CRITICAL",
Checks: []spec.SpecCheck{
Checks: []defsecTypes.SpecCheck{
{ID: "DLA-2424-1"},
},
},
Expand Down
48 changes: 25 additions & 23 deletions pkg/compliance/spec/compliance_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,8 @@ import (
"sort"
"testing"

defsecTypes "github.com/aquasecurity/defsec/pkg/types"

"github.com/stretchr/testify/assert"

"github.com/aquasecurity/trivy/pkg/compliance/spec"
Expand All @@ -14,34 +16,34 @@ import (
func TestComplianceSpec_Scanners(t *testing.T) {
tests := []struct {
name string
spec spec.Spec
spec defsecTypes.Spec
want types.Scanners
wantErr assert.ErrorAssertionFunc
}{
{
name: "get config scanner type by check id prefix",
spec: spec.Spec{
spec: defsecTypes.Spec{
ID: "1234",
Title: "NSA",
Description: "National Security Agency - Kubernetes Hardening Guidance",
RelatedResources: []string{
"https://example.com",
},
Version: "1.0",
Controls: []spec.Control{
Controls: []defsecTypes.Control{
{
Name: "Non-root containers",
Description: "Check that container is not running as root",
ID: "1.0",
Checks: []spec.SpecCheck{
Checks: []defsecTypes.SpecCheck{
{ID: "AVD-KSV012"},
},
},
{
Name: "Check that encryption resource has been set",
Description: "Control checks whether encryption resource has been set",
ID: "1.1",
Checks: []spec.SpecCheck{
Checks: []defsecTypes.SpecCheck{
{ID: "AVD-1.2.31"},
{ID: "AVD-1.2.32"},
},
Expand All @@ -53,28 +55,28 @@ func TestComplianceSpec_Scanners(t *testing.T) {
},
{
name: "get config and vuln scanners types by check id prefix",
spec: spec.Spec{
spec: defsecTypes.Spec{
ID: "1234",
Title: "NSA",
Description: "National Security Agency - Kubernetes Hardening Guidance",
RelatedResources: []string{
"https://example.com",
},
Version: "1.0",
Controls: []spec.Control{
Controls: []defsecTypes.Control{
{
Name: "Non-root containers",
Description: "Check that container is not running as root",
ID: "1.0",
Checks: []spec.SpecCheck{
Checks: []defsecTypes.SpecCheck{
{ID: "AVD-KSV012"},
},
},
{
Name: "Check that encryption resource has been set",
Description: "Control checks whether encryption resource has been set",
ID: "1.1",
Checks: []spec.SpecCheck{
Checks: []defsecTypes.SpecCheck{
{ID: "AVD-1.2.31"},
{ID: "AVD-1.2.32"},
},
Expand All @@ -83,7 +85,7 @@ func TestComplianceSpec_Scanners(t *testing.T) {
Name: "Ensure no critical vulnerabilities",
Description: "Control checks whether critical vulnerabilities are not found",
ID: "7.0",
Checks: []spec.SpecCheck{
Checks: []defsecTypes.SpecCheck{
{ID: "CVE-9999-9999"},
},
},
Expand All @@ -97,19 +99,19 @@ func TestComplianceSpec_Scanners(t *testing.T) {
},
{
name: "unknown prefix",
spec: spec.Spec{
spec: defsecTypes.Spec{
ID: "1234",
Title: "NSA",
Description: "National Security Agency - Kubernetes Hardening Guidance",
RelatedResources: []string{
"https://example.com",
},
Version: "1.0",
Controls: []spec.Control{
Controls: []defsecTypes.Control{
{
Name: "Unknown",
ID: "1.0",
Checks: []spec.SpecCheck{
Checks: []defsecTypes.SpecCheck{
{ID: "UNKNOWN-001"},
},
},
Expand Down Expand Up @@ -138,33 +140,33 @@ func TestComplianceSpec_Scanners(t *testing.T) {
func TestComplianceSpec_CheckIDs(t *testing.T) {
tests := []struct {
name string
spec spec.Spec
spec defsecTypes.Spec
want map[types.Scanner][]string
}{
{
name: "get config scanner type by check id prefix",
spec: spec.Spec{
spec: defsecTypes.Spec{
ID: "1234",
Title: "NSA",
Description: "National Security Agency - Kubernetes Hardening Guidance",
RelatedResources: []string{
"https://example.com",
},
Version: "1.0",
Controls: []spec.Control{
Controls: []defsecTypes.Control{
{
Name: "Non-root containers",
Description: "Check that container is not running as root",
ID: "1.0",
Checks: []spec.SpecCheck{
Checks: []defsecTypes.SpecCheck{
{ID: "AVD-KSV012"},
},
},
{
Name: "Check that encryption resource has been set",
Description: "Control checks whether encryption resource has been set",
ID: "1.1",
Checks: []spec.SpecCheck{
Checks: []defsecTypes.SpecCheck{
{ID: "AVD-1.2.31"},
{ID: "AVD-1.2.32"},
},
Expand All @@ -181,28 +183,28 @@ func TestComplianceSpec_CheckIDs(t *testing.T) {
},
{
name: "get config and vuln scanners types by check id prefix",
spec: spec.Spec{
spec: defsecTypes.Spec{
ID: "1234",
Title: "NSA",
Description: "National Security Agency - Kubernetes Hardening Guidance",
RelatedResources: []string{
"https://example.com",
},
Version: "1.0",
Controls: []spec.Control{
Controls: []defsecTypes.Control{
{
Name: "Non-root containers",
Description: "Check that container is not running as root",
ID: "1.0",
Checks: []spec.SpecCheck{
Checks: []defsecTypes.SpecCheck{
{ID: "AVD-KSV012"},
},
},
{
Name: "Check that encryption resource has been set",
Description: "Control checks whether encryption resource has been set",
ID: "1.1",
Checks: []spec.SpecCheck{
Checks: []defsecTypes.SpecCheck{
{ID: "AVD-1.2.31"},
{ID: "AVD-1.2.32"},
},
Expand All @@ -211,7 +213,7 @@ func TestComplianceSpec_CheckIDs(t *testing.T) {
Name: "Ensure no critical vulnerabilities",
Description: "Control checks whether critical vulnerabilities are not found",
ID: "7.0",
Checks: []spec.SpecCheck{
Checks: []defsecTypes.SpecCheck{
{ID: "CVE-9999-9999"},
},
},
Expand Down
8 changes: 5 additions & 3 deletions pkg/flag/report_flags_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,8 @@ import (
"os"
"testing"

defsecTypes "github.com/aquasecurity/defsec/pkg/types"

"github.com/spf13/viper"
"github.com/stretchr/testify/assert"
"go.uber.org/zap"
Expand Down Expand Up @@ -182,17 +184,17 @@ func TestReportFlagGroup_ToOptions(t *testing.T) {
want: flag.ReportOptions{
Output: os.Stdout,
Compliance: spec.ComplianceSpec{
Spec: spec.Spec{
Spec: defsecTypes.Spec{
ID: "0001",
Title: "my-custom-spec",
Description: "My fancy spec",
Version: "1.2",
Controls: []spec.Control{
Controls: []defsecTypes.Control{
{
ID: "1.1",
Name: "Unencrypted S3 bucket",
Description: "S3 Buckets should be encrypted to protect the data that is stored within them if access is compromised.",
Checks: []spec.SpecCheck{
Checks: []defsecTypes.SpecCheck{
{ID: "AVD-AWS-0088"},
},
Severity: "HIGH",
Expand Down
5 changes: 3 additions & 2 deletions pkg/policy/policy.go
Original file line number Diff line number Diff line change
Expand Up @@ -18,8 +18,9 @@ import (
)

const (
bundleVersion = 0 // Latest released MAJOR version for defsec
bundleRepository = "ghcr.io/aquasecurity/defsec"
bundleVersion = 0 // Latest released MAJOR version for defsec
//bundleRepository = "ghcr.io/aquasecurity/defsec"
bundleRepository = "localhost:5000/defsec"
policyMediaType = "application/vnd.cncf.openpolicyagent.layer.v1.tar+gzip"
updateInterval = 24 * time.Hour
)
Expand Down

0 comments on commit b313458

Please sign in to comment.