aquasecurity · simar7 · Mar 29, 2024 · Mar 15, 2024
@@ -0,0 +1,54 @@
+package accessanalyzer
+
+import (
+	"testing"
+
+	"github.com/aquasecurity/trivy/pkg/iac/adapters/cloudformation/testutil"
+	"github.com/aquasecurity/trivy/pkg/iac/providers/aws/accessanalyzer"
+	"github.com/aquasecurity/trivy/pkg/iac/types"
+)
+
+func TestAdapt(t *testing.T) {
+	tests := []struct {
+		name     string
+		source   string
+		expected accessanalyzer.AccessAnalyzer
+	}{
+		{
+			name: "complete",
+			source: `AWSTemplateFormatVersion: 2010-09-09
+Resources:
+  Analyzer:
+    Type: 'AWS::AccessAnalyzer::Analyzer'
+    Properties:
+      AnalyzerName: MyAccountAnalyzer
+`,
+			expected: accessanalyzer.AccessAnalyzer{
+				Analyzers: []accessanalyzer.Analyzer{
+					{
+						Name: types.StringTest("MyAccountAnalyzer"),
+					},
+				},
+			},
+		},
+		{
+			name: "empty",
+			source: `AWSTemplateFormatVersion: 2010-09-09
+Resources:
+  Analyzer:
+    Type: 'AWS::AccessAnalyzer::Analyzer'
+`,
+			expected: accessanalyzer.AccessAnalyzer{
+				Analyzers: []accessanalyzer.Analyzer{
+					{},
+				},
+			},
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			testutil.AdaptAndCompare(t, tt.source, tt.expected, Adapt)
+		})
+	}
+}
@@ -0,0 +1,84 @@
+package apigateway
+
+import (
+	"testing"
+
+	"github.com/aquasecurity/trivy/pkg/iac/adapters/cloudformation/testutil"
+	"github.com/aquasecurity/trivy/pkg/iac/providers/aws/apigateway"
+	v2 "github.com/aquasecurity/trivy/pkg/iac/providers/aws/apigateway/v2"
+	"github.com/aquasecurity/trivy/pkg/iac/types"
+)
+
+func TestAdapt(t *testing.T) {
+	tests := []struct {
+		name     string
+		source   string
+		expected apigateway.APIGateway
+	}{
+		{
+			name: "complete",
+			source: `AWSTemplateFormatVersion: 2010-09-09
+Resources:
+  MyApi:
+    Type: 'AWS::ApiGatewayV2::Api'
+    Properties:
+      Name: MyApi
+      ProtocolType: WEBSOCKET
+  MyStage:
+    Type: 'AWS::ApiGatewayV2::Stage'
+    Properties:
+      StageName: Prod
+      ApiId: !Ref MyApi
+      AccessLogSettings:
+        DestinationArn: some-arn
+`,
+			expected: apigateway.APIGateway{
+				V2: v2.APIGateway{
+					APIs: []v2.API{
+						{
+							Name:         types.StringTest("MyApi"),
+							ProtocolType: types.StringTest("WEBSOCKET"),
+							Stages: []v2.Stage{
+								{
+									Name: types.StringTest("Prod"),
+									AccessLogging: v2.AccessLogging{
+										CloudwatchLogGroupARN: types.StringTest("some-arn"),
+									},
+								},
+							},
+						},
+					},
+				},
+			},
+		},
+		{
+			name: "empty",
+			source: `AWSTemplateFormatVersion: 2010-09-09
+Resources:
+  MyApi:
+    Type: 'AWS::ApiGatewayV2::Api'
+  MyStage:
+    Type: 'AWS::ApiGatewayV2::Stage'
+  MyStage2:
+    Type: 'AWS::ApiGatewayV2::Stage'
+    Properties:
+      ApiId: !Ref MyApi
+`,
+			expected: apigateway.APIGateway{
+				V2: v2.APIGateway{
+					APIs: []v2.API{
+						{
+							Stages: []v2.Stage{{}},
+						},
+					},
+				},
+			},
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			testutil.AdaptAndCompare(t, tt.source, tt.expected, Adapt)
+		})
+	}
+}
@@ -2,18 +2,18 @@ package apigateway
 
 import (
 	v2 "github.com/aquasecurity/trivy/pkg/iac/providers/aws/apigateway/v2"
-	parser2 "github.com/aquasecurity/trivy/pkg/iac/scanners/cloudformation/parser"
+	"github.com/aquasecurity/trivy/pkg/iac/scanners/cloudformation/parser"
 	"github.com/aquasecurity/trivy/pkg/iac/types"
 )
 
-func getApis(cfFile parser2.FileContext) (apis []v2.API) {
+func getApis(cfFile parser.FileContext) (apis []v2.API) {
 
 	apiResources := cfFile.GetResourcesByType("AWS::ApiGatewayV2::Api")
 	for _, apiRes := range apiResources {
 		api := v2.API{
 			Metadata:     apiRes.Metadata(),
-			Name:         types.StringDefault("", apiRes.Metadata()),
-			ProtocolType: types.StringDefault("", apiRes.Metadata()),
+			Name:         apiRes.GetStringProperty("Name"),
+			ProtocolType: apiRes.GetStringProperty("ProtocolType"),
 			Stages:       getStages(apiRes.ID(), cfFile),
 		}
 		apis = append(apis, api)
@@ -22,7 +22,7 @@ func getApis(cfFile parser2.FileContext) (apis []v2.API) {
 	return apis
 }
 
-func getStages(apiId string, cfFile parser2.FileContext) []v2.Stage {
+func getStages(apiId string, cfFile parser.FileContext) []v2.Stage {
 	var apiStages []v2.Stage
 
 	stageResources := cfFile.GetResourcesByType("AWS::ApiGatewayV2::Stage")
@@ -43,7 +43,7 @@ func getStages(apiId string, cfFile parser2.FileContext) []v2.Stage {
 	return apiStages
 }
 
-func getAccessLogging(r *parser2.Resource) v2.AccessLogging {
+func getAccessLogging(r *parser.Resource) v2.AccessLogging {
 
 	loggingProp := r.GetProperty("AccessLogSettings")
 	if loggingProp.IsNil() {

@@ -0,0 +1,61 @@
+package athena
+
+import (
+	"testing"
+
+	"github.com/aquasecurity/trivy/pkg/iac/adapters/cloudformation/testutil"
+	"github.com/aquasecurity/trivy/pkg/iac/providers/aws/athena"
+	"github.com/aquasecurity/trivy/pkg/iac/types"
+)
+
+func TestAdapt(t *testing.T) {
+	tests := []struct {
+		name     string
+		source   string
+		expected athena.Athena
+	}{
+		{
+			name: "complete",
+			source: `AWSTemplateFormatVersion: 2010-09-09
+Resources:
+  MyAthenaWorkGroup:
+    Type: AWS::Athena::WorkGroup
+    Properties:
+      Name: MyCustomWorkGroup
+      WorkGroupConfiguration:
+        EnforceWorkGroupConfiguration: true
+        ResultConfiguration:
+          EncryptionOption: SSE_KMS
+`,
+			expected: athena.Athena{
+				Workgroups: []athena.Workgroup{
+					{
+						Name:                 types.StringTest("MyCustomWorkGroup"),
+						EnforceConfiguration: types.BoolTest(true),
+						Encryption: athena.EncryptionConfiguration{
+							Type: types.StringTest("SSE_KMS"),
+						},
+					},
+				},
+			},
+		},
+		{
+			name: "empty",
+			source: `AWSTemplateFormatVersion: 2010-09-09
+Resources:
+  MyAthenaWorkGroup:
+    Type: AWS::Athena::WorkGroup
+`,
+			expected: athena.Athena{
+				Workgroups: []athena.Workgroup{{}},
+			},
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			testutil.AdaptAndCompare(t, tt.source, tt.expected, Adapt)
+		})
+	}
+
+}
@@ -0,0 +1,68 @@
+package cloudfront
+
+import (
+	"testing"
+
+	"github.com/aquasecurity/trivy/pkg/iac/adapters/cloudformation/testutil"
+	"github.com/aquasecurity/trivy/pkg/iac/providers/aws/cloudfront"
+	"github.com/aquasecurity/trivy/pkg/iac/types"
+)
+
+func TestAdapt(t *testing.T) {
+	tests := []struct {
+		name     string
+		source   string
+		expected cloudfront.Cloudfront
+	}{
+		{
+			name: "complete",
+			source: `AWSTemplateFormatVersion: 2010-09-09
+Resources:
+  cloudfrontdistribution:
+    Type: AWS::CloudFront::Distribution
+    Properties:
+      DistributionConfig:
+        WebACLId: "a1b2c3d4-5678-90ab-cdef-EXAMPLE11111"
+        Logging:
+          Bucket: "myawslogbucket.s3.amazonaws.com"
+        ViewerCertificate:
+          MinimumProtocolVersion: SSLv3
+        DefaultCacheBehavior:
+          ViewerProtocolPolicy: "redirect-to-https"
+`,
+			expected: cloudfront.Cloudfront{
+				Distributions: []cloudfront.Distribution{
+					{
+						WAFID: types.StringTest("a1b2c3d4-5678-90ab-cdef-EXAMPLE11111"),
+						Logging: cloudfront.Logging{
+							Bucket: types.StringTest("myawslogbucket.s3.amazonaws.com"),
+						},
+						ViewerCertificate: cloudfront.ViewerCertificate{
+							MinimumProtocolVersion: types.StringTest("SSLv3"),
+						},
+						DefaultCacheBehaviour: cloudfront.CacheBehaviour{
+							ViewerProtocolPolicy: types.StringTest("redirect-to-https"),
+						},
+					},
+				},
+			},
+		},
+		{
+			name: "empty",
+			source: `AWSTemplateFormatVersion: 2010-09-09
+Resources:
+  cloudfrontdistribution:
+    Type: AWS::CloudFront::Distribution
+`,
+			expected: cloudfront.Cloudfront{
+				Distributions: []cloudfront.Distribution{{}},
+			},
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			testutil.AdaptAndCompare(t, tt.source, tt.expected, Adapt)
+		})
+	}
+}
@@ -2,11 +2,10 @@ package cloudfront
 
 import (
 	"github.com/aquasecurity/trivy/pkg/iac/providers/aws/cloudfront"
-	parser2 "github.com/aquasecurity/trivy/pkg/iac/scanners/cloudformation/parser"
-	"github.com/aquasecurity/trivy/pkg/iac/types"
+	"github.com/aquasecurity/trivy/pkg/iac/scanners/cloudformation/parser"
 )
 
-func getDistributions(ctx parser2.FileContext) (distributions []cloudfront.Distribution) {
+func getDistributions(ctx parser.FileContext) (distributions []cloudfront.Distribution) {
 
 	distributionResources := ctx.GetResourcesByType("AWS::CloudFront::Distribution")
 
@@ -32,24 +31,15 @@ func getDistributions(ctx parser2.FileContext) (distributions []cloudfront.Distr
 	return distributions
 }
 
-func getDefaultCacheBehaviour(r *parser2.Resource) cloudfront.CacheBehaviour {
+func getDefaultCacheBehaviour(r *parser.Resource) cloudfront.CacheBehaviour {
 	defaultCache := r.GetProperty("DistributionConfig.DefaultCacheBehavior")
 	if defaultCache.IsNil() {
 		return cloudfront.CacheBehaviour{
-			Metadata:             r.Metadata(),
-			ViewerProtocolPolicy: types.StringDefault("allow-all", r.Metadata()),
-		}
-	}
-	protoProp := r.GetProperty("DistributionConfig.DefaultCacheBehavior.ViewerProtocolPolicy")
-	if protoProp.IsNotString() {
-		return cloudfront.CacheBehaviour{
-			Metadata:             r.Metadata(),
-			ViewerProtocolPolicy: types.StringDefault("allow-all", r.Metadata()),
+			Metadata: r.Metadata(),
 		}
 	}
-
 	return cloudfront.CacheBehaviour{
-		Metadata:             r.Metadata(),
-		ViewerProtocolPolicy: protoProp.AsStringValue(),
+		Metadata:             defaultCache.Metadata(),
+		ViewerProtocolPolicy: defaultCache.GetStringProperty("ViewerProtocolPolicy"),
 	}
 }