Merge pull request #9 from ewbankkit/issue-8

No panic on invalid Statement.Resource type
jen20 · Dec 3, 2019 · 8b377d2 · 8b377d2
2 parents 9ebbf3c + b4c43e4
commit 8b377d2
Show file tree

Hide file tree

Showing 2 changed files with 71 additions and 0 deletions.
diff --git a/aws_policy_equivalence.go b/aws_policy_equivalence.go
@@ -383,6 +383,10 @@ func newAWSStringSet(members interface{}) awsStringSet {
 		}
 		actions := make([]string, len(multiple))
 		for i, action := range multiple {
+			if _, ok := action.(string); !ok {
+				return nil
+			}
+
 			actions[i] = action.(string)
 		}
 		return awsStringSet(actions)
@@ -396,6 +400,10 @@ func newAWSPrincipalStringSet(members interface{}) awsPrincipalStringSet {
 }
 
 func (actions awsStringSet) equals(other awsStringSet) bool {
+	if actions == nil || other == nil {
+		return false
+	}
+
 	if len(actions) != len(other) {
 		return false
 	}

diff --git a/aws_policy_equivalence_test.go b/aws_policy_equivalence_test.go
@@ -272,6 +272,32 @@ func TestPolicyEquivalence(t *testing.T) {
 			policy2:    policyTest29b,
 			equivalent: true,
 		},
+		{
+			name:       "Missing Statement",
+			policy1:    policyTest30,
+			policy2:    policyTest30,
+			equivalent: false,
+			err:        true,
+		},
+		{
+			name:       "Incorrect Statement type",
+			policy1:    policyTest31,
+			policy2:    policyTest31,
+			equivalent: false,
+			err:        true,
+		},
+		{
+			name:       "Incorrect single Resource type",
+			policy1:    policyTest32,
+			policy2:    policyTest32,
+			equivalent: false,
+		},
+		{
+			name:       "Incorrect multiple Resource type",
+			policy1:    policyTest33,
+			policy2:    policyTest33,
+			equivalent: false,
+		},
 	}
 
 	for _, tc := range cases {
@@ -1247,3 +1273,40 @@ const policyTest29b = `{
     }
   ]
 }`
+
+const policyTest30 = `{
+  "Version": "2012-10-17"
+}`
+
+const policyTest31 = `{
+  "Version": "2012-10-17",
+  "Statement": 42
+}`
+
+const policyTest32 = `{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Sid": "statement1",
+      "Effect": "Allow",
+      "Action": [
+        "s3:PutObject"
+      ],
+      "Resource": 42
+    }
+  ]
+}`
+
+const policyTest33 = `{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Sid": "statement1",
+      "Effect": "Allow",
+      "Action": [
+        "s3:PutObject"
+      ],
+      "Resource": [42]
+    }
+  ]
+}`