fix tests

aquasecurity · Mar 16, 2023 · c0a7425 · c0a7425
1 parent 735f549
commit c0a7425
Show file tree

Hide file tree

Showing 4 changed files with 42 additions and 34 deletions.
diff --git a/pkg/cloud/aws/commands/run_test.go b/pkg/cloud/aws/commands/run_test.go
@@ -8,6 +8,8 @@ import (
 	"testing"
 	"time"
 
+	defsecTypes "github.com/aquasecurity/defsec/pkg/types"
+
 	dbTypes "github.com/aquasecurity/trivy-db/pkg/types"
 	"github.com/aquasecurity/trivy/pkg/compliance/spec"
 	"github.com/aquasecurity/trivy/pkg/flag"
@@ -649,18 +651,18 @@ deny[res] {
 				},
 				ReportOptions: flag.ReportOptions{
 					Compliance: spec.ComplianceSpec{
-						Spec: spec.Spec{
+						Spec: defsecTypes.Spec{
 							// TODO: refactor defsec so that the parsed spec can be passed
 							ID:          "@testdata/example-spec.yaml",
 							Title:       "my-custom-spec",
 							Description: "My fancy spec",
 							Version:     "1.2",
-							Controls: []spec.Control{
+							Controls: []defsecTypes.Control{
 								{
 									ID:          "1.1",
 									Name:        "Unencrypted S3 bucket",
 									Description: "S3 Buckets should be encrypted to protect the data that is stored within them if access is compromised.",
-									Checks: []spec.SpecCheck{
+									Checks: []defsecTypes.SpecCheck{
 										{ID: "AVD-AWS-0088"},
 									},
 									Severity: "HIGH",

diff --git a/pkg/compliance/report/report_test.go b/pkg/compliance/report/report_test.go
@@ -4,6 +4,8 @@ import (
 	"fmt"
 	"testing"
 
+	defsecTypes "github.com/aquasecurity/defsec/pkg/types"
+
 	"github.com/stretchr/testify/assert"
 
 	dbTypes "github.com/aquasecurity/trivy-db/pkg/types"
@@ -97,21 +99,21 @@ func TestBuildComplianceReport(t *testing.T) {
 					},
 				},
 				cs: spec.ComplianceSpec{
-					Spec: spec.Spec{
+					Spec: defsecTypes.Spec{
 						ID:          "1234",
 						Title:       "NSA",
 						Description: "National Security Agency - Kubernetes Hardening Guidance",
 						Version:     "1.0",
 						RelatedResources: []string{
 							"https://example.com",
 						},
-						Controls: []spec.Control{
+						Controls: []defsecTypes.Control{
 							{
 								ID:          "1.0",
 								Name:        "Non-root containers",
 								Description: "Check that container is not running as root",
 								Severity:    "MEDIUM",
-								Checks: []spec.SpecCheck{
+								Checks: []defsecTypes.SpecCheck{
 									{ID: "AVD-KSV-0001"},
 								},
 							},
@@ -120,7 +122,7 @@ func TestBuildComplianceReport(t *testing.T) {
 								Name:        "Immutable container file systems",
 								Description: "Check that container root file system is immutable",
 								Severity:    "LOW",
-								Checks: []spec.SpecCheck{
+								Checks: []defsecTypes.SpecCheck{
 									{ID: "AVD-KSV-0002"},
 								},
 							},
@@ -129,7 +131,7 @@ func TestBuildComplianceReport(t *testing.T) {
 								Name:        "tzdata - new upstream version",
 								Description: "Bad tzdata package",
 								Severity:    "CRITICAL",
-								Checks: []spec.SpecCheck{
+								Checks: []defsecTypes.SpecCheck{
 									{ID: "DLA-2424-1"},
 								},
 							},

diff --git a/pkg/compliance/spec/compliance_test.go b/pkg/compliance/spec/compliance_test.go
@@ -5,6 +5,8 @@ import (
 	"sort"
 	"testing"
 
+	defsecTypes "github.com/aquasecurity/defsec/pkg/types"
+
 	"github.com/stretchr/testify/assert"
 
 	"github.com/aquasecurity/trivy/pkg/compliance/spec"
@@ -14,34 +16,34 @@ import (
 func TestComplianceSpec_Scanners(t *testing.T) {
 	tests := []struct {
 		name    string
-		spec    spec.Spec
+		spec    defsecTypes.Spec
 		want    types.Scanners
 		wantErr assert.ErrorAssertionFunc
 	}{
 		{
 			name: "get config scanner type by check id prefix",
-			spec: spec.Spec{
+			spec: defsecTypes.Spec{
 				ID:          "1234",
 				Title:       "NSA",
 				Description: "National Security Agency - Kubernetes Hardening Guidance",
 				RelatedResources: []string{
 					"https://example.com",
 				},
 				Version: "1.0",
-				Controls: []spec.Control{
+				Controls: []defsecTypes.Control{
 					{
 						Name:        "Non-root containers",
 						Description: "Check that container is not running as root",
 						ID:          "1.0",
-						Checks: []spec.SpecCheck{
+						Checks: []defsecTypes.SpecCheck{
 							{ID: "AVD-KSV012"},
 						},
 					},
 					{
 						Name:        "Check that encryption resource has been set",
 						Description: "Control checks whether encryption resource has been set",
 						ID:          "1.1",
-						Checks: []spec.SpecCheck{
+						Checks: []defsecTypes.SpecCheck{
 							{ID: "AVD-1.2.31"},
 							{ID: "AVD-1.2.32"},
 						},
@@ -53,28 +55,28 @@ func TestComplianceSpec_Scanners(t *testing.T) {
 		},
 		{
 			name: "get config and vuln scanners types by check id prefix",
-			spec: spec.Spec{
+			spec: defsecTypes.Spec{
 				ID:          "1234",
 				Title:       "NSA",
 				Description: "National Security Agency - Kubernetes Hardening Guidance",
 				RelatedResources: []string{
 					"https://example.com",
 				},
 				Version: "1.0",
-				Controls: []spec.Control{
+				Controls: []defsecTypes.Control{
 					{
 						Name:        "Non-root containers",
 						Description: "Check that container is not running as root",
 						ID:          "1.0",
-						Checks: []spec.SpecCheck{
+						Checks: []defsecTypes.SpecCheck{
 							{ID: "AVD-KSV012"},
 						},
 					},
 					{
 						Name:        "Check that encryption resource has been set",
 						Description: "Control checks whether encryption resource has been set",
 						ID:          "1.1",
-						Checks: []spec.SpecCheck{
+						Checks: []defsecTypes.SpecCheck{
 							{ID: "AVD-1.2.31"},
 							{ID: "AVD-1.2.32"},
 						},
@@ -83,7 +85,7 @@ func TestComplianceSpec_Scanners(t *testing.T) {
 						Name:        "Ensure no critical vulnerabilities",
 						Description: "Control checks whether critical vulnerabilities are not found",
 						ID:          "7.0",
-						Checks: []spec.SpecCheck{
+						Checks: []defsecTypes.SpecCheck{
 							{ID: "CVE-9999-9999"},
 						},
 					},
@@ -97,19 +99,19 @@ func TestComplianceSpec_Scanners(t *testing.T) {
 		},
 		{
 			name: "unknown prefix",
-			spec: spec.Spec{
+			spec: defsecTypes.Spec{
 				ID:          "1234",
 				Title:       "NSA",
 				Description: "National Security Agency - Kubernetes Hardening Guidance",
 				RelatedResources: []string{
 					"https://example.com",
 				},
 				Version: "1.0",
-				Controls: []spec.Control{
+				Controls: []defsecTypes.Control{
 					{
 						Name: "Unknown",
 						ID:   "1.0",
-						Checks: []spec.SpecCheck{
+						Checks: []defsecTypes.SpecCheck{
 							{ID: "UNKNOWN-001"},
 						},
 					},
@@ -138,33 +140,33 @@ func TestComplianceSpec_Scanners(t *testing.T) {
 func TestComplianceSpec_CheckIDs(t *testing.T) {
 	tests := []struct {
 		name string
-		spec spec.Spec
+		spec defsecTypes.Spec
 		want map[types.Scanner][]string
 	}{
 		{
 			name: "get config scanner type by check id prefix",
-			spec: spec.Spec{
+			spec: defsecTypes.Spec{
 				ID:          "1234",
 				Title:       "NSA",
 				Description: "National Security Agency - Kubernetes Hardening Guidance",
 				RelatedResources: []string{
 					"https://example.com",
 				},
 				Version: "1.0",
-				Controls: []spec.Control{
+				Controls: []defsecTypes.Control{
 					{
 						Name:        "Non-root containers",
 						Description: "Check that container is not running as root",
 						ID:          "1.0",
-						Checks: []spec.SpecCheck{
+						Checks: []defsecTypes.SpecCheck{
 							{ID: "AVD-KSV012"},
 						},
 					},
 					{
 						Name:        "Check that encryption resource has been set",
 						Description: "Control checks whether encryption resource has been set",
 						ID:          "1.1",
-						Checks: []spec.SpecCheck{
+						Checks: []defsecTypes.SpecCheck{
 							{ID: "AVD-1.2.31"},
 							{ID: "AVD-1.2.32"},
 						},
@@ -181,28 +183,28 @@ func TestComplianceSpec_CheckIDs(t *testing.T) {
 		},
 		{
 			name: "get config and vuln scanners types by check id prefix",
-			spec: spec.Spec{
+			spec: defsecTypes.Spec{
 				ID:          "1234",
 				Title:       "NSA",
 				Description: "National Security Agency - Kubernetes Hardening Guidance",
 				RelatedResources: []string{
 					"https://example.com",
 				},
 				Version: "1.0",
-				Controls: []spec.Control{
+				Controls: []defsecTypes.Control{
 					{
 						Name:        "Non-root containers",
 						Description: "Check that container is not running as root",
 						ID:          "1.0",
-						Checks: []spec.SpecCheck{
+						Checks: []defsecTypes.SpecCheck{
 							{ID: "AVD-KSV012"},
 						},
 					},
 					{
 						Name:        "Check that encryption resource has been set",
 						Description: "Control checks whether encryption resource has been set",
 						ID:          "1.1",
-						Checks: []spec.SpecCheck{
+						Checks: []defsecTypes.SpecCheck{
 							{ID: "AVD-1.2.31"},
 							{ID: "AVD-1.2.32"},
 						},
@@ -211,7 +213,7 @@ func TestComplianceSpec_CheckIDs(t *testing.T) {
 						Name:        "Ensure no critical vulnerabilities",
 						Description: "Control checks whether critical vulnerabilities are not found",
 						ID:          "7.0",
-						Checks: []spec.SpecCheck{
+						Checks: []defsecTypes.SpecCheck{
 							{ID: "CVE-9999-9999"},
 						},
 					},

diff --git a/pkg/flag/report_flags_test.go b/pkg/flag/report_flags_test.go
@@ -4,6 +4,8 @@ import (
 	"os"
 	"testing"
 
+	defsecTypes "github.com/aquasecurity/defsec/pkg/types"
+
 	"github.com/spf13/viper"
 	"github.com/stretchr/testify/assert"
 	"go.uber.org/zap"
@@ -182,17 +184,17 @@ func TestReportFlagGroup_ToOptions(t *testing.T) {
 			want: flag.ReportOptions{
 				Output: os.Stdout,
 				Compliance: spec.ComplianceSpec{
-					Spec: spec.Spec{
+					Spec: defsecTypes.Spec{
 						ID:          "0001",
 						Title:       "my-custom-spec",
 						Description: "My fancy spec",
 						Version:     "1.2",
-						Controls: []spec.Control{
+						Controls: []defsecTypes.Control{
 							{
 								ID:          "1.1",
 								Name:        "Unencrypted S3 bucket",
 								Description: "S3 Buckets should be encrypted to protect the data that is stored within them if access is compromised.",
-								Checks: []spec.SpecCheck{
+								Checks: []defsecTypes.SpecCheck{
 									{ID: "AVD-AWS-0088"},
 								},
 								Severity: "HIGH",