test: add functional tests

Signed-off-by: Nikita Pivkin <nikita.pivkin@smartforce.io>
aquasecurity · Aug 21, 2024 · a42b5cb · a42b5cb
1 parent 47e49a4
commit a42b5cb
Show file tree

Hide file tree

Showing 3 changed files with 124 additions and 92 deletions.
diff --git a/checks/cloud/digitalocean/spaces/acl_no_public_read_test.go b/checks/cloud/digitalocean/spaces/acl_no_public_read_test.go
diff --git a/test/rego/digitalocean_spaces_test.go b/test/rego/digitalocean_spaces_test.go
@@ -0,0 +1,119 @@
+package test
+
+import (
+	"github.com/aquasecurity/trivy/pkg/iac/providers/digitalocean"
+	"github.com/aquasecurity/trivy/pkg/iac/providers/digitalocean/spaces"
+	"github.com/aquasecurity/trivy/pkg/iac/state"
+	trivyTypes "github.com/aquasecurity/trivy/pkg/iac/types"
+)
+
+var digitalOceanSpacesTestCases = testCases{
+	"AVD-DIG-0006": {
+		{
+			name: "Space bucket with public read ACL",
+			input: state.State{DigitalOcean: digitalocean.DigitalOcean{Spaces: spaces.Spaces{
+				Buckets: []spaces.Bucket{
+					{
+						Metadata: trivyTypes.NewTestMetadata(),
+						ACL:      trivyTypes.String("public-read", trivyTypes.NewTestMetadata()),
+					},
+				},
+			}}},
+			expected: true,
+		},
+		{
+			name: "Space bucket object with public read ACL",
+			input: state.State{DigitalOcean: digitalocean.DigitalOcean{Spaces: spaces.Spaces{
+				Buckets: []spaces.Bucket{
+					{
+						Metadata: trivyTypes.NewTestMetadata(),
+						ACL:      trivyTypes.String("private", trivyTypes.NewTestMetadata()),
+						Objects: []spaces.Object{
+							{
+								Metadata: trivyTypes.NewTestMetadata(),
+								ACL:      trivyTypes.String("public-read", trivyTypes.NewTestMetadata()),
+							},
+						},
+					},
+				},
+			}}},
+			expected: true,
+		},
+		{
+			name: "Space bucket and bucket object with private ACL",
+			input: state.State{DigitalOcean: digitalocean.DigitalOcean{Spaces: spaces.Spaces{
+				Buckets: []spaces.Bucket{
+					{
+						Metadata: trivyTypes.NewTestMetadata(),
+						ACL:      trivyTypes.String("private", trivyTypes.NewTestMetadata()),
+						Objects: []spaces.Object{
+							{
+								Metadata: trivyTypes.NewTestMetadata(),
+								ACL:      trivyTypes.String("private", trivyTypes.NewTestMetadata()),
+							},
+						},
+					},
+				},
+			}}},
+			expected: false,
+		},
+	},
+	"AVD-DIG-0009": {
+		{
+			name: "Space bucket force destroy enabled",
+			input: state.State{DigitalOcean: digitalocean.DigitalOcean{Spaces: spaces.Spaces{
+				Buckets: []spaces.Bucket{
+					{
+						Metadata:     trivyTypes.NewTestMetadata(),
+						ForceDestroy: trivyTypes.Bool(true, trivyTypes.NewTestMetadata()),
+					},
+				},
+			}}},
+			expected: true,
+		},
+		{
+			name: "Space bucket force destroy disabled",
+			input: state.State{DigitalOcean: digitalocean.DigitalOcean{Spaces: spaces.Spaces{
+				Buckets: []spaces.Bucket{
+					{
+						Metadata:     trivyTypes.NewTestMetadata(),
+						ForceDestroy: trivyTypes.Bool(false, trivyTypes.NewTestMetadata()),
+					},
+				},
+			}}},
+			expected: false,
+		},
+	},
+	"AVD-DIG-0007": {
+		{
+			name: "Space bucket versioning disabled",
+			input: state.State{DigitalOcean: digitalocean.DigitalOcean{Spaces: spaces.Spaces{
+				Buckets: []spaces.Bucket{
+					{
+						Metadata: trivyTypes.NewTestMetadata(),
+						Versioning: spaces.Versioning{
+							Metadata: trivyTypes.NewTestMetadata(),
+							Enabled:  trivyTypes.Bool(false, trivyTypes.NewTestMetadata()),
+						},
+					},
+				},
+			}}},
+			expected: true,
+		},
+		{
+			name: "Space bucket versioning enabled",
+			input: state.State{DigitalOcean: digitalocean.DigitalOcean{Spaces: spaces.Spaces{
+				Buckets: []spaces.Bucket{
+					{
+						Metadata: trivyTypes.NewTestMetadata(),
+						Versioning: spaces.Versioning{
+							Metadata: trivyTypes.NewTestMetadata(),
+							Enabled:  trivyTypes.Bool(true, trivyTypes.NewTestMetadata()),
+						},
+					},
+				},
+			}}},
+			expected: false,
+		},
+	},
+}
diff --git a/test/rego/rego_checks_test.go b/test/rego/rego_checks_test.go
@@ -61,15 +61,17 @@ func TestRegoChecks(t *testing.T) {
 		azureAuthorizationTestCases,
 		azureContainerTestCases,
 
-    googleDnsTestCases,
+		googleDnsTestCases,
 		googleKmsTestCases,
 		googleBigQueryTestCases,
 
-    githubTestCases,
+		githubTestCases,
 
-    nifcloudDnsTestCases,
+		nifcloudDnsTestCases,
 		nifcloudNetworkTestCases,
 		nifcloudSslCertificateTestCases,
+
+		digitalOceanSpacesTestCases,
 	)
 
 	regoScanner := rego.NewScanner(trivyTypes.SourceCloud)