From 9bd716a5794966518f96d6e6aa38ca06714692df Mon Sep 17 00:00:00 2001 From: ArturRibeiro-CX <153724638+cx-artur-ribeiro@users.noreply.github.com> Date: Wed, 14 Jan 2026 21:36:55 +0000 Subject: [PATCH 01/10] initial addition of terraform locals support --- e2e/fixtures/E2E_CLI_104_PAYLOAD.json | 58 +++ e2e/fixtures/E2E_CLI_104_RESULT.json | 160 +++++++ e2e/fixtures/samples/terraform-locals/main.tf | 35 ++ .../samples/terraform-locals/variables.tf | 10 + .../e2e-cli-104_tf_locals_support.go | 29 ++ pkg/parser/terraform/locals.go | 168 +++++++ pkg/parser/terraform/locals_test.go | 442 ++++++++++++++++++ pkg/parser/terraform/terraform.go | 12 +- .../circular/circular_reference.tf | 10 + .../cross_file/cross_file_locals_a.tf | 10 + .../cross_file/cross_file_locals_b.tf | 10 + .../forward_ref/forward_reference.tf | 15 + .../isolated/isolated_locals.tf | 8 + .../multi_blocks/multiple_blocks.tf | 22 + .../no_locals/no_locals.tf | 9 + .../override/override_locals_a.tf | 10 + .../override/override_locals_b.tf | 9 + .../simple/simple_locals.tf | 17 + .../with_vars/locals_with_vars.tf | 20 + 19 files changed, 1049 insertions(+), 5 deletions(-) create mode 100644 e2e/fixtures/E2E_CLI_104_PAYLOAD.json create mode 100644 e2e/fixtures/E2E_CLI_104_RESULT.json create mode 100644 e2e/fixtures/samples/terraform-locals/main.tf create mode 100644 e2e/fixtures/samples/terraform-locals/variables.tf create mode 100644 e2e/testcases/e2e-cli-104_tf_locals_support.go create mode 100644 pkg/parser/terraform/locals.go create mode 100644 pkg/parser/terraform/locals_test.go create mode 100644 test/fixtures/test_terraform_locals/circular/circular_reference.tf create mode 100644 test/fixtures/test_terraform_locals/cross_file/cross_file_locals_a.tf create mode 100644 test/fixtures/test_terraform_locals/cross_file/cross_file_locals_b.tf create mode 100644 test/fixtures/test_terraform_locals/forward_ref/forward_reference.tf create mode 100644 test/fixtures/test_terraform_locals/isolated/isolated_locals.tf create mode 100644 test/fixtures/test_terraform_locals/multi_blocks/multiple_blocks.tf create mode 100644 test/fixtures/test_terraform_locals/no_locals/no_locals.tf create mode 100644 test/fixtures/test_terraform_locals/override/override_locals_a.tf create mode 100644 test/fixtures/test_terraform_locals/override/override_locals_b.tf create mode 100644 test/fixtures/test_terraform_locals/simple/simple_locals.tf create mode 100644 test/fixtures/test_terraform_locals/with_vars/locals_with_vars.tf diff --git a/e2e/fixtures/E2E_CLI_104_PAYLOAD.json b/e2e/fixtures/E2E_CLI_104_PAYLOAD.json new file mode 100644 index 00000000000..083f21a3ceb --- /dev/null +++ b/e2e/fixtures/E2E_CLI_104_PAYLOAD.json @@ -0,0 +1,58 @@ +{ + "document": [ + { + "file": "file", + "id": "0", + "locals": { + "environment": "production", + "resource_name": "my-app-service" + }, + "resource": { + "aws_s3_bucket": { + "example": { + "bucket": "my-app-service", + "tags": { + "Environment": "production", + "Name": "my-app-service" + } + } + }, + "kubernetes_service_v1": { + "example": { + "metadata": { + "labels": { + "app": "my-app-service" + }, + "name": "my-service", + "namespace": "default" + }, + "spec": { + "port": { + "port": 80, + "target_port": 8080 + }, + "selector": { + "app": "my-app-service" + } + } + } + } + } + }, + { + "file": "file", + "id": "1", + "variable": { + "name": { + "default": "service", + "type": "${string}" + }, + "resource_prefix": { + "default": "my-app-", + "type": "${string}" + } + } + } + ] +} + diff --git a/e2e/fixtures/E2E_CLI_104_RESULT.json b/e2e/fixtures/E2E_CLI_104_RESULT.json new file mode 100644 index 00000000000..da4ca5ef305 --- /dev/null +++ b/e2e/fixtures/E2E_CLI_104_RESULT.json @@ -0,0 +1,160 @@ +{ + "kics_version": "development", + "files_scanned": 2, + "lines_scanned": 47, + "files_parsed": 2, + "lines_parsed": 47, + "lines_ignored": 0, + "files_failed_to_scan": 0, + "queries_total": 1101, + "queries_failed_to_execute": 0, + "queries_failed_to_compute_similarity_id": 0, + "scan_id": "console", + "severity_counters": { + "CRITICAL": 0, + "HIGH": 0, + "INFO": 2, + "LOW": 1, + "MEDIUM": 2, + "TRACE": 0 + }, + "total_counter": 5, + "total_bom_resources": 0, + "start": "2026-01-14T21:29:02.4901976Z", + "end": "2026-01-14T21:29:16.8821957Z", + "paths": [ + "/path/e2e/fixtures/samples/terraform-locals" + ], + "queries": [ + { + "query_name": "S3 Bucket Logging Disabled", + "query_id": "f861041c-8c9f-4156-acfc-5e6e524f5884", + "query_url": "https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket", + "severity": "MEDIUM", + "platform": "Terraform", + "cwe": "778", + "risk_score": "5.1", + "cloud_provider": "AWS", + "category": "Observability", + "experimental": false, + "description": "Server Access Logging should be enabled on S3 Buckets so that all changes are logged and trackable", + "description_id": "fa5c7c72", + "files": [ + { + "file_name": "/path/e2e/fixtures/samples/terraform-locals/main.tf", + "similarity_id": "e0510199dceea096d9c476c2b1a5e181b6d3050159e1019049ef068ad0d0e3c9", + "line": 27, + "resource_type": "aws_s3_bucket", + "resource_name": "my-app-service", + "issue_type": "MissingAttribute", + "search_key": "aws_s3_bucket[example]", + "search_line": 27, + "search_value": "", + "expected_value": "'logging' should be defined and not null", + "actual_value": "'logging' is undefined or null" + } + ] + }, + { + "query_name": "S3 Bucket Without Versioning", + "query_id": "568a4d22-3517-44a6-a7ad-6a7eed88722c", + "query_url": "https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket#versioning", + "severity": "MEDIUM", + "platform": "Terraform", + "cwe": "710", + "risk_score": "5.7", + "cloud_provider": "AWS", + "category": "Backup", + "experimental": false, + "description": "S3 bucket should have versioning enabled", + "description_id": "7614ce3b", + "files": [ + { + "file_name": "/path/e2e/fixtures/samples/terraform-locals/main.tf", + "similarity_id": "7152d8bab096599974a6e046e2b7ae3855c5ba4bf5aa1e7b47de1d3834dddc1a", + "line": 27, + "resource_type": "aws_s3_bucket", + "resource_name": "my-app-service", + "issue_type": "MissingAttribute", + "search_key": "aws_s3_bucket[example]", + "search_line": 27, + "search_value": "", + "expected_value": "'versioning' should be true", + "actual_value": "'versioning' is undefined or null" + } + ] + }, + { + "query_name": "IAM Access Analyzer Not Enabled", + "query_id": "e592a0c5-5bdb-414c-9066-5dba7cdea370", + "query_url": "https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/accessanalyzer_analyzer", + "severity": "LOW", + "platform": "Terraform", + "cwe": "710", + "risk_score": "3.5", + "cloud_provider": "AWS", + "category": "Best Practices", + "experimental": false, + "description": "IAM Access Analyzer should be enabled and configured to continuously monitor resource permissions", + "description_id": "d03e85ae", + "files": [ + { + "file_name": "/path/e2e/fixtures/samples/terraform-locals/main.tf", + "similarity_id": "0a7d0464de505a54720d6002d14a22a32e6b20bb8189d444ab621d8ab838304f", + "line": 6, + "resource_type": "n/a", + "resource_name": "n/a", + "issue_type": "MissingAttribute", + "search_key": "resource", + "search_line": -1, + "search_value": "", + "expected_value": "'aws_accessanalyzer_analyzer' should be set", + "actual_value": "'aws_accessanalyzer_analyzer' is undefined" + } + ] + }, + { + "query_name": "Variable Without Description", + "query_id": "2a153952-2544-4687-bcc9-cc8fea814a9b", + "query_url": "https://www.terraform.io/docs/language/values/variables.html#input-variable-documentation", + "severity": "INFO", + "platform": "Terraform", + "cwe": "710", + "risk_score": "0.0", + "cloud_provider": "COMMON", + "category": "Best Practices", + "experimental": false, + "description": "All variables should contain a valid description.", + "description_id": "b44986be", + "files": [ + { + "file_name": "/path/e2e/fixtures/samples/terraform-locals/variables.tf", + "similarity_id": "71c203d56572e4a0245f96d579cf681005b1cd368cbe27273e237b286eeb1867", + "line": 6, + "resource_type": "n/a", + "resource_name": "n/a", + "issue_type": "MissingAttribute", + "search_key": "variable.{{name}}", + "search_line": -1, + "search_value": "", + "expected_value": "'description' should be defined and not null", + "actual_value": "'description' is undefined or null" + }, + { + "file_name": "/path/e2e/fixtures/samples/terraform-locals/variables.tf", + "similarity_id": "77b2c29716b6deec350157e0176aba10a75eefb94ebc3c0e19bd2d20ff19eb3b", + "line": 1, + "resource_type": "n/a", + "resource_name": "n/a", + "issue_type": "MissingAttribute", + "search_key": "variable.{{resource_prefix}}", + "search_line": -1, + "search_value": "", + "expected_value": "'description' should be defined and not null", + "actual_value": "'description' is undefined or null" + } + ] + } + ] +} + diff --git a/e2e/fixtures/samples/terraform-locals/main.tf b/e2e/fixtures/samples/terraform-locals/main.tf new file mode 100644 index 00000000000..7a426696820 --- /dev/null +++ b/e2e/fixtures/samples/terraform-locals/main.tf @@ -0,0 +1,35 @@ +locals { + resource_name = "${var.resource_prefix}${var.name}" + environment = "production" +} + +resource "kubernetes_service_v1" "example" { + metadata { + name = "my-service" + namespace = "default" + labels = { + app = local.resource_name + } + } + + spec { + selector = { + app = local.resource_name + } + + port { + port = 80 + target_port = 8080 + } + } +} + +resource "aws_s3_bucket" "example" { + bucket = local.resource_name + + tags = { + Name = local.resource_name + Environment = local.environment + } +} + diff --git a/e2e/fixtures/samples/terraform-locals/variables.tf b/e2e/fixtures/samples/terraform-locals/variables.tf new file mode 100644 index 00000000000..f686a1c5174 --- /dev/null +++ b/e2e/fixtures/samples/terraform-locals/variables.tf @@ -0,0 +1,10 @@ +variable "resource_prefix" { + type = string + default = "my-app-" +} + +variable "name" { + type = string + default = "service" +} + diff --git a/e2e/testcases/e2e-cli-104_tf_locals_support.go b/e2e/testcases/e2e-cli-104_tf_locals_support.go new file mode 100644 index 00000000000..1b1140884c9 --- /dev/null +++ b/e2e/testcases/e2e-cli-104_tf_locals_support.go @@ -0,0 +1,29 @@ +// Package testcases provides end-to-end (E2E) testing functionality for the application. +package testcases + +// E2E-CLI-104 - KICS scan should parse and evaluate terraform locals and find vulnerabilities +// should perform the scan successfully, find issues, and return exit code 50 +func init() { //nolint + testSample := TestCase{ + Name: "should perform a valid scan, evaluate terraform locals, and find vulnerabilities [E2E-CLI-104]", + Args: args{ + Args: []cmdArgs{ + []string{"scan", "-o", "/path/e2e/output", + "--output-name", "E2E_CLI_104_RESULT", + "-p", "\"/path/e2e/fixtures/samples/terraform-locals\"", + "--payload-path", "/path/e2e/output/E2E_CLI_104_PAYLOAD.json"}, + }, + ExpectedPayload: []string{ + "E2E_CLI_104_PAYLOAD.json", + }, + ExpectedResult: []ResultsValidation{ + { + ResultsFile: "E2E_CLI_104_RESULT", + }, + }, + }, + WantStatus: []int{50}, + } + + Tests = append(Tests, testSample) +} diff --git a/pkg/parser/terraform/locals.go b/pkg/parser/terraform/locals.go new file mode 100644 index 00000000000..ecdc0a06c63 --- /dev/null +++ b/pkg/parser/terraform/locals.go @@ -0,0 +1,168 @@ +package terraform + +import ( + "maps" + "path/filepath" + "sync" + + "github.com/hashicorp/hcl/v2" + "github.com/hashicorp/hcl/v2/hclsyntax" + "github.com/rs/zerolog/log" + "github.com/zclconf/go-cty/cty" + + "github.com/Checkmarx/kics/v2/pkg/parser/terraform/converter" + "github.com/Checkmarx/kics/v2/pkg/parser/terraform/functions" +) + +// Cache for directory-level locals resolution +var ( + localsCache = make(map[string]converter.VariableMap) + localsCacheMutex sync.RWMutex +) + +// extractLocalsFromFile extracts all locals blocks from a single .tf file +func extractLocalsFromFile(filename string) (map[string]*hclsyntax.Attribute, error) { + localsAttrs := make(map[string]*hclsyntax.Attribute) + + parsedFile, err := parseFile(filename, false) + if err != nil || parsedFile == nil { + return nil, err + } + + body, ok := parsedFile.Body.(*hclsyntax.Body) + if !ok { + return localsAttrs, nil + } + + // Extract all locals blocks from this file + for _, block := range body.Blocks { + if block.Type == "locals" { + maps.Copy(localsAttrs, block.Body.Attributes) + } + } + + return localsAttrs, nil +} + +func evaluateLocal(attr *hclsyntax.Attribute, localsMap converter.VariableMap) (cty.Value, bool) { + evalCtx := &hcl.EvalContext{ + Variables: make(map[string]cty.Value), + Functions: functions.TerraformFuncs, + } + + maps.Copy(evalCtx.Variables, inputVariableMap) + + if len(localsMap) > 0 { + evalCtx.Variables["local"] = cty.ObjectVal(localsMap) + } + + value, diags := attr.Expr.Value(evalCtx) + if diags.HasErrors() { + return cty.NilVal, false + } + + return value, true +} + +// buildLocalsForDirectory scans all .tf files in a directory once and builds the complete locals map +func buildLocalsForDirectory(currentPath string) (converter.VariableMap, error) { + localsMap := make(converter.VariableMap) + + // Get all .tf files in the directory + tfFiles, err := filepath.Glob(filepath.Join(currentPath, "*.tf")) + if err != nil { + log.Error().Msg("Error getting .tf files") + return localsMap, err + } + + if len(tfFiles) == 0 { + return localsMap, nil + } + + // collect all locals attributes from all files in the directory + allLocalsAttrs := make(map[string]*hclsyntax.Attribute) + + for _, tfFile := range tfFiles { + fileLocals, errExtract := extractLocalsFromFile(tfFile) + if errExtract != nil { + log.Error().Msgf("Error extracting locals from %s", tfFile) + log.Err(errExtract) + continue + } + + maps.Copy(allLocalsAttrs, fileLocals) + } + + if len(allLocalsAttrs) == 0 { + return localsMap, nil + } + + // Locals can reference other locals, so we evaluate in multiple passes + maxIterations := len(allLocalsAttrs) + 1 + evaluated := make(map[string]bool) + + for range maxIterations { + madeProgress := false + + for name, attr := range allLocalsAttrs { + if evaluated[name] { + continue + } + + value, success := evaluateLocal(attr, localsMap) + if !success { + continue + } + + localsMap[name] = value + evaluated[name] = true + madeProgress = true + } + + if len(evaluated) == len(allLocalsAttrs) { + break + } + + // No progress made - circular dependencies or missing references + if !madeProgress { + // Store unevaluated locals as placeholders + for name := range allLocalsAttrs { + if !evaluated[name] { + log.Debug().Msgf("Could not evaluate local.%s in %s", name, currentPath) + localsMap[name] = cty.StringVal("${local." + name + "}") + } + } + break + } + } + + return localsMap, nil +} + +// getLocals extracts locals from all .tf files in the directory and caches the result +func getLocals(currentPath string) { + localsCacheMutex.RLock() + if cachedLocals, exists := localsCache[currentPath]; exists { + localsCacheMutex.RUnlock() + if len(cachedLocals) > 0 { + inputVariableMap["local"] = cty.ObjectVal(cachedLocals) + } + return + } + localsCacheMutex.RUnlock() + + // Cache miss - build locals for this directory + localsMap, err := buildLocalsForDirectory(currentPath) + if err != nil { + log.Error().Msgf("Error building locals for directory %s: %v", currentPath, err) + return + } + + localsCacheMutex.Lock() + localsCache[currentPath] = localsMap + localsCacheMutex.Unlock() + + if len(localsMap) > 0 { + inputVariableMap["local"] = cty.ObjectVal(localsMap) + } +} diff --git a/pkg/parser/terraform/locals_test.go b/pkg/parser/terraform/locals_test.go new file mode 100644 index 00000000000..6db1194332e --- /dev/null +++ b/pkg/parser/terraform/locals_test.go @@ -0,0 +1,442 @@ +package terraform + +import ( + "os" + "path/filepath" + "testing" + + "github.com/stretchr/testify/require" + "github.com/zclconf/go-cty/cty" + + "github.com/Checkmarx/kics/v2/pkg/parser/terraform/converter" +) + +type extractLocalsTest struct { + name string + filename string + wantKeys []string + wantErr bool +} + +type buildLocalsTest struct { + name string + currentPath string + wantKeys []string + wantValues map[string]cty.Value + wantErr bool +} + +func TestExtractLocalsFromFile(t *testing.T) { + tests := []extractLocalsTest{ + { + name: "Should extract simple locals from file", + filename: filepath.Join("..", "..", "..", "test", "fixtures", "test_terraform_locals", "simple", "simple_locals.tf"), + wantKeys: []string{"simple_string", "simple_number", "simple_bool"}, + wantErr: false, + }, + { + name: "Should extract locals referencing variables", + filename: filepath.Join("..", "..", "..", "test", "fixtures", "test_terraform_locals", "with_vars", "locals_with_vars.tf"), + wantKeys: []string{"resource_prefix", "tag_name"}, + wantErr: false, + }, + { + name: "Should extract multiple locals blocks from single file", + filename: filepath.Join("..", "..", "..", "test", "fixtures", "test_terraform_locals", "multi_blocks", "multiple_blocks.tf"), + wantKeys: []string{"first_local", "second_local", "third_local", "combined"}, + wantErr: false, + }, + { + name: "Should return empty map for file without locals", + filename: filepath.Join("..", "..", "..", "test", "fixtures", "test_terraform_locals", "no_locals", "no_locals.tf"), + wantKeys: []string{}, + wantErr: false, + }, + { + name: "Should return error for non-existent file", + filename: filepath.FromSlash("not_found.tf"), + wantKeys: nil, + wantErr: true, + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + localsAttrs, err := extractLocalsFromFile(tt.filename) + if tt.wantErr { + require.NotNil(t, err) + require.Nil(t, localsAttrs) + } else { + require.NoError(t, err) + require.Equal(t, len(tt.wantKeys), len(localsAttrs)) + for _, key := range tt.wantKeys { + _, exists := localsAttrs[key] + require.True(t, exists, "Expected local '%s' not found", key) + } + } + }) + } +} + +func TestBuildLocalsForDirectory(t *testing.T) { + tests := []buildLocalsTest{ + { + name: "Should build locals from directory with simple locals", + currentPath: filepath.Join("..", "..", "..", "test", "fixtures", "test_terraform_locals", "isolated"), + wantKeys: []string{"isolated_value"}, + wantValues: map[string]cty.Value{ + "isolated_value": cty.StringVal("isolated"), + }, + wantErr: false, + }, + { + name: "Should return empty map for directory with no locals", + currentPath: filepath.Join("..", "..", "..", "test", "fixtures", "test_terraform_variables"), + wantKeys: []string{}, + wantValues: map[string]cty.Value{}, + wantErr: false, + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + inputVariableMap = make(converter.VariableMap) + localsMap, err := buildLocalsForDirectory(tt.currentPath) + if tt.wantErr { + require.NotNil(t, err) + } else { + require.NoError(t, err) + require.Equal(t, len(tt.wantKeys), len(localsMap)) + for key, expectedValue := range tt.wantValues { + actualValue, exists := localsMap[key] + require.True(t, exists, "Expected local '%s' not found", key) + require.True(t, expectedValue.RawEquals(actualValue), "Value mismatch for local '%s'", key) + } + } + }) + } + + t.Cleanup(func() { + inputVariableMap = make(converter.VariableMap) + localsCache = make(map[string]converter.VariableMap) + }) +} + +func TestBuildLocalsForDirectory_CrossFileReferences(t *testing.T) { + t.Run("Should handle locals referencing other locals from different files", func(t *testing.T) { + inputVariableMap = make(converter.VariableMap) + currentPath := filepath.Join("..", "..", "..", "test", "fixtures", "test_terraform_locals", "cross_file") + + localsMap, err := buildLocalsForDirectory(currentPath) + require.NoError(t, err) + + // Check that base_name from cross_file_locals_a.tf exists + baseName, exists := localsMap["base_name"] + require.True(t, exists, "base_name should exist") + require.Equal(t, "myapp", baseName.AsString()) + + // Check that full_name from cross_file_locals_b.tf references base_name + fullName, exists := localsMap["full_name"] + require.True(t, exists, "full_name should exist") + require.Equal(t, "myapp-service", fullName.AsString()) + + // Check that base_port is referenced correctly + basePort, exists := localsMap["base_port"] + require.True(t, exists, "base_port should exist") + + fullPort, exists := localsMap["full_port"] + require.True(t, exists, "full_port should exist") + require.True(t, basePort.RawEquals(fullPort), "full_port should equal base_port") + }) + + t.Cleanup(func() { + inputVariableMap = make(converter.VariableMap) + localsCache = make(map[string]converter.VariableMap) + }) +} + +func TestBuildLocalsForDirectory_ForwardReferences(t *testing.T) { + t.Run("Should handle locals referencing locals defined later in same file", func(t *testing.T) { + inputVariableMap = make(converter.VariableMap) + currentPath := filepath.Join("..", "..", "..", "test", "fixtures", "test_terraform_locals", "forward_ref") + + localsMap, err := buildLocalsForDirectory(currentPath) + require.NoError(t, err) + + // Check backend_name (defined after full_backend) + backendName, exists := localsMap["backend_name"] + require.True(t, exists, "backend_name should exist") + require.Equal(t, "api", backendName.AsString()) + + // Check full_backend references backend_name + fullBackend, exists := localsMap["full_backend"] + require.True(t, exists, "full_backend should exist") + require.Equal(t, "api-production", fullBackend.AsString()) + + // Check db_port (defined after connection_string) + _, exists = localsMap["db_port"] + require.True(t, exists, "db_port should exist") + + // Check connection_string references db_port + connectionString, exists := localsMap["connection_string"] + require.True(t, exists, "connection_string should exist") + require.Equal(t, "localhost:5432", connectionString.AsString()) + }) + + t.Cleanup(func() { + inputVariableMap = make(converter.VariableMap) + localsCache = make(map[string]converter.VariableMap) + }) +} + +func TestBuildLocalsForDirectory_OverrideLocals(t *testing.T) { + t.Run("Should handle locals overwriting other locals from different files", func(t *testing.T) { + inputVariableMap = make(converter.VariableMap) + currentPath := filepath.Join("..", "..", "..", "test", "fixtures", "test_terraform_locals", "override") + + localsMap, err := buildLocalsForDirectory(currentPath) + require.NoError(t, err) + + // app_name will be either "first_name" or "overridden_name" depending on file processing order + // Both files define app_name, and later file wins + appName, exists := localsMap["app_name"] + require.True(t, exists, "app_name should exist") + require.NotNil(t, appName) + + // The value should be one of these two + actualName := appName.AsString() + require.True(t, actualName == "first_name" || actualName == "overridden_name", + "app_name should be either 'first_name' or 'overridden_name', got: %s", actualName) + + // app_version should exist from override_locals_a.tf + appVersion, exists := localsMap["app_version"] + require.True(t, exists, "app_version should exist") + require.Equal(t, "1.0.0", appVersion.AsString()) + }) + + t.Cleanup(func() { + inputVariableMap = make(converter.VariableMap) + localsCache = make(map[string]converter.VariableMap) + }) +} + +func TestBuildLocalsForDirectory_MultipleBlocks(t *testing.T) { + t.Run("Should handle multiple locals blocks in same file", func(t *testing.T) { + inputVariableMap = make(converter.VariableMap) + currentPath := filepath.Join("..", "..", "..", "test", "fixtures", "test_terraform_locals", "multi_blocks") + + localsMap, err := buildLocalsForDirectory(currentPath) + require.NoError(t, err) + + // Check all locals from multiple blocks + firstLocal, exists := localsMap["first_local"] + require.True(t, exists, "first_local should exist") + require.Equal(t, "first", firstLocal.AsString()) + + secondLocal, exists := localsMap["second_local"] + require.True(t, exists, "second_local should exist") + require.Equal(t, "second", secondLocal.AsString()) + + thirdLocal, exists := localsMap["third_local"] + require.True(t, exists, "third_local should exist") + require.Equal(t, "third", thirdLocal.AsString()) + + // Check combined local that references first and second + combined, exists := localsMap["combined"] + require.True(t, exists, "combined should exist") + require.Equal(t, "first-second", combined.AsString()) + }) + + t.Cleanup(func() { + inputVariableMap = make(converter.VariableMap) + localsCache = make(map[string]converter.VariableMap) + }) +} + +func TestBuildLocalsForDirectory_CircularReference(t *testing.T) { + t.Run("Should handle circular references gracefully", func(t *testing.T) { + inputVariableMap = make(converter.VariableMap) + currentPath := filepath.Join("..", "..", "..", "test", "fixtures", "test_terraform_locals", "circular") + + localsMap, err := buildLocalsForDirectory(currentPath) + require.NoError(t, err) + + // Circular references should be stored as placeholders + circularA, exists := localsMap["circular_a"] + require.True(t, exists, "circular_a should exist") + + circularB, exists := localsMap["circular_b"] + require.True(t, exists, "circular_b should exist") + + // Both should be string placeholders + require.Equal(t, cty.String, circularA.Type()) + require.Equal(t, cty.String, circularB.Type()) + }) + + t.Cleanup(func() { + inputVariableMap = make(converter.VariableMap) + localsCache = make(map[string]converter.VariableMap) + }) +} + +func TestBuildLocalsForDirectory_WithVariables(t *testing.T) { + t.Run("Should evaluate locals that reference variables", func(t *testing.T) { + inputVariableMap = make(converter.VariableMap) + + // Set up some variables + inputVariableMap["var"] = cty.ObjectVal(map[string]cty.Value{ + "environment": cty.StringVal("production"), + "region": cty.StringVal("us-east-1"), + "prefix": cty.StringVal("prod"), + }) + + currentPath := filepath.Join("..", "..", "..", "test", "fixtures", "test_terraform_locals", "with_vars") + + localsMap, err := buildLocalsForDirectory(currentPath) + require.NoError(t, err) + + // Check locals that reference variables + resourcePrefix, exists := localsMap["resource_prefix"] + require.True(t, exists, "resource_prefix should exist") + require.Equal(t, "production-us-east-1", resourcePrefix.AsString()) + + tagName, exists := localsMap["tag_name"] + require.True(t, exists, "tag_name should exist") + require.Equal(t, "production", tagName.AsString()) + }) + + t.Cleanup(func() { + inputVariableMap = make(converter.VariableMap) + localsCache = make(map[string]converter.VariableMap) + }) +} + +func TestGetLocals(t *testing.T) { + tests := []struct { + name string + currentPath string + wantKeys []string + }{ + { + name: "Should load locals and populate inputVariableMap", + currentPath: filepath.Join("..", "..", "..", "test", "fixtures", "test_terraform_locals", "isolated"), + wantKeys: []string{"isolated_value"}, + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + inputVariableMap = make(converter.VariableMap) + localsCache = make(map[string]converter.VariableMap) + + getLocals(tt.currentPath) + + localObj, exists := inputVariableMap["local"] + require.True(t, exists, "inputVariableMap should contain 'local' key") + + localMap := localObj.AsValueMap() + require.Equal(t, len(tt.wantKeys), len(localMap)) + + for _, key := range tt.wantKeys { + _, exists := localMap[key] + require.True(t, exists, "Expected local '%s' not found", key) + } + }) + } + + t.Cleanup(func() { + inputVariableMap = make(converter.VariableMap) + localsCache = make(map[string]converter.VariableMap) + }) +} + +func TestGetLocals_Caching(t *testing.T) { + tests := []struct { + name string + firstCallPath string + secondCallPath string + shouldUseCache bool + expectedKeyCount int + }{ + { + name: "Should use cache for same directory", + firstCallPath: filepath.Join("..", "..", "..", "test", "fixtures", "test_terraform_locals", "isolated"), + secondCallPath: filepath.Join("..", "..", "..", "test", "fixtures", "test_terraform_locals", "isolated"), + shouldUseCache: true, + expectedKeyCount: 1, + }, + { + name: "Should not use cache for different directory", + firstCallPath: filepath.Join("..", "..", "..", "test", "fixtures", "test_terraform_locals", "isolated"), + secondCallPath: filepath.Join("..", "..", "..", "test", "fixtures", "test_terraform_variables"), + shouldUseCache: false, + expectedKeyCount: 0, + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + localsCache = make(map[string]converter.VariableMap) + inputVariableMap = make(converter.VariableMap) + + getLocals(tt.firstCallPath) + + cacheSize := len(localsCache) + require.Equal(t, 1, cacheSize, "cache should have one entry after first call") + + getLocals(tt.secondCallPath) + + if tt.shouldUseCache { + require.Equal(t, cacheSize, len(localsCache), "cache size should not change when reusing cache") + } else { + require.Equal(t, cacheSize+1, len(localsCache), "cache should grow for new directory") + } + + if tt.expectedKeyCount > 0 { + localObj, ok := inputVariableMap["local"] + require.True(t, ok, "inputVariableMap should contain 'local' key") + require.Equal(t, tt.expectedKeyCount, len(localObj.AsValueMap()), "wrong number of locals") + } + }) + } + + t.Cleanup(func() { + inputVariableMap = make(converter.VariableMap) + localsCache = make(map[string]converter.VariableMap) + }) +} + +func TestGetLocals_Integration(t *testing.T) { + t.Run("Should work with getInputVariables for complete parsing", func(t *testing.T) { + inputVariableMap = make(converter.VariableMap) + localsCache = make(map[string]converter.VariableMap) + variableCache = make(map[string]converter.VariableMap) + + currentPath := filepath.Join("..", "..", "..", "test", "fixtures", "test_terraform_locals", "with_vars") + fileContent, err := os.ReadFile(filepath.Join(currentPath, "locals_with_vars.tf")) + require.NoError(t, err) + + // First load variables + getInputVariables(currentPath, string(fileContent), "") + + // Then load locals + getLocals(currentPath) + + // Check that both var and local are in inputVariableMap + _, varExists := inputVariableMap["var"] + require.True(t, varExists, "var should exist in inputVariableMap") + + localObj, localExists := inputVariableMap["local"] + require.True(t, localExists, "local should exist in inputVariableMap") + + // Verify locals can use variables + localMap := localObj.AsValueMap() + require.NotEmpty(t, localMap, "locals map should not be empty") + }) + + t.Cleanup(func() { + inputVariableMap = make(converter.VariableMap) + localsCache = make(map[string]converter.VariableMap) + variableCache = make(map[string]converter.VariableMap) + }) +} diff --git a/pkg/parser/terraform/terraform.go b/pkg/parser/terraform/terraform.go index 6354f6bfae5..b5a0a5cdc86 100644 --- a/pkg/parser/terraform/terraform.go +++ b/pkg/parser/terraform/terraform.go @@ -5,16 +5,17 @@ import ( "path/filepath" "regexp" - "github.com/Checkmarx/kics/v2/pkg/model" - "github.com/Checkmarx/kics/v2/pkg/parser/terraform/comment" - "github.com/Checkmarx/kics/v2/pkg/parser/terraform/converter" - "github.com/Checkmarx/kics/v2/pkg/parser/utils" - masterUtils "github.com/Checkmarx/kics/v2/pkg/utils" "github.com/hashicorp/hcl/v2" "github.com/hashicorp/hcl/v2/hclsyntax" "github.com/pkg/errors" "github.com/rs/zerolog/log" ctyjson "github.com/zclconf/go-cty/cty/json" + + "github.com/Checkmarx/kics/v2/pkg/model" + "github.com/Checkmarx/kics/v2/pkg/parser/terraform/comment" + "github.com/Checkmarx/kics/v2/pkg/parser/terraform/converter" + "github.com/Checkmarx/kics/v2/pkg/parser/utils" + masterUtils "github.com/Checkmarx/kics/v2/pkg/utils" ) // RetriesDefaultValue is default number of times a parser will retry to execute @@ -56,6 +57,7 @@ func (p *Parser) Resolve(fileContent []byte, filename string, _ bool, _ int) ([] }() getInputVariables(filepath.Dir(filename), string(fileContent), p.terraformVarsPath) getDataSourcePolicy(filepath.Dir(filename)) + getLocals(filepath.Dir(filename)) return fileContent, nil } diff --git a/test/fixtures/test_terraform_locals/circular/circular_reference.tf b/test/fixtures/test_terraform_locals/circular/circular_reference.tf new file mode 100644 index 00000000000..17b10e86ec2 --- /dev/null +++ b/test/fixtures/test_terraform_locals/circular/circular_reference.tf @@ -0,0 +1,10 @@ +# This creates a circular dependency that should be handled gracefully +locals { + circular_a = local.circular_b + circular_b = local.circular_a +} + +resource "test" "circular" { + value_a = local.circular_a + value_b = local.circular_b +} diff --git a/test/fixtures/test_terraform_locals/cross_file/cross_file_locals_a.tf b/test/fixtures/test_terraform_locals/cross_file/cross_file_locals_a.tf new file mode 100644 index 00000000000..ee1476a67b6 --- /dev/null +++ b/test/fixtures/test_terraform_locals/cross_file/cross_file_locals_a.tf @@ -0,0 +1,10 @@ +locals { + base_name = "myapp" + base_port = 8080 +} + +resource "test" "a" { + name = local.base_name + port = local.base_port +} + diff --git a/test/fixtures/test_terraform_locals/cross_file/cross_file_locals_b.tf b/test/fixtures/test_terraform_locals/cross_file/cross_file_locals_b.tf new file mode 100644 index 00000000000..0f020836def --- /dev/null +++ b/test/fixtures/test_terraform_locals/cross_file/cross_file_locals_b.tf @@ -0,0 +1,10 @@ +locals { + full_name = "${local.base_name}-service" + full_port = local.base_port +} + +resource "test" "b" { + name = local.full_name + port = local.full_port +} + diff --git a/test/fixtures/test_terraform_locals/forward_ref/forward_reference.tf b/test/fixtures/test_terraform_locals/forward_ref/forward_reference.tf new file mode 100644 index 00000000000..a9e891d82e2 --- /dev/null +++ b/test/fixtures/test_terraform_locals/forward_ref/forward_reference.tf @@ -0,0 +1,15 @@ +locals { + # This references 'backend_name' which is defined later in the same block + full_backend = "${local.backend_name}-production" + backend_name = "api" + + # This references 'db_port' which is defined later + connection_string = "localhost:${local.db_port}" + db_port = 5432 +} + +resource "test" "forward_ref" { + backend = local.full_backend + connection = local.connection_string +} + diff --git a/test/fixtures/test_terraform_locals/isolated/isolated_locals.tf b/test/fixtures/test_terraform_locals/isolated/isolated_locals.tf new file mode 100644 index 00000000000..2a629335bca --- /dev/null +++ b/test/fixtures/test_terraform_locals/isolated/isolated_locals.tf @@ -0,0 +1,8 @@ +locals { + isolated_value = "isolated" +} + +resource "test" "isolated" { + value = local.isolated_value +} + diff --git a/test/fixtures/test_terraform_locals/multi_blocks/multiple_blocks.tf b/test/fixtures/test_terraform_locals/multi_blocks/multiple_blocks.tf new file mode 100644 index 00000000000..81a1bf99cf6 --- /dev/null +++ b/test/fixtures/test_terraform_locals/multi_blocks/multiple_blocks.tf @@ -0,0 +1,22 @@ +# Multiple locals blocks in the same file +locals { + first_local = "first" +} + +locals { + second_local = "second" +} + +locals { + third_local = "third" + # Reference to earlier local + combined = "${local.first_local}-${local.second_local}" +} + +resource "test" "multi_blocks" { + first = local.first_local + second = local.second_local + third = local.third_local + combo = local.combined +} + diff --git a/test/fixtures/test_terraform_locals/no_locals/no_locals.tf b/test/fixtures/test_terraform_locals/no_locals/no_locals.tf new file mode 100644 index 00000000000..4857079dbea --- /dev/null +++ b/test/fixtures/test_terraform_locals/no_locals/no_locals.tf @@ -0,0 +1,9 @@ +variable "test_var" { + type = string + default = "test" +} + +resource "test" "no_locals" { + name = var.test_var +} + diff --git a/test/fixtures/test_terraform_locals/override/override_locals_a.tf b/test/fixtures/test_terraform_locals/override/override_locals_a.tf new file mode 100644 index 00000000000..d44310f06b9 --- /dev/null +++ b/test/fixtures/test_terraform_locals/override/override_locals_a.tf @@ -0,0 +1,10 @@ +locals { + app_name = "first_name" + app_version = "1.0.0" +} + +resource "test" "override_a" { + name = local.app_name + version = local.app_version +} + diff --git a/test/fixtures/test_terraform_locals/override/override_locals_b.tf b/test/fixtures/test_terraform_locals/override/override_locals_b.tf new file mode 100644 index 00000000000..dcc3b363d57 --- /dev/null +++ b/test/fixtures/test_terraform_locals/override/override_locals_b.tf @@ -0,0 +1,9 @@ +# This file overrides app_name from override_locals_a.tf +locals { + app_name = "overridden_name" +} + +resource "test" "override_b" { + name = local.app_name +} + diff --git a/test/fixtures/test_terraform_locals/simple/simple_locals.tf b/test/fixtures/test_terraform_locals/simple/simple_locals.tf new file mode 100644 index 00000000000..6c0114427b9 --- /dev/null +++ b/test/fixtures/test_terraform_locals/simple/simple_locals.tf @@ -0,0 +1,17 @@ +variable "prefix" { + type = string + default = "prod" +} + +locals { + simple_string = "hello" + simple_number = 42 + simple_bool = true +} + +resource "test" "example" { + name = local.simple_string + count = local.simple_number + active = local.simple_bool +} + diff --git a/test/fixtures/test_terraform_locals/with_vars/locals_with_vars.tf b/test/fixtures/test_terraform_locals/with_vars/locals_with_vars.tf new file mode 100644 index 00000000000..7d90ec57ea5 --- /dev/null +++ b/test/fixtures/test_terraform_locals/with_vars/locals_with_vars.tf @@ -0,0 +1,20 @@ +variable "environment" { + type = string + default = "production" +} + +variable "region" { + type = string + default = "us-east-1" +} + +locals { + resource_prefix = "${var.environment}-${var.region}" + tag_name = var.environment +} + +resource "test" "with_vars" { + prefix = local.resource_prefix + tag = local.tag_name +} + From 42befcc89f10ac042d60be59a8f1463e83401165 Mon Sep 17 00:00:00 2001 From: ArturRibeiro-CX <153724638+cx-artur-ribeiro@users.noreply.github.com> Date: Thu, 15 Jan 2026 01:41:08 +0000 Subject: [PATCH 02/10] update exit code --- e2e/testcases/e2e-cli-104_tf_locals_support.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/e2e/testcases/e2e-cli-104_tf_locals_support.go b/e2e/testcases/e2e-cli-104_tf_locals_support.go index 1b1140884c9..3c79cbedfc6 100644 --- a/e2e/testcases/e2e-cli-104_tf_locals_support.go +++ b/e2e/testcases/e2e-cli-104_tf_locals_support.go @@ -22,7 +22,7 @@ func init() { //nolint }, }, }, - WantStatus: []int{50}, + WantStatus: []int{40}, } Tests = append(Tests, testSample) From e120deffbb4481a0b19f20d122ad0aa5d84468f6 Mon Sep 17 00:00:00 2001 From: ArturRibeiro-CX <153724638+cx-artur-ribeiro@users.noreply.github.com> Date: Thu, 15 Jan 2026 02:10:08 +0000 Subject: [PATCH 03/10] remove newline from payload file and clear code --- e2e/fixtures/E2E_CLI_104_RESULT.json | 1 - pkg/parser/terraform/locals_test.go | 7 ++----- 2 files changed, 2 insertions(+), 6 deletions(-) diff --git a/e2e/fixtures/E2E_CLI_104_RESULT.json b/e2e/fixtures/E2E_CLI_104_RESULT.json index da4ca5ef305..b001ff32d26 100644 --- a/e2e/fixtures/E2E_CLI_104_RESULT.json +++ b/e2e/fixtures/E2E_CLI_104_RESULT.json @@ -157,4 +157,3 @@ } ] } - diff --git a/pkg/parser/terraform/locals_test.go b/pkg/parser/terraform/locals_test.go index 6db1194332e..7582c5987b0 100644 --- a/pkg/parser/terraform/locals_test.go +++ b/pkg/parser/terraform/locals_test.go @@ -199,11 +199,12 @@ func TestBuildLocalsForDirectory_OverrideLocals(t *testing.T) { // app_name will be either "first_name" or "overridden_name" depending on file processing order // Both files define app_name, and later file wins + // Need to work on file prioritization appName, exists := localsMap["app_name"] require.True(t, exists, "app_name should exist") require.NotNil(t, appName) - // The value should be one of these two + // The value should be one of these two for now actualName := appName.AsString() require.True(t, actualName == "first_name" || actualName == "overridden_name", "app_name should be either 'first_name' or 'overridden_name', got: %s", actualName) @@ -283,7 +284,6 @@ func TestBuildLocalsForDirectory_WithVariables(t *testing.T) { t.Run("Should evaluate locals that reference variables", func(t *testing.T) { inputVariableMap = make(converter.VariableMap) - // Set up some variables inputVariableMap["var"] = cty.ObjectVal(map[string]cty.Value{ "environment": cty.StringVal("production"), "region": cty.StringVal("us-east-1"), @@ -416,10 +416,7 @@ func TestGetLocals_Integration(t *testing.T) { fileContent, err := os.ReadFile(filepath.Join(currentPath, "locals_with_vars.tf")) require.NoError(t, err) - // First load variables getInputVariables(currentPath, string(fileContent), "") - - // Then load locals getLocals(currentPath) // Check that both var and local are in inputVariableMap From b18a56f334be9e23fbb868a8cf0e7c5a1a20b755 Mon Sep 17 00:00:00 2001 From: ArturRibeiro-CX <153724638+cx-artur-ribeiro@users.noreply.github.com> Date: Thu, 15 Jan 2026 02:27:11 +0000 Subject: [PATCH 04/10] remove newline from payload --- e2e/fixtures/E2E_CLI_104_PAYLOAD.json | 1 - 1 file changed, 1 deletion(-) diff --git a/e2e/fixtures/E2E_CLI_104_PAYLOAD.json b/e2e/fixtures/E2E_CLI_104_PAYLOAD.json index 083f21a3ceb..426d37ce814 100644 --- a/e2e/fixtures/E2E_CLI_104_PAYLOAD.json +++ b/e2e/fixtures/E2E_CLI_104_PAYLOAD.json @@ -55,4 +55,3 @@ } ] } - From 3274bdf2c0b749d9e61d19481a0ffa3eb27fbe34 Mon Sep 17 00:00:00 2001 From: ArturRibeiro-CX <153724638+cx-artur-ribeiro@users.noreply.github.com> Date: Thu, 15 Jan 2026 02:51:13 +0000 Subject: [PATCH 05/10] reorder file id --- e2e/fixtures/E2E_CLI_104_PAYLOAD.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/e2e/fixtures/E2E_CLI_104_PAYLOAD.json b/e2e/fixtures/E2E_CLI_104_PAYLOAD.json index 426d37ce814..9b1772b61ed 100644 --- a/e2e/fixtures/E2E_CLI_104_PAYLOAD.json +++ b/e2e/fixtures/E2E_CLI_104_PAYLOAD.json @@ -2,7 +2,7 @@ "document": [ { "file": "file", - "id": "0", + "id": "1", "locals": { "environment": "production", "resource_name": "my-app-service" @@ -41,7 +41,7 @@ }, { "file": "file", - "id": "1", + "id": "0", "variable": { "name": { "default": "service", From e53844690be09597779ce60b97d79e49837e0baa Mon Sep 17 00:00:00 2001 From: ArturRibeiro-CX <153724638+cx-artur-ribeiro@users.noreply.github.com> Date: Thu, 15 Jan 2026 09:56:45 +0000 Subject: [PATCH 06/10] normalize ids to 0....... --- e2e/fixtures/E2E_CLI_104_PAYLOAD.json | 2 +- e2e/testcases/e2e-cli-001_help_text.go | 18 --- e2e/testcases/e2e-cli-002_help_scan.go | 18 --- e2e/testcases/e2e-cli-003_scan_text.go | 18 --- .../e2e-cli-004_invalid_combination.go | 23 ---- e2e/testcases/e2e-cli-005_payload-path.go | 25 ---- e2e/testcases/e2e-cli-006_generate-id.go | 24 ---- e2e/testcases/e2e-cli-007_scan.go | 28 ----- e2e/testcases/e2e-cli-008_scan_silent.go | 19 --- e2e/testcases/e2e-cli-009_scan_no-progress.go | 25 ---- .../e2e-cli-010_scan_invalid_type.go | 24 ---- e2e/testcases/e2e-cli-011_scan_type.go | 21 ---- e2e/testcases/e2e-cli-012_scan_minimal-ui.go | 25 ---- e2e/testcases/e2e-cli-013_list-platforms.go | 20 ---- .../e2e-cli-014_scan_preview-lines.go | 26 ----- e2e/testcases/e2e-cli-015_scan_no-color.go | 26 ----- .../e2e-cli-016_scan_invalid_flag.go | 26 ----- e2e/testcases/e2e-cli-017_scan_verbose.go | 25 ---- .../e2e-cli-018_scan_exclude-categories.go | 18 --- .../e2e-cli-019_scan_multiple_paths.go | 25 ---- .../e2e-cli-020_scan_exclude-queries.go | 21 ---- e2e/testcases/e2e-cli-021_scan_status_code.go | 24 ---- .../e2e-cli-022_scan_profiling_cpu.go | 24 ---- .../e2e-cli-023_scan_profiling_mem.go | 24 ---- e2e/testcases/e2e-cli-024_version.go | 23 ---- e2e/testcases/e2e-cli-025_scan_fail-on.go | 21 ---- .../e2e-cli-026_scan_ignore-on-exit.go | 28 ----- .../e2e-cli-027_scan_exclude-paths.go | 24 ---- e2e/testcases/e2e-cli-028_scan_log-format.go | 27 ----- e2e/testcases/e2e-cli-029_scan_config.go | 21 ---- e2e/testcases/e2e-cli-030_output-path.go | 24 ---- .../e2e-cli-031_scan_report-formats.go | 34 ------ ...-cli-032_scan_output-path_validate_json.go | 25 ---- ...i-033_scan_output-path_validate_payload.go | 32 ----- .../e2e-cli-034_scan_log-format_no_verbose.go | 28 ----- .../e2e-cli-035_scan_exclude-results.go | 25 ---- .../e2e-cli-036_scan_include-queries.go | 59 ---------- ...37_scan_exclude-results_include-queries.go | 25 ---- e2e/testcases/e2e-cli-038_scan_log-path.go | 35 ------ .../e2e-cli-039_scan_log-path_log-level.go | 32 ----- ...40_scan_report-formats_validate_outputs.go | 25 ---- .../e2e-cli-041_scan_remote_path_git.go | 25 ---- .../e2e-cli-042_scan_remote_path_http.go | 25 ---- .../e2e-cli-043_scan_cloud-provider.go | 24 ---- .../e2e-cli-044_scan_exclude-severities.go | 31 ----- .../e2e-cli-045_scan_disable-secrets.go | 26 ----- ...-cli-046_scan_disable-full-descriptions.go | 26 ----- .../e2e-cli-047_scan_payload-lines.go | 21 ---- ...e2e-cli-048_scan_custom-secrets-regexes.go | 34 ------ .../e2e-cli-049_scan_custom-libraries-path.go | 24 ---- .../e2e-cli-050_scan_bill-of-materials.go | 27 ----- .../e2e-cli-051_scan_custom-queries-path.go | 24 ---- ...i-052_scan_with_custom_cis_descriptions.go | 35 ------ e2e/testcases/e2e-cli-053_kics_scan_ignore.go | 20 ---- .../e2e-cli-054_scan_multiple-queries-path.go | 26 ----- .../e2e-cli-055_scan_resolve_openapi_files.go | 23 ---- e2e/testcases/e2e-cli-056_scan_timeout.go | 29 ----- e2e/testcases/e2e-cli-057_fix_all.go | 28 ----- e2e/testcases/e2e-cli-058_fix_include_ids.go | 31 ----- e2e/testcases/e2e-cli-059_help_fix.go | 18 --- e2e/testcases/e2e-cli-060_fix_text.go | 18 --- .../e2e-cli-061_scan_exclude_type.go | 23 ---- .../e2e-cli-062_tf_variables_comment_path.go | 22 ---- .../e2e-cli-063_tf_variables_flag_path.go | 23 ---- e2e/testcases/e2e-cli-064_json_file_ref.go | 19 --- .../e2e-cli-065_yaml_resolver_panic.go | 19 --- e2e/testcases/e2e-cli-066_analyze_command.go | 23 ---- ...e2e-cli-067_ignore_broken_symlink_eloop.go | 22 ---- .../e2e-cli-068_corrupted_dockerfile.go | 26 ----- .../e2e-cli-069_ignore_experimental_query.go | 32 ----- ...e-cli-070_not_ignore_experimental_query.go | 31 ----- .../e2e-cli-071_no_flag_resolve_references.go | 27 ----- .../e2e-cli-071_tf_eval_func_unknown_type.go | 22 ---- .../e2e-cli-072_flag_resolve_references.go | 28 ----- ...cli-073_json_no_flag_resolve_references.go | 28 ----- ...2e-cli-074_json_flag_resolve_references.go | 28 ----- .../e2e-cli-075_ansible_host_detected.go | 27 ----- e2e/testcases/e2e-cli-076_max_file_size.go | 27 ----- .../e2e-cli-077_fix_similarity_id.go | 27 ----- ...2e-cli-078_similarity_id_minified_files.go | 27 ----- e2e/testcases/e2e-cli-079_cwe_sarif_result.go | 28 ----- e2e/testcases/e2e-cli-080_cwe_sarif_result.go | 28 ----- .../e2e-cli-081_output_path_valid.go | 26 ----- .../e2e-cli-082_output_path_invalid.go | 23 ---- e2e/testcases/e2e-cli-083_helm_ignore.go | 27 ----- .../e2e-cli-084_helm_ignore_block.go | 27 ----- .../e2e-cli-085_helm_disable_query.go | 27 ----- .../e2e-cli-086_parallel_scan_default.go | 27 ----- .../e2e-cli-087_parallel_scan_sequential.go | 27 ----- .../e2e-cli-088_parallel_scan_6_workers.go | 27 ----- .../e2e-cli-089_critical_severity.go | 26 ----- ...90_critical_severity_all_report_formats.go | 28 ----- .../e2e-cli-091_bicep_scan_output_payload.go | 31 ----- ...e-cli-092_gitignore_not_exclude_project.go | 26 ----- ...e2e-cli-093_old_severity_metadata_field.go | 110 ------------------ .../e2e-cli-094_max_resolver_depth_0.go | 30 ----- .../e2e-cli-095_max_resolver_depth_default.go | 29 ----- ...ew_similarity_id_with_old_similarity_id.go | 27 ----- ...similarity_id_without_old_similarity_id.go | 26 ----- ...include_ids_with_new_queryid_validation.go | 31 ----- ...i-099_compare_openapi_payload_json_yaml.go | 30 ----- ...e2e-cli-100_scan_skip_blacklisted_files.go | 85 -------------- .../e2e-cli-101_bicep_exclude_commands.go | 62 ---------- .../e2e-cli-102_scan_utf16_zip_file.go | 22 ---- ...e-cli-103_bicep_existing_parent_payload.go | 22 ---- 105 files changed, 1 insertion(+), 2864 deletions(-) delete mode 100644 e2e/testcases/e2e-cli-001_help_text.go delete mode 100644 e2e/testcases/e2e-cli-002_help_scan.go delete mode 100644 e2e/testcases/e2e-cli-003_scan_text.go delete mode 100644 e2e/testcases/e2e-cli-004_invalid_combination.go delete mode 100644 e2e/testcases/e2e-cli-005_payload-path.go delete mode 100644 e2e/testcases/e2e-cli-006_generate-id.go delete mode 100644 e2e/testcases/e2e-cli-007_scan.go delete mode 100644 e2e/testcases/e2e-cli-008_scan_silent.go delete mode 100644 e2e/testcases/e2e-cli-009_scan_no-progress.go delete mode 100644 e2e/testcases/e2e-cli-010_scan_invalid_type.go delete mode 100644 e2e/testcases/e2e-cli-011_scan_type.go delete mode 100644 e2e/testcases/e2e-cli-012_scan_minimal-ui.go delete mode 100644 e2e/testcases/e2e-cli-013_list-platforms.go delete mode 100644 e2e/testcases/e2e-cli-014_scan_preview-lines.go delete mode 100644 e2e/testcases/e2e-cli-015_scan_no-color.go delete mode 100644 e2e/testcases/e2e-cli-016_scan_invalid_flag.go delete mode 100644 e2e/testcases/e2e-cli-017_scan_verbose.go delete mode 100644 e2e/testcases/e2e-cli-018_scan_exclude-categories.go delete mode 100644 e2e/testcases/e2e-cli-019_scan_multiple_paths.go delete mode 100644 e2e/testcases/e2e-cli-020_scan_exclude-queries.go delete mode 100644 e2e/testcases/e2e-cli-021_scan_status_code.go delete mode 100644 e2e/testcases/e2e-cli-022_scan_profiling_cpu.go delete mode 100644 e2e/testcases/e2e-cli-023_scan_profiling_mem.go delete mode 100644 e2e/testcases/e2e-cli-024_version.go delete mode 100644 e2e/testcases/e2e-cli-025_scan_fail-on.go delete mode 100644 e2e/testcases/e2e-cli-026_scan_ignore-on-exit.go delete mode 100644 e2e/testcases/e2e-cli-027_scan_exclude-paths.go delete mode 100644 e2e/testcases/e2e-cli-028_scan_log-format.go delete mode 100644 e2e/testcases/e2e-cli-029_scan_config.go delete mode 100644 e2e/testcases/e2e-cli-030_output-path.go delete mode 100644 e2e/testcases/e2e-cli-031_scan_report-formats.go delete mode 100644 e2e/testcases/e2e-cli-032_scan_output-path_validate_json.go delete mode 100644 e2e/testcases/e2e-cli-033_scan_output-path_validate_payload.go delete mode 100644 e2e/testcases/e2e-cli-034_scan_log-format_no_verbose.go delete mode 100644 e2e/testcases/e2e-cli-035_scan_exclude-results.go delete mode 100644 e2e/testcases/e2e-cli-036_scan_include-queries.go delete mode 100644 e2e/testcases/e2e-cli-037_scan_exclude-results_include-queries.go delete mode 100644 e2e/testcases/e2e-cli-038_scan_log-path.go delete mode 100644 e2e/testcases/e2e-cli-039_scan_log-path_log-level.go delete mode 100644 e2e/testcases/e2e-cli-040_scan_report-formats_validate_outputs.go delete mode 100644 e2e/testcases/e2e-cli-041_scan_remote_path_git.go delete mode 100644 e2e/testcases/e2e-cli-042_scan_remote_path_http.go delete mode 100644 e2e/testcases/e2e-cli-043_scan_cloud-provider.go delete mode 100644 e2e/testcases/e2e-cli-044_scan_exclude-severities.go delete mode 100644 e2e/testcases/e2e-cli-045_scan_disable-secrets.go delete mode 100644 e2e/testcases/e2e-cli-046_scan_disable-full-descriptions.go delete mode 100644 e2e/testcases/e2e-cli-047_scan_payload-lines.go delete mode 100644 e2e/testcases/e2e-cli-048_scan_custom-secrets-regexes.go delete mode 100644 e2e/testcases/e2e-cli-049_scan_custom-libraries-path.go delete mode 100644 e2e/testcases/e2e-cli-050_scan_bill-of-materials.go delete mode 100644 e2e/testcases/e2e-cli-051_scan_custom-queries-path.go delete mode 100644 e2e/testcases/e2e-cli-052_scan_with_custom_cis_descriptions.go delete mode 100644 e2e/testcases/e2e-cli-053_kics_scan_ignore.go delete mode 100644 e2e/testcases/e2e-cli-054_scan_multiple-queries-path.go delete mode 100644 e2e/testcases/e2e-cli-055_scan_resolve_openapi_files.go delete mode 100644 e2e/testcases/e2e-cli-056_scan_timeout.go delete mode 100644 e2e/testcases/e2e-cli-057_fix_all.go delete mode 100644 e2e/testcases/e2e-cli-058_fix_include_ids.go delete mode 100644 e2e/testcases/e2e-cli-059_help_fix.go delete mode 100644 e2e/testcases/e2e-cli-060_fix_text.go delete mode 100644 e2e/testcases/e2e-cli-061_scan_exclude_type.go delete mode 100644 e2e/testcases/e2e-cli-062_tf_variables_comment_path.go delete mode 100644 e2e/testcases/e2e-cli-063_tf_variables_flag_path.go delete mode 100644 e2e/testcases/e2e-cli-064_json_file_ref.go delete mode 100644 e2e/testcases/e2e-cli-065_yaml_resolver_panic.go delete mode 100644 e2e/testcases/e2e-cli-066_analyze_command.go delete mode 100644 e2e/testcases/e2e-cli-067_ignore_broken_symlink_eloop.go delete mode 100644 e2e/testcases/e2e-cli-068_corrupted_dockerfile.go delete mode 100644 e2e/testcases/e2e-cli-069_ignore_experimental_query.go delete mode 100644 e2e/testcases/e2e-cli-070_not_ignore_experimental_query.go delete mode 100644 e2e/testcases/e2e-cli-071_no_flag_resolve_references.go delete mode 100644 e2e/testcases/e2e-cli-071_tf_eval_func_unknown_type.go delete mode 100644 e2e/testcases/e2e-cli-072_flag_resolve_references.go delete mode 100644 e2e/testcases/e2e-cli-073_json_no_flag_resolve_references.go delete mode 100644 e2e/testcases/e2e-cli-074_json_flag_resolve_references.go delete mode 100644 e2e/testcases/e2e-cli-075_ansible_host_detected.go delete mode 100644 e2e/testcases/e2e-cli-076_max_file_size.go delete mode 100644 e2e/testcases/e2e-cli-077_fix_similarity_id.go delete mode 100644 e2e/testcases/e2e-cli-078_similarity_id_minified_files.go delete mode 100644 e2e/testcases/e2e-cli-079_cwe_sarif_result.go delete mode 100644 e2e/testcases/e2e-cli-080_cwe_sarif_result.go delete mode 100644 e2e/testcases/e2e-cli-081_output_path_valid.go delete mode 100644 e2e/testcases/e2e-cli-082_output_path_invalid.go delete mode 100644 e2e/testcases/e2e-cli-083_helm_ignore.go delete mode 100644 e2e/testcases/e2e-cli-084_helm_ignore_block.go delete mode 100644 e2e/testcases/e2e-cli-085_helm_disable_query.go delete mode 100644 e2e/testcases/e2e-cli-086_parallel_scan_default.go delete mode 100644 e2e/testcases/e2e-cli-087_parallel_scan_sequential.go delete mode 100644 e2e/testcases/e2e-cli-088_parallel_scan_6_workers.go delete mode 100644 e2e/testcases/e2e-cli-089_critical_severity.go delete mode 100644 e2e/testcases/e2e-cli-090_critical_severity_all_report_formats.go delete mode 100644 e2e/testcases/e2e-cli-091_bicep_scan_output_payload.go delete mode 100644 e2e/testcases/e2e-cli-092_gitignore_not_exclude_project.go delete mode 100644 e2e/testcases/e2e-cli-093_old_severity_metadata_field.go delete mode 100644 e2e/testcases/e2e-cli-094_max_resolver_depth_0.go delete mode 100644 e2e/testcases/e2e-cli-095_max_resolver_depth_default.go delete mode 100644 e2e/testcases/e2e-cli-096_new_similarity_id_with_old_similarity_id.go delete mode 100644 e2e/testcases/e2e-cli-097_new_similarity_id_without_old_similarity_id.go delete mode 100644 e2e/testcases/e2e-cli-098_include_ids_with_new_queryid_validation.go delete mode 100644 e2e/testcases/e2e-cli-099_compare_openapi_payload_json_yaml.go delete mode 100644 e2e/testcases/e2e-cli-100_scan_skip_blacklisted_files.go delete mode 100644 e2e/testcases/e2e-cli-101_bicep_exclude_commands.go delete mode 100644 e2e/testcases/e2e-cli-102_scan_utf16_zip_file.go delete mode 100644 e2e/testcases/e2e-cli-103_bicep_existing_parent_payload.go diff --git a/e2e/fixtures/E2E_CLI_104_PAYLOAD.json b/e2e/fixtures/E2E_CLI_104_PAYLOAD.json index 9b1772b61ed..af2aeea1194 100644 --- a/e2e/fixtures/E2E_CLI_104_PAYLOAD.json +++ b/e2e/fixtures/E2E_CLI_104_PAYLOAD.json @@ -2,7 +2,7 @@ "document": [ { "file": "file", - "id": "1", + "id": "0", "locals": { "environment": "production", "resource_name": "my-app-service" diff --git a/e2e/testcases/e2e-cli-001_help_text.go b/e2e/testcases/e2e-cli-001_help_text.go deleted file mode 100644 index 985a0d20140..00000000000 --- a/e2e/testcases/e2e-cli-001_help_text.go +++ /dev/null @@ -1,18 +0,0 @@ -package testcases - -// E2E-CLI-001 - KICS command should display a help text in the CLI when provided with the -// --help flag and it should describe the available commands plus the global flags -func init() { //nolint - testSample := TestCase{ - Name: "should display the kics help text [E2E-CLI-001]", - Args: args{ - Args: []cmdArgs{ - []string{"--help"}, - }, - ExpectedOut: []string{"E2E_CLI_001"}, - }, - WantStatus: []int{0}, - } - - Tests = append(Tests, testSample) -} diff --git a/e2e/testcases/e2e-cli-002_help_scan.go b/e2e/testcases/e2e-cli-002_help_scan.go deleted file mode 100644 index 13aa400a090..00000000000 --- a/e2e/testcases/e2e-cli-002_help_scan.go +++ /dev/null @@ -1,18 +0,0 @@ -package testcases - -// E2E-CLI-002 - KICS scan command should display a help text in the CLI when provided with the -// --help flag and it should describe the options related with scan plus the global options -func init() { //nolint - testSample := TestCase{ - Name: "should display the kics scan help text [E2E-CLI-002]", - Args: args{ - Args: []cmdArgs{ - []string{"scan", "--help"}, - }, - ExpectedOut: []string{"E2E_CLI_002"}, - }, - WantStatus: []int{0}, - } - - Tests = append(Tests, testSample) -} diff --git a/e2e/testcases/e2e-cli-003_scan_text.go b/e2e/testcases/e2e-cli-003_scan_text.go deleted file mode 100644 index d1741de4468..00000000000 --- a/e2e/testcases/e2e-cli-003_scan_text.go +++ /dev/null @@ -1,18 +0,0 @@ -package testcases - -// E2E-CLI-003 - KICS scan command has a mandatory flag -p. The CLI should exhibit -// an error message and return exit code 126 -func init() { //nolint - testSample := TestCase{ - Name: "should display an error regarding missing -p flag [E2E-CLI-003]", - Args: args{ - Args: []cmdArgs{ - []string{"scan"}, - }, - ExpectedOut: []string{"E2E_CLI_003"}, - }, - WantStatus: []int{126}, - } - - Tests = append(Tests, testSample) -} diff --git a/e2e/testcases/e2e-cli-004_invalid_combination.go b/e2e/testcases/e2e-cli-004_invalid_combination.go deleted file mode 100644 index 30abe89aa29..00000000000 --- a/e2e/testcases/e2e-cli-004_invalid_combination.go +++ /dev/null @@ -1,23 +0,0 @@ -package testcases - -// E2E-CLI-004 - KICS has an invalid flag combination -// an error message and return exit code 1 - -func init() { //nolint - testSample := TestCase{ - Name: "should display an error of invalid flag combination [E2E-CLI-004]", - Args: args{ - Args: []cmdArgs{ - []string{"scan", "--ci", "--verbose"}, - []string{"--ci", "scan", "--verbose"}, - }, - ExpectedOut: []string{ - "E2E_CLI_004", - "E2E_CLI_004", - }, - }, - WantStatus: []int{126, 126}, - } - - Tests = append(Tests, testSample) -} diff --git a/e2e/testcases/e2e-cli-005_payload-path.go b/e2e/testcases/e2e-cli-005_payload-path.go deleted file mode 100644 index 8017a59b3f6..00000000000 --- a/e2e/testcases/e2e-cli-005_payload-path.go +++ /dev/null @@ -1,25 +0,0 @@ -package testcases - -// E2E-CLI-005 - KICS scan with -- payload-path flag should create a file with the -// passed name containing the payload of the files scanned - -func init() { //nolint - testSample := TestCase{ - Name: "should create a payload file [E2E-CLI-005]", - Args: args{ - Args: []cmdArgs{ - []string{"scan", "--silent", "-p", "/path/e2e/fixtures/samples/terraform.tf", - "--payload-path", "/path/e2e/output/E2E_CLI_005_PAYLOAD.json"}, - }, - ExpectedOut: []string{ - "E2E_CLI_005", - }, - ExpectedPayload: []string{ - "E2E_CLI_005_PAYLOAD.json", - }, - }, - WantStatus: []int{50}, - } - - Tests = append(Tests, testSample) -} diff --git a/e2e/testcases/e2e-cli-006_generate-id.go b/e2e/testcases/e2e-cli-006_generate-id.go deleted file mode 100644 index 52aca8b8d79..00000000000 --- a/e2e/testcases/e2e-cli-006_generate-id.go +++ /dev/null @@ -1,24 +0,0 @@ -package testcases - -import "regexp" - -// E2E-CLI-006 - KICS generate-id should exhibit -// a valid UUID in the CLI and return exit code 0 -func init() { //nolint - testSample := TestCase{ - Name: "should generate a valid ID [E2E-CLI-006]", - Args: args{ - Args: []cmdArgs{ - []string{"generate-id"}, - }, - }, - WantStatus: []int{0}, - Validation: func(outputText string) bool { - uuidRegex := "[a-f0-9]{8}-[a-f0-9]{4}-4{1}[a-f0-9]{3}-[89ab]{1}[a-f0-9]{3}-[a-f0-9]{12}" - match, _ := regexp.MatchString(uuidRegex, outputText) - return match - }, - } - - Tests = append(Tests, testSample) -} diff --git a/e2e/testcases/e2e-cli-007_scan.go b/e2e/testcases/e2e-cli-007_scan.go deleted file mode 100644 index c3a376a1977..00000000000 --- a/e2e/testcases/e2e-cli-007_scan.go +++ /dev/null @@ -1,28 +0,0 @@ -package testcases - -import "regexp" - -// E2E-CLI-007 - the default kics scan must show informations such as 'Files scanned', -// 'Queries loaded', 'Scan Duration', '...' in the CLI -func init() { //nolint - testSample := TestCase{ - Name: "should perform a simple scan [E2E-CLI-007]", - Args: args{ - Args: []cmdArgs{ - []string{"scan", "-p", "/path/e2e/fixtures/samples/positive.yaml", "-v"}, - }, - }, - WantStatus: []int{50}, - Validation: func(outputText string) bool { - match1, _ := regexp.MatchString(`Scanned Files: \d+`, outputText) - match2, _ := regexp.MatchString(`Parsed Files: \d+`, outputText) - match3, _ := regexp.MatchString(`Queries loaded: \d+`, outputText) - match4, _ := regexp.MatchString(`Queries failed to execute: \d+`, outputText) - match5, _ := regexp.MatchString(`--- Results Summary ---`, outputText) - match6, _ := regexp.MatchString(`Scan duration: \d+(m\d+)?(.\d+)?s`, outputText) - return match1 && match2 && match3 && match4 && match5 && match6 - }, - } - - Tests = append(Tests, testSample) -} diff --git a/e2e/testcases/e2e-cli-008_scan_silent.go b/e2e/testcases/e2e-cli-008_scan_silent.go deleted file mode 100644 index ffb48122da3..00000000000 --- a/e2e/testcases/e2e-cli-008_scan_silent.go +++ /dev/null @@ -1,19 +0,0 @@ -package testcases - -// E2E-CLI-008 - KICS scan with --silent global flag -// should hide all the output text in the CLI (empty output) - -func init() { //nolint - testSample := TestCase{ - Name: "should hide all output text in CLI [E2E-CLI-008]", - Args: args{ - Args: []cmdArgs{ - []string{"scan", "--silent", "-p", "/path/e2e/fixtures/samples/positive.yaml"}, - }, - ExpectedOut: []string{"E2E_CLI_008"}, - }, - WantStatus: []int{50}, - } - - Tests = append(Tests, testSample) -} diff --git a/e2e/testcases/e2e-cli-009_scan_no-progress.go b/e2e/testcases/e2e-cli-009_scan_no-progress.go deleted file mode 100644 index b9741ba5eb9..00000000000 --- a/e2e/testcases/e2e-cli-009_scan_no-progress.go +++ /dev/null @@ -1,25 +0,0 @@ -package testcases - -import "regexp" - -// E2E-CLI-009 - kics scan with no-progress flag -// should perform a scan without showing progress bar in the CLI -func init() { //nolint - testSample := TestCase{ - Name: "should hide the progress bar in the CLI [E2E-CLI-009]", - Args: args{ - Args: []cmdArgs{ - []string{"scan", "-p", "/path/e2e/fixtures/samples/positive.dockerfile", "--no-progress"}, - }, - }, - WantStatus: []int{50}, - Validation: func(outputText string) bool { - getProgressRegex := "Executing queries:" - match, _ := regexp.MatchString(getProgressRegex, outputText) - // if not found -> the the test was successful - return !match - }, - } - - Tests = append(Tests, testSample) -} diff --git a/e2e/testcases/e2e-cli-010_scan_invalid_type.go b/e2e/testcases/e2e-cli-010_scan_invalid_type.go deleted file mode 100644 index 7eda4c6d79c..00000000000 --- a/e2e/testcases/e2e-cli-010_scan_invalid_type.go +++ /dev/null @@ -1,24 +0,0 @@ -package testcases - -import "regexp" - -// E2E-CLI-010 - KICS scan with invalid --type flag -// should exhibit an error message and return exit code 1 -func init() { //nolint - testSample := TestCase{ - Name: "should display an error message about unknown argument [E2E-CLI-010]", - Args: args{ - Args: []cmdArgs{ - []string{"scan", "-p", "/path/e2e/fixtures/samples/terraform.tf", "-t", "xml", "--silent"}, - }, - }, - Validation: func(outputText string) bool { - unknownArgRegex := regexp.MustCompile(`Error: unknown argument\(s\) for --type: xml`) - match := unknownArgRegex.MatchString(outputText) - return match - }, - WantStatus: []int{126}, - } - - Tests = append(Tests, testSample) -} diff --git a/e2e/testcases/e2e-cli-011_scan_type.go b/e2e/testcases/e2e-cli-011_scan_type.go deleted file mode 100644 index 627e720487a..00000000000 --- a/e2e/testcases/e2e-cli-011_scan_type.go +++ /dev/null @@ -1,21 +0,0 @@ -package testcases - -// E2E-CLI-011 - KICS scan with a valid case insensitive --type flag -// should perform the scan successfully and return exit code 50 -func init() { //nolint - testSample := TestCase{ - Name: "should perform a valid scan with -t flag [E2E-CLI-011]", - Args: args{ - Args: []cmdArgs{ - []string{"scan", "-p", "/path/e2e/fixtures/samples/positive.dockerfile", - "-t", "DocKerFiLE", "--silent", "--payload-path", "/path/e2e/output/E2E_CLI_011_PAYLOAD.json"}, - }, - ExpectedPayload: []string{ - "E2E_CLI_011_PAYLOAD.json", - }, - }, - WantStatus: []int{50}, - } - - Tests = append(Tests, testSample) -} diff --git a/e2e/testcases/e2e-cli-012_scan_minimal-ui.go b/e2e/testcases/e2e-cli-012_scan_minimal-ui.go deleted file mode 100644 index 877b3346ceb..00000000000 --- a/e2e/testcases/e2e-cli-012_scan_minimal-ui.go +++ /dev/null @@ -1,25 +0,0 @@ -package testcases - -import "regexp" - -// E2E-CLI-012 - kics scan with minimal-ui flag should perform a scan -// without showing detailed results on each line of code -func init() { //nolint - testSample := TestCase{ - Name: "should display minimal-ui [E2E-CLI-012]", - Args: args{ - Args: []cmdArgs{ - []string{"scan", "-p", "/path/e2e/fixtures/samples/positive.dockerfile", "--minimal-ui"}, - }, - }, - WantStatus: []int{50}, - Validation: func(outputText string) bool { - match1, _ := regexp.MatchString("Description:", outputText) - match2, _ := regexp.MatchString("Platform:", outputText) - // if not found -> the the test was successful - return !match1 && !match2 - }, - } - - Tests = append(Tests, testSample) -} diff --git a/e2e/testcases/e2e-cli-013_list-platforms.go b/e2e/testcases/e2e-cli-013_list-platforms.go deleted file mode 100644 index 47728b0b392..00000000000 --- a/e2e/testcases/e2e-cli-013_list-platforms.go +++ /dev/null @@ -1,20 +0,0 @@ -package testcases - -// E2E-CLI-013 - KICS root command list-platforms -// should return all the supported platforms in the CLI -func init() { //nolint - testSample := TestCase{ - Name: "should list all supported platforms [E2E-CLI-013]", - Args: args{ - Args: []cmdArgs{ - []string{"list-platforms"}, - }, - ExpectedOut: []string{ - "E2E_CLI_013", - }, - }, - WantStatus: []int{0}, - } - - Tests = append(Tests, testSample) -} diff --git a/e2e/testcases/e2e-cli-014_scan_preview-lines.go b/e2e/testcases/e2e-cli-014_scan_preview-lines.go deleted file mode 100644 index 60cb957137d..00000000000 --- a/e2e/testcases/e2e-cli-014_scan_preview-lines.go +++ /dev/null @@ -1,26 +0,0 @@ -package testcases - -import "regexp" - -// E2E-CLI-014 - KICS preview-lines command must delimit the number of -// code lines that are displayed in each scan results code block. -func init() { //nolint - testSample := TestCase{ - Name: "should modify the default preview-lines value [E2E-CLI-014]", - Args: args{ - Args: []cmdArgs{ - []string{"scan", "--preview-lines", "1", "--no-color", "--no-progress", - "-p", "/path/e2e/fixtures/samples/positive.dockerfile"}, - }, - }, - Validation: func(outputText string) bool { - // only the match1 must be true - match1, _ := regexp.MatchString(`005\: RUN gem install grpc -v \$\{GRPC_RUBY_VERSION\} blunder`, outputText) - match2, _ := regexp.MatchString(`006\: RUN bundle install`, outputText) - return match1 && !match2 - }, - WantStatus: []int{50}, - } - - Tests = append(Tests, testSample) -} diff --git a/e2e/testcases/e2e-cli-015_scan_no-color.go b/e2e/testcases/e2e-cli-015_scan_no-color.go deleted file mode 100644 index 25c7014b945..00000000000 --- a/e2e/testcases/e2e-cli-015_scan_no-color.go +++ /dev/null @@ -1,26 +0,0 @@ -package testcases - -import "regexp" - -// E2E-CLI-015 KICS scan with --no-color flag -// should disable the colored outputs of kics in the CLI -func init() { //nolint - testSample := TestCase{ - Name: "should disable colored output in the CLI [E2E-CLI-015]", - Args: args{ - Args: []cmdArgs{ - []string{"scan", "--no-color", "-p", "/path/e2e/fixtures/samples/positive.dockerfile"}, - }, - }, - Validation: func(outputText string) bool { - match1, _ := regexp.MatchString(`HIGH: \d+`, outputText) - match2, _ := regexp.MatchString(`MEDIUM: \d+`, outputText) - match3, _ := regexp.MatchString(`LOW: \d+`, outputText) - match4, _ := regexp.MatchString(`INFO: \d+`, outputText) - return match1 && match2 && match3 && match4 - }, - WantStatus: []int{50}, - } - - Tests = append(Tests, testSample) -} diff --git a/e2e/testcases/e2e-cli-016_scan_invalid_flag.go b/e2e/testcases/e2e-cli-016_scan_invalid_flag.go deleted file mode 100644 index f2366485d4d..00000000000 --- a/e2e/testcases/e2e-cli-016_scan_invalid_flag.go +++ /dev/null @@ -1,26 +0,0 @@ -package testcases - -// E2E-CLI-016 - KICS has an invalid flag or invalid command -// an error message and return exit code 1 -func init() { //nolint - testSample := TestCase{ - Name: "should throw error messages for kics' flags [E2E-CLI-016]", - Args: args{ - Args: []cmdArgs{ - []string{"scan", "--invalid-flag"}, - []string{"--invalid-flag"}, - []string{"invalid"}, - []string{"-i"}, - }, - ExpectedOut: []string{ - "E2E_CLI_016_INVALID_SCAN_FLAG", - "E2E_CLI_016_INVALID_FLAG", - "E2E_CLI_016_INVALID_COMMAND", - "E2E_CLI_016_INVALID_SHOTHAND", - }, - }, - WantStatus: []int{126, 126, 126, 126}, - } - - Tests = append(Tests, testSample) -} diff --git a/e2e/testcases/e2e-cli-017_scan_verbose.go b/e2e/testcases/e2e-cli-017_scan_verbose.go deleted file mode 100644 index 25c5aa5e475..00000000000 --- a/e2e/testcases/e2e-cli-017_scan_verbose.go +++ /dev/null @@ -1,25 +0,0 @@ -package testcases - -import "regexp" - -// E2E-CLI-017 - KICS scan command with the -v (--verbose) flag -// should display additional information in the CLI, such as 'Inspector initialized'... - -func init() { //nolint - testSample := TestCase{ - Name: "should display verbose information in the CLI [E2E-CLI-017]", - Args: args{ - Args: []cmdArgs{ - []string{"scan", "-v", "--no-progress", "-p", "/path/e2e/fixtures/samples/positive.dockerfile"}, - }, - }, - Validation: func(outputText string) bool { - match1, _ := regexp.MatchString(`Inspector initialized, number of queries=\d+`, outputText) - match2, _ := regexp.MatchString(`Inspector stopped`, outputText) - return match1 && match2 - }, - WantStatus: []int{50}, - } - - Tests = append(Tests, testSample) -} diff --git a/e2e/testcases/e2e-cli-018_scan_exclude-categories.go b/e2e/testcases/e2e-cli-018_scan_exclude-categories.go deleted file mode 100644 index 82d76a075c8..00000000000 --- a/e2e/testcases/e2e-cli-018_scan_exclude-categories.go +++ /dev/null @@ -1,18 +0,0 @@ -package testcases - -// E2E-CLI-018 - KICS scan command with --exclude-categories flag -// should not run queries that are part of the provided categories. -func init() { //nolint - testSample := TestCase{ - Name: "should exclude provided categories [E2E-CLI-018]", - Args: args{ - Args: []cmdArgs{ - []string{"scan", "--exclude-categories", "Observability,Insecure Configurations,Networking and Firewall", "-s", - "-p", "/path/e2e/fixtures/samples/terraform-single.tf"}, - }, - }, - WantStatus: []int{30}, - } - - Tests = append(Tests, testSample) -} diff --git a/e2e/testcases/e2e-cli-019_scan_multiple_paths.go b/e2e/testcases/e2e-cli-019_scan_multiple_paths.go deleted file mode 100644 index 9d14dd6b6c4..00000000000 --- a/e2e/testcases/e2e-cli-019_scan_multiple_paths.go +++ /dev/null @@ -1,25 +0,0 @@ -package testcases - -import ( - "regexp" -) - -// E2E-CLI-019 - KICS scan with multiple paths -// should run a scan for all provided paths/files -func init() { //nolint - testSample := TestCase{ - Name: "should run a scan in multiple paths [E2E-CLI-019]", - Args: args{ - Args: []cmdArgs{ - []string{"scan", "-v", "-p", "/path/e2e/fixtures/samples/positive.dockerfile,/path/e2e/fixtures/samples/positive.yaml"}, - }, - }, - Validation: func(outputText string) bool { - match, _ := regexp.MatchString(`Loading queries of type: (dockerfile|cloudformation), (dockerfile|cloudformation)`, outputText) - return match - }, - WantStatus: []int{50}, - } - - Tests = append(Tests, testSample) -} diff --git a/e2e/testcases/e2e-cli-020_scan_exclude-queries.go b/e2e/testcases/e2e-cli-020_scan_exclude-queries.go deleted file mode 100644 index a877a06dcdd..00000000000 --- a/e2e/testcases/e2e-cli-020_scan_exclude-queries.go +++ /dev/null @@ -1,21 +0,0 @@ -package testcases - -// E2E-CLI-020 - KICS scan with --exclude-queries flag -// should not run queries that was provided in this flag. -func init() { //nolint - testSample := TestCase{ - Name: "should exclude provided queries [E2E-CLI-020]", - Args: args{ - Args: []cmdArgs{ - []string{"scan", - "--exclude-queries", "fd54f200-402c-4333-a5a4-36ef6709af2f," + - "d3499f6d-1651-41bb-a9a7-de925fea487b," + - "b03a748a-542d-44f4-bb86-9199ab4fd2d5", - "-s", "-p", "/path/e2e/fixtures/samples/single.dockerfile"}, - }, - }, - WantStatus: []int{20}, - } - - Tests = append(Tests, testSample) -} diff --git a/e2e/testcases/e2e-cli-021_scan_status_code.go b/e2e/testcases/e2e-cli-021_scan_status_code.go deleted file mode 100644 index b22b66b3493..00000000000 --- a/e2e/testcases/e2e-cli-021_scan_status_code.go +++ /dev/null @@ -1,24 +0,0 @@ -package testcases - -// E2E-CLI-021 - KICS can return different status code based in the scan results (High/Medium/Low..) -// when excluding categories/queries and losing results we can get a different status code. -func init() { //nolint - testSample := TestCase{ - Name: "should validate the kics result status code [E2E-CLI-021]", - Args: args{ - Args: []cmdArgs{ - []string{"scan", - "-p", "/path/e2e/fixtures/samples/positive.yaml"}, - - []string{"scan", "--exclude-categories", - "Access Control,Availability,Backup,Best Practices,Build Process,Encryption," + - "Insecure Configurations,Insecure Defaults,Networking and Firewall,Observability," + - "Resource Management,Secret Management,Supply-Chain,Structure and Semantics", - "-p", "/path/test/fixtures/all_auth_users_get_read_access/test/positive.tf"}, - }, - }, - WantStatus: []int{50, 0}, - } - - Tests = append(Tests, testSample) -} diff --git a/e2e/testcases/e2e-cli-022_scan_profiling_cpu.go b/e2e/testcases/e2e-cli-022_scan_profiling_cpu.go deleted file mode 100644 index 1671c035c23..00000000000 --- a/e2e/testcases/e2e-cli-022_scan_profiling_cpu.go +++ /dev/null @@ -1,24 +0,0 @@ -package testcases - -import "regexp" - -// E2E-CLI-022 - Kics scan command with --profiling CPU and -v flags -// should display CPU usage in the CLI -func init() { //nolint - testSample := TestCase{ - Name: "should display CPU usage in the CLI [E2E-CLI-022]", - Args: args{ - Args: []cmdArgs{ - []string{"scan", "--profiling", "CPU", "-v", - "--no-progress", "--no-color", "-p", "/path/e2e/fixtures/samples/positive.dockerfile"}, - }, - }, - Validation: func(outputText string) bool { - match, _ := regexp.MatchString(`Total CPU usage for start_scan: \d+`, outputText) - return match - }, - WantStatus: []int{50}, - } - - Tests = append(Tests, testSample) -} diff --git a/e2e/testcases/e2e-cli-023_scan_profiling_mem.go b/e2e/testcases/e2e-cli-023_scan_profiling_mem.go deleted file mode 100644 index ee9c9276416..00000000000 --- a/e2e/testcases/e2e-cli-023_scan_profiling_mem.go +++ /dev/null @@ -1,24 +0,0 @@ -package testcases - -import "regexp" - -// E2E-CLI-023 - Kics scan command with --profiling MEM and -v flags -// should display MEM usage in the CLI -func init() { //nolint - testSample := TestCase{ - Name: "should display memory usage in the CLI [E2E-CLI-023]", - Args: args{ - Args: []cmdArgs{ - []string{"scan", "--profiling", "MEM", "-v", - "--no-progress", "--no-color", "-p", "/path/e2e/fixtures/samples/positive.dockerfile"}, - }, - }, - Validation: func(outputText string) bool { - match, _ := regexp.MatchString(`Total MEM usage for start_scan: \d+`, outputText) - return match - }, - WantStatus: []int{50}, - } - - Tests = append(Tests, testSample) -} diff --git a/e2e/testcases/e2e-cli-024_version.go b/e2e/testcases/e2e-cli-024_version.go deleted file mode 100644 index 6edb9b66c49..00000000000 --- a/e2e/testcases/e2e-cli-024_version.go +++ /dev/null @@ -1,23 +0,0 @@ -package testcases - -import "regexp" - -// E2E-CLI-024 - KICS version command -// should display the version of the kics in the CLI. -func init() { //nolint - testSample := TestCase{ - Name: "should display the kics version [E2E-CLI-024]", - Args: args{ - Args: []cmdArgs{ - []string{"version"}, - }, - }, - Validation: func(outputText string) bool { - match, _ := regexp.MatchString(`Keeping Infrastructure as Code Secure [0-9a-zA-Z]+`, outputText) - return match - }, - WantStatus: []int{0}, - } - - Tests = append(Tests, testSample) -} diff --git a/e2e/testcases/e2e-cli-025_scan_fail-on.go b/e2e/testcases/e2e-cli-025_scan_fail-on.go deleted file mode 100644 index 5cf7f1b7fc6..00000000000 --- a/e2e/testcases/e2e-cli-025_scan_fail-on.go +++ /dev/null @@ -1,21 +0,0 @@ -package testcases - -// E2E-CLI-025 - KICS scan command with --fail-on flag should -// return status code different from 0 only when results match the severity provided in this flag -func init() { //nolint - testSample := TestCase{ - Name: "should fail-on provided values [E2E-CLI-025]", - Args: args{ - Args: []cmdArgs{ - []string{"scan", "--fail-on", "info,low", - "-s", "-p", "/path/assets/queries/dockerfile/apk_add_using_local_cache_path/test/positive.dockerfile"}, - - []string{"scan", "--fail-on", "info", - "-s", "-p", "/path/assets/queries/dockerfile/apk_add_using_local_cache_path/test/positive.dockerfile"}, - }, - }, - WantStatus: []int{30, 20}, - } - - Tests = append(Tests, testSample) -} diff --git a/e2e/testcases/e2e-cli-026_scan_ignore-on-exit.go b/e2e/testcases/e2e-cli-026_scan_ignore-on-exit.go deleted file mode 100644 index 860c332cc04..00000000000 --- a/e2e/testcases/e2e-cli-026_scan_ignore-on-exit.go +++ /dev/null @@ -1,28 +0,0 @@ -package testcases - -// E2E-CLI-026 - KICS scan command with --ignore-on-exit flag -// should return status code 0 if the provided flag occurs. -// Example: '--ignore-on-exit errors' -> Returns 0 if an error was found, instead of 126/130... -func init() { //nolint - testSample := TestCase{ - Name: "should ignore on exit provided flags [E2E-CLI-026]", - Args: args{ - Args: []cmdArgs{ - []string{"scan", "--ignore-on-exit", - "-s", "-p", "/path/e2e/fixtures/samples/terraform-single.invalid.name"}, - - []string{"scan", "--ignore-on-exit", "errors", - "-s", "-p", "/path/e2e/fixtures/samples/terraform-single.invalid.name"}, - - []string{"scan", "--ignore-on-exit", "errors", - "-s", "-p", "/path/e2e/fixtures/samples/positive.yaml"}, - - []string{"scan", "--ignore-on-exit", "all", - "-s", "-p", "/path/e2e/fixtures/samples/positive.yaml"}, - }, - }, - WantStatus: []int{126, 0, 50, 0}, - } - - Tests = append(Tests, testSample) -} diff --git a/e2e/testcases/e2e-cli-027_scan_exclude-paths.go b/e2e/testcases/e2e-cli-027_scan_exclude-paths.go deleted file mode 100644 index 4f3e05bb934..00000000000 --- a/e2e/testcases/e2e-cli-027_scan_exclude-paths.go +++ /dev/null @@ -1,24 +0,0 @@ -package testcases - -import "regexp" - -// E2E-CLI-027 - KICS scan command with --exclude-paths -// should not perform the scan on the files/folders provided by this flag -func init() { //nolint - testSample := TestCase{ - Name: " should exclude provided paths [E2E-CLI-027]", - Args: args{ - Args: []cmdArgs{ - []string{"scan", "--exclude-paths", "/path/test/fixtures/test_swagger/swaggerFileWithoutAuthorizer.yaml", - "-p", "/path/test/fixtures/test_swagger/", "-v"}, - }, - }, - Validation: func(outputText string) bool { - match, _ := regexp.MatchString(`Scanned Files: 1`, outputText) - return match - }, - WantStatus: []int{40}, - } - - Tests = append(Tests, testSample) -} diff --git a/e2e/testcases/e2e-cli-028_scan_log-format.go b/e2e/testcases/e2e-cli-028_scan_log-format.go deleted file mode 100644 index 52f0605e567..00000000000 --- a/e2e/testcases/e2e-cli-028_scan_log-format.go +++ /dev/null @@ -1,27 +0,0 @@ -package testcases - -import "regexp" - -// E2E-CLI-028 - KICS scan command with --log-format -// should modify the view structure of output messages in the CLI (json/pretty) -func init() { //nolint - testSample := TestCase{ - Name: "should modify log format messages in the CLI [E2E-CLI-028]", - Args: args{ - Args: []cmdArgs{ - - []string{"scan", "--log-format", "json", "--verbose", - "-p", "/path/e2e/fixtures/samples/single.dockerfile"}, - }, - }, - - Validation: func(outputText string) bool { - match1, _ := regexp.MatchString(`{"level":"info"`, outputText) - match2, _ := regexp.MatchString(`"message":"Inspector initialized, number of queries=\d+"`, outputText) - return match1 && match2 - }, - WantStatus: []int{50}, - } - - Tests = append(Tests, testSample) -} diff --git a/e2e/testcases/e2e-cli-029_scan_config.go b/e2e/testcases/e2e-cli-029_scan_config.go deleted file mode 100644 index d4c0457fea7..00000000000 --- a/e2e/testcases/e2e-cli-029_scan_config.go +++ /dev/null @@ -1,21 +0,0 @@ -package testcases - -// E2E-CLI-029 - KICS scan command with --config flag -// should load a config file that provides commands and arguments to kics. -func init() { //nolint - testSample := TestCase{ - Name: "should load a config file [E2E-CLI-029]", - Args: args{ - Args: []cmdArgs{ - []string{"scan", "--config", "/path/e2e/fixtures/samples/configs/config.json", "--type", "cloudformation"}, - - []string{"scan", "--config", "/path/e2e/fixtures/samples/configs/config.json"}, - - []string{"scan", "--config", "/path/e2e/fixtures/samples/configs/config.json", "--silent"}, - }, - }, - WantStatus: []int{50, 0, 126}, - } - - Tests = append(Tests, testSample) -} diff --git a/e2e/testcases/e2e-cli-030_output-path.go b/e2e/testcases/e2e-cli-030_output-path.go deleted file mode 100644 index e505e9c6361..00000000000 --- a/e2e/testcases/e2e-cli-030_output-path.go +++ /dev/null @@ -1,24 +0,0 @@ -package testcases - -// E2E-CLI-030 - Kics scan command with --output-path flags -// should export the result file (default json) to the path provided by this flag. -func init() { //nolint - testSample := TestCase{ - Name: "should export the result files to provided path [E2E-CLI-030]", - Args: args{ - Args: []cmdArgs{ - []string{"scan", "--output-path", "/path/e2e/output", - "-p", "/path/e2e/fixtures/samples/positive.dockerfile"}, - }, - ExpectedResult: []ResultsValidation{ - { - ResultsFile: "results", - ResultsFormats: []string{"json"}, - }, - }, - }, - WantStatus: []int{50}, - } - - Tests = append(Tests, testSample) -} diff --git a/e2e/testcases/e2e-cli-031_scan_report-formats.go b/e2e/testcases/e2e-cli-031_scan_report-formats.go deleted file mode 100644 index a3d52a81882..00000000000 --- a/e2e/testcases/e2e-cli-031_scan_report-formats.go +++ /dev/null @@ -1,34 +0,0 @@ -package testcases - -// E2E-CLI-031 - Kics scan command with --report-formats and --output-path flags -// should export the results based on the formats provided by this flag. -func init() { //nolint - testSample := TestCase{ - Name: "should export the results based on different formats [E2E-CLI-031]", - Args: args{ - Args: []cmdArgs{ - []string{"scan", "--output-path", "/path/e2e/output", "--output-name", "E2E_CLI_031_RESULT", - "--report-formats", "json,SARIF,glsast,Html,SonarQUBE,Junit,cyclonedx,asff,csv,CodeClimate", - "-p", "/path/e2e/fixtures/samples/positive.yaml"}, - - []string{"scan", "--output-path", "/path/e2e/output", "--output-name", "E2E_CLI_031_RESULT_CIS", - "--report-formats", "json,JUnit,CSV", "--include-queries", "275a3217-ca37-40c1-a6cf-bb57d245ab32", - "-p", "/path/e2e/fixtures/samples/positive.yaml"}, - }, - ExpectedResult: []ResultsValidation{ - { - ResultsFile: "E2E_CLI_031_RESULT", - ResultsFormats: []string{"json", "sarif", "glsast", "html", "sonarqube", "junit", "cyclonedx", "asff", "csv", "codeclimate"}, - }, - { - ResultsFile: "E2E_CLI_031_RESULT_CIS", - ResultsFormats: []string{"junit", "json-cis", "csv-cis"}, - }, - }, - UseMock: []bool{false, true}, - }, - WantStatus: []int{50, 40}, - } - - Tests = append(Tests, testSample) -} diff --git a/e2e/testcases/e2e-cli-032_scan_output-path_validate_json.go b/e2e/testcases/e2e-cli-032_scan_output-path_validate_json.go deleted file mode 100644 index 2a7028cd2ef..00000000000 --- a/e2e/testcases/e2e-cli-032_scan_output-path_validate_json.go +++ /dev/null @@ -1,25 +0,0 @@ -package testcases - -// E2E-CLI-032 - KICS scan command with --output-path flag -// should set the output path and check the results.json report format -func init() { //nolint - testSample := TestCase{ - Name: "should set the results output name [E2E-CLI-032]", - Args: args{ - Args: []cmdArgs{ - []string{"scan", "-o", "/path/e2e/output", "--output-name", "E2E_CLI_032_RESULT", - "-p", "/path/e2e/fixtures/samples/positive.yaml", - }, - }, - ExpectedResult: []ResultsValidation{ - { - ResultsFile: "E2E_CLI_032_RESULT", - ResultsFormats: []string{"json"}, - }, - }, - }, - WantStatus: []int{50}, - } - - Tests = append(Tests, testSample) -} diff --git a/e2e/testcases/e2e-cli-033_scan_output-path_validate_payload.go b/e2e/testcases/e2e-cli-033_scan_output-path_validate_payload.go deleted file mode 100644 index 5ec2bc47af8..00000000000 --- a/e2e/testcases/e2e-cli-033_scan_output-path_validate_payload.go +++ /dev/null @@ -1,32 +0,0 @@ -package testcases - -// E2E-CLI-033 - KICS scan command with --output-path and --payload-path flags -// should perform a scan and create result file(s) and payload file -func init() { //nolint - testSample := TestCase{ - Name: " should perform a scan and create a result and payload file [E2E-CLI-033]", - Args: args{ - Args: []cmdArgs{ - []string{"scan", - "--output-path", "/path/e2e/output", - "--output-name", "E2E_CLI_033_RESULT", - "--report-formats", "json,sarif,glsast,codeclimate", - "--payload-path", "/path/e2e/output/E2E_CLI_033_PAYLOAD.json", - "-p", "/path/e2e/fixtures/samples/terraform-single.tf", - }, - }, - ExpectedResult: []ResultsValidation{ - { - ResultsFile: "E2E_CLI_033_RESULT", - ResultsFormats: []string{"json", "sarif", "glsast", "codeclimate"}, - }, - }, - ExpectedPayload: []string{ - "E2E_CLI_033_PAYLOAD.json", - }, - }, - WantStatus: []int{40}, - } - - Tests = append(Tests, testSample) -} diff --git a/e2e/testcases/e2e-cli-034_scan_log-format_no_verbose.go b/e2e/testcases/e2e-cli-034_scan_log-format_no_verbose.go deleted file mode 100644 index 267a485169e..00000000000 --- a/e2e/testcases/e2e-cli-034_scan_log-format_no_verbose.go +++ /dev/null @@ -1,28 +0,0 @@ -package testcases - -import "regexp" - -// E2E-CLI-034 - KICS scan command with --log-format without --verbose -// should not output log messages in the CLI (json) -func init() { //nolint - testSample := TestCase{ - Name: "should not display messages in the CLI [E2E-CLI-034]", - Args: args{ - Args: []cmdArgs{ - - []string{"scan", "--log-format", "json", - "-p", "/path/e2e/fixtures/samples/single.dockerfile"}, - }, - }, - - Validation: func(outputText string) bool { - match1, _ := regexp.MatchString(`{"level":"info"`, outputText) - match2, _ := regexp.MatchString(`"message":"Inspector initialized, number of queries=\d+"`, outputText) - return !match1 && !match2 - }, - - WantStatus: []int{50}, - } - - Tests = append(Tests, testSample) -} diff --git a/e2e/testcases/e2e-cli-035_scan_exclude-results.go b/e2e/testcases/e2e-cli-035_scan_exclude-results.go deleted file mode 100644 index 65e98ab34b1..00000000000 --- a/e2e/testcases/e2e-cli-035_scan_exclude-results.go +++ /dev/null @@ -1,25 +0,0 @@ -package testcases - -// E2E-CLI-035 - KICS scan command with --exclude-results -// should not run/found results (similarityID) provided by this flag -func init() { //nolint - testSample := TestCase{ - Name: "should exclude provided similarity ID results [E2E-CLI-035]", - Args: args{ - Args: []cmdArgs{ - - []string{"scan", - "--exclude-results", - "449be223f73b808ffbfb61a17090408aaba9615eb57f79c74e7e9cf6190b57d7," + - "d5a929b017b21438c2d42d4361f12941ea5b3d7f9eedfcb73848141b041d1f4d," + - "82ab4f612e7f3e0fbed0ac72f8747fe81f94961f94ad8302121f17ef184acd22", - "-p", "/path/e2e/fixtures/samples/single.dockerfile"}, - - []string{"scan", "--exclude-results", "-p", "/path/e2e/fixtures/samples/single.dockerfile"}, - }, - }, - WantStatus: []int{20, 126}, - } - - Tests = append(Tests, testSample) -} diff --git a/e2e/testcases/e2e-cli-036_scan_include-queries.go b/e2e/testcases/e2e-cli-036_scan_include-queries.go deleted file mode 100644 index 0a3022d5f5d..00000000000 --- a/e2e/testcases/e2e-cli-036_scan_include-queries.go +++ /dev/null @@ -1,59 +0,0 @@ -package testcases - -// E2E-CLI-036 - KICS scan command with --include-queries -// should perform a scan running only the provided queries -func init() { //nolint - testSample := TestCase{ - Name: "should perform a scan including only specific queries [E2E-CLI-036]", - Args: args{ - Args: []cmdArgs{ - - []string{"scan", "-p", "/path/e2e/fixtures/samples/positive.yaml", - "--output-path", "/path/e2e/output", "--output-name", "E2E_CLI_036_RESULT", - "--include-queries", "275a3217-ca37-40c1-a6cf-bb57d245ab32,027a4b7a-8a59-4938-a04f-ed532512cf45," + - "e415f8d3-fc2b-4f52-88ab-1129e8c8d3f5,105ba098-1e34-48cd-b0f2-a8a43a51bf9b,ad21e616-5026-4b9d-990d-5b007bfe679c," + - "79d745f0-d5f3-46db-9504-bef73e9fd528,e200a6f3-c589-49ec-9143-7421d4a2c845,01d5a458-a6c4-452a-ac50-054d59275b7c," + - "7f384a5f-b5a2-4d84-8ca3-ee0a5247becb,87482183-a8e7-4e42-a566-7a23ec231c16,4a1e6b34-1008-4e61-a5f2-1f7c276f8d14," + - "d24389b4-b209-4ff0-8345-dc7a4569dcdd,5e6c9c68-8a82-408e-8749-ddad78cbb9c5"}, // Load Many Queries (13) - - []string{"scan", "-p", "/path/e2e/fixtures/samples/positive.yaml", - "--output-path", "/path/e2e/output", "--output-name", "E2E_CLI_036_RESULT_2", - "--include-queries", "87482183-a8e7-4e42-a566-7a23ec231c16"}, // Load 1 query - - []string{"scan", "-p", "/path/e2e/fixtures/samples/positive.yaml", - "--include-queries", "87482183-a8e7-4e42-a566-7a23ec231c17"}, // Load 0 queries (valid, but doesn't exists) - - []string{"scan", "-p", "/path/e2e/fixtures/samples/positive.yaml", - "--include-queries", "87482183-a8e7-4e42-a566-7a23ec23KICS"}, // Invalid query ID - - []string{"scan", "--include-queries", "cfdcabb0-fc06-427c-865b-c59f13e898ce", - "-s", "-p", "/path/e2e/fixtures/samples/terraform.tf"}, - - []string{"scan", "--include-queries", "e38a8e0a-b88b-4902-b3fe-b0fcb17d5c10,15ffbacc-fa42-4f6f-a57d-2feac7365caa", - "-s", "-p", "/path/e2e/fixtures/samples/terraform.tf"}, - - []string{"scan", "--include-queries", "e38a8e0a-b88b-4902-b3fe-b0fcb17d5c10", - "-s", "-p", "/path/e2e/fixtures/samples/terraform.tf"}, - - []string{"scan", "--include-queries", - "-p", "/path/e2e/fixtures/samples/terraform-single.tf"}, - []string{"scan", "--include-queries", - "--queries-path", "/path/assets/queries", "-p", "/path/e2e/fixtures/samples/terraform-single.tf"}, - }, - ExpectedResult: []ResultsValidation{ - { - ResultsFile: "E2E_CLI_036_RESULT", - ResultsFormats: []string{"json"}, - }, - { - ResultsFile: "E2E_CLI_036_RESULT_2", - ResultsFormats: []string{"json"}, - }, - }, - }, - - WantStatus: []int{50, 40, 0, 126, 50, 40, 20, 126, 126}, - } - - Tests = append(Tests, testSample) -} diff --git a/e2e/testcases/e2e-cli-037_scan_exclude-results_include-queries.go b/e2e/testcases/e2e-cli-037_scan_exclude-results_include-queries.go deleted file mode 100644 index 6e4327af9dc..00000000000 --- a/e2e/testcases/e2e-cli-037_scan_exclude-results_include-queries.go +++ /dev/null @@ -1,25 +0,0 @@ -package testcases - -// E2E-CLI-037 - KICS scan command with --exclude-results and --include-queries -// should run only provided queries and does not run results (similarityID) provided by this flag -func init() { //nolint - testSample := TestCase{ - Name: "should run only provided queries and exclude provided results [E2E-CLI-037]", - Args: args{ - Args: []cmdArgs{ - - []string{"scan", "--include-queries", "e38a8e0a-b88b-4902-b3fe-b0fcb17d5c10", - "--exclude-results", "406b71d9fd0edb656a4735df30dde77c5f8a6c4ec3caa3442f986a92832c653b", - "-p", "/path/e2e/fixtures/samples/terraform-single.tf"}, - - []string{"scan", "--include-queries", "e38a8e0a-b88b-4902-b3fe-b0fcb17d5c10", - "--exclude-results", "d1c5f6aec84fd91ed24f5f06ccb8b6662e26c0202bcb5d4a58a1458c16456d20", - "-p", "/path/e2e/fixtures/samples/terraform-single.tf"}, - }, - }, - - WantStatus: []int{0, 20}, - } - - Tests = append(Tests, testSample) -} diff --git a/e2e/testcases/e2e-cli-038_scan_log-path.go b/e2e/testcases/e2e-cli-038_scan_log-path.go deleted file mode 100644 index bfd4d338d56..00000000000 --- a/e2e/testcases/e2e-cli-038_scan_log-path.go +++ /dev/null @@ -1,35 +0,0 @@ -package testcases - -import "regexp" - -// E2E-CLI-038 - KICS scan command with --log-path -// should generate and save a log file for the scan -func init() { //nolint - testSample := TestCase{ - Name: "should generate and save a log file [E2E-CLI-038]", - Args: args{ - Args: []cmdArgs{ - - []string{"scan", "--log-path", "/path/e2e/output/E2E_CLI_038_LOG", - "-p", "/path/e2e/fixtures/samples/positive.yaml"}, - }, - - ExpectedLog: LogValidation{ - LogFile: "E2E_CLI_038_LOG", - ValidationFunc: func(logText string) bool { - match1, _ := regexp.MatchString("Scanning with Keeping Infrastructure as Code Secure", logText) - match2, _ := regexp.MatchString(`Parsed Files: \d+`, logText) - match3, _ := regexp.MatchString(`Scanned Lines: \d+`, logText) - match4, _ := regexp.MatchString(`Parsed Lines: \d+`, logText) - match5, _ := regexp.MatchString(`Ignored Lines: \d+`, logText) - match6, _ := regexp.MatchString(`Queries loaded: \d+`, logText) - match7, _ := regexp.MatchString(`Queries failed to execute: \d+`, logText) - return match1 && match2 && match3 && match4 && match5 && match6 && match7 - }, - }, - }, - WantStatus: []int{50}, - } - - Tests = append(Tests, testSample) -} diff --git a/e2e/testcases/e2e-cli-039_scan_log-path_log-level.go b/e2e/testcases/e2e-cli-039_scan_log-path_log-level.go deleted file mode 100644 index 7dbf3be4bf4..00000000000 --- a/e2e/testcases/e2e-cli-039_scan_log-path_log-level.go +++ /dev/null @@ -1,32 +0,0 @@ -package testcases - -import "regexp" - -// E2E-CLI-039 - KICS scan command with --log-path and --log-level -// should generate and save a log file based in the provided log-level -func init() { //nolint - testSample := TestCase{ - Name: " should generate and save a log file with log level [E2E-CLI-039]", - Args: args{ - Args: []cmdArgs{ - - []string{"scan", "--log-path", "/path/e2e/output/E2E_CLI_039_LOG", - "--log-level", "Trace", - "-p", "/path/e2e/fixtures/samples/positive.yaml"}, - }, - - ExpectedLog: LogValidation{ - LogFile: "E2E_CLI_039_LOG", - ValidationFunc: func(logText string) bool { - match1, _ := regexp.MatchString("TRACE", logText) - match2, _ := regexp.MatchString(`Inspector executed with result`, logText) - match3, _ := regexp.MatchString(`Scan duration: \d+`, logText) - return match1 && match2 && match3 - }, - }, - }, - WantStatus: []int{50}, - } - - Tests = append(Tests, testSample) -} diff --git a/e2e/testcases/e2e-cli-040_scan_report-formats_validate_outputs.go b/e2e/testcases/e2e-cli-040_scan_report-formats_validate_outputs.go deleted file mode 100644 index b58beae6cce..00000000000 --- a/e2e/testcases/e2e-cli-040_scan_report-formats_validate_outputs.go +++ /dev/null @@ -1,25 +0,0 @@ -package testcases - -// E2E-CLI-040 - Kics scan command with --report-formats and --output-path flags -// should export the results based on the formats provided by this flag. -func init() { //nolint - testSample := TestCase{ - Name: "should export the results based on report formats [E2E-CLI-040]", - Args: args{ - Args: []cmdArgs{ - []string{"scan", "--output-path", "/path/e2e/output", "--output-name", "E2E_CLI_040_RESULT", - "--report-formats", "json,sarif,glsast,html,sonarqube", - "-p", "/path/e2e/fixtures/samples/positive.yaml"}, - }, - ExpectedResult: []ResultsValidation{ - { - ResultsFile: "E2E_CLI_040_RESULT", - ResultsFormats: []string{"json", "sarif", "glsast", "html", "sonarqube"}, - }, - }, - }, - WantStatus: []int{50}, - } - - Tests = append(Tests, testSample) -} diff --git a/e2e/testcases/e2e-cli-041_scan_remote_path_git.go b/e2e/testcases/e2e-cli-041_scan_remote_path_git.go deleted file mode 100644 index 7971fca4c53..00000000000 --- a/e2e/testcases/e2e-cli-041_scan_remote_path_git.go +++ /dev/null @@ -1,25 +0,0 @@ -package testcases - -// E2E-CLI-041 - Kics scan command with -p targeting remote path (git) -// should download and scan the provided path. -func init() { //nolint - testSample := TestCase{ - Name: "should download and scan the provided git path [E2E-CLI-041]", - Args: args{ - Args: []cmdArgs{ - []string{"scan", "--output-path", "/path/e2e/output", "--output-name", "E2E_CLI_041_RESULT", - "--report-formats", "json,sarif,glsast", - "-p", "git::https://github.com/dockersamples/example-voting-app"}, - }, - ExpectedResult: []ResultsValidation{ - { - ResultsFile: "E2E_CLI_041_RESULT", - ResultsFormats: []string{"json", "sarif", "glsast"}, - }, - }, - }, - WantStatus: []int{50}, - } - - Tests = append(Tests, testSample) -} diff --git a/e2e/testcases/e2e-cli-042_scan_remote_path_http.go b/e2e/testcases/e2e-cli-042_scan_remote_path_http.go deleted file mode 100644 index 2cd44c8ba4f..00000000000 --- a/e2e/testcases/e2e-cli-042_scan_remote_path_http.go +++ /dev/null @@ -1,25 +0,0 @@ -package testcases - -// E2E-CLI-042 - Kics scan command with -p targeting remote path (http/https) -// should download and scan the provided path/file. -func init() { //nolint - testSample := TestCase{ - Name: "should download and scan the provided http path/file [E2E-CLI-042]", - Args: args{ - Args: []cmdArgs{ - []string{"scan", "--output-path", "/path/e2e/output", "--output-name", "E2E_CLI_042_RESULT", - "--report-formats", "json,sarif,glsast", - "-p", "https://raw.githubusercontent.com/dockersamples/example-voting-app/main/docker-compose.yml"}, - }, - ExpectedResult: []ResultsValidation{ - { - ResultsFile: "E2E_CLI_042_RESULT", - ResultsFormats: []string{"json", "sarif", "glsast"}, - }, - }, - }, - WantStatus: []int{50}, - } - - Tests = append(Tests, testSample) -} diff --git a/e2e/testcases/e2e-cli-043_scan_cloud-provider.go b/e2e/testcases/e2e-cli-043_scan_cloud-provider.go deleted file mode 100644 index bcdd03d0788..00000000000 --- a/e2e/testcases/e2e-cli-043_scan_cloud-provider.go +++ /dev/null @@ -1,24 +0,0 @@ -package testcases - -// E2E-CLI-043 - Kics scan command with --cloud-provider -// should execute only queries that have the same provider as given in the flag. -func init() { //nolint - testSample := TestCase{ - Name: "should execute only queries of specific cloud provider [E2E-CLI-043]", - Args: args{ - Args: []cmdArgs{ - []string{"scan", "", "/path/e2e/fixtures/samples/positive.yaml", - "--cloud-provider", "none"}, - - []string{"scan", "-p", "/path/e2e/fixtures/samples/positive.yaml", - "--cloud-provider"}, - - []string{"scan", "-p", "/path/e2e/fixtures/samples/positive.yaml", - "--cloud-provider", "aWs"}, - }, - }, - WantStatus: []int{126, 126, 50}, - } - - Tests = append(Tests, testSample) -} diff --git a/e2e/testcases/e2e-cli-044_scan_exclude-severities.go b/e2e/testcases/e2e-cli-044_scan_exclude-severities.go deleted file mode 100644 index 29a88163b39..00000000000 --- a/e2e/testcases/e2e-cli-044_scan_exclude-severities.go +++ /dev/null @@ -1,31 +0,0 @@ -package testcases - -// E2E-CLI-044 - Kics scan command with --exclude-severities -// should exclude results with the specified severities -func init() { //nolint - testSample := TestCase{ - Name: "should exclude queries by given severities [E2E-CLI-044]", - Args: args{ - Args: []cmdArgs{ - []string{"scan", "-p", "/path/e2e/fixtures/samples/positive.yaml", - "--output-path", "/path/e2e/output", "--output-name", "E2E_CLI_044_RESULT", - "--exclude-severities", "HIGH"}, - - []string{"scan", "-p", "/path/e2e/fixtures/samples/positive.yaml", - "--output-path", "/path/e2e/output", "--output-name", "E2E_CLI_044_RESULT", - "--exclude-severities", "HIGH,MEDIUM,LOW,INFO"}, - - []string{"scan", "-p", "/path/e2e/fixtures/samples/terraform.tf", - "--output-path", "/path/e2e/output", "--output-name", "E2E_CLI_044_RESULT", - "--exclude-severities"}, - - []string{"scan", "-p", "/path/e2e/fixtures/samples/terraform.tf", - "--output-path", "/path/e2e/output", "--output-name", "E2E_CLI_044_RESULT", - "--exclude-severities", "HIGH,MEDIUM,LOW"}, - }, - }, - WantStatus: []int{40, 0, 126, 20}, - } - - Tests = append(Tests, testSample) -} diff --git a/e2e/testcases/e2e-cli-045_scan_disable-secrets.go b/e2e/testcases/e2e-cli-045_scan_disable-secrets.go deleted file mode 100644 index 4cf6ca7a819..00000000000 --- a/e2e/testcases/e2e-cli-045_scan_disable-secrets.go +++ /dev/null @@ -1,26 +0,0 @@ -package testcases - -// E2E-CLI-045 - Kics scan command with --disable-secrets -// should not execute secret based queries. -func init() { //nolint - testSample := TestCase{ - Name: "should not execute secret queries [E2E-CLI-045]", - Args: args{ - Args: []cmdArgs{ - []string{"scan", "-p", "/path/e2e/fixtures/samples/terraform.tf", - "--include-queries", "487f4be7-3fd9-4506-a07a-eae252180c08"}, - - []string{"scan", "-p", "/path/e2e/fixtures/samples/terraform.tf", - "--include-queries", "487f4be7-3fd9-4506-a07a-eae252180c08", - "--disable-secrets"}, - - []string{"scan", "-p", "/path/e2e/fixtures/samples/terraform.tf", - "--include-queries", "487f4be7-3fd9-4506-a07a-eae252180c08,e38a8e0a-b88b-4902-b3fe-b0fcb17d5c10", - "--disable-secrets"}, - }, - }, - WantStatus: []int{50, 0, 20}, - } - - Tests = append(Tests, testSample) -} diff --git a/e2e/testcases/e2e-cli-046_scan_disable-full-descriptions.go b/e2e/testcases/e2e-cli-046_scan_disable-full-descriptions.go deleted file mode 100644 index 35999a3ad8c..00000000000 --- a/e2e/testcases/e2e-cli-046_scan_disable-full-descriptions.go +++ /dev/null @@ -1,26 +0,0 @@ -package testcases - -import "regexp" - -// E2E-CLI-046 - Kics scan command with --disable-full-descriptions -// should fetch descriptions from environment URL KICS_DESCRIPTIONS_ENDPOINT. -func init() { //nolint - testSample := TestCase{ - Name: "should fetch descriptions from environment [E2E-CLI-046]", - Args: args{ - Args: []cmdArgs{ - []string{"scan", "-p", "/path/e2e/fixtures/samples/positive.dockerfile", - "--no-color", "-v", - "--disable-full-descriptions"}, - }, - }, - Validation: func(outputText string) bool { - uuidRegex := "Skipping descriptions because provided disable flag is set" - match, _ := regexp.MatchString(uuidRegex, outputText) - return match - }, - WantStatus: []int{50}, - } - - Tests = append(Tests, testSample) -} diff --git a/e2e/testcases/e2e-cli-047_scan_payload-lines.go b/e2e/testcases/e2e-cli-047_scan_payload-lines.go deleted file mode 100644 index 782970d5741..00000000000 --- a/e2e/testcases/e2e-cli-047_scan_payload-lines.go +++ /dev/null @@ -1,21 +0,0 @@ -package testcases - -// E2E-CLI-047 - Kics scan command with --payload-lines -// should display additional information lines in the payload file. -func init() { //nolint - testSample := TestCase{ - Name: "should display line references in the payload file [E2E-CLI-047]", - Args: args{ - Args: []cmdArgs{ - []string{"scan", "--silent", "-p", "/path/e2e/fixtures/samples/terraform.tf", - "--payload-path", "/path/e2e/output/E2E_CLI_047_PAYLOAD.json", "--payload-lines"}, - }, - ExpectedPayload: []string{ - "E2E_CLI_047_PAYLOAD.json", - }, - }, - WantStatus: []int{50}, - } - - Tests = append(Tests, testSample) -} diff --git a/e2e/testcases/e2e-cli-048_scan_custom-secrets-regexes.go b/e2e/testcases/e2e-cli-048_scan_custom-secrets-regexes.go deleted file mode 100644 index 4351c5bc383..00000000000 --- a/e2e/testcases/e2e-cli-048_scan_custom-secrets-regexes.go +++ /dev/null @@ -1,34 +0,0 @@ -package testcases - -// E2E-CLI-048 - Kics scan command with --secrets-regexes-path -// should load custom secrets rules from provided path. -func init() { //nolint - testSample := TestCase{ - Name: "should load custom secrets rules from provided path [E2E-CLI-048]", - Args: args{ - Args: []cmdArgs{ - []string{"scan", "--silent", "-p", "/path/e2e/fixtures/samples/terraform-secret.tf", - "--secrets-regexes-path", "/path/e2e/fixtures/samples/secrets/regex_rules_48_valid.json"}, - - []string{"scan", "--silent", "-p", "/path/e2e/fixtures/samples/terraform-secret.tf", - "--secrets-regexes-path", "/path/e2e/fixtures/samples/secrets/regex_rules_48_valid.json", - "--exclude-queries", "487f4be7-3fd9-4506-a07a-eae252180c08"}, - - []string{"scan", "--silent", "-p", "/path/e2e/fixtures/samples/terraform-secret.tf", - "--secrets-regexes-path", "/path/e2e/fixtures/samples/secrets/regex_rules_48_empty.json"}, - - []string{"scan", "--silent", "-p", "/path/e2e/fixtures/samples/terraform-secret.tf", - "--secrets-regexes-path", "/path/e2e/fixtures/samples/secrets/regex_rules_48_invalid_regex.json"}, - - []string{"scan", "--silent", "-p", "/path/e2e/fixtures/samples/terraform.tf", - "--secrets-regexes-path", "not-exists-folder"}, - - []string{"scan", "--silent", "-p", "/path/e2e/fixtures/samples/terraform.tf", - "--secrets-regexes-path", "samples"}, - }, - }, - WantStatus: []int{50, 40, 40, 126, 126, 126}, - } - - Tests = append(Tests, testSample) -} diff --git a/e2e/testcases/e2e-cli-049_scan_custom-libraries-path.go b/e2e/testcases/e2e-cli-049_scan_custom-libraries-path.go deleted file mode 100644 index b170825d858..00000000000 --- a/e2e/testcases/e2e-cli-049_scan_custom-libraries-path.go +++ /dev/null @@ -1,24 +0,0 @@ -package testcases - -// E2E-CLI-049 - Kics scan command with --libraries-path -// should load libraries from the provided path. -func init() { //nolint - testSample := TestCase{ - Name: "should load libraries from the provided path [E2E-CLI-049]", - Args: args{ - Args: []cmdArgs{ - []string{"scan", "--silent", "-p", "/path/e2e/fixtures/samples/terraform-single.tf", - "--libraries-path", "/path/e2e/fixtures/samples/libraries"}, - - []string{"scan", "--silent", "-p", "/path/e2e/fixtures/samples/positive.yaml", - "--libraries-path", "/path/e2e/fixtures/samples/libraries"}, - - []string{"scan", "--silent", "-p", "/path/e2e/fixtures/samples/positive.yaml", - "--libraries-path", "/path/e2e/fixtures/samples/not-exists-folder"}, - }, - }, - WantStatus: []int{0, 50, 126}, - } - - Tests = append(Tests, testSample) -} diff --git a/e2e/testcases/e2e-cli-050_scan_bill-of-materials.go b/e2e/testcases/e2e-cli-050_scan_bill-of-materials.go deleted file mode 100644 index 22df7077eb1..00000000000 --- a/e2e/testcases/e2e-cli-050_scan_bill-of-materials.go +++ /dev/null @@ -1,27 +0,0 @@ -package testcases - -// E2E-CLI-050 - Kics scan command with --bom (or -m) -// should include bill of materials (BoM) in results output -func init() { //nolint - testSample := TestCase{ - Name: "should include bill of materials in results output [E2E-CLI-050]", - Args: args{ - Args: []cmdArgs{ - []string{"scan", "-p", "/path/e2e/fixtures/samples/bom-positive.tf", - "--bom", "-o", "/path/e2e/output"}, - - []string{"scan", "-p", "/path/e2e/fixtures/samples/bom-positive.tf", - "--m"}, - }, - ExpectedResult: []ResultsValidation{ - { - ResultsFile: "results", - ResultsFormats: []string{"json-bom"}, - }, - }, - }, - WantStatus: []int{50, 126}, - } - - Tests = append(Tests, testSample) -} diff --git a/e2e/testcases/e2e-cli-051_scan_custom-queries-path.go b/e2e/testcases/e2e-cli-051_scan_custom-queries-path.go deleted file mode 100644 index a62652f55b2..00000000000 --- a/e2e/testcases/e2e-cli-051_scan_custom-queries-path.go +++ /dev/null @@ -1,24 +0,0 @@ -package testcases - -// E2E-CLI-051 - Kics scan command with --queries-path -// should load and execute queries found in the provided path -func init() { //nolint - testSample := TestCase{ - Name: "should load and execute queries from a custom path [E2E-CLI-051]", - Args: args{ - Args: []cmdArgs{ - []string{"scan", "--queries-path", "/path/e2e/fixtures/samples/queries/valid/single_query", - "-p", "/path/e2e/fixtures/samples/bom-positive.tf"}, - []string{"scan", "--queries-path", "/path/e2e/fixtures/samples/queries/invalid/invalid_metadata", - "-p", "/path/e2e/fixtures/samples/bom-positive.tf"}, - []string{"scan", "--queries-path", "/path/e2e/fixtures/samples/queries/invalid/missing_metadata", "-p", - "/path/e2e/fixtures/samples/bom-positive.tf"}, - []string{"scan", "--queries-path", "/path/e2e/fixtures/samples/invalid_path", - "-p", "/path/e2e/fixtures/samples/bom-positive.tf"}, - }, - }, - WantStatus: []int{50, 0, 0, 126}, - } - - Tests = append(Tests, testSample) -} diff --git a/e2e/testcases/e2e-cli-052_scan_with_custom_cis_descriptions.go b/e2e/testcases/e2e-cli-052_scan_with_custom_cis_descriptions.go deleted file mode 100644 index f8bc7292480..00000000000 --- a/e2e/testcases/e2e-cli-052_scan_with_custom_cis_descriptions.go +++ /dev/null @@ -1,35 +0,0 @@ -package testcases - -// E2E-CLI-052 - Kics scan with a custom CIS descriptions env variable -// should load and display the correct CIS descriptions (provided by the custom server) -func init() { //nolint - testSample := TestCase{ - Name: "should load descriptions from a custom server [E2E-CLI-052]", - Args: args{ - Args: []cmdArgs{ - []string{"scan", - "-p", "/path/e2e/fixtures/samples/terraform.tf", "--no-color", - "--include-queries", "487f4be7-3fd9-4506-a07a-eae252180c08,cfdcabb0-fc06-427c-865b-c59f13e898ce", - "-o", "/path/e2e/output", "--output-name", "/path/e2e/output/E2E_CLI_052_RESULTS_ALL_HAVE_CIS.json"}, - - []string{"scan", - "-p", "/path/e2e/fixtures/samples/terraform.tf", "--no-color", - "-o", "/path/e2e/output", "--output-name", "/path/e2e/output/E2E_CLI_052_RESULTS_SOME_HAVE_CIS.json"}, - }, - UseMock: []bool{true, true}, - ExpectedResult: []ResultsValidation{ - { - ResultsFile: "E2E_CLI_052_RESULTS_ALL_HAVE_CIS", - ResultsFormats: []string{"json-cis"}, - }, - { - ResultsFile: "E2E_CLI_052_RESULTS_SOME_HAVE_CIS", - ResultsFormats: []string{"json"}, - }, - }, - }, - WantStatus: []int{50, 50}, - } - - Tests = append(Tests, testSample) -} diff --git a/e2e/testcases/e2e-cli-053_kics_scan_ignore.go b/e2e/testcases/e2e-cli-053_kics_scan_ignore.go deleted file mode 100644 index a1ec0194cae..00000000000 --- a/e2e/testcases/e2e-cli-053_kics_scan_ignore.go +++ /dev/null @@ -1,20 +0,0 @@ -package testcases - -// E2E-CLI-053 - Kics scan can ignore entire files, blocks and lines based in kics-ignore comments -func init() { //nolint - testSample := TestCase{ - Name: "should ignore files/code-blocks/code-lines during the scan [E2E-CLI-053]", - Args: args{ - Args: []cmdArgs{ - []string{"scan", "-p", "/path/e2e/fixtures/samples/scan-ignore/enable.tf"}, - []string{"scan", "-p", "/path/e2e/fixtures/samples/scan-ignore/disable.tf"}, - []string{"scan", "-p", "/path/e2e/fixtures/samples/scan-ignore/ignore-block.dockerfile"}, - []string{"scan", "-p", "/path/e2e/fixtures/samples/scan-ignore/ignore-lines.yaml"}, - []string{"scan", "-p", "/path/e2e/fixtures/samples/scan-ignore/ignore"}, - }, - }, - WantStatus: []int{40, 20, 30, 40, 0}, - } - - Tests = append(Tests, testSample) -} diff --git a/e2e/testcases/e2e-cli-054_scan_multiple-queries-path.go b/e2e/testcases/e2e-cli-054_scan_multiple-queries-path.go deleted file mode 100644 index 7349fa1fd46..00000000000 --- a/e2e/testcases/e2e-cli-054_scan_multiple-queries-path.go +++ /dev/null @@ -1,26 +0,0 @@ -package testcases - -import "regexp" - -// E2E-CLI-054 - Kics scan command with --queries-path using multiple entries -// should load and execute queries found in the provided paths -func init() { //nolint - testSample := TestCase{ - Name: "should load and execute queries from multiple paths [E2E-CLI-054]", - Args: args{ - Args: []cmdArgs{ - []string{"scan", "--queries-path", "/path/e2e/fixtures/samples/queries/valid/single_query," + - "/path/e2e/fixtures/samples/queries/valid/multiple_query", - "-p", "/path/e2e/fixtures/samples/bom-positive.tf"}, - }, - }, - Validation: func(outputText string) bool { - matchQueryPath1, _ := regexp.MatchString(`Athena Database Not Encrypted`, outputText) - matchQueryPath2, _ := regexp.MatchString(`S3 Bucket Without Enabled MFA Delete`, outputText) - return matchQueryPath1 && matchQueryPath2 - }, - WantStatus: []int{50}, - } - - Tests = append(Tests, testSample) -} diff --git a/e2e/testcases/e2e-cli-055_scan_resolve_openapi_files.go b/e2e/testcases/e2e-cli-055_scan_resolve_openapi_files.go deleted file mode 100644 index 91fc8b339ef..00000000000 --- a/e2e/testcases/e2e-cli-055_scan_resolve_openapi_files.go +++ /dev/null @@ -1,23 +0,0 @@ -package testcases - -import "regexp" - -// E2E-CLI-055 - Kics scan command with openapi files that are not resolved -// should resolve openapi files and return results in same file -func init() { //nolint - testSample := TestCase{ - Name: "should resolve openapi files and return results in different files [E2E-CLI-055]", - Args: args{ - Args: []cmdArgs{ - []string{"scan", "-p", "/path/e2e/fixtures/samples/unresolved_openapi"}, - }, - }, - WantStatus: []int{50}, - Validation: func(outputText string) bool { - matchQueryPath1, _ := regexp.MatchString(`openapi.yaml`, outputText) - return matchQueryPath1 - }, - } - - Tests = append(Tests, testSample) -} diff --git a/e2e/testcases/e2e-cli-056_scan_timeout.go b/e2e/testcases/e2e-cli-056_scan_timeout.go deleted file mode 100644 index 26250e845e7..00000000000 --- a/e2e/testcases/e2e-cli-056_scan_timeout.go +++ /dev/null @@ -1,29 +0,0 @@ -package testcases - -import ( - "regexp" -) - -// E2E-CLI-056 - Kics scan command with timeout flag -// should stop a query execution when reaching the provided timeout (seconds) -func init() { //nolint - testSample := TestCase{ - Name: "should timeout queries when reaching the timeout limit [E2E-CLI-056]", - Args: args{ - Args: []cmdArgs{ - []string{"scan", "--config", "/path/e2e/fixtures/samples/configs/config.yaml", "-v"}, - []string{"scan", "-p", "/path/e2e/fixtures/samples/positive.dockerfile", "--timeout", "1", "-v"}, - []string{"scan", "-p", "/path/e2e/fixtures/samples/positive.dockerfile", "--timeout", "0", "-v"}, - }, - }, - WantStatus: []int{50, 50, 126}, - Validation: func(outputText string) bool { - matchTimeoutLog, _ := regexp.MatchString("Query execution timeout=(0|1|12)s", outputText) - // Check for validation error (for invalid timeout=0) - matchValidationError, _ := regexp.MatchString("invalid argument --timeout: value must be greater than 0", outputText) - return matchTimeoutLog || matchValidationError - }, - } - - Tests = append(Tests, testSample) -} diff --git a/e2e/testcases/e2e-cli-057_fix_all.go b/e2e/testcases/e2e-cli-057_fix_all.go deleted file mode 100644 index 8d53565cce6..00000000000 --- a/e2e/testcases/e2e-cli-057_fix_all.go +++ /dev/null @@ -1,28 +0,0 @@ -package testcases - -import ( - "regexp" -) - -// E2E-CLI-057 - Kics remediate command -// should remediate all remediation found -func init() { //nolint - generateResults("results-remediate-all") - - testSample := TestCase{ - Name: "should remediate all remediation found [E2E-CLI-057]", - Args: args{ - Args: []cmdArgs{ - []string{"remediate", "--results", "/path/e2e/tmp-kics-ar/results-remediate-all.json", "-v"}, - }, - }, - WantStatus: []int{0}, - Validation: func(outputText string) bool { - match1, _ := regexp.MatchString(`Selected remediation: 5`, outputText) - match2, _ := regexp.MatchString(`Remediation done: 5`, outputText) - return match1 && match2 - }, - } - - Tests = append(Tests, testSample) -} diff --git a/e2e/testcases/e2e-cli-058_fix_include_ids.go b/e2e/testcases/e2e-cli-058_fix_include_ids.go deleted file mode 100644 index 1526d353f69..00000000000 --- a/e2e/testcases/e2e-cli-058_fix_include_ids.go +++ /dev/null @@ -1,31 +0,0 @@ -package testcases - -import ( - "regexp" -) - -// E2E-CLI-057 - Kics remediate command -// should remediate all remediation found -func init() { //nolint - generateResults("results-remediate-include-ids") - - testSample := TestCase{ - Name: "should remediate the recommendations pointed in include-ids flag [E2E-CLI-058]", - Args: args{ - Args: []cmdArgs{ - []string{"remediate", "--results", "/path/e2e/tmp-kics-ar/results-remediate-include-ids.json", - "--include-ids", "f282fa13cf5e4ffd4bbb0ee2059f8d0240edcd2ca54b3bb71633145d961de5ce," + - "87abbee5d0ec977ba193371c702dca2c040ea902d2e606806a63b66119ff89bc", - "-v"}, - }, - }, - WantStatus: []int{0}, - Validation: func(outputText string) bool { - match1, _ := regexp.MatchString(`Selected remediation: 2`, outputText) - match2, _ := regexp.MatchString(`Remediation done: 2`, outputText) - return match1 && match2 - }, - } - - Tests = append(Tests, testSample) -} diff --git a/e2e/testcases/e2e-cli-059_help_fix.go b/e2e/testcases/e2e-cli-059_help_fix.go deleted file mode 100644 index ede40f3f54e..00000000000 --- a/e2e/testcases/e2e-cli-059_help_fix.go +++ /dev/null @@ -1,18 +0,0 @@ -package testcases - -// E2E-CLI-059 - KICS remediate command should display a help text in the CLI when provided with the -// --help flag and it should describe the options related with remediate plus the global options -func init() { //nolint - testSample := TestCase{ - Name: "should display the kics remediate help text [E2E-CLI-059]", - Args: args{ - Args: []cmdArgs{ - []string{"remediate", "--help"}, - }, - ExpectedOut: []string{"E2E_CLI_059"}, - }, - WantStatus: []int{0}, - } - - Tests = append(Tests, testSample) -} diff --git a/e2e/testcases/e2e-cli-060_fix_text.go b/e2e/testcases/e2e-cli-060_fix_text.go deleted file mode 100644 index f2f5b670402..00000000000 --- a/e2e/testcases/e2e-cli-060_fix_text.go +++ /dev/null @@ -1,18 +0,0 @@ -package testcases - -// E2E-CLI-060 - KICS remediate command has a mandatory flag --results. The CLI should exhibit -// an error message and return exit code 126 -func init() { //nolint - testSample := TestCase{ - Name: "should display an error regarding missing --results flag [E2E-CLI-060]", - Args: args{ - Args: []cmdArgs{ - []string{"remediate"}, - }, - ExpectedOut: []string{"E2E_CLI_060"}, - }, - WantStatus: []int{126}, - } - - Tests = append(Tests, testSample) -} diff --git a/e2e/testcases/e2e-cli-061_scan_exclude_type.go b/e2e/testcases/e2e-cli-061_scan_exclude_type.go deleted file mode 100644 index 3bab9e64720..00000000000 --- a/e2e/testcases/e2e-cli-061_scan_exclude_type.go +++ /dev/null @@ -1,23 +0,0 @@ -// Package testcases provides end-to-end (E2E) testing functionality for the application. -package testcases - -// E2E-CLI-061 - KICS scan with a valid case insensitive --exclude-type flag -// should perform the scan successfully and return exit code 50 -func init() { //nolint - testSample := TestCase{ - Name: "should perform a valid scan with --exclude-type flag [E2E-CLI-061]", - Args: args{ - Args: []cmdArgs{ - []string{"scan", "-p", "\"/path/e2e/fixtures/samples/positive.dockerfile\",\"/path/e2e/fixtures/samples/terraform.tf\"", - "--silent", "--payload-path", "/path/e2e/output/E2E_CLI_061_PAYLOAD.json", "--exclude-type", - "TeRRafOrm"}, - }, - ExpectedPayload: []string{ - "E2E_CLI_061_PAYLOAD.json", - }, - }, - WantStatus: []int{50}, - } - - Tests = append(Tests, testSample) -} diff --git a/e2e/testcases/e2e-cli-062_tf_variables_comment_path.go b/e2e/testcases/e2e-cli-062_tf_variables_comment_path.go deleted file mode 100644 index 524febbef5f..00000000000 --- a/e2e/testcases/e2e-cli-062_tf_variables_comment_path.go +++ /dev/null @@ -1,22 +0,0 @@ -// Package testcases provides end-to-end (E2E) testing functionality for the application. -package testcases - -// E2E-CLI-062 - KICS scan and get the variables using a variables path as a comment -// should perform the scan successfully and return exit code 0 -func init() { //nolint - testSample := TestCase{ - Name: "should perform a valid scan and get the variables using a variables path as a comment [E2E-CLI-062]", - Args: args{ - Args: []cmdArgs{ - []string{"scan", "-p", "\"/path/e2e/fixtures/samples/terraform-vars-path/tfFiles\"", - "--silent", "--payload-path", "/path/e2e/output/E2E_CLI_062_PAYLOAD.json"}, - }, - ExpectedPayload: []string{ - "E2E_CLI_062_PAYLOAD.json", - }, - }, - WantStatus: []int{0}, - } - - Tests = append(Tests, testSample) -} diff --git a/e2e/testcases/e2e-cli-063_tf_variables_flag_path.go b/e2e/testcases/e2e-cli-063_tf_variables_flag_path.go deleted file mode 100644 index 65ddf4388f4..00000000000 --- a/e2e/testcases/e2e-cli-063_tf_variables_flag_path.go +++ /dev/null @@ -1,23 +0,0 @@ -// Package testcases provides end-to-end (E2E) testing functionality for the application. -package testcases - -// E2E-CLI-063 - KICS scan and get the variables using a variables path as a flag -// should perform the scan successfully and return exit code 0 -func init() { //nolint - testSample := TestCase{ - Name: "should perform a valid scan and get the variables using a variables path as a flag [E2E-CLI-063]", - Args: args{ - Args: []cmdArgs{ - []string{"scan", "-p", "\"/path/e2e/fixtures/samples/terraform-vars-path/tfFiles\"", - "--silent", "--payload-path", "/path/e2e/output/E2E_CLI_063_PAYLOAD.json", - "--terraform-vars-path", "/path/e2e/fixtures/samples/terraform-vars-path/terraform-vars.tfvars"}, - }, - ExpectedPayload: []string{ - "E2E_CLI_063_PAYLOAD.json", - }, - }, - WantStatus: []int{0}, - } - - Tests = append(Tests, testSample) -} diff --git a/e2e/testcases/e2e-cli-064_json_file_ref.go b/e2e/testcases/e2e-cli-064_json_file_ref.go deleted file mode 100644 index b98432e31c0..00000000000 --- a/e2e/testcases/e2e-cli-064_json_file_ref.go +++ /dev/null @@ -1,19 +0,0 @@ -// Package testcases provides end-to-end (E2E) testing functionality for the application. -package testcases - -// E2E-CLI-064 - KICS scan with json/yaml file with ## in non ref -// should perform the scan successfully and return exit code 0 -func init() { //nolint - testSample := TestCase{ - Name: "should perform a valid scan with json/yaml file with ## in non ref [E2E-CLI-064]", - Args: args{ - Args: []cmdArgs{ - []string{"scan", "-p", "\"/path/e2e/fixtures/samples/swagger\"", - "--silent"}, - }, - }, - WantStatus: []int{50}, - } - - Tests = append(Tests, testSample) -} diff --git a/e2e/testcases/e2e-cli-065_yaml_resolver_panic.go b/e2e/testcases/e2e-cli-065_yaml_resolver_panic.go deleted file mode 100644 index ab7744c2611..00000000000 --- a/e2e/testcases/e2e-cli-065_yaml_resolver_panic.go +++ /dev/null @@ -1,19 +0,0 @@ -// Package testcases provides end-to-end (E2E) testing functionality for the application. -package testcases - -// E2E-CLI-065 - KICS scan -// should perform the scan successfully and return exit code 0 -func init() { //nolint - testSample := TestCase{ - Name: "should perform a valid scan [E2E-CLI-065]", - Args: args{ - Args: []cmdArgs{ - []string{"scan", "-p", "\"/path/e2e/fixtures/samples/panicYamlRef/file1.yaml\"", - "--silent"}, - }, - }, - WantStatus: []int{0}, - } - - Tests = append(Tests, testSample) -} diff --git a/e2e/testcases/e2e-cli-066_analyze_command.go b/e2e/testcases/e2e-cli-066_analyze_command.go deleted file mode 100644 index f848d7a7c94..00000000000 --- a/e2e/testcases/e2e-cli-066_analyze_command.go +++ /dev/null @@ -1,23 +0,0 @@ -// Package testcases provides end-to-end (E2E) testing functionality for the application. -package testcases - -// E2E-CLI-066 - KICS analyze -// should finish successfully and return exit code 0 -func init() { //nolint - testSample := TestCase{ - Name: "should perform a valid analyze [E2E-CLI-066]", - Args: args{ - Args: []cmdArgs{ - []string{"analyze", - "--analyze-path", "/path/e2e/fixtures/samples/swagger", - "--analyze-results", "/path/e2e/output/E2E_CLI_066_ANALYZE_RESULTS.json"}, - }, - ExpectedAnalyzerResults: &ResultsValidation{ - ResultsFile: "E2E_CLI_066_ANALYZE_RESULTS", - ResultsFormats: []string{"json"}, - }, - }, - WantStatus: []int{0}, - } - Tests = append(Tests, testSample) -} diff --git a/e2e/testcases/e2e-cli-067_ignore_broken_symlink_eloop.go b/e2e/testcases/e2e-cli-067_ignore_broken_symlink_eloop.go deleted file mode 100644 index bf610791402..00000000000 --- a/e2e/testcases/e2e-cli-067_ignore_broken_symlink_eloop.go +++ /dev/null @@ -1,22 +0,0 @@ -// Package testcases provides end-to-end (E2E) testing functionality for the application. -package testcases - -// E2E-CLI-067 - KICS scan but ignore broken symlinks and symlinks that create endless loops -// should perform the scan successfully and return exit code 0 -func init() { //nolint - testSample := TestCase{ - Name: "should perform a valid scan but ignore broken symlinks and symlinks that create endless loops [E2E-CLI-067]", - Args: args{ - Args: []cmdArgs{ - []string{"scan", "-p", "\"/path/test/fixtures/link_test/broken_symlink\"", "\"/path/test/fixtures/link_test/eloop_link\"", - "--silent", "--payload-path", "/path/e2e/output/E2E_CLI_067_PAYLOAD.json"}, - }, - ExpectedPayload: []string{ - "E2E_CLI_067_PAYLOAD.json", - }, - }, - WantStatus: []int{0}, - } - - Tests = append(Tests, testSample) -} diff --git a/e2e/testcases/e2e-cli-068_corrupted_dockerfile.go b/e2e/testcases/e2e-cli-068_corrupted_dockerfile.go deleted file mode 100644 index a454068801c..00000000000 --- a/e2e/testcases/e2e-cli-068_corrupted_dockerfile.go +++ /dev/null @@ -1,26 +0,0 @@ -// Package testcases provides end-to-end (E2E) testing functionality for the application. -package testcases - -// E2E-CLI-068 - KICS scan but recover from corrupted dockerfile -// should perform the scan successfully and return exit code 50 -func init() { //nolint - testSample := TestCase{ - Name: "should perform a valid scan and recover from a corrupted dockerfile [E2E-CLI-068]", - Args: args{ - Args: []cmdArgs{ - []string{"scan", "-o", "/path/e2e/output", "--output-name", "E2E_CLI_068_RESULT", - "-p", "/path/test/fixtures/dockerfile/corrupted_dockerfile", - }, - }, - ExpectedResult: []ResultsValidation{ - { - ResultsFile: "E2E_CLI_068_RESULT", - ResultsFormats: []string{"json"}, - }, - }, - }, - WantStatus: []int{50}, - } - - Tests = append(Tests, testSample) -} diff --git a/e2e/testcases/e2e-cli-069_ignore_experimental_query.go b/e2e/testcases/e2e-cli-069_ignore_experimental_query.go deleted file mode 100644 index 2e9e07f6e45..00000000000 --- a/e2e/testcases/e2e-cli-069_ignore_experimental_query.go +++ /dev/null @@ -1,32 +0,0 @@ -package testcases - -// E2E-CLI-069 - KICS scan and ignore experimental queries -// should perform the scan successfully and return exit code 40 -const ( - samplePath = "/path/test/fixtures/experimental_test/sample" - queriesPath = "/path/test/fixtures/experimental_test/queries" -) - -func init() { //nolint - paths := []string{samplePath, queriesPath} - - testSample := TestCase{ - Name: "should perform a valid scan and ignore the experimental queries [E2E-CLI-069]", - Args: args{ - Args: []cmdArgs{ - []string{"scan", "-o", "/path/e2e/output", "--output-name", "E2E_CLI_069_RESULT", - "-p", "\"" + paths[0] + "\"", "-q", "\"" + paths[1] + "\"", - }, - }, - ExpectedResult: []ResultsValidation{ - { - ResultsFile: "E2E_CLI_069_RESULT", - ResultsFormats: []string{"json"}, - }, - }, - }, - WantStatus: []int{40}, - } - - Tests = append(Tests, testSample) -} diff --git a/e2e/testcases/e2e-cli-070_not_ignore_experimental_query.go b/e2e/testcases/e2e-cli-070_not_ignore_experimental_query.go deleted file mode 100644 index bfe90c4c7ba..00000000000 --- a/e2e/testcases/e2e-cli-070_not_ignore_experimental_query.go +++ /dev/null @@ -1,31 +0,0 @@ -package testcases - -// E2E-CLI-070 - KICS scan and not ignore experimental queries -// should perform the scan successfully and return exit code 40 and 50 -func init() { //nolint - samplePath := "/path/test/fixtures/experimental_test/sample" - queriesPath := "/path/test/fixtures/experimental_test/queries" - - paths := []string{samplePath, queriesPath} - - testSample := TestCase{ - Name: "should perform a valid scan and not ignore the experimental queries [E2E-CLI-070]", - Args: args{ - Args: []cmdArgs{ - []string{"scan", "-o", "/path/e2e/output", "--output-name", "E2E_CLI_070_RESULT", - "-p", "\"" + paths[0] + "\"", "-q", "\"" + paths[1] + "\"", - "--experimental-queries", - }, - }, - ExpectedResult: []ResultsValidation{ - { - ResultsFile: "E2E_CLI_070_RESULT", - ResultsFormats: []string{"json"}, - }, - }, - }, - WantStatus: []int{50}, - } - - Tests = append(Tests, testSample) -} diff --git a/e2e/testcases/e2e-cli-071_no_flag_resolve_references.go b/e2e/testcases/e2e-cli-071_no_flag_resolve_references.go deleted file mode 100644 index c0de9e72766..00000000000 --- a/e2e/testcases/e2e-cli-071_no_flag_resolve_references.go +++ /dev/null @@ -1,27 +0,0 @@ -package testcases - -// E2E-CLI-071 - KICS scan and ignore references -// should perform the scan successfully and return exit code 20 -func init() { //nolint - testSample := TestCase{ - Name: "should perform a valid scan and not resolve references [E2E-CLI-071]", - Args: args{ - Args: []cmdArgs{ - []string{"scan", "-o", "/path/e2e/output", - "--output-name", "E2E_CLI_071_RESULT", - "-p", "\"/path/test/fixtures/resolve_references\"", - "-i", "6c35d2c6-09f2-4e5c-a094-e0e91327071d,962fa01e-b791-4dcc-b04a-4a3e7389be5e", - }, - }, - ExpectedResult: []ResultsValidation{ - { - ResultsFile: "E2E_CLI_071_RESULT", - ResultsFormats: []string{"json"}, - }, - }, - }, - WantStatus: []int{20}, - } - - Tests = append(Tests, testSample) -} diff --git a/e2e/testcases/e2e-cli-071_tf_eval_func_unknown_type.go b/e2e/testcases/e2e-cli-071_tf_eval_func_unknown_type.go deleted file mode 100644 index 2a68c32d74e..00000000000 --- a/e2e/testcases/e2e-cli-071_tf_eval_func_unknown_type.go +++ /dev/null @@ -1,22 +0,0 @@ -// Package testcases provides end-to-end (E2E) testing functionality for the application. -package testcases - -// E2E-CLI-071 - KICS scan while evaluating the terraform functions with unknown type -// should perform the scan successfully and return exit code 40 -func init() { //nolint - testSample := TestCase{ - Name: "should perform a valid scan while evaluating the terraform functions with unknown type [E2E-CLI-071]", - Args: args{ - Args: []cmdArgs{ - []string{"scan", "-p", "\"/path/e2e/fixtures/samples/tf-eval-func-unknown-type/main.tf\"", - "--silent", "--payload-path", "/path/e2e/output/E2E_CLI_071_PAYLOAD.json"}, - }, - ExpectedPayload: []string{ - "E2E_CLI_071_PAYLOAD.json", - }, - }, - WantStatus: []int{40}, - } - - Tests = append(Tests, testSample) -} diff --git a/e2e/testcases/e2e-cli-072_flag_resolve_references.go b/e2e/testcases/e2e-cli-072_flag_resolve_references.go deleted file mode 100644 index be9ace47de8..00000000000 --- a/e2e/testcases/e2e-cli-072_flag_resolve_references.go +++ /dev/null @@ -1,28 +0,0 @@ -package testcases - -// E2E-CLI-072 - KICS scan and ignore references -// should perform the scan successfully and return exit code 40,20 -func init() { //nolint - testSample := TestCase{ - Name: "should perform a valid scan and resolve references [E2E-CLI-072]", - Args: args{ - Args: []cmdArgs{ - []string{"scan", "-o", "/path/e2e/output", - "--output-name", "E2E_CLI_072_RESULT", - "-p", "\"/path/test/fixtures/resolve_references\"", - "-i", "6c35d2c6-09f2-4e5c-a094-e0e91327071d,962fa01e-b791-4dcc-b04a-4a3e7389be5e", - "--enable-openapi-refs", - }, - }, - ExpectedResult: []ResultsValidation{ - { - ResultsFile: "E2E_CLI_072_RESULT", - ResultsFormats: []string{"json"}, - }, - }, - }, - WantStatus: []int{30}, - } - - Tests = append(Tests, testSample) -} diff --git a/e2e/testcases/e2e-cli-073_json_no_flag_resolve_references.go b/e2e/testcases/e2e-cli-073_json_no_flag_resolve_references.go deleted file mode 100644 index e27f8b74745..00000000000 --- a/e2e/testcases/e2e-cli-073_json_no_flag_resolve_references.go +++ /dev/null @@ -1,28 +0,0 @@ -package testcases - -// E2E-CLI-073 - KICS scan and ignore references -// should perform the scan successfully and return exit code 0 -// no results expected -func init() { //nolint - testSample := TestCase{ - Name: "should perform a valid scan and not resolve references [E2E-CLI-073]", - Args: args{ - Args: []cmdArgs{ - []string{"scan", "-o", "/path/e2e/output", - "--output-name", "E2E_CLI_073_RESULT", - "-p", "\"/path/test/fixtures/resolve_references_json\"", - "-i", "750b40be-4bac-4f59-bdc4-1ca0e6c3450e", - }, - }, - ExpectedResult: []ResultsValidation{ - { - ResultsFile: "E2E_CLI_073_RESULT", - ResultsFormats: []string{"json"}, - }, - }, - }, - WantStatus: []int{0}, - } - - Tests = append(Tests, testSample) -} diff --git a/e2e/testcases/e2e-cli-074_json_flag_resolve_references.go b/e2e/testcases/e2e-cli-074_json_flag_resolve_references.go deleted file mode 100644 index 90a5388c959..00000000000 --- a/e2e/testcases/e2e-cli-074_json_flag_resolve_references.go +++ /dev/null @@ -1,28 +0,0 @@ -package testcases - -// E2E-CLI-074 - KICS scan and ignore references -// should perform the scan successfully and return exit code 20 -func init() { //nolint - testSample := TestCase{ - Name: "should perform a valid scan and resolve references [E2E-CLI-074]", - Args: args{ - Args: []cmdArgs{ - []string{"scan", "-o", "/path/e2e/output", - "--output-name", "E2E_CLI_074_RESULT", - "-p", "\"/path/test/fixtures/resolve_references_json\"", - "-i", "750b40be-4bac-4f59-bdc4-1ca0e6c3450e", - "--enable-openapi-refs", - }, - }, - ExpectedResult: []ResultsValidation{ - { - ResultsFile: "E2E_CLI_074_RESULT", - ResultsFormats: []string{"json"}, - }, - }, - }, - WantStatus: []int{20}, - } - - Tests = append(Tests, testSample) -} diff --git a/e2e/testcases/e2e-cli-075_ansible_host_detected.go b/e2e/testcases/e2e-cli-075_ansible_host_detected.go deleted file mode 100644 index 241bf3a7d21..00000000000 --- a/e2e/testcases/e2e-cli-075_ansible_host_detected.go +++ /dev/null @@ -1,27 +0,0 @@ -package testcases - -// E2E-CLI-075 - KICS scan -// should perform the scan successfully detect ansible and return result 40 -func init() { //nolint - testSample := TestCase{ - Name: "should perform a valid scan and and detect ansible [E2E-CLI-075]", - Args: args{ - Args: []cmdArgs{ - []string{"scan", "-o", "/path/e2e/output", - "--output-name", "E2E_CLI_075_RESULT", - "-p", "\"/path/test/fixtures/analyzer_test_ansible_host/e2e\"", - "-i", "1b2bf3ff-31e9-460e-bbfb-45e48f4f20cc", - }, - }, - ExpectedResult: []ResultsValidation{ - { - ResultsFile: "E2E_CLI_075_RESULT", - ResultsFormats: []string{"json"}, - }, - }, - }, - WantStatus: []int{40}, - } - - Tests = append(Tests, testSample) -} diff --git a/e2e/testcases/e2e-cli-076_max_file_size.go b/e2e/testcases/e2e-cli-076_max_file_size.go deleted file mode 100644 index 380e7fc8743..00000000000 --- a/e2e/testcases/e2e-cli-076_max_file_size.go +++ /dev/null @@ -1,27 +0,0 @@ -package testcases - -// E2E-CLI-076 - KICS scan -// should perform a scan without detecting anything since no files are scanned because of max file size -func init() { //nolint - testSample := TestCase{ - Name: "should perform a scan without detecting anything since no files are scanned because of max file size [E2E-CLI-076]", - Args: args{ - Args: []cmdArgs{ - []string{"scan", "-o", "/path/e2e/output", - "--output-name", "E2E_CLI_076_RESULT", - "-p", "\"/path/test/fixtures/max_file_size\"", - "--max-file-size", "3", - }, - }, - ExpectedResult: []ResultsValidation{ - { - ResultsFile: "E2E_CLI_076_RESULT", - ResultsFormats: []string{"json"}, - }, - }, - }, - WantStatus: []int{00}, - } - - Tests = append(Tests, testSample) -} diff --git a/e2e/testcases/e2e-cli-077_fix_similarity_id.go b/e2e/testcases/e2e-cli-077_fix_similarity_id.go deleted file mode 100644 index a7b52ab78c4..00000000000 --- a/e2e/testcases/e2e-cli-077_fix_similarity_id.go +++ /dev/null @@ -1,27 +0,0 @@ -package testcases - -// E2E-CLI-077 - KICS scan -// should perform a scan, present two results, without the same similarity id -func init() { //nolint - testSample := TestCase{ - Name: "should perform a scan, present two results, without the same similarity id [E2E-CLI-077]", - Args: args{ - Args: []cmdArgs{ - []string{"scan", "-o", "/path/e2e/output", - "--output-name", "E2E_CLI_077_RESULT", - "-p", "\"/path/test/fixtures/similarity_id\"", - "-i", "488847ff-6031-487c-bf42-98fd6ac5c9a0", - }, - }, - ExpectedResult: []ResultsValidation{ - { - ResultsFile: "E2E_CLI_077_RESULT", - ResultsFormats: []string{"json"}, - }, - }, - }, - WantStatus: []int{40}, - } - - Tests = append(Tests, testSample) -} diff --git a/e2e/testcases/e2e-cli-078_similarity_id_minified_files.go b/e2e/testcases/e2e-cli-078_similarity_id_minified_files.go deleted file mode 100644 index 829ad77767c..00000000000 --- a/e2e/testcases/e2e-cli-078_similarity_id_minified_files.go +++ /dev/null @@ -1,27 +0,0 @@ -package testcases - -// E2E-CLI-078 - KICS scan -// should perform a scan and return three different similarity ids on the results -func init() { //nolint - testSample := TestCase{ - Name: "should perform a scan and return three different similarity ids on the results [E2E-CLI-078]", - Args: args{ - Args: []cmdArgs{ - []string{"scan", "-o", "/path/e2e/output", - "--output-name", "E2E_CLI_078_RESULT", - "-p", "\"/path/test/fixtures/minified_files_similarity_id\"", - "-i", "00b78adf-b83f-419c-8ed8-c6018441dd3a", - }, - }, - ExpectedResult: []ResultsValidation{ - { - ResultsFile: "E2E_CLI_078_RESULT", - ResultsFormats: []string{"json"}, - }, - }, - }, - WantStatus: []int{40}, - } - - Tests = append(Tests, testSample) -} diff --git a/e2e/testcases/e2e-cli-079_cwe_sarif_result.go b/e2e/testcases/e2e-cli-079_cwe_sarif_result.go deleted file mode 100644 index 14bd3eb0c6f..00000000000 --- a/e2e/testcases/e2e-cli-079_cwe_sarif_result.go +++ /dev/null @@ -1,28 +0,0 @@ -package testcases - -// E2E-CLI-079 - KICS scan -// should perform a scan saving the reports in sarif format, showing the cwe on results -func init() { //nolint - testSample := TestCase{ - Name: "should perform a scan saving the reports in sarif format, showing the cwe on results [E2E-CLI-079]", - Args: args{ - Args: []cmdArgs{ - []string{"scan", "-o", "/path/e2e/output", - "--output-name", "E2E_CLI_079_RESULT", - "-p", "\"/path/test/fixtures/test_sarif_cwe_report/run_block_injection/test\"", - "-q", "\"/path/test/fixtures/test_sarif_cwe_report/run_block_injection/query\"", - "--report-formats", "sarif", - }, - }, - ExpectedResult: []ResultsValidation{ - { - ResultsFile: "E2E_CLI_079_RESULT", - ResultsFormats: []string{"sarif"}, - }, - }, - }, - WantStatus: []int{50}, - } - - Tests = append(Tests, testSample) -} diff --git a/e2e/testcases/e2e-cli-080_cwe_sarif_result.go b/e2e/testcases/e2e-cli-080_cwe_sarif_result.go deleted file mode 100644 index abe3472d8a0..00000000000 --- a/e2e/testcases/e2e-cli-080_cwe_sarif_result.go +++ /dev/null @@ -1,28 +0,0 @@ -package testcases - -// E2E-CLI-080 - KICS scan -// should perform a scan saving the reports in sarif format, showing no cwe field on results -func init() { //nolint - testSample := TestCase{ - Name: "should perform a scan saving the reports in sarif format, showing no cwe field on results [E2E-CLI-080]", - Args: args{ - Args: []cmdArgs{ - []string{"scan", "-o", "/path/e2e/output", - "--output-name", "E2E_CLI_080_RESULT", - "-p", "\"/path/test/fixtures/test_sarif_cwe_report/script_block_injection/test\"", - "-q", "\"/path/test/fixtures/test_sarif_cwe_report/script_block_injection/query\"", - "--report-formats", "sarif", - }, - }, - ExpectedResult: []ResultsValidation{ - { - ResultsFile: "E2E_CLI_080_RESULT", - ResultsFormats: []string{"sarif"}, - }, - }, - }, - WantStatus: []int{50}, - } - - Tests = append(Tests, testSample) -} diff --git a/e2e/testcases/e2e-cli-081_output_path_valid.go b/e2e/testcases/e2e-cli-081_output_path_valid.go deleted file mode 100644 index 2e8e6576634..00000000000 --- a/e2e/testcases/e2e-cli-081_output_path_valid.go +++ /dev/null @@ -1,26 +0,0 @@ -package testcases - -// E2E-CLI-081 - KICS scan -// should check if output path is valid -func init() { //nolint - testSample := TestCase{ - Name: "should check if output path is valid [E2E-CLI-081]", - Args: args{ - Args: []cmdArgs{ - []string{"scan", "-o", "/path/e2e/output", - "--output-name", "E2E_CLI_081_RESULT", - "-p", "\"/path/test/fixtures/test_output_path\"", - }, - }, - ExpectedResult: []ResultsValidation{ - { - ResultsFile: "E2E_CLI_081_RESULT", - ResultsFormats: []string{"json"}, - }, - }, - }, - WantStatus: []int{40}, - } - - Tests = append(Tests, testSample) -} diff --git a/e2e/testcases/e2e-cli-082_output_path_invalid.go b/e2e/testcases/e2e-cli-082_output_path_invalid.go deleted file mode 100644 index b68ef31b3d9..00000000000 --- a/e2e/testcases/e2e-cli-082_output_path_invalid.go +++ /dev/null @@ -1,23 +0,0 @@ -package testcases - -// E2E-CLI-082 - KICS scan -// should check if output path is invalid -func init() { //nolint - testSample := TestCase{ - Name: "should check if output path is invalid [E2E-CLI-082]", - Args: args{ - Args: []cmdArgs{ - []string{"scan", "-o", "/path/e2e/output?", - "--output-name", "E2E_CLI_082_RESULT", - "-p", "\"/path/test/fixtures/test_output_path\"", - }, - }, - ExpectedOut: []string{ - "E2E_CLI_082_RESULT", - }, - }, - WantStatus: []int{126}, - } - - Tests = append(Tests, testSample) -} diff --git a/e2e/testcases/e2e-cli-083_helm_ignore.go b/e2e/testcases/e2e-cli-083_helm_ignore.go deleted file mode 100644 index 450b9439d62..00000000000 --- a/e2e/testcases/e2e-cli-083_helm_ignore.go +++ /dev/null @@ -1,27 +0,0 @@ -package testcases - -// E2E-CLI-083 - KICS scan -// should perform a scan and return zero results ignoring the file -func init() { //nolint - testSample := TestCase{ - Name: "should perform a scan and return zero results ignoring the file [E2E-CLI-083]", - Args: args{ - Args: []cmdArgs{ - []string{"scan", "-o", "/path/e2e/output", - "--output-name", "E2E_CLI_083_RESULT", - "-p", "\"/path/test/fixtures/helm_ignore\"", - "-i", "b7652612-de4e-4466-a0bf-1cd81f0c6063", - }, - }, - ExpectedResult: []ResultsValidation{ - { - ResultsFile: "E2E_CLI_083_RESULT", - ResultsFormats: []string{"json"}, - }, - }, - }, - WantStatus: []int{0}, - } - - Tests = append(Tests, testSample) -} diff --git a/e2e/testcases/e2e-cli-084_helm_ignore_block.go b/e2e/testcases/e2e-cli-084_helm_ignore_block.go deleted file mode 100644 index 9511bd14da4..00000000000 --- a/e2e/testcases/e2e-cli-084_helm_ignore_block.go +++ /dev/null @@ -1,27 +0,0 @@ -package testcases - -// E2E-CLI-084 - KICS scan -// should perform a scan and return zero results ignoring the block -func init() { //nolint - testSample := TestCase{ - Name: "should perform a scan and return zero results ignoring the block [E2E-CLI-084]", - Args: args{ - Args: []cmdArgs{ - []string{"scan", "-o", "/path/e2e/output", - "--output-name", "E2E_CLI_084_RESULT", - "-p", "\"/path/test/fixtures/helm_ignore_block\"", - "-i", "b7652612-de4e-4466-a0bf-1cd81f0c6063", - }, - }, - ExpectedResult: []ResultsValidation{ - { - ResultsFile: "E2E_CLI_084_RESULT", - ResultsFormats: []string{"json"}, - }, - }, - }, - WantStatus: []int{0}, - } - - Tests = append(Tests, testSample) -} diff --git a/e2e/testcases/e2e-cli-085_helm_disable_query.go b/e2e/testcases/e2e-cli-085_helm_disable_query.go deleted file mode 100644 index d120a35eeb8..00000000000 --- a/e2e/testcases/e2e-cli-085_helm_disable_query.go +++ /dev/null @@ -1,27 +0,0 @@ -package testcases - -// E2E-CLI-085 - KICS scan -// should perform a scan and return zero results ignoring the query -func init() { //nolint - testSample := TestCase{ - Name: "should perform a scan and return zero results ignoring the query [E2E-CLI-085]", - Args: args{ - Args: []cmdArgs{ - []string{"scan", "-o", "/path/e2e/output", - "--output-name", "E2E_CLI_085_RESULT", - "-p", "\"/path/test/fixtures/helm_disable_query\"", - "-i", "b7652612-de4e-4466-a0bf-1cd81f0c6063", - }, - }, - ExpectedResult: []ResultsValidation{ - { - ResultsFile: "E2E_CLI_085_RESULT", - ResultsFormats: []string{"json"}, - }, - }, - }, - WantStatus: []int{0}, - } - - Tests = append(Tests, testSample) -} diff --git a/e2e/testcases/e2e-cli-086_parallel_scan_default.go b/e2e/testcases/e2e-cli-086_parallel_scan_default.go deleted file mode 100644 index f37dd8fd9b1..00000000000 --- a/e2e/testcases/e2e-cli-086_parallel_scan_default.go +++ /dev/null @@ -1,27 +0,0 @@ -package testcases - -// E2E-CLI-086 - KICS scan -// should perform a scan, finishing successfully and return exit code 0 -func init() { //nolint - testSample := TestCase{ - Name: "should perform a scan and finish successfully [E2E-CLI-086]", - Args: args{ - Args: []cmdArgs{ - []string{"scan", "-o", "/path/e2e/output", - "--output-name", "E2E_CLI_086_RESULT", - "-p", "\"/path/e2e/fixtures/samples/terraform.tf\"", - "--parallel", "0", - }, - }, - ExpectedResult: []ResultsValidation{ - { - ResultsFile: "E2E_CLI_086_RESULT", - ResultsFormats: []string{"json"}, - }, - }, - }, - WantStatus: []int{50}, - } - - Tests = append(Tests, testSample) -} diff --git a/e2e/testcases/e2e-cli-087_parallel_scan_sequential.go b/e2e/testcases/e2e-cli-087_parallel_scan_sequential.go deleted file mode 100644 index 45d569e045b..00000000000 --- a/e2e/testcases/e2e-cli-087_parallel_scan_sequential.go +++ /dev/null @@ -1,27 +0,0 @@ -package testcases - -// E2E-CLI-087 - KICS scan -// should perform a scan, finishing successfully and return exit code 0 -func init() { //nolint - testSample := TestCase{ - Name: "should perform a scan and finish successfully [E2E-CLI-087]", - Args: args{ - Args: []cmdArgs{ - []string{"scan", "-o", "/path/e2e/output", - "--output-name", "E2E_CLI_087_RESULT", - "-p", "\"/path/e2e/fixtures/samples/terraform.tf\"", - "--parallel", "1", - }, - }, - ExpectedResult: []ResultsValidation{ - { - ResultsFile: "E2E_CLI_087_RESULT", - ResultsFormats: []string{"json"}, - }, - }, - }, - WantStatus: []int{50}, - } - - Tests = append(Tests, testSample) -} diff --git a/e2e/testcases/e2e-cli-088_parallel_scan_6_workers.go b/e2e/testcases/e2e-cli-088_parallel_scan_6_workers.go deleted file mode 100644 index 7d05e3d17d7..00000000000 --- a/e2e/testcases/e2e-cli-088_parallel_scan_6_workers.go +++ /dev/null @@ -1,27 +0,0 @@ -package testcases - -// E2E-CLI-088 - KICS scan -// should perform a scan, finishing successfully and return exit code 0 -func init() { //nolint - testSample := TestCase{ - Name: "should perform a scan and finish successfully [E2E-CLI-088]", - Args: args{ - Args: []cmdArgs{ - []string{"scan", "-o", "/path/e2e/output", - "--output-name", "E2E_CLI_088_RESULT", - "-p", "\"/path/e2e/fixtures/samples/terraform.tf\"", - "--parallel", "6", - }, - }, - ExpectedResult: []ResultsValidation{ - { - ResultsFile: "E2E_CLI_088_RESULT", - ResultsFormats: []string{"json"}, - }, - }, - }, - WantStatus: []int{50}, - } - - Tests = append(Tests, testSample) -} diff --git a/e2e/testcases/e2e-cli-089_critical_severity.go b/e2e/testcases/e2e-cli-089_critical_severity.go deleted file mode 100644 index ea7d280e77b..00000000000 --- a/e2e/testcases/e2e-cli-089_critical_severity.go +++ /dev/null @@ -1,26 +0,0 @@ -package testcases - -// E2E-CLI-089 - KICS scan -// should perform a scan successfully giving results with critical severity and return exit code 60 -func init() { //nolint - testSample := TestCase{ - Name: "should perform a scan successfully giving results with critical severity and return exit code 60 [E2E-CLI-089]", - Args: args{ - Args: []cmdArgs{ - []string{"scan", "-o", "/path/e2e/output", - "--output-name", "E2E_CLI_089_RESULT", - "-p", "\"/path/test/fixtures/test_critical_severity/run_block_injection/test\"", - "-q", "\"/path/test/fixtures/test_critical_severity/run_block_injection/query\"", - }, - }, - ExpectedResult: []ResultsValidation{ - { - ResultsFile: "E2E_CLI_089_RESULT", - }, - }, - }, - WantStatus: []int{60}, - } - - Tests = append(Tests, testSample) -} diff --git a/e2e/testcases/e2e-cli-090_critical_severity_all_report_formats.go b/e2e/testcases/e2e-cli-090_critical_severity_all_report_formats.go deleted file mode 100644 index d3fb8fc0c2a..00000000000 --- a/e2e/testcases/e2e-cli-090_critical_severity_all_report_formats.go +++ /dev/null @@ -1,28 +0,0 @@ -package testcases - -// E2E-CLI-090 - Kics scan command with --report-formats and --output-path flags -// should export the results based on the formats provided by this flag, with critical severity -func init() { //nolint - testSample := TestCase{ - Name: "should export the results based on the formats provided by this flag, with critical severity [E2E-CLI-090]", - Args: args{ - Args: []cmdArgs{ - []string{"scan", "-o", "/path/e2e/output", - "--output-name", "E2E_CLI_090_RESULT", - "--report-formats", "asff,codeclimate,csv,cyclonedx,glsast,html,json,junit,pdf,sarif,sonarqube", - "-p", "\"/path/test/fixtures/test_critical_custom_queries/amazon_mq_broker_encryption_disabled/test\"", - "-q", "\"/path/test/fixtures/test_critical_custom_queries/amazon_mq_broker_encryption_disabled/query\"", - }, - }, - ExpectedResult: []ResultsValidation{ - { - ResultsFile: "E2E_CLI_090_RESULT", - ResultsFormats: []string{"asff", "codeclimate", "csv", "cyclonedx", "glsast", "html", "json", "junit", "pdf", "sarif", "sonarqube"}, - }, - }, - }, - WantStatus: []int{60}, - } - - Tests = append(Tests, testSample) -} diff --git a/e2e/testcases/e2e-cli-091_bicep_scan_output_payload.go b/e2e/testcases/e2e-cli-091_bicep_scan_output_payload.go deleted file mode 100644 index ff1e341ee77..00000000000 --- a/e2e/testcases/e2e-cli-091_bicep_scan_output_payload.go +++ /dev/null @@ -1,31 +0,0 @@ -package testcases - -// E2E-CLI-091 - Kics scan command with -o and -d flags on bicep files -// should perform the scan successfully, evaluating the result and payload files -func init() { //nolint - testSample := TestCase{ - Name: "should perform a scan on bicep files and create a result and payload file [E2E-CLI-091]", - Args: args{ - Args: []cmdArgs{ - []string{"scan", "-o", "/path/e2e/output", - "--output-name", "E2E_CLI_091_RESULT", - "-p", "\"/path/test/fixtures/bicep_test/test\"", - "-d", "/path/e2e/output/E2E_CLI_091_PAYLOAD.json", - "--disable-secrets", - }, - }, - ExpectedResult: []ResultsValidation{ - { - ResultsFile: "E2E_CLI_091_RESULT", - ResultsFormats: []string{"json"}, - }, - }, - ExpectedPayload: []string{ - "E2E_CLI_091_PAYLOAD.json", - }, - }, - WantStatus: []int{20}, - } - - Tests = append(Tests, testSample) -} diff --git a/e2e/testcases/e2e-cli-092_gitignore_not_exclude_project.go b/e2e/testcases/e2e-cli-092_gitignore_not_exclude_project.go deleted file mode 100644 index 58e826cec4c..00000000000 --- a/e2e/testcases/e2e-cli-092_gitignore_not_exclude_project.go +++ /dev/null @@ -1,26 +0,0 @@ -package testcases - -// E2E-CLI-092 - KICS scan -// should perform a scan and not ignore the entire project -func init() { //nolint - testSample := TestCase{ - Name: "should perform a scan and not ignore the entire project [E2E-CLI-092]", - Args: args{ - Args: []cmdArgs{ - []string{"scan", "-o", "/path/e2e/output", - "--output-name", "E2E_CLI_092_RESULT", - "-p", "\"/path/e2e/fixtures/samples/tmp-gitignore/project\"", - }, - }, - ExpectedResult: []ResultsValidation{ - { - ResultsFile: "E2E_CLI_092_RESULT", - ResultsFormats: []string{"json"}, - }, - }, - }, - WantStatus: []int{50}, - } - - Tests = append(Tests, testSample) -} diff --git a/e2e/testcases/e2e-cli-093_old_severity_metadata_field.go b/e2e/testcases/e2e-cli-093_old_severity_metadata_field.go deleted file mode 100644 index 8979b5e620a..00000000000 --- a/e2e/testcases/e2e-cli-093_old_severity_metadata_field.go +++ /dev/null @@ -1,110 +0,0 @@ -package testcases - -var stringToTest = "should perform a scans successfully giving results with old severity and return exit code " - -// E2E-CLI-093 - KICS scan with old severity metadata field -// should perform a scan successfully giving results with old severity metadata field and return exit code according to the severity -func init() { //nolint - testSample01 := TestCase{ - Name: stringToTest + - "according to old severity [E2E-CLI-093_1]", - Args: args{ - Args: []cmdArgs{ - []string{"scan", "-o", "/path/e2e/output", - "--output-name", "E2E_CLI_093_RESULT", - "-p", "\"/path/test/fixtures/test_old_severity/test\"", - "-q", "\"/path/test/fixtures/test_old_severity/info\"", - "--old-severities", - }, - }, - ExpectedResult: []ResultsValidation{ - { - ResultsFile: "E2E_CLI_093_RESULT", - }, - }, - }, - WantStatus: []int{20}, - } - testSample02 := TestCase{ - Name: stringToTest + - "according to old severity [E2E-CLI-093_2]", - Args: args{ - Args: []cmdArgs{ - []string{"scan", "-o", "/path/e2e/output", - "--output-name", "E2E_CLI_093_RESULT_2", - "-p", "\"/path/test/fixtures/test_old_severity/test\"", - "-q", "\"/path/test/fixtures/test_old_severity/low\"", - "--old-severities", - }, - }, - ExpectedResult: []ResultsValidation{ - { - ResultsFile: "E2E_CLI_093_RESULT_2", - }, - }, - }, - WantStatus: []int{30, 40, 50, 60}, - } - testSample03 := TestCase{ - Name: stringToTest + - "according to old severity [E2E-CLI-093_3]", - Args: args{ - Args: []cmdArgs{ - []string{"scan", "-o", "/path/e2e/output", - "--output-name", "E2E_CLI_093_RESULT_3", - "-p", "\"/path/test/fixtures/test_old_severity/test\"", - "-q", "\"/path/test/fixtures/test_old_severity/medium\"", - "--old-severities", - }, - }, - ExpectedResult: []ResultsValidation{ - { - ResultsFile: "E2E_CLI_093_RESULT_3", - }, - }, - }, - WantStatus: []int{40}, - } - testSample04 := TestCase{ - Name: stringToTest + - "according to old severity [E2E-CLI-093_4]", - Args: args{ - Args: []cmdArgs{ - []string{"scan", "-o", "/path/e2e/output", - "--output-name", "E2E_CLI_093_RESULT_4", - "-p", "\"/path/test/fixtures/test_old_severity/test\"", - "-q", "\"/path/test/fixtures/test_old_severity/high\"", - "--old-severities", - }, - }, - ExpectedResult: []ResultsValidation{ - { - ResultsFile: "E2E_CLI_093_RESULT_4", - }, - }, - }, - WantStatus: []int{50}, - } - testSample05 := TestCase{ - Name: stringToTest + - "according to old severity [E2E-CLI-093_5]", - Args: args{ - Args: []cmdArgs{ - - []string{"scan", "-o", "/path/e2e/output", - "--output-name", "E2E_CLI_093_RESULT_5", - "-p", "\"/path/test/fixtures/test_old_severity/test\"", - "-q", "\"/path/test/fixtures/test_old_severity/critical\"", - "--old-severities", - }, - }, - ExpectedResult: []ResultsValidation{ - { - ResultsFile: "E2E_CLI_093_RESULT_5", - }, - }, - }, - WantStatus: []int{60}, - } - Tests = append(Tests, testSample01, testSample02, testSample03, testSample04, testSample05) -} diff --git a/e2e/testcases/e2e-cli-094_max_resolver_depth_0.go b/e2e/testcases/e2e-cli-094_max_resolver_depth_0.go deleted file mode 100644 index 88ef2af39cb..00000000000 --- a/e2e/testcases/e2e-cli-094_max_resolver_depth_0.go +++ /dev/null @@ -1,30 +0,0 @@ -package testcases - -// E2E-CLI-094 - KICS scan and ignore references -// should perform the scan successfully and return exit code 20 -// this test is similar to E2E-CLI-071. Since the '--max-resolver-path' parameter is set to 0, it will not resolve any files -func init() { //nolint - testSample := TestCase{ - Name: "should perform a valid scan and not resolve references [E2E-CLI-094]", - Args: args{ - Args: []cmdArgs{ - []string{"scan", "-o", "/path/e2e/output", - "--output-name", "E2E_CLI_094_RESULT", - "-p", "\"/path/test/fixtures/resolve_references\"", - "-i", "6c35d2c6-09f2-4e5c-a094-e0e91327071d,962fa01e-b791-4dcc-b04a-4a3e7389be5e", - "--enable-openapi-refs", - "--max-resolver-depth", "0", - }, - }, - ExpectedResult: []ResultsValidation{ - { - ResultsFile: "E2E_CLI_094_RESULT", - ResultsFormats: []string{"json"}, - }, - }, - }, - WantStatus: []int{20}, - } - - Tests = append(Tests, testSample) -} diff --git a/e2e/testcases/e2e-cli-095_max_resolver_depth_default.go b/e2e/testcases/e2e-cli-095_max_resolver_depth_default.go deleted file mode 100644 index 80a9686858c..00000000000 --- a/e2e/testcases/e2e-cli-095_max_resolver_depth_default.go +++ /dev/null @@ -1,29 +0,0 @@ -package testcases - -// E2E-CLI-095 - KICS scan and ignore references -// should perform the scan successfully and return exit code 0 -// this test sample contains a circular loop. It will stop after 15 iterations, having parsed 6887 lines -func init() { //nolint - testSample := TestCase{ - Name: "should perform a valid scan and resolve references [E2E-CLI-095]", - Args: args{ - Args: []cmdArgs{ - []string{"scan", "-o", "/path/e2e/output", - "--output-name", "E2E_CLI_095_RESULT", - "-p", "\"/path/test/fixtures/resolve_circular_loop\"", - "-i", "a88baa34-e2ad-44ea-ad6f-8cac87bc7c71", - "--max-resolver-depth", "15", - }, - }, - ExpectedResult: []ResultsValidation{ - { - ResultsFile: "E2E_CLI_095_RESULT", - ResultsFormats: []string{"json"}, - }, - }, - }, - WantStatus: []int{0}, - } - - Tests = append(Tests, testSample) -} diff --git a/e2e/testcases/e2e-cli-096_new_similarity_id_with_old_similarity_id.go b/e2e/testcases/e2e-cli-096_new_similarity_id_with_old_similarity_id.go deleted file mode 100644 index 58d0cb18270..00000000000 --- a/e2e/testcases/e2e-cli-096_new_similarity_id_with_old_similarity_id.go +++ /dev/null @@ -1,27 +0,0 @@ -package testcases - -// E2E-CLI-096 - KICS scan -// should perform a scan successfully giving results with similarity ids unique and the old similarity id -func init() { //nolint - testSample := TestCase{ - Name: "should perform a scan successfully giving results with similarity ids unique, showing the old similarity id [E2E-CLI-096]", - Args: args{ - Args: []cmdArgs{ - []string{"scan", "-o", "/path/e2e/output", - "--output-name", "E2E_CLI_096_RESULT", - "-p", "\"/path/test/fixtures/new_similarity_id\"", - "-i", "1828a670-5957-4bc5-9974-47da228f75e2,cf34805e-3872-4c08-bf92-6ff7bb0cfadb", - "--kics_compute_new_simid", - }, - }, - ExpectedResult: []ResultsValidation{ - { - ResultsFile: "E2E_CLI_096_RESULT", - }, - }, - }, - WantStatus: []int{40}, - } - - Tests = append(Tests, testSample) -} diff --git a/e2e/testcases/e2e-cli-097_new_similarity_id_without_old_similarity_id.go b/e2e/testcases/e2e-cli-097_new_similarity_id_without_old_similarity_id.go deleted file mode 100644 index 1384d524371..00000000000 --- a/e2e/testcases/e2e-cli-097_new_similarity_id_without_old_similarity_id.go +++ /dev/null @@ -1,26 +0,0 @@ -package testcases - -// E2E-CLI-097 - KICS scan -// should perform a scan successfully giving results with similarity ids unique without showing the old similarity id -func init() { //nolint - testSample := TestCase{ - Name: "should perform a scan successfully giving results with similarity ids unique without showing the old similarity id [E2E-CLI-097]", - Args: args{ - Args: []cmdArgs{ - []string{"scan", "-o", "/path/e2e/output", - "--output-name", "E2E_CLI_097_RESULT", - "-p", "\"/path/test/fixtures/new_similarity_id\"", - "-i", "1828a670-5957-4bc5-9974-47da228f75e2,cf34805e-3872-4c08-bf92-6ff7bb0cfadb", - }, - }, - ExpectedResult: []ResultsValidation{ - { - ResultsFile: "E2E_CLI_097_RESULT", - }, - }, - }, - WantStatus: []int{40}, - } - - Tests = append(Tests, testSample) -} diff --git a/e2e/testcases/e2e-cli-098_include_ids_with_new_queryid_validation.go b/e2e/testcases/e2e-cli-098_include_ids_with_new_queryid_validation.go deleted file mode 100644 index dccdf43fe8b..00000000000 --- a/e2e/testcases/e2e-cli-098_include_ids_with_new_queryid_validation.go +++ /dev/null @@ -1,31 +0,0 @@ -package testcases - -// E2E-CLI-098 -// should perform the scan successfully and return exit code 50 -// this test sample contains a different query_id -// that is not a UUID, but contains a prefix ('t:', 'p:', or 'a:') + uint64 -func init() { //nolint - testSample := TestCase{ - Name: "should perform a valid scan and return one HIGH result [E2E-CLI-098]", - Args: args{ - Args: []cmdArgs{ - []string{"scan", "-o", "/path/e2e/output", - "--output-name", "E2E_CLI_098_RESULT", - "-q", "\"/path/test/fixtures/new_queryid_validation\"", - "-p", "\"/path/test/fixtures/new_queryid_validation/Dockerfile\"", - // QueryID 'a:123' does not exist, however, since the first one does, it should perform the scan successfully - "-i", "t:8820143918834007824,a:123", - }, - }, - ExpectedResult: []ResultsValidation{ - { - ResultsFile: "E2E_CLI_098_RESULT", - ResultsFormats: []string{"json"}, - }, - }, - }, - WantStatus: []int{50}, - } - - Tests = append(Tests, testSample) -} diff --git a/e2e/testcases/e2e-cli-099_compare_openapi_payload_json_yaml.go b/e2e/testcases/e2e-cli-099_compare_openapi_payload_json_yaml.go deleted file mode 100644 index f9d9ac9dd30..00000000000 --- a/e2e/testcases/e2e-cli-099_compare_openapi_payload_json_yaml.go +++ /dev/null @@ -1,30 +0,0 @@ -// Package testcases provides end-to-end (E2E) testing functionality for the application. -package testcases - -// E2E-CLI-099 - KICS scan with OpenAPI reference resolution enabled on JSON and YAML files containing circular references. -// The scan should complete successfully, returning exit code 50, producing equivalent payloads for both formats. -// The only differences should be the file extensions between payloads. -func init() { //nolint - testSample := TestCase{ - Name: "scan should generate equivalent payloads for OpenAPI YAML and JSON files with circular references [E2E-CLI-099]", - Args: args{ - Args: []cmdArgs{ - []string{ - "scan", "-p", "\"/path/e2e/fixtures/samples/compare-openapi-payload-json-yaml/openAPIJson/openAPI.json\"", - "-v", "-d", "/path/e2e/output/E2E_CLI_099_JSON_PAYLOAD.json", "--enable-openapi-refs", - }, - []string{ - "scan", "-p", "\"/path/e2e/fixtures/samples/compare-openapi-payload-json-yaml/openAPIYaml/openAPI.yaml\"", - "-v", "-d", "/path/e2e/output/E2E_CLI_099_YAML_PAYLOAD.json", "--enable-openapi-refs", - }, - }, - ExpectedPayload: []string{ - "E2E_CLI_099_JSON_PAYLOAD.json", - "E2E_CLI_099_YAML_PAYLOAD.json", - }, - }, - WantStatus: []int{50, 50}, - } - - Tests = append(Tests, testSample) -} diff --git a/e2e/testcases/e2e-cli-100_scan_skip_blacklisted_files.go b/e2e/testcases/e2e-cli-100_scan_skip_blacklisted_files.go deleted file mode 100644 index 5898351adee..00000000000 --- a/e2e/testcases/e2e-cli-100_scan_skip_blacklisted_files.go +++ /dev/null @@ -1,85 +0,0 @@ -package testcases - -// E2E-CLI-100 - KICS should scan a folder containing only unsupported files (FHIR, azure-pipelines-vscode) -// and successfully skip them without errors, returning exit code 0 -func init() { //nolint - testSampleFHIR := TestCase{ - Name: "should scan a folder with FHIR files and skip them successfully [E2E-CLI-100]", - Args: args{ - Args: []cmdArgs{ - []string{"scan", "-o", "/path/e2e/output", - "--output-name", "E2E_CLI_100_RESULT", "-v", - "-p", "\"/path/e2e/fixtures/samples/blacklisted-files/fhir\"", - }, - }, - ExpectedResult: []ResultsValidation{ - { - ResultsFile: "E2E_CLI_100_RESULT", - ResultsFormats: []string{"json"}, - }, - }, - }, - WantStatus: []int{0}, - } - - testSampleAzurePipelines := TestCase{ - Name: "should scan a folder with azure-pipelines-vscode files and skip them successfully [E2E-CLI-100]", - Args: args{ - Args: []cmdArgs{ - []string{"scan", "-o", "/path/e2e/output", - "--output-name", "E2E_CLI_100_RESULT", "-v", - "-p", "\"/path/e2e/fixtures/samples/blacklisted-files/azurepipelinesvscode\"", - }, - }, - ExpectedResult: []ResultsValidation{ - { - ResultsFile: "E2E_CLI_100_RESULT", - ResultsFormats: []string{"json"}, - }, - }, - }, - WantStatus: []int{0}, - } - - testBlacklistedFilesWithExcludeTypeFlag := TestCase{ - Name: "should scan a folder with blacklisted files, with flag --exclude-type, and skip them successfully [E2E-CLI-100]", - Args: args{ - Args: []cmdArgs{ - []string{"scan", "-o", "/path/e2e/output", - "--output-name", "E2E_CLI_100_RESULT", "-v", - "-p", "\"/path/e2e/fixtures/samples/blacklisted-files\"", - "--exclude-type", "openapi", - }, - }, - ExpectedResult: []ResultsValidation{ - { - ResultsFile: "E2E_CLI_100_RESULT", - ResultsFormats: []string{"json"}, - }, - }, - }, - WantStatus: []int{0}, - } - - testBlacklistedFilesWithTypeFlag := TestCase{ - Name: "should scan a folder with blacklisted files, with flag --type, and skip them successfully [E2E-CLI-100]", - Args: args{ - Args: []cmdArgs{ - []string{"scan", "-o", "/path/e2e/output", - "--output-name", "E2E_CLI_100_RESULT", "-v", - "-p", "\"/path/e2e/fixtures/samples/blacklisted-files\"", - "--type", "azureresourcemanager", - }, - }, - ExpectedResult: []ResultsValidation{ - { - ResultsFile: "E2E_CLI_100_RESULT", - ResultsFormats: []string{"json"}, - }, - }, - }, - WantStatus: []int{0}, - } - - Tests = append(Tests, testSampleFHIR, testSampleAzurePipelines, testBlacklistedFilesWithExcludeTypeFlag, testBlacklistedFilesWithTypeFlag) -} diff --git a/e2e/testcases/e2e-cli-101_bicep_exclude_commands.go b/e2e/testcases/e2e-cli-101_bicep_exclude_commands.go deleted file mode 100644 index b6e3b2f5cd0..00000000000 --- a/e2e/testcases/e2e-cli-101_bicep_exclude_commands.go +++ /dev/null @@ -1,62 +0,0 @@ -package testcases - -// E2E-CLI-101 - KICS should fail to scan a Bicep file when explicitly included or excluded by type. -// Covers short (-t), long (--type), and exclude (--exclude-type) flags. -// Expected: exit code 126. -func init() { //nolint - testBicepTypeFlagShort := TestCase{ - Name: "test bicep scan fail with list of platform types to scan, short version [E2E-CLI-101]", - Args: args{ - Args: []cmdArgs{ - []string{"scan", "-o", "/path/e2e/output", - "-p", "\"/path/e2e/fixtures/samples/bicep_sample.bicep\"", - "-t", "Bicep", - }, - }, - ExpectedResult: []ResultsValidation{ - { - ResultsFile: "E2E-CLI-101", - }, - }, - }, - WantStatus: []int{126}, - } - - testBicepTypeFlagLong := TestCase{ - Name: "test bicep scan fail with list of platform types to scan, long version [E2E-CLI-101]", - Args: args{ - Args: []cmdArgs{ - []string{"scan", "-o", "/path/e2e/output", - "-p", "\"/path/e2e/fixtures/samples/bicep_sample.bicep\"", - "--type", "Bicep", - }, - }, - ExpectedResult: []ResultsValidation{ - { - ResultsFile: "E2E-CLI-101", - }, - }, - }, - WantStatus: []int{126}, - } - - testBicepExcludeTypeFlag := TestCase{ - Name: "test bicep scan fail with list of platform types to exclude from scan [E2E-CLI-101]", - Args: args{ - Args: []cmdArgs{ - []string{"scan", "-o", "/path/e2e/output", - "-p", "\"/path/e2e/fixtures/samples/bicep_sample.bicep\"", - "--exclude-type", "Bicep", - }, - }, - ExpectedResult: []ResultsValidation{ - { - ResultsFile: "E2E-CLI-101", - }, - }, - }, - WantStatus: []int{126}, - } - - Tests = append(Tests, testBicepTypeFlagShort, testBicepTypeFlagLong, testBicepExcludeTypeFlag) -} diff --git a/e2e/testcases/e2e-cli-102_scan_utf16_zip_file.go b/e2e/testcases/e2e-cli-102_scan_utf16_zip_file.go deleted file mode 100644 index 79a7b643eec..00000000000 --- a/e2e/testcases/e2e-cli-102_scan_utf16_zip_file.go +++ /dev/null @@ -1,22 +0,0 @@ -package testcases - -// E2E-CLI-102 - KICS should scan a zip folder containing UTF-16 encoded files -// and successfully complete the scan with proper encoding handling, returning exit code 40 -func init() { //nolint - testSample := TestCase{ - Name: "should perform a scan on zip file with UTF-16 files and return exit code 40 [E2E-CLI-102]", - Args: args{ - Args: []cmdArgs{ - []string{"scan", "--payload-path", "/path/e2e/output/E2E_CLI_102_PAYLOAD", - "-p", "/path/e2e/fixtures/samples/utf16_encoded_files.zip", - }, - }, - ExpectedPayload: []string{ - "E2E_CLI_102_PAYLOAD.json", - }, - }, - WantStatus: []int{40}, - } - - Tests = append(Tests, testSample) -} diff --git a/e2e/testcases/e2e-cli-103_bicep_existing_parent_payload.go b/e2e/testcases/e2e-cli-103_bicep_existing_parent_payload.go deleted file mode 100644 index 27595a145e4..00000000000 --- a/e2e/testcases/e2e-cli-103_bicep_existing_parent_payload.go +++ /dev/null @@ -1,22 +0,0 @@ -package testcases - -// E2E-CLI-103 - KICS Bicep scan should not include existing resources in payload file -// Tests that resources marked with 'existing' keyword are excluded from payload output -func init() { //nolint - testSample := TestCase{ - Name: "should perform a scan on bicep file with existing resources and return exit code 0 [E2E-CLI-103]", - Args: args{ - Args: []cmdArgs{ - []string{"scan", "--payload-path", "/path/e2e/output/E2E_CLI_103_PAYLOAD", - "-p", "/path/test/fixtures/bicep_test/existing_parent.bicep", - }, - }, - ExpectedPayload: []string{ - "E2E_CLI_103_PAYLOAD.json", - }, - }, - WantStatus: []int{0}, // Since existing resources are ignored, no vulnerabilities should be found for them - } - - Tests = append(Tests, testSample) -} From e4d3bad9585145408e0ad9c39032976ce92ed51e Mon Sep 17 00:00:00 2001 From: ArturRibeiro-CX <153724638+cx-artur-ribeiro@users.noreply.github.com> Date: Thu, 15 Jan 2026 10:01:05 +0000 Subject: [PATCH 07/10] revert removal on e2e --- e2e/testcases/e2e-cli-001_help_text.go | 18 +++ e2e/testcases/e2e-cli-002_help_scan.go | 18 +++ e2e/testcases/e2e-cli-003_scan_text.go | 18 +++ .../e2e-cli-004_invalid_combination.go | 23 ++++ e2e/testcases/e2e-cli-005_payload-path.go | 25 ++++ e2e/testcases/e2e-cli-006_generate-id.go | 24 ++++ e2e/testcases/e2e-cli-007_scan.go | 28 +++++ e2e/testcases/e2e-cli-008_scan_silent.go | 19 +++ e2e/testcases/e2e-cli-009_scan_no-progress.go | 25 ++++ .../e2e-cli-010_scan_invalid_type.go | 24 ++++ e2e/testcases/e2e-cli-011_scan_type.go | 21 ++++ e2e/testcases/e2e-cli-012_scan_minimal-ui.go | 25 ++++ e2e/testcases/e2e-cli-013_list-platforms.go | 20 ++++ .../e2e-cli-014_scan_preview-lines.go | 26 +++++ e2e/testcases/e2e-cli-015_scan_no-color.go | 26 +++++ .../e2e-cli-016_scan_invalid_flag.go | 26 +++++ e2e/testcases/e2e-cli-017_scan_verbose.go | 25 ++++ .../e2e-cli-018_scan_exclude-categories.go | 18 +++ .../e2e-cli-019_scan_multiple_paths.go | 25 ++++ .../e2e-cli-020_scan_exclude-queries.go | 21 ++++ e2e/testcases/e2e-cli-021_scan_status_code.go | 24 ++++ .../e2e-cli-022_scan_profiling_cpu.go | 24 ++++ .../e2e-cli-023_scan_profiling_mem.go | 24 ++++ e2e/testcases/e2e-cli-024_version.go | 23 ++++ e2e/testcases/e2e-cli-025_scan_fail-on.go | 21 ++++ .../e2e-cli-026_scan_ignore-on-exit.go | 28 +++++ .../e2e-cli-027_scan_exclude-paths.go | 24 ++++ e2e/testcases/e2e-cli-028_scan_log-format.go | 27 +++++ e2e/testcases/e2e-cli-029_scan_config.go | 21 ++++ e2e/testcases/e2e-cli-030_output-path.go | 24 ++++ .../e2e-cli-031_scan_report-formats.go | 34 ++++++ ...-cli-032_scan_output-path_validate_json.go | 25 ++++ ...i-033_scan_output-path_validate_payload.go | 32 +++++ .../e2e-cli-034_scan_log-format_no_verbose.go | 28 +++++ .../e2e-cli-035_scan_exclude-results.go | 25 ++++ .../e2e-cli-036_scan_include-queries.go | 59 ++++++++++ ...37_scan_exclude-results_include-queries.go | 25 ++++ e2e/testcases/e2e-cli-038_scan_log-path.go | 35 ++++++ .../e2e-cli-039_scan_log-path_log-level.go | 32 +++++ ...40_scan_report-formats_validate_outputs.go | 25 ++++ .../e2e-cli-041_scan_remote_path_git.go | 25 ++++ .../e2e-cli-042_scan_remote_path_http.go | 25 ++++ .../e2e-cli-043_scan_cloud-provider.go | 24 ++++ .../e2e-cli-044_scan_exclude-severities.go | 31 +++++ .../e2e-cli-045_scan_disable-secrets.go | 26 +++++ ...-cli-046_scan_disable-full-descriptions.go | 26 +++++ .../e2e-cli-047_scan_payload-lines.go | 21 ++++ ...e2e-cli-048_scan_custom-secrets-regexes.go | 34 ++++++ .../e2e-cli-049_scan_custom-libraries-path.go | 24 ++++ .../e2e-cli-050_scan_bill-of-materials.go | 27 +++++ .../e2e-cli-051_scan_custom-queries-path.go | 24 ++++ ...i-052_scan_with_custom_cis_descriptions.go | 35 ++++++ e2e/testcases/e2e-cli-053_kics_scan_ignore.go | 20 ++++ .../e2e-cli-054_scan_multiple-queries-path.go | 26 +++++ .../e2e-cli-055_scan_resolve_openapi_files.go | 23 ++++ e2e/testcases/e2e-cli-056_scan_timeout.go | 29 +++++ e2e/testcases/e2e-cli-057_fix_all.go | 28 +++++ e2e/testcases/e2e-cli-058_fix_include_ids.go | 31 +++++ e2e/testcases/e2e-cli-059_help_fix.go | 18 +++ e2e/testcases/e2e-cli-060_fix_text.go | 18 +++ .../e2e-cli-061_scan_exclude_type.go | 23 ++++ .../e2e-cli-062_tf_variables_comment_path.go | 22 ++++ .../e2e-cli-063_tf_variables_flag_path.go | 23 ++++ e2e/testcases/e2e-cli-064_json_file_ref.go | 19 +++ .../e2e-cli-065_yaml_resolver_panic.go | 19 +++ e2e/testcases/e2e-cli-066_analyze_command.go | 23 ++++ ...e2e-cli-067_ignore_broken_symlink_eloop.go | 22 ++++ .../e2e-cli-068_corrupted_dockerfile.go | 26 +++++ .../e2e-cli-069_ignore_experimental_query.go | 32 +++++ ...e-cli-070_not_ignore_experimental_query.go | 31 +++++ .../e2e-cli-071_no_flag_resolve_references.go | 27 +++++ .../e2e-cli-071_tf_eval_func_unknown_type.go | 22 ++++ .../e2e-cli-072_flag_resolve_references.go | 28 +++++ ...cli-073_json_no_flag_resolve_references.go | 28 +++++ ...2e-cli-074_json_flag_resolve_references.go | 28 +++++ .../e2e-cli-075_ansible_host_detected.go | 27 +++++ e2e/testcases/e2e-cli-076_max_file_size.go | 27 +++++ .../e2e-cli-077_fix_similarity_id.go | 27 +++++ ...2e-cli-078_similarity_id_minified_files.go | 27 +++++ e2e/testcases/e2e-cli-079_cwe_sarif_result.go | 28 +++++ e2e/testcases/e2e-cli-080_cwe_sarif_result.go | 28 +++++ .../e2e-cli-081_output_path_valid.go | 26 +++++ .../e2e-cli-082_output_path_invalid.go | 23 ++++ e2e/testcases/e2e-cli-083_helm_ignore.go | 27 +++++ .../e2e-cli-084_helm_ignore_block.go | 27 +++++ .../e2e-cli-085_helm_disable_query.go | 27 +++++ .../e2e-cli-086_parallel_scan_default.go | 27 +++++ .../e2e-cli-087_parallel_scan_sequential.go | 27 +++++ .../e2e-cli-088_parallel_scan_6_workers.go | 27 +++++ .../e2e-cli-089_critical_severity.go | 26 +++++ ...90_critical_severity_all_report_formats.go | 28 +++++ .../e2e-cli-091_bicep_scan_output_payload.go | 31 +++++ ...e-cli-092_gitignore_not_exclude_project.go | 26 +++++ ...e2e-cli-093_old_severity_metadata_field.go | 110 ++++++++++++++++++ .../e2e-cli-094_max_resolver_depth_0.go | 30 +++++ .../e2e-cli-095_max_resolver_depth_default.go | 29 +++++ ...ew_similarity_id_with_old_similarity_id.go | 27 +++++ ...similarity_id_without_old_similarity_id.go | 26 +++++ ...include_ids_with_new_queryid_validation.go | 31 +++++ ...i-099_compare_openapi_payload_json_yaml.go | 30 +++++ ...e2e-cli-100_scan_skip_blacklisted_files.go | 85 ++++++++++++++ .../e2e-cli-101_bicep_exclude_commands.go | 62 ++++++++++ .../e2e-cli-102_scan_utf16_zip_file.go | 22 ++++ ...e-cli-103_bicep_existing_parent_payload.go | 22 ++++ 104 files changed, 2863 insertions(+) create mode 100644 e2e/testcases/e2e-cli-001_help_text.go create mode 100644 e2e/testcases/e2e-cli-002_help_scan.go create mode 100644 e2e/testcases/e2e-cli-003_scan_text.go create mode 100644 e2e/testcases/e2e-cli-004_invalid_combination.go create mode 100644 e2e/testcases/e2e-cli-005_payload-path.go create mode 100644 e2e/testcases/e2e-cli-006_generate-id.go create mode 100644 e2e/testcases/e2e-cli-007_scan.go create mode 100644 e2e/testcases/e2e-cli-008_scan_silent.go create mode 100644 e2e/testcases/e2e-cli-009_scan_no-progress.go create mode 100644 e2e/testcases/e2e-cli-010_scan_invalid_type.go create mode 100644 e2e/testcases/e2e-cli-011_scan_type.go create mode 100644 e2e/testcases/e2e-cli-012_scan_minimal-ui.go create mode 100644 e2e/testcases/e2e-cli-013_list-platforms.go create mode 100644 e2e/testcases/e2e-cli-014_scan_preview-lines.go create mode 100644 e2e/testcases/e2e-cli-015_scan_no-color.go create mode 100644 e2e/testcases/e2e-cli-016_scan_invalid_flag.go create mode 100644 e2e/testcases/e2e-cli-017_scan_verbose.go create mode 100644 e2e/testcases/e2e-cli-018_scan_exclude-categories.go create mode 100644 e2e/testcases/e2e-cli-019_scan_multiple_paths.go create mode 100644 e2e/testcases/e2e-cli-020_scan_exclude-queries.go create mode 100644 e2e/testcases/e2e-cli-021_scan_status_code.go create mode 100644 e2e/testcases/e2e-cli-022_scan_profiling_cpu.go create mode 100644 e2e/testcases/e2e-cli-023_scan_profiling_mem.go create mode 100644 e2e/testcases/e2e-cli-024_version.go create mode 100644 e2e/testcases/e2e-cli-025_scan_fail-on.go create mode 100644 e2e/testcases/e2e-cli-026_scan_ignore-on-exit.go create mode 100644 e2e/testcases/e2e-cli-027_scan_exclude-paths.go create mode 100644 e2e/testcases/e2e-cli-028_scan_log-format.go create mode 100644 e2e/testcases/e2e-cli-029_scan_config.go create mode 100644 e2e/testcases/e2e-cli-030_output-path.go create mode 100644 e2e/testcases/e2e-cli-031_scan_report-formats.go create mode 100644 e2e/testcases/e2e-cli-032_scan_output-path_validate_json.go create mode 100644 e2e/testcases/e2e-cli-033_scan_output-path_validate_payload.go create mode 100644 e2e/testcases/e2e-cli-034_scan_log-format_no_verbose.go create mode 100644 e2e/testcases/e2e-cli-035_scan_exclude-results.go create mode 100644 e2e/testcases/e2e-cli-036_scan_include-queries.go create mode 100644 e2e/testcases/e2e-cli-037_scan_exclude-results_include-queries.go create mode 100644 e2e/testcases/e2e-cli-038_scan_log-path.go create mode 100644 e2e/testcases/e2e-cli-039_scan_log-path_log-level.go create mode 100644 e2e/testcases/e2e-cli-040_scan_report-formats_validate_outputs.go create mode 100644 e2e/testcases/e2e-cli-041_scan_remote_path_git.go create mode 100644 e2e/testcases/e2e-cli-042_scan_remote_path_http.go create mode 100644 e2e/testcases/e2e-cli-043_scan_cloud-provider.go create mode 100644 e2e/testcases/e2e-cli-044_scan_exclude-severities.go create mode 100644 e2e/testcases/e2e-cli-045_scan_disable-secrets.go create mode 100644 e2e/testcases/e2e-cli-046_scan_disable-full-descriptions.go create mode 100644 e2e/testcases/e2e-cli-047_scan_payload-lines.go create mode 100644 e2e/testcases/e2e-cli-048_scan_custom-secrets-regexes.go create mode 100644 e2e/testcases/e2e-cli-049_scan_custom-libraries-path.go create mode 100644 e2e/testcases/e2e-cli-050_scan_bill-of-materials.go create mode 100644 e2e/testcases/e2e-cli-051_scan_custom-queries-path.go create mode 100644 e2e/testcases/e2e-cli-052_scan_with_custom_cis_descriptions.go create mode 100644 e2e/testcases/e2e-cli-053_kics_scan_ignore.go create mode 100644 e2e/testcases/e2e-cli-054_scan_multiple-queries-path.go create mode 100644 e2e/testcases/e2e-cli-055_scan_resolve_openapi_files.go create mode 100644 e2e/testcases/e2e-cli-056_scan_timeout.go create mode 100644 e2e/testcases/e2e-cli-057_fix_all.go create mode 100644 e2e/testcases/e2e-cli-058_fix_include_ids.go create mode 100644 e2e/testcases/e2e-cli-059_help_fix.go create mode 100644 e2e/testcases/e2e-cli-060_fix_text.go create mode 100644 e2e/testcases/e2e-cli-061_scan_exclude_type.go create mode 100644 e2e/testcases/e2e-cli-062_tf_variables_comment_path.go create mode 100644 e2e/testcases/e2e-cli-063_tf_variables_flag_path.go create mode 100644 e2e/testcases/e2e-cli-064_json_file_ref.go create mode 100644 e2e/testcases/e2e-cli-065_yaml_resolver_panic.go create mode 100644 e2e/testcases/e2e-cli-066_analyze_command.go create mode 100644 e2e/testcases/e2e-cli-067_ignore_broken_symlink_eloop.go create mode 100644 e2e/testcases/e2e-cli-068_corrupted_dockerfile.go create mode 100644 e2e/testcases/e2e-cli-069_ignore_experimental_query.go create mode 100644 e2e/testcases/e2e-cli-070_not_ignore_experimental_query.go create mode 100644 e2e/testcases/e2e-cli-071_no_flag_resolve_references.go create mode 100644 e2e/testcases/e2e-cli-071_tf_eval_func_unknown_type.go create mode 100644 e2e/testcases/e2e-cli-072_flag_resolve_references.go create mode 100644 e2e/testcases/e2e-cli-073_json_no_flag_resolve_references.go create mode 100644 e2e/testcases/e2e-cli-074_json_flag_resolve_references.go create mode 100644 e2e/testcases/e2e-cli-075_ansible_host_detected.go create mode 100644 e2e/testcases/e2e-cli-076_max_file_size.go create mode 100644 e2e/testcases/e2e-cli-077_fix_similarity_id.go create mode 100644 e2e/testcases/e2e-cli-078_similarity_id_minified_files.go create mode 100644 e2e/testcases/e2e-cli-079_cwe_sarif_result.go create mode 100644 e2e/testcases/e2e-cli-080_cwe_sarif_result.go create mode 100644 e2e/testcases/e2e-cli-081_output_path_valid.go create mode 100644 e2e/testcases/e2e-cli-082_output_path_invalid.go create mode 100644 e2e/testcases/e2e-cli-083_helm_ignore.go create mode 100644 e2e/testcases/e2e-cli-084_helm_ignore_block.go create mode 100644 e2e/testcases/e2e-cli-085_helm_disable_query.go create mode 100644 e2e/testcases/e2e-cli-086_parallel_scan_default.go create mode 100644 e2e/testcases/e2e-cli-087_parallel_scan_sequential.go create mode 100644 e2e/testcases/e2e-cli-088_parallel_scan_6_workers.go create mode 100644 e2e/testcases/e2e-cli-089_critical_severity.go create mode 100644 e2e/testcases/e2e-cli-090_critical_severity_all_report_formats.go create mode 100644 e2e/testcases/e2e-cli-091_bicep_scan_output_payload.go create mode 100644 e2e/testcases/e2e-cli-092_gitignore_not_exclude_project.go create mode 100644 e2e/testcases/e2e-cli-093_old_severity_metadata_field.go create mode 100644 e2e/testcases/e2e-cli-094_max_resolver_depth_0.go create mode 100644 e2e/testcases/e2e-cli-095_max_resolver_depth_default.go create mode 100644 e2e/testcases/e2e-cli-096_new_similarity_id_with_old_similarity_id.go create mode 100644 e2e/testcases/e2e-cli-097_new_similarity_id_without_old_similarity_id.go create mode 100644 e2e/testcases/e2e-cli-098_include_ids_with_new_queryid_validation.go create mode 100644 e2e/testcases/e2e-cli-099_compare_openapi_payload_json_yaml.go create mode 100644 e2e/testcases/e2e-cli-100_scan_skip_blacklisted_files.go create mode 100644 e2e/testcases/e2e-cli-101_bicep_exclude_commands.go create mode 100644 e2e/testcases/e2e-cli-102_scan_utf16_zip_file.go create mode 100644 e2e/testcases/e2e-cli-103_bicep_existing_parent_payload.go diff --git a/e2e/testcases/e2e-cli-001_help_text.go b/e2e/testcases/e2e-cli-001_help_text.go new file mode 100644 index 00000000000..985a0d20140 --- /dev/null +++ b/e2e/testcases/e2e-cli-001_help_text.go @@ -0,0 +1,18 @@ +package testcases + +// E2E-CLI-001 - KICS command should display a help text in the CLI when provided with the +// --help flag and it should describe the available commands plus the global flags +func init() { //nolint + testSample := TestCase{ + Name: "should display the kics help text [E2E-CLI-001]", + Args: args{ + Args: []cmdArgs{ + []string{"--help"}, + }, + ExpectedOut: []string{"E2E_CLI_001"}, + }, + WantStatus: []int{0}, + } + + Tests = append(Tests, testSample) +} diff --git a/e2e/testcases/e2e-cli-002_help_scan.go b/e2e/testcases/e2e-cli-002_help_scan.go new file mode 100644 index 00000000000..13aa400a090 --- /dev/null +++ b/e2e/testcases/e2e-cli-002_help_scan.go @@ -0,0 +1,18 @@ +package testcases + +// E2E-CLI-002 - KICS scan command should display a help text in the CLI when provided with the +// --help flag and it should describe the options related with scan plus the global options +func init() { //nolint + testSample := TestCase{ + Name: "should display the kics scan help text [E2E-CLI-002]", + Args: args{ + Args: []cmdArgs{ + []string{"scan", "--help"}, + }, + ExpectedOut: []string{"E2E_CLI_002"}, + }, + WantStatus: []int{0}, + } + + Tests = append(Tests, testSample) +} diff --git a/e2e/testcases/e2e-cli-003_scan_text.go b/e2e/testcases/e2e-cli-003_scan_text.go new file mode 100644 index 00000000000..d1741de4468 --- /dev/null +++ b/e2e/testcases/e2e-cli-003_scan_text.go @@ -0,0 +1,18 @@ +package testcases + +// E2E-CLI-003 - KICS scan command has a mandatory flag -p. The CLI should exhibit +// an error message and return exit code 126 +func init() { //nolint + testSample := TestCase{ + Name: "should display an error regarding missing -p flag [E2E-CLI-003]", + Args: args{ + Args: []cmdArgs{ + []string{"scan"}, + }, + ExpectedOut: []string{"E2E_CLI_003"}, + }, + WantStatus: []int{126}, + } + + Tests = append(Tests, testSample) +} diff --git a/e2e/testcases/e2e-cli-004_invalid_combination.go b/e2e/testcases/e2e-cli-004_invalid_combination.go new file mode 100644 index 00000000000..30abe89aa29 --- /dev/null +++ b/e2e/testcases/e2e-cli-004_invalid_combination.go @@ -0,0 +1,23 @@ +package testcases + +// E2E-CLI-004 - KICS has an invalid flag combination +// an error message and return exit code 1 + +func init() { //nolint + testSample := TestCase{ + Name: "should display an error of invalid flag combination [E2E-CLI-004]", + Args: args{ + Args: []cmdArgs{ + []string{"scan", "--ci", "--verbose"}, + []string{"--ci", "scan", "--verbose"}, + }, + ExpectedOut: []string{ + "E2E_CLI_004", + "E2E_CLI_004", + }, + }, + WantStatus: []int{126, 126}, + } + + Tests = append(Tests, testSample) +} diff --git a/e2e/testcases/e2e-cli-005_payload-path.go b/e2e/testcases/e2e-cli-005_payload-path.go new file mode 100644 index 00000000000..8017a59b3f6 --- /dev/null +++ b/e2e/testcases/e2e-cli-005_payload-path.go @@ -0,0 +1,25 @@ +package testcases + +// E2E-CLI-005 - KICS scan with -- payload-path flag should create a file with the +// passed name containing the payload of the files scanned + +func init() { //nolint + testSample := TestCase{ + Name: "should create a payload file [E2E-CLI-005]", + Args: args{ + Args: []cmdArgs{ + []string{"scan", "--silent", "-p", "/path/e2e/fixtures/samples/terraform.tf", + "--payload-path", "/path/e2e/output/E2E_CLI_005_PAYLOAD.json"}, + }, + ExpectedOut: []string{ + "E2E_CLI_005", + }, + ExpectedPayload: []string{ + "E2E_CLI_005_PAYLOAD.json", + }, + }, + WantStatus: []int{50}, + } + + Tests = append(Tests, testSample) +} diff --git a/e2e/testcases/e2e-cli-006_generate-id.go b/e2e/testcases/e2e-cli-006_generate-id.go new file mode 100644 index 00000000000..52aca8b8d79 --- /dev/null +++ b/e2e/testcases/e2e-cli-006_generate-id.go @@ -0,0 +1,24 @@ +package testcases + +import "regexp" + +// E2E-CLI-006 - KICS generate-id should exhibit +// a valid UUID in the CLI and return exit code 0 +func init() { //nolint + testSample := TestCase{ + Name: "should generate a valid ID [E2E-CLI-006]", + Args: args{ + Args: []cmdArgs{ + []string{"generate-id"}, + }, + }, + WantStatus: []int{0}, + Validation: func(outputText string) bool { + uuidRegex := "[a-f0-9]{8}-[a-f0-9]{4}-4{1}[a-f0-9]{3}-[89ab]{1}[a-f0-9]{3}-[a-f0-9]{12}" + match, _ := regexp.MatchString(uuidRegex, outputText) + return match + }, + } + + Tests = append(Tests, testSample) +} diff --git a/e2e/testcases/e2e-cli-007_scan.go b/e2e/testcases/e2e-cli-007_scan.go new file mode 100644 index 00000000000..c3a376a1977 --- /dev/null +++ b/e2e/testcases/e2e-cli-007_scan.go @@ -0,0 +1,28 @@ +package testcases + +import "regexp" + +// E2E-CLI-007 - the default kics scan must show informations such as 'Files scanned', +// 'Queries loaded', 'Scan Duration', '...' in the CLI +func init() { //nolint + testSample := TestCase{ + Name: "should perform a simple scan [E2E-CLI-007]", + Args: args{ + Args: []cmdArgs{ + []string{"scan", "-p", "/path/e2e/fixtures/samples/positive.yaml", "-v"}, + }, + }, + WantStatus: []int{50}, + Validation: func(outputText string) bool { + match1, _ := regexp.MatchString(`Scanned Files: \d+`, outputText) + match2, _ := regexp.MatchString(`Parsed Files: \d+`, outputText) + match3, _ := regexp.MatchString(`Queries loaded: \d+`, outputText) + match4, _ := regexp.MatchString(`Queries failed to execute: \d+`, outputText) + match5, _ := regexp.MatchString(`--- Results Summary ---`, outputText) + match6, _ := regexp.MatchString(`Scan duration: \d+(m\d+)?(.\d+)?s`, outputText) + return match1 && match2 && match3 && match4 && match5 && match6 + }, + } + + Tests = append(Tests, testSample) +} diff --git a/e2e/testcases/e2e-cli-008_scan_silent.go b/e2e/testcases/e2e-cli-008_scan_silent.go new file mode 100644 index 00000000000..ffb48122da3 --- /dev/null +++ b/e2e/testcases/e2e-cli-008_scan_silent.go @@ -0,0 +1,19 @@ +package testcases + +// E2E-CLI-008 - KICS scan with --silent global flag +// should hide all the output text in the CLI (empty output) + +func init() { //nolint + testSample := TestCase{ + Name: "should hide all output text in CLI [E2E-CLI-008]", + Args: args{ + Args: []cmdArgs{ + []string{"scan", "--silent", "-p", "/path/e2e/fixtures/samples/positive.yaml"}, + }, + ExpectedOut: []string{"E2E_CLI_008"}, + }, + WantStatus: []int{50}, + } + + Tests = append(Tests, testSample) +} diff --git a/e2e/testcases/e2e-cli-009_scan_no-progress.go b/e2e/testcases/e2e-cli-009_scan_no-progress.go new file mode 100644 index 00000000000..b9741ba5eb9 --- /dev/null +++ b/e2e/testcases/e2e-cli-009_scan_no-progress.go @@ -0,0 +1,25 @@ +package testcases + +import "regexp" + +// E2E-CLI-009 - kics scan with no-progress flag +// should perform a scan without showing progress bar in the CLI +func init() { //nolint + testSample := TestCase{ + Name: "should hide the progress bar in the CLI [E2E-CLI-009]", + Args: args{ + Args: []cmdArgs{ + []string{"scan", "-p", "/path/e2e/fixtures/samples/positive.dockerfile", "--no-progress"}, + }, + }, + WantStatus: []int{50}, + Validation: func(outputText string) bool { + getProgressRegex := "Executing queries:" + match, _ := regexp.MatchString(getProgressRegex, outputText) + // if not found -> the the test was successful + return !match + }, + } + + Tests = append(Tests, testSample) +} diff --git a/e2e/testcases/e2e-cli-010_scan_invalid_type.go b/e2e/testcases/e2e-cli-010_scan_invalid_type.go new file mode 100644 index 00000000000..7eda4c6d79c --- /dev/null +++ b/e2e/testcases/e2e-cli-010_scan_invalid_type.go @@ -0,0 +1,24 @@ +package testcases + +import "regexp" + +// E2E-CLI-010 - KICS scan with invalid --type flag +// should exhibit an error message and return exit code 1 +func init() { //nolint + testSample := TestCase{ + Name: "should display an error message about unknown argument [E2E-CLI-010]", + Args: args{ + Args: []cmdArgs{ + []string{"scan", "-p", "/path/e2e/fixtures/samples/terraform.tf", "-t", "xml", "--silent"}, + }, + }, + Validation: func(outputText string) bool { + unknownArgRegex := regexp.MustCompile(`Error: unknown argument\(s\) for --type: xml`) + match := unknownArgRegex.MatchString(outputText) + return match + }, + WantStatus: []int{126}, + } + + Tests = append(Tests, testSample) +} diff --git a/e2e/testcases/e2e-cli-011_scan_type.go b/e2e/testcases/e2e-cli-011_scan_type.go new file mode 100644 index 00000000000..627e720487a --- /dev/null +++ b/e2e/testcases/e2e-cli-011_scan_type.go @@ -0,0 +1,21 @@ +package testcases + +// E2E-CLI-011 - KICS scan with a valid case insensitive --type flag +// should perform the scan successfully and return exit code 50 +func init() { //nolint + testSample := TestCase{ + Name: "should perform a valid scan with -t flag [E2E-CLI-011]", + Args: args{ + Args: []cmdArgs{ + []string{"scan", "-p", "/path/e2e/fixtures/samples/positive.dockerfile", + "-t", "DocKerFiLE", "--silent", "--payload-path", "/path/e2e/output/E2E_CLI_011_PAYLOAD.json"}, + }, + ExpectedPayload: []string{ + "E2E_CLI_011_PAYLOAD.json", + }, + }, + WantStatus: []int{50}, + } + + Tests = append(Tests, testSample) +} diff --git a/e2e/testcases/e2e-cli-012_scan_minimal-ui.go b/e2e/testcases/e2e-cli-012_scan_minimal-ui.go new file mode 100644 index 00000000000..877b3346ceb --- /dev/null +++ b/e2e/testcases/e2e-cli-012_scan_minimal-ui.go @@ -0,0 +1,25 @@ +package testcases + +import "regexp" + +// E2E-CLI-012 - kics scan with minimal-ui flag should perform a scan +// without showing detailed results on each line of code +func init() { //nolint + testSample := TestCase{ + Name: "should display minimal-ui [E2E-CLI-012]", + Args: args{ + Args: []cmdArgs{ + []string{"scan", "-p", "/path/e2e/fixtures/samples/positive.dockerfile", "--minimal-ui"}, + }, + }, + WantStatus: []int{50}, + Validation: func(outputText string) bool { + match1, _ := regexp.MatchString("Description:", outputText) + match2, _ := regexp.MatchString("Platform:", outputText) + // if not found -> the the test was successful + return !match1 && !match2 + }, + } + + Tests = append(Tests, testSample) +} diff --git a/e2e/testcases/e2e-cli-013_list-platforms.go b/e2e/testcases/e2e-cli-013_list-platforms.go new file mode 100644 index 00000000000..47728b0b392 --- /dev/null +++ b/e2e/testcases/e2e-cli-013_list-platforms.go @@ -0,0 +1,20 @@ +package testcases + +// E2E-CLI-013 - KICS root command list-platforms +// should return all the supported platforms in the CLI +func init() { //nolint + testSample := TestCase{ + Name: "should list all supported platforms [E2E-CLI-013]", + Args: args{ + Args: []cmdArgs{ + []string{"list-platforms"}, + }, + ExpectedOut: []string{ + "E2E_CLI_013", + }, + }, + WantStatus: []int{0}, + } + + Tests = append(Tests, testSample) +} diff --git a/e2e/testcases/e2e-cli-014_scan_preview-lines.go b/e2e/testcases/e2e-cli-014_scan_preview-lines.go new file mode 100644 index 00000000000..60cb957137d --- /dev/null +++ b/e2e/testcases/e2e-cli-014_scan_preview-lines.go @@ -0,0 +1,26 @@ +package testcases + +import "regexp" + +// E2E-CLI-014 - KICS preview-lines command must delimit the number of +// code lines that are displayed in each scan results code block. +func init() { //nolint + testSample := TestCase{ + Name: "should modify the default preview-lines value [E2E-CLI-014]", + Args: args{ + Args: []cmdArgs{ + []string{"scan", "--preview-lines", "1", "--no-color", "--no-progress", + "-p", "/path/e2e/fixtures/samples/positive.dockerfile"}, + }, + }, + Validation: func(outputText string) bool { + // only the match1 must be true + match1, _ := regexp.MatchString(`005\: RUN gem install grpc -v \$\{GRPC_RUBY_VERSION\} blunder`, outputText) + match2, _ := regexp.MatchString(`006\: RUN bundle install`, outputText) + return match1 && !match2 + }, + WantStatus: []int{50}, + } + + Tests = append(Tests, testSample) +} diff --git a/e2e/testcases/e2e-cli-015_scan_no-color.go b/e2e/testcases/e2e-cli-015_scan_no-color.go new file mode 100644 index 00000000000..25c7014b945 --- /dev/null +++ b/e2e/testcases/e2e-cli-015_scan_no-color.go @@ -0,0 +1,26 @@ +package testcases + +import "regexp" + +// E2E-CLI-015 KICS scan with --no-color flag +// should disable the colored outputs of kics in the CLI +func init() { //nolint + testSample := TestCase{ + Name: "should disable colored output in the CLI [E2E-CLI-015]", + Args: args{ + Args: []cmdArgs{ + []string{"scan", "--no-color", "-p", "/path/e2e/fixtures/samples/positive.dockerfile"}, + }, + }, + Validation: func(outputText string) bool { + match1, _ := regexp.MatchString(`HIGH: \d+`, outputText) + match2, _ := regexp.MatchString(`MEDIUM: \d+`, outputText) + match3, _ := regexp.MatchString(`LOW: \d+`, outputText) + match4, _ := regexp.MatchString(`INFO: \d+`, outputText) + return match1 && match2 && match3 && match4 + }, + WantStatus: []int{50}, + } + + Tests = append(Tests, testSample) +} diff --git a/e2e/testcases/e2e-cli-016_scan_invalid_flag.go b/e2e/testcases/e2e-cli-016_scan_invalid_flag.go new file mode 100644 index 00000000000..f2366485d4d --- /dev/null +++ b/e2e/testcases/e2e-cli-016_scan_invalid_flag.go @@ -0,0 +1,26 @@ +package testcases + +// E2E-CLI-016 - KICS has an invalid flag or invalid command +// an error message and return exit code 1 +func init() { //nolint + testSample := TestCase{ + Name: "should throw error messages for kics' flags [E2E-CLI-016]", + Args: args{ + Args: []cmdArgs{ + []string{"scan", "--invalid-flag"}, + []string{"--invalid-flag"}, + []string{"invalid"}, + []string{"-i"}, + }, + ExpectedOut: []string{ + "E2E_CLI_016_INVALID_SCAN_FLAG", + "E2E_CLI_016_INVALID_FLAG", + "E2E_CLI_016_INVALID_COMMAND", + "E2E_CLI_016_INVALID_SHOTHAND", + }, + }, + WantStatus: []int{126, 126, 126, 126}, + } + + Tests = append(Tests, testSample) +} diff --git a/e2e/testcases/e2e-cli-017_scan_verbose.go b/e2e/testcases/e2e-cli-017_scan_verbose.go new file mode 100644 index 00000000000..25c5aa5e475 --- /dev/null +++ b/e2e/testcases/e2e-cli-017_scan_verbose.go @@ -0,0 +1,25 @@ +package testcases + +import "regexp" + +// E2E-CLI-017 - KICS scan command with the -v (--verbose) flag +// should display additional information in the CLI, such as 'Inspector initialized'... + +func init() { //nolint + testSample := TestCase{ + Name: "should display verbose information in the CLI [E2E-CLI-017]", + Args: args{ + Args: []cmdArgs{ + []string{"scan", "-v", "--no-progress", "-p", "/path/e2e/fixtures/samples/positive.dockerfile"}, + }, + }, + Validation: func(outputText string) bool { + match1, _ := regexp.MatchString(`Inspector initialized, number of queries=\d+`, outputText) + match2, _ := regexp.MatchString(`Inspector stopped`, outputText) + return match1 && match2 + }, + WantStatus: []int{50}, + } + + Tests = append(Tests, testSample) +} diff --git a/e2e/testcases/e2e-cli-018_scan_exclude-categories.go b/e2e/testcases/e2e-cli-018_scan_exclude-categories.go new file mode 100644 index 00000000000..82d76a075c8 --- /dev/null +++ b/e2e/testcases/e2e-cli-018_scan_exclude-categories.go @@ -0,0 +1,18 @@ +package testcases + +// E2E-CLI-018 - KICS scan command with --exclude-categories flag +// should not run queries that are part of the provided categories. +func init() { //nolint + testSample := TestCase{ + Name: "should exclude provided categories [E2E-CLI-018]", + Args: args{ + Args: []cmdArgs{ + []string{"scan", "--exclude-categories", "Observability,Insecure Configurations,Networking and Firewall", "-s", + "-p", "/path/e2e/fixtures/samples/terraform-single.tf"}, + }, + }, + WantStatus: []int{30}, + } + + Tests = append(Tests, testSample) +} diff --git a/e2e/testcases/e2e-cli-019_scan_multiple_paths.go b/e2e/testcases/e2e-cli-019_scan_multiple_paths.go new file mode 100644 index 00000000000..9d14dd6b6c4 --- /dev/null +++ b/e2e/testcases/e2e-cli-019_scan_multiple_paths.go @@ -0,0 +1,25 @@ +package testcases + +import ( + "regexp" +) + +// E2E-CLI-019 - KICS scan with multiple paths +// should run a scan for all provided paths/files +func init() { //nolint + testSample := TestCase{ + Name: "should run a scan in multiple paths [E2E-CLI-019]", + Args: args{ + Args: []cmdArgs{ + []string{"scan", "-v", "-p", "/path/e2e/fixtures/samples/positive.dockerfile,/path/e2e/fixtures/samples/positive.yaml"}, + }, + }, + Validation: func(outputText string) bool { + match, _ := regexp.MatchString(`Loading queries of type: (dockerfile|cloudformation), (dockerfile|cloudformation)`, outputText) + return match + }, + WantStatus: []int{50}, + } + + Tests = append(Tests, testSample) +} diff --git a/e2e/testcases/e2e-cli-020_scan_exclude-queries.go b/e2e/testcases/e2e-cli-020_scan_exclude-queries.go new file mode 100644 index 00000000000..a877a06dcdd --- /dev/null +++ b/e2e/testcases/e2e-cli-020_scan_exclude-queries.go @@ -0,0 +1,21 @@ +package testcases + +// E2E-CLI-020 - KICS scan with --exclude-queries flag +// should not run queries that was provided in this flag. +func init() { //nolint + testSample := TestCase{ + Name: "should exclude provided queries [E2E-CLI-020]", + Args: args{ + Args: []cmdArgs{ + []string{"scan", + "--exclude-queries", "fd54f200-402c-4333-a5a4-36ef6709af2f," + + "d3499f6d-1651-41bb-a9a7-de925fea487b," + + "b03a748a-542d-44f4-bb86-9199ab4fd2d5", + "-s", "-p", "/path/e2e/fixtures/samples/single.dockerfile"}, + }, + }, + WantStatus: []int{20}, + } + + Tests = append(Tests, testSample) +} diff --git a/e2e/testcases/e2e-cli-021_scan_status_code.go b/e2e/testcases/e2e-cli-021_scan_status_code.go new file mode 100644 index 00000000000..b22b66b3493 --- /dev/null +++ b/e2e/testcases/e2e-cli-021_scan_status_code.go @@ -0,0 +1,24 @@ +package testcases + +// E2E-CLI-021 - KICS can return different status code based in the scan results (High/Medium/Low..) +// when excluding categories/queries and losing results we can get a different status code. +func init() { //nolint + testSample := TestCase{ + Name: "should validate the kics result status code [E2E-CLI-021]", + Args: args{ + Args: []cmdArgs{ + []string{"scan", + "-p", "/path/e2e/fixtures/samples/positive.yaml"}, + + []string{"scan", "--exclude-categories", + "Access Control,Availability,Backup,Best Practices,Build Process,Encryption," + + "Insecure Configurations,Insecure Defaults,Networking and Firewall,Observability," + + "Resource Management,Secret Management,Supply-Chain,Structure and Semantics", + "-p", "/path/test/fixtures/all_auth_users_get_read_access/test/positive.tf"}, + }, + }, + WantStatus: []int{50, 0}, + } + + Tests = append(Tests, testSample) +} diff --git a/e2e/testcases/e2e-cli-022_scan_profiling_cpu.go b/e2e/testcases/e2e-cli-022_scan_profiling_cpu.go new file mode 100644 index 00000000000..1671c035c23 --- /dev/null +++ b/e2e/testcases/e2e-cli-022_scan_profiling_cpu.go @@ -0,0 +1,24 @@ +package testcases + +import "regexp" + +// E2E-CLI-022 - Kics scan command with --profiling CPU and -v flags +// should display CPU usage in the CLI +func init() { //nolint + testSample := TestCase{ + Name: "should display CPU usage in the CLI [E2E-CLI-022]", + Args: args{ + Args: []cmdArgs{ + []string{"scan", "--profiling", "CPU", "-v", + "--no-progress", "--no-color", "-p", "/path/e2e/fixtures/samples/positive.dockerfile"}, + }, + }, + Validation: func(outputText string) bool { + match, _ := regexp.MatchString(`Total CPU usage for start_scan: \d+`, outputText) + return match + }, + WantStatus: []int{50}, + } + + Tests = append(Tests, testSample) +} diff --git a/e2e/testcases/e2e-cli-023_scan_profiling_mem.go b/e2e/testcases/e2e-cli-023_scan_profiling_mem.go new file mode 100644 index 00000000000..ee9c9276416 --- /dev/null +++ b/e2e/testcases/e2e-cli-023_scan_profiling_mem.go @@ -0,0 +1,24 @@ +package testcases + +import "regexp" + +// E2E-CLI-023 - Kics scan command with --profiling MEM and -v flags +// should display MEM usage in the CLI +func init() { //nolint + testSample := TestCase{ + Name: "should display memory usage in the CLI [E2E-CLI-023]", + Args: args{ + Args: []cmdArgs{ + []string{"scan", "--profiling", "MEM", "-v", + "--no-progress", "--no-color", "-p", "/path/e2e/fixtures/samples/positive.dockerfile"}, + }, + }, + Validation: func(outputText string) bool { + match, _ := regexp.MatchString(`Total MEM usage for start_scan: \d+`, outputText) + return match + }, + WantStatus: []int{50}, + } + + Tests = append(Tests, testSample) +} diff --git a/e2e/testcases/e2e-cli-024_version.go b/e2e/testcases/e2e-cli-024_version.go new file mode 100644 index 00000000000..6edb9b66c49 --- /dev/null +++ b/e2e/testcases/e2e-cli-024_version.go @@ -0,0 +1,23 @@ +package testcases + +import "regexp" + +// E2E-CLI-024 - KICS version command +// should display the version of the kics in the CLI. +func init() { //nolint + testSample := TestCase{ + Name: "should display the kics version [E2E-CLI-024]", + Args: args{ + Args: []cmdArgs{ + []string{"version"}, + }, + }, + Validation: func(outputText string) bool { + match, _ := regexp.MatchString(`Keeping Infrastructure as Code Secure [0-9a-zA-Z]+`, outputText) + return match + }, + WantStatus: []int{0}, + } + + Tests = append(Tests, testSample) +} diff --git a/e2e/testcases/e2e-cli-025_scan_fail-on.go b/e2e/testcases/e2e-cli-025_scan_fail-on.go new file mode 100644 index 00000000000..5cf7f1b7fc6 --- /dev/null +++ b/e2e/testcases/e2e-cli-025_scan_fail-on.go @@ -0,0 +1,21 @@ +package testcases + +// E2E-CLI-025 - KICS scan command with --fail-on flag should +// return status code different from 0 only when results match the severity provided in this flag +func init() { //nolint + testSample := TestCase{ + Name: "should fail-on provided values [E2E-CLI-025]", + Args: args{ + Args: []cmdArgs{ + []string{"scan", "--fail-on", "info,low", + "-s", "-p", "/path/assets/queries/dockerfile/apk_add_using_local_cache_path/test/positive.dockerfile"}, + + []string{"scan", "--fail-on", "info", + "-s", "-p", "/path/assets/queries/dockerfile/apk_add_using_local_cache_path/test/positive.dockerfile"}, + }, + }, + WantStatus: []int{30, 20}, + } + + Tests = append(Tests, testSample) +} diff --git a/e2e/testcases/e2e-cli-026_scan_ignore-on-exit.go b/e2e/testcases/e2e-cli-026_scan_ignore-on-exit.go new file mode 100644 index 00000000000..860c332cc04 --- /dev/null +++ b/e2e/testcases/e2e-cli-026_scan_ignore-on-exit.go @@ -0,0 +1,28 @@ +package testcases + +// E2E-CLI-026 - KICS scan command with --ignore-on-exit flag +// should return status code 0 if the provided flag occurs. +// Example: '--ignore-on-exit errors' -> Returns 0 if an error was found, instead of 126/130... +func init() { //nolint + testSample := TestCase{ + Name: "should ignore on exit provided flags [E2E-CLI-026]", + Args: args{ + Args: []cmdArgs{ + []string{"scan", "--ignore-on-exit", + "-s", "-p", "/path/e2e/fixtures/samples/terraform-single.invalid.name"}, + + []string{"scan", "--ignore-on-exit", "errors", + "-s", "-p", "/path/e2e/fixtures/samples/terraform-single.invalid.name"}, + + []string{"scan", "--ignore-on-exit", "errors", + "-s", "-p", "/path/e2e/fixtures/samples/positive.yaml"}, + + []string{"scan", "--ignore-on-exit", "all", + "-s", "-p", "/path/e2e/fixtures/samples/positive.yaml"}, + }, + }, + WantStatus: []int{126, 0, 50, 0}, + } + + Tests = append(Tests, testSample) +} diff --git a/e2e/testcases/e2e-cli-027_scan_exclude-paths.go b/e2e/testcases/e2e-cli-027_scan_exclude-paths.go new file mode 100644 index 00000000000..4f3e05bb934 --- /dev/null +++ b/e2e/testcases/e2e-cli-027_scan_exclude-paths.go @@ -0,0 +1,24 @@ +package testcases + +import "regexp" + +// E2E-CLI-027 - KICS scan command with --exclude-paths +// should not perform the scan on the files/folders provided by this flag +func init() { //nolint + testSample := TestCase{ + Name: " should exclude provided paths [E2E-CLI-027]", + Args: args{ + Args: []cmdArgs{ + []string{"scan", "--exclude-paths", "/path/test/fixtures/test_swagger/swaggerFileWithoutAuthorizer.yaml", + "-p", "/path/test/fixtures/test_swagger/", "-v"}, + }, + }, + Validation: func(outputText string) bool { + match, _ := regexp.MatchString(`Scanned Files: 1`, outputText) + return match + }, + WantStatus: []int{40}, + } + + Tests = append(Tests, testSample) +} diff --git a/e2e/testcases/e2e-cli-028_scan_log-format.go b/e2e/testcases/e2e-cli-028_scan_log-format.go new file mode 100644 index 00000000000..52f0605e567 --- /dev/null +++ b/e2e/testcases/e2e-cli-028_scan_log-format.go @@ -0,0 +1,27 @@ +package testcases + +import "regexp" + +// E2E-CLI-028 - KICS scan command with --log-format +// should modify the view structure of output messages in the CLI (json/pretty) +func init() { //nolint + testSample := TestCase{ + Name: "should modify log format messages in the CLI [E2E-CLI-028]", + Args: args{ + Args: []cmdArgs{ + + []string{"scan", "--log-format", "json", "--verbose", + "-p", "/path/e2e/fixtures/samples/single.dockerfile"}, + }, + }, + + Validation: func(outputText string) bool { + match1, _ := regexp.MatchString(`{"level":"info"`, outputText) + match2, _ := regexp.MatchString(`"message":"Inspector initialized, number of queries=\d+"`, outputText) + return match1 && match2 + }, + WantStatus: []int{50}, + } + + Tests = append(Tests, testSample) +} diff --git a/e2e/testcases/e2e-cli-029_scan_config.go b/e2e/testcases/e2e-cli-029_scan_config.go new file mode 100644 index 00000000000..d4c0457fea7 --- /dev/null +++ b/e2e/testcases/e2e-cli-029_scan_config.go @@ -0,0 +1,21 @@ +package testcases + +// E2E-CLI-029 - KICS scan command with --config flag +// should load a config file that provides commands and arguments to kics. +func init() { //nolint + testSample := TestCase{ + Name: "should load a config file [E2E-CLI-029]", + Args: args{ + Args: []cmdArgs{ + []string{"scan", "--config", "/path/e2e/fixtures/samples/configs/config.json", "--type", "cloudformation"}, + + []string{"scan", "--config", "/path/e2e/fixtures/samples/configs/config.json"}, + + []string{"scan", "--config", "/path/e2e/fixtures/samples/configs/config.json", "--silent"}, + }, + }, + WantStatus: []int{50, 0, 126}, + } + + Tests = append(Tests, testSample) +} diff --git a/e2e/testcases/e2e-cli-030_output-path.go b/e2e/testcases/e2e-cli-030_output-path.go new file mode 100644 index 00000000000..e505e9c6361 --- /dev/null +++ b/e2e/testcases/e2e-cli-030_output-path.go @@ -0,0 +1,24 @@ +package testcases + +// E2E-CLI-030 - Kics scan command with --output-path flags +// should export the result file (default json) to the path provided by this flag. +func init() { //nolint + testSample := TestCase{ + Name: "should export the result files to provided path [E2E-CLI-030]", + Args: args{ + Args: []cmdArgs{ + []string{"scan", "--output-path", "/path/e2e/output", + "-p", "/path/e2e/fixtures/samples/positive.dockerfile"}, + }, + ExpectedResult: []ResultsValidation{ + { + ResultsFile: "results", + ResultsFormats: []string{"json"}, + }, + }, + }, + WantStatus: []int{50}, + } + + Tests = append(Tests, testSample) +} diff --git a/e2e/testcases/e2e-cli-031_scan_report-formats.go b/e2e/testcases/e2e-cli-031_scan_report-formats.go new file mode 100644 index 00000000000..a3d52a81882 --- /dev/null +++ b/e2e/testcases/e2e-cli-031_scan_report-formats.go @@ -0,0 +1,34 @@ +package testcases + +// E2E-CLI-031 - Kics scan command with --report-formats and --output-path flags +// should export the results based on the formats provided by this flag. +func init() { //nolint + testSample := TestCase{ + Name: "should export the results based on different formats [E2E-CLI-031]", + Args: args{ + Args: []cmdArgs{ + []string{"scan", "--output-path", "/path/e2e/output", "--output-name", "E2E_CLI_031_RESULT", + "--report-formats", "json,SARIF,glsast,Html,SonarQUBE,Junit,cyclonedx,asff,csv,CodeClimate", + "-p", "/path/e2e/fixtures/samples/positive.yaml"}, + + []string{"scan", "--output-path", "/path/e2e/output", "--output-name", "E2E_CLI_031_RESULT_CIS", + "--report-formats", "json,JUnit,CSV", "--include-queries", "275a3217-ca37-40c1-a6cf-bb57d245ab32", + "-p", "/path/e2e/fixtures/samples/positive.yaml"}, + }, + ExpectedResult: []ResultsValidation{ + { + ResultsFile: "E2E_CLI_031_RESULT", + ResultsFormats: []string{"json", "sarif", "glsast", "html", "sonarqube", "junit", "cyclonedx", "asff", "csv", "codeclimate"}, + }, + { + ResultsFile: "E2E_CLI_031_RESULT_CIS", + ResultsFormats: []string{"junit", "json-cis", "csv-cis"}, + }, + }, + UseMock: []bool{false, true}, + }, + WantStatus: []int{50, 40}, + } + + Tests = append(Tests, testSample) +} diff --git a/e2e/testcases/e2e-cli-032_scan_output-path_validate_json.go b/e2e/testcases/e2e-cli-032_scan_output-path_validate_json.go new file mode 100644 index 00000000000..2a7028cd2ef --- /dev/null +++ b/e2e/testcases/e2e-cli-032_scan_output-path_validate_json.go @@ -0,0 +1,25 @@ +package testcases + +// E2E-CLI-032 - KICS scan command with --output-path flag +// should set the output path and check the results.json report format +func init() { //nolint + testSample := TestCase{ + Name: "should set the results output name [E2E-CLI-032]", + Args: args{ + Args: []cmdArgs{ + []string{"scan", "-o", "/path/e2e/output", "--output-name", "E2E_CLI_032_RESULT", + "-p", "/path/e2e/fixtures/samples/positive.yaml", + }, + }, + ExpectedResult: []ResultsValidation{ + { + ResultsFile: "E2E_CLI_032_RESULT", + ResultsFormats: []string{"json"}, + }, + }, + }, + WantStatus: []int{50}, + } + + Tests = append(Tests, testSample) +} diff --git a/e2e/testcases/e2e-cli-033_scan_output-path_validate_payload.go b/e2e/testcases/e2e-cli-033_scan_output-path_validate_payload.go new file mode 100644 index 00000000000..5ec2bc47af8 --- /dev/null +++ b/e2e/testcases/e2e-cli-033_scan_output-path_validate_payload.go @@ -0,0 +1,32 @@ +package testcases + +// E2E-CLI-033 - KICS scan command with --output-path and --payload-path flags +// should perform a scan and create result file(s) and payload file +func init() { //nolint + testSample := TestCase{ + Name: " should perform a scan and create a result and payload file [E2E-CLI-033]", + Args: args{ + Args: []cmdArgs{ + []string{"scan", + "--output-path", "/path/e2e/output", + "--output-name", "E2E_CLI_033_RESULT", + "--report-formats", "json,sarif,glsast,codeclimate", + "--payload-path", "/path/e2e/output/E2E_CLI_033_PAYLOAD.json", + "-p", "/path/e2e/fixtures/samples/terraform-single.tf", + }, + }, + ExpectedResult: []ResultsValidation{ + { + ResultsFile: "E2E_CLI_033_RESULT", + ResultsFormats: []string{"json", "sarif", "glsast", "codeclimate"}, + }, + }, + ExpectedPayload: []string{ + "E2E_CLI_033_PAYLOAD.json", + }, + }, + WantStatus: []int{40}, + } + + Tests = append(Tests, testSample) +} diff --git a/e2e/testcases/e2e-cli-034_scan_log-format_no_verbose.go b/e2e/testcases/e2e-cli-034_scan_log-format_no_verbose.go new file mode 100644 index 00000000000..267a485169e --- /dev/null +++ b/e2e/testcases/e2e-cli-034_scan_log-format_no_verbose.go @@ -0,0 +1,28 @@ +package testcases + +import "regexp" + +// E2E-CLI-034 - KICS scan command with --log-format without --verbose +// should not output log messages in the CLI (json) +func init() { //nolint + testSample := TestCase{ + Name: "should not display messages in the CLI [E2E-CLI-034]", + Args: args{ + Args: []cmdArgs{ + + []string{"scan", "--log-format", "json", + "-p", "/path/e2e/fixtures/samples/single.dockerfile"}, + }, + }, + + Validation: func(outputText string) bool { + match1, _ := regexp.MatchString(`{"level":"info"`, outputText) + match2, _ := regexp.MatchString(`"message":"Inspector initialized, number of queries=\d+"`, outputText) + return !match1 && !match2 + }, + + WantStatus: []int{50}, + } + + Tests = append(Tests, testSample) +} diff --git a/e2e/testcases/e2e-cli-035_scan_exclude-results.go b/e2e/testcases/e2e-cli-035_scan_exclude-results.go new file mode 100644 index 00000000000..65e98ab34b1 --- /dev/null +++ b/e2e/testcases/e2e-cli-035_scan_exclude-results.go @@ -0,0 +1,25 @@ +package testcases + +// E2E-CLI-035 - KICS scan command with --exclude-results +// should not run/found results (similarityID) provided by this flag +func init() { //nolint + testSample := TestCase{ + Name: "should exclude provided similarity ID results [E2E-CLI-035]", + Args: args{ + Args: []cmdArgs{ + + []string{"scan", + "--exclude-results", + "449be223f73b808ffbfb61a17090408aaba9615eb57f79c74e7e9cf6190b57d7," + + "d5a929b017b21438c2d42d4361f12941ea5b3d7f9eedfcb73848141b041d1f4d," + + "82ab4f612e7f3e0fbed0ac72f8747fe81f94961f94ad8302121f17ef184acd22", + "-p", "/path/e2e/fixtures/samples/single.dockerfile"}, + + []string{"scan", "--exclude-results", "-p", "/path/e2e/fixtures/samples/single.dockerfile"}, + }, + }, + WantStatus: []int{20, 126}, + } + + Tests = append(Tests, testSample) +} diff --git a/e2e/testcases/e2e-cli-036_scan_include-queries.go b/e2e/testcases/e2e-cli-036_scan_include-queries.go new file mode 100644 index 00000000000..0a3022d5f5d --- /dev/null +++ b/e2e/testcases/e2e-cli-036_scan_include-queries.go @@ -0,0 +1,59 @@ +package testcases + +// E2E-CLI-036 - KICS scan command with --include-queries +// should perform a scan running only the provided queries +func init() { //nolint + testSample := TestCase{ + Name: "should perform a scan including only specific queries [E2E-CLI-036]", + Args: args{ + Args: []cmdArgs{ + + []string{"scan", "-p", "/path/e2e/fixtures/samples/positive.yaml", + "--output-path", "/path/e2e/output", "--output-name", "E2E_CLI_036_RESULT", + "--include-queries", "275a3217-ca37-40c1-a6cf-bb57d245ab32,027a4b7a-8a59-4938-a04f-ed532512cf45," + + "e415f8d3-fc2b-4f52-88ab-1129e8c8d3f5,105ba098-1e34-48cd-b0f2-a8a43a51bf9b,ad21e616-5026-4b9d-990d-5b007bfe679c," + + "79d745f0-d5f3-46db-9504-bef73e9fd528,e200a6f3-c589-49ec-9143-7421d4a2c845,01d5a458-a6c4-452a-ac50-054d59275b7c," + + "7f384a5f-b5a2-4d84-8ca3-ee0a5247becb,87482183-a8e7-4e42-a566-7a23ec231c16,4a1e6b34-1008-4e61-a5f2-1f7c276f8d14," + + "d24389b4-b209-4ff0-8345-dc7a4569dcdd,5e6c9c68-8a82-408e-8749-ddad78cbb9c5"}, // Load Many Queries (13) + + []string{"scan", "-p", "/path/e2e/fixtures/samples/positive.yaml", + "--output-path", "/path/e2e/output", "--output-name", "E2E_CLI_036_RESULT_2", + "--include-queries", "87482183-a8e7-4e42-a566-7a23ec231c16"}, // Load 1 query + + []string{"scan", "-p", "/path/e2e/fixtures/samples/positive.yaml", + "--include-queries", "87482183-a8e7-4e42-a566-7a23ec231c17"}, // Load 0 queries (valid, but doesn't exists) + + []string{"scan", "-p", "/path/e2e/fixtures/samples/positive.yaml", + "--include-queries", "87482183-a8e7-4e42-a566-7a23ec23KICS"}, // Invalid query ID + + []string{"scan", "--include-queries", "cfdcabb0-fc06-427c-865b-c59f13e898ce", + "-s", "-p", "/path/e2e/fixtures/samples/terraform.tf"}, + + []string{"scan", "--include-queries", "e38a8e0a-b88b-4902-b3fe-b0fcb17d5c10,15ffbacc-fa42-4f6f-a57d-2feac7365caa", + "-s", "-p", "/path/e2e/fixtures/samples/terraform.tf"}, + + []string{"scan", "--include-queries", "e38a8e0a-b88b-4902-b3fe-b0fcb17d5c10", + "-s", "-p", "/path/e2e/fixtures/samples/terraform.tf"}, + + []string{"scan", "--include-queries", + "-p", "/path/e2e/fixtures/samples/terraform-single.tf"}, + []string{"scan", "--include-queries", + "--queries-path", "/path/assets/queries", "-p", "/path/e2e/fixtures/samples/terraform-single.tf"}, + }, + ExpectedResult: []ResultsValidation{ + { + ResultsFile: "E2E_CLI_036_RESULT", + ResultsFormats: []string{"json"}, + }, + { + ResultsFile: "E2E_CLI_036_RESULT_2", + ResultsFormats: []string{"json"}, + }, + }, + }, + + WantStatus: []int{50, 40, 0, 126, 50, 40, 20, 126, 126}, + } + + Tests = append(Tests, testSample) +} diff --git a/e2e/testcases/e2e-cli-037_scan_exclude-results_include-queries.go b/e2e/testcases/e2e-cli-037_scan_exclude-results_include-queries.go new file mode 100644 index 00000000000..6e4327af9dc --- /dev/null +++ b/e2e/testcases/e2e-cli-037_scan_exclude-results_include-queries.go @@ -0,0 +1,25 @@ +package testcases + +// E2E-CLI-037 - KICS scan command with --exclude-results and --include-queries +// should run only provided queries and does not run results (similarityID) provided by this flag +func init() { //nolint + testSample := TestCase{ + Name: "should run only provided queries and exclude provided results [E2E-CLI-037]", + Args: args{ + Args: []cmdArgs{ + + []string{"scan", "--include-queries", "e38a8e0a-b88b-4902-b3fe-b0fcb17d5c10", + "--exclude-results", "406b71d9fd0edb656a4735df30dde77c5f8a6c4ec3caa3442f986a92832c653b", + "-p", "/path/e2e/fixtures/samples/terraform-single.tf"}, + + []string{"scan", "--include-queries", "e38a8e0a-b88b-4902-b3fe-b0fcb17d5c10", + "--exclude-results", "d1c5f6aec84fd91ed24f5f06ccb8b6662e26c0202bcb5d4a58a1458c16456d20", + "-p", "/path/e2e/fixtures/samples/terraform-single.tf"}, + }, + }, + + WantStatus: []int{0, 20}, + } + + Tests = append(Tests, testSample) +} diff --git a/e2e/testcases/e2e-cli-038_scan_log-path.go b/e2e/testcases/e2e-cli-038_scan_log-path.go new file mode 100644 index 00000000000..bfd4d338d56 --- /dev/null +++ b/e2e/testcases/e2e-cli-038_scan_log-path.go @@ -0,0 +1,35 @@ +package testcases + +import "regexp" + +// E2E-CLI-038 - KICS scan command with --log-path +// should generate and save a log file for the scan +func init() { //nolint + testSample := TestCase{ + Name: "should generate and save a log file [E2E-CLI-038]", + Args: args{ + Args: []cmdArgs{ + + []string{"scan", "--log-path", "/path/e2e/output/E2E_CLI_038_LOG", + "-p", "/path/e2e/fixtures/samples/positive.yaml"}, + }, + + ExpectedLog: LogValidation{ + LogFile: "E2E_CLI_038_LOG", + ValidationFunc: func(logText string) bool { + match1, _ := regexp.MatchString("Scanning with Keeping Infrastructure as Code Secure", logText) + match2, _ := regexp.MatchString(`Parsed Files: \d+`, logText) + match3, _ := regexp.MatchString(`Scanned Lines: \d+`, logText) + match4, _ := regexp.MatchString(`Parsed Lines: \d+`, logText) + match5, _ := regexp.MatchString(`Ignored Lines: \d+`, logText) + match6, _ := regexp.MatchString(`Queries loaded: \d+`, logText) + match7, _ := regexp.MatchString(`Queries failed to execute: \d+`, logText) + return match1 && match2 && match3 && match4 && match5 && match6 && match7 + }, + }, + }, + WantStatus: []int{50}, + } + + Tests = append(Tests, testSample) +} diff --git a/e2e/testcases/e2e-cli-039_scan_log-path_log-level.go b/e2e/testcases/e2e-cli-039_scan_log-path_log-level.go new file mode 100644 index 00000000000..7dbf3be4bf4 --- /dev/null +++ b/e2e/testcases/e2e-cli-039_scan_log-path_log-level.go @@ -0,0 +1,32 @@ +package testcases + +import "regexp" + +// E2E-CLI-039 - KICS scan command with --log-path and --log-level +// should generate and save a log file based in the provided log-level +func init() { //nolint + testSample := TestCase{ + Name: " should generate and save a log file with log level [E2E-CLI-039]", + Args: args{ + Args: []cmdArgs{ + + []string{"scan", "--log-path", "/path/e2e/output/E2E_CLI_039_LOG", + "--log-level", "Trace", + "-p", "/path/e2e/fixtures/samples/positive.yaml"}, + }, + + ExpectedLog: LogValidation{ + LogFile: "E2E_CLI_039_LOG", + ValidationFunc: func(logText string) bool { + match1, _ := regexp.MatchString("TRACE", logText) + match2, _ := regexp.MatchString(`Inspector executed with result`, logText) + match3, _ := regexp.MatchString(`Scan duration: \d+`, logText) + return match1 && match2 && match3 + }, + }, + }, + WantStatus: []int{50}, + } + + Tests = append(Tests, testSample) +} diff --git a/e2e/testcases/e2e-cli-040_scan_report-formats_validate_outputs.go b/e2e/testcases/e2e-cli-040_scan_report-formats_validate_outputs.go new file mode 100644 index 00000000000..b58beae6cce --- /dev/null +++ b/e2e/testcases/e2e-cli-040_scan_report-formats_validate_outputs.go @@ -0,0 +1,25 @@ +package testcases + +// E2E-CLI-040 - Kics scan command with --report-formats and --output-path flags +// should export the results based on the formats provided by this flag. +func init() { //nolint + testSample := TestCase{ + Name: "should export the results based on report formats [E2E-CLI-040]", + Args: args{ + Args: []cmdArgs{ + []string{"scan", "--output-path", "/path/e2e/output", "--output-name", "E2E_CLI_040_RESULT", + "--report-formats", "json,sarif,glsast,html,sonarqube", + "-p", "/path/e2e/fixtures/samples/positive.yaml"}, + }, + ExpectedResult: []ResultsValidation{ + { + ResultsFile: "E2E_CLI_040_RESULT", + ResultsFormats: []string{"json", "sarif", "glsast", "html", "sonarqube"}, + }, + }, + }, + WantStatus: []int{50}, + } + + Tests = append(Tests, testSample) +} diff --git a/e2e/testcases/e2e-cli-041_scan_remote_path_git.go b/e2e/testcases/e2e-cli-041_scan_remote_path_git.go new file mode 100644 index 00000000000..7971fca4c53 --- /dev/null +++ b/e2e/testcases/e2e-cli-041_scan_remote_path_git.go @@ -0,0 +1,25 @@ +package testcases + +// E2E-CLI-041 - Kics scan command with -p targeting remote path (git) +// should download and scan the provided path. +func init() { //nolint + testSample := TestCase{ + Name: "should download and scan the provided git path [E2E-CLI-041]", + Args: args{ + Args: []cmdArgs{ + []string{"scan", "--output-path", "/path/e2e/output", "--output-name", "E2E_CLI_041_RESULT", + "--report-formats", "json,sarif,glsast", + "-p", "git::https://github.com/dockersamples/example-voting-app"}, + }, + ExpectedResult: []ResultsValidation{ + { + ResultsFile: "E2E_CLI_041_RESULT", + ResultsFormats: []string{"json", "sarif", "glsast"}, + }, + }, + }, + WantStatus: []int{50}, + } + + Tests = append(Tests, testSample) +} diff --git a/e2e/testcases/e2e-cli-042_scan_remote_path_http.go b/e2e/testcases/e2e-cli-042_scan_remote_path_http.go new file mode 100644 index 00000000000..2cd44c8ba4f --- /dev/null +++ b/e2e/testcases/e2e-cli-042_scan_remote_path_http.go @@ -0,0 +1,25 @@ +package testcases + +// E2E-CLI-042 - Kics scan command with -p targeting remote path (http/https) +// should download and scan the provided path/file. +func init() { //nolint + testSample := TestCase{ + Name: "should download and scan the provided http path/file [E2E-CLI-042]", + Args: args{ + Args: []cmdArgs{ + []string{"scan", "--output-path", "/path/e2e/output", "--output-name", "E2E_CLI_042_RESULT", + "--report-formats", "json,sarif,glsast", + "-p", "https://raw.githubusercontent.com/dockersamples/example-voting-app/main/docker-compose.yml"}, + }, + ExpectedResult: []ResultsValidation{ + { + ResultsFile: "E2E_CLI_042_RESULT", + ResultsFormats: []string{"json", "sarif", "glsast"}, + }, + }, + }, + WantStatus: []int{50}, + } + + Tests = append(Tests, testSample) +} diff --git a/e2e/testcases/e2e-cli-043_scan_cloud-provider.go b/e2e/testcases/e2e-cli-043_scan_cloud-provider.go new file mode 100644 index 00000000000..bcdd03d0788 --- /dev/null +++ b/e2e/testcases/e2e-cli-043_scan_cloud-provider.go @@ -0,0 +1,24 @@ +package testcases + +// E2E-CLI-043 - Kics scan command with --cloud-provider +// should execute only queries that have the same provider as given in the flag. +func init() { //nolint + testSample := TestCase{ + Name: "should execute only queries of specific cloud provider [E2E-CLI-043]", + Args: args{ + Args: []cmdArgs{ + []string{"scan", "", "/path/e2e/fixtures/samples/positive.yaml", + "--cloud-provider", "none"}, + + []string{"scan", "-p", "/path/e2e/fixtures/samples/positive.yaml", + "--cloud-provider"}, + + []string{"scan", "-p", "/path/e2e/fixtures/samples/positive.yaml", + "--cloud-provider", "aWs"}, + }, + }, + WantStatus: []int{126, 126, 50}, + } + + Tests = append(Tests, testSample) +} diff --git a/e2e/testcases/e2e-cli-044_scan_exclude-severities.go b/e2e/testcases/e2e-cli-044_scan_exclude-severities.go new file mode 100644 index 00000000000..29a88163b39 --- /dev/null +++ b/e2e/testcases/e2e-cli-044_scan_exclude-severities.go @@ -0,0 +1,31 @@ +package testcases + +// E2E-CLI-044 - Kics scan command with --exclude-severities +// should exclude results with the specified severities +func init() { //nolint + testSample := TestCase{ + Name: "should exclude queries by given severities [E2E-CLI-044]", + Args: args{ + Args: []cmdArgs{ + []string{"scan", "-p", "/path/e2e/fixtures/samples/positive.yaml", + "--output-path", "/path/e2e/output", "--output-name", "E2E_CLI_044_RESULT", + "--exclude-severities", "HIGH"}, + + []string{"scan", "-p", "/path/e2e/fixtures/samples/positive.yaml", + "--output-path", "/path/e2e/output", "--output-name", "E2E_CLI_044_RESULT", + "--exclude-severities", "HIGH,MEDIUM,LOW,INFO"}, + + []string{"scan", "-p", "/path/e2e/fixtures/samples/terraform.tf", + "--output-path", "/path/e2e/output", "--output-name", "E2E_CLI_044_RESULT", + "--exclude-severities"}, + + []string{"scan", "-p", "/path/e2e/fixtures/samples/terraform.tf", + "--output-path", "/path/e2e/output", "--output-name", "E2E_CLI_044_RESULT", + "--exclude-severities", "HIGH,MEDIUM,LOW"}, + }, + }, + WantStatus: []int{40, 0, 126, 20}, + } + + Tests = append(Tests, testSample) +} diff --git a/e2e/testcases/e2e-cli-045_scan_disable-secrets.go b/e2e/testcases/e2e-cli-045_scan_disable-secrets.go new file mode 100644 index 00000000000..4cf6ca7a819 --- /dev/null +++ b/e2e/testcases/e2e-cli-045_scan_disable-secrets.go @@ -0,0 +1,26 @@ +package testcases + +// E2E-CLI-045 - Kics scan command with --disable-secrets +// should not execute secret based queries. +func init() { //nolint + testSample := TestCase{ + Name: "should not execute secret queries [E2E-CLI-045]", + Args: args{ + Args: []cmdArgs{ + []string{"scan", "-p", "/path/e2e/fixtures/samples/terraform.tf", + "--include-queries", "487f4be7-3fd9-4506-a07a-eae252180c08"}, + + []string{"scan", "-p", "/path/e2e/fixtures/samples/terraform.tf", + "--include-queries", "487f4be7-3fd9-4506-a07a-eae252180c08", + "--disable-secrets"}, + + []string{"scan", "-p", "/path/e2e/fixtures/samples/terraform.tf", + "--include-queries", "487f4be7-3fd9-4506-a07a-eae252180c08,e38a8e0a-b88b-4902-b3fe-b0fcb17d5c10", + "--disable-secrets"}, + }, + }, + WantStatus: []int{50, 0, 20}, + } + + Tests = append(Tests, testSample) +} diff --git a/e2e/testcases/e2e-cli-046_scan_disable-full-descriptions.go b/e2e/testcases/e2e-cli-046_scan_disable-full-descriptions.go new file mode 100644 index 00000000000..35999a3ad8c --- /dev/null +++ b/e2e/testcases/e2e-cli-046_scan_disable-full-descriptions.go @@ -0,0 +1,26 @@ +package testcases + +import "regexp" + +// E2E-CLI-046 - Kics scan command with --disable-full-descriptions +// should fetch descriptions from environment URL KICS_DESCRIPTIONS_ENDPOINT. +func init() { //nolint + testSample := TestCase{ + Name: "should fetch descriptions from environment [E2E-CLI-046]", + Args: args{ + Args: []cmdArgs{ + []string{"scan", "-p", "/path/e2e/fixtures/samples/positive.dockerfile", + "--no-color", "-v", + "--disable-full-descriptions"}, + }, + }, + Validation: func(outputText string) bool { + uuidRegex := "Skipping descriptions because provided disable flag is set" + match, _ := regexp.MatchString(uuidRegex, outputText) + return match + }, + WantStatus: []int{50}, + } + + Tests = append(Tests, testSample) +} diff --git a/e2e/testcases/e2e-cli-047_scan_payload-lines.go b/e2e/testcases/e2e-cli-047_scan_payload-lines.go new file mode 100644 index 00000000000..782970d5741 --- /dev/null +++ b/e2e/testcases/e2e-cli-047_scan_payload-lines.go @@ -0,0 +1,21 @@ +package testcases + +// E2E-CLI-047 - Kics scan command with --payload-lines +// should display additional information lines in the payload file. +func init() { //nolint + testSample := TestCase{ + Name: "should display line references in the payload file [E2E-CLI-047]", + Args: args{ + Args: []cmdArgs{ + []string{"scan", "--silent", "-p", "/path/e2e/fixtures/samples/terraform.tf", + "--payload-path", "/path/e2e/output/E2E_CLI_047_PAYLOAD.json", "--payload-lines"}, + }, + ExpectedPayload: []string{ + "E2E_CLI_047_PAYLOAD.json", + }, + }, + WantStatus: []int{50}, + } + + Tests = append(Tests, testSample) +} diff --git a/e2e/testcases/e2e-cli-048_scan_custom-secrets-regexes.go b/e2e/testcases/e2e-cli-048_scan_custom-secrets-regexes.go new file mode 100644 index 00000000000..4351c5bc383 --- /dev/null +++ b/e2e/testcases/e2e-cli-048_scan_custom-secrets-regexes.go @@ -0,0 +1,34 @@ +package testcases + +// E2E-CLI-048 - Kics scan command with --secrets-regexes-path +// should load custom secrets rules from provided path. +func init() { //nolint + testSample := TestCase{ + Name: "should load custom secrets rules from provided path [E2E-CLI-048]", + Args: args{ + Args: []cmdArgs{ + []string{"scan", "--silent", "-p", "/path/e2e/fixtures/samples/terraform-secret.tf", + "--secrets-regexes-path", "/path/e2e/fixtures/samples/secrets/regex_rules_48_valid.json"}, + + []string{"scan", "--silent", "-p", "/path/e2e/fixtures/samples/terraform-secret.tf", + "--secrets-regexes-path", "/path/e2e/fixtures/samples/secrets/regex_rules_48_valid.json", + "--exclude-queries", "487f4be7-3fd9-4506-a07a-eae252180c08"}, + + []string{"scan", "--silent", "-p", "/path/e2e/fixtures/samples/terraform-secret.tf", + "--secrets-regexes-path", "/path/e2e/fixtures/samples/secrets/regex_rules_48_empty.json"}, + + []string{"scan", "--silent", "-p", "/path/e2e/fixtures/samples/terraform-secret.tf", + "--secrets-regexes-path", "/path/e2e/fixtures/samples/secrets/regex_rules_48_invalid_regex.json"}, + + []string{"scan", "--silent", "-p", "/path/e2e/fixtures/samples/terraform.tf", + "--secrets-regexes-path", "not-exists-folder"}, + + []string{"scan", "--silent", "-p", "/path/e2e/fixtures/samples/terraform.tf", + "--secrets-regexes-path", "samples"}, + }, + }, + WantStatus: []int{50, 40, 40, 126, 126, 126}, + } + + Tests = append(Tests, testSample) +} diff --git a/e2e/testcases/e2e-cli-049_scan_custom-libraries-path.go b/e2e/testcases/e2e-cli-049_scan_custom-libraries-path.go new file mode 100644 index 00000000000..b170825d858 --- /dev/null +++ b/e2e/testcases/e2e-cli-049_scan_custom-libraries-path.go @@ -0,0 +1,24 @@ +package testcases + +// E2E-CLI-049 - Kics scan command with --libraries-path +// should load libraries from the provided path. +func init() { //nolint + testSample := TestCase{ + Name: "should load libraries from the provided path [E2E-CLI-049]", + Args: args{ + Args: []cmdArgs{ + []string{"scan", "--silent", "-p", "/path/e2e/fixtures/samples/terraform-single.tf", + "--libraries-path", "/path/e2e/fixtures/samples/libraries"}, + + []string{"scan", "--silent", "-p", "/path/e2e/fixtures/samples/positive.yaml", + "--libraries-path", "/path/e2e/fixtures/samples/libraries"}, + + []string{"scan", "--silent", "-p", "/path/e2e/fixtures/samples/positive.yaml", + "--libraries-path", "/path/e2e/fixtures/samples/not-exists-folder"}, + }, + }, + WantStatus: []int{0, 50, 126}, + } + + Tests = append(Tests, testSample) +} diff --git a/e2e/testcases/e2e-cli-050_scan_bill-of-materials.go b/e2e/testcases/e2e-cli-050_scan_bill-of-materials.go new file mode 100644 index 00000000000..22df7077eb1 --- /dev/null +++ b/e2e/testcases/e2e-cli-050_scan_bill-of-materials.go @@ -0,0 +1,27 @@ +package testcases + +// E2E-CLI-050 - Kics scan command with --bom (or -m) +// should include bill of materials (BoM) in results output +func init() { //nolint + testSample := TestCase{ + Name: "should include bill of materials in results output [E2E-CLI-050]", + Args: args{ + Args: []cmdArgs{ + []string{"scan", "-p", "/path/e2e/fixtures/samples/bom-positive.tf", + "--bom", "-o", "/path/e2e/output"}, + + []string{"scan", "-p", "/path/e2e/fixtures/samples/bom-positive.tf", + "--m"}, + }, + ExpectedResult: []ResultsValidation{ + { + ResultsFile: "results", + ResultsFormats: []string{"json-bom"}, + }, + }, + }, + WantStatus: []int{50, 126}, + } + + Tests = append(Tests, testSample) +} diff --git a/e2e/testcases/e2e-cli-051_scan_custom-queries-path.go b/e2e/testcases/e2e-cli-051_scan_custom-queries-path.go new file mode 100644 index 00000000000..a62652f55b2 --- /dev/null +++ b/e2e/testcases/e2e-cli-051_scan_custom-queries-path.go @@ -0,0 +1,24 @@ +package testcases + +// E2E-CLI-051 - Kics scan command with --queries-path +// should load and execute queries found in the provided path +func init() { //nolint + testSample := TestCase{ + Name: "should load and execute queries from a custom path [E2E-CLI-051]", + Args: args{ + Args: []cmdArgs{ + []string{"scan", "--queries-path", "/path/e2e/fixtures/samples/queries/valid/single_query", + "-p", "/path/e2e/fixtures/samples/bom-positive.tf"}, + []string{"scan", "--queries-path", "/path/e2e/fixtures/samples/queries/invalid/invalid_metadata", + "-p", "/path/e2e/fixtures/samples/bom-positive.tf"}, + []string{"scan", "--queries-path", "/path/e2e/fixtures/samples/queries/invalid/missing_metadata", "-p", + "/path/e2e/fixtures/samples/bom-positive.tf"}, + []string{"scan", "--queries-path", "/path/e2e/fixtures/samples/invalid_path", + "-p", "/path/e2e/fixtures/samples/bom-positive.tf"}, + }, + }, + WantStatus: []int{50, 0, 0, 126}, + } + + Tests = append(Tests, testSample) +} diff --git a/e2e/testcases/e2e-cli-052_scan_with_custom_cis_descriptions.go b/e2e/testcases/e2e-cli-052_scan_with_custom_cis_descriptions.go new file mode 100644 index 00000000000..f8bc7292480 --- /dev/null +++ b/e2e/testcases/e2e-cli-052_scan_with_custom_cis_descriptions.go @@ -0,0 +1,35 @@ +package testcases + +// E2E-CLI-052 - Kics scan with a custom CIS descriptions env variable +// should load and display the correct CIS descriptions (provided by the custom server) +func init() { //nolint + testSample := TestCase{ + Name: "should load descriptions from a custom server [E2E-CLI-052]", + Args: args{ + Args: []cmdArgs{ + []string{"scan", + "-p", "/path/e2e/fixtures/samples/terraform.tf", "--no-color", + "--include-queries", "487f4be7-3fd9-4506-a07a-eae252180c08,cfdcabb0-fc06-427c-865b-c59f13e898ce", + "-o", "/path/e2e/output", "--output-name", "/path/e2e/output/E2E_CLI_052_RESULTS_ALL_HAVE_CIS.json"}, + + []string{"scan", + "-p", "/path/e2e/fixtures/samples/terraform.tf", "--no-color", + "-o", "/path/e2e/output", "--output-name", "/path/e2e/output/E2E_CLI_052_RESULTS_SOME_HAVE_CIS.json"}, + }, + UseMock: []bool{true, true}, + ExpectedResult: []ResultsValidation{ + { + ResultsFile: "E2E_CLI_052_RESULTS_ALL_HAVE_CIS", + ResultsFormats: []string{"json-cis"}, + }, + { + ResultsFile: "E2E_CLI_052_RESULTS_SOME_HAVE_CIS", + ResultsFormats: []string{"json"}, + }, + }, + }, + WantStatus: []int{50, 50}, + } + + Tests = append(Tests, testSample) +} diff --git a/e2e/testcases/e2e-cli-053_kics_scan_ignore.go b/e2e/testcases/e2e-cli-053_kics_scan_ignore.go new file mode 100644 index 00000000000..a1ec0194cae --- /dev/null +++ b/e2e/testcases/e2e-cli-053_kics_scan_ignore.go @@ -0,0 +1,20 @@ +package testcases + +// E2E-CLI-053 - Kics scan can ignore entire files, blocks and lines based in kics-ignore comments +func init() { //nolint + testSample := TestCase{ + Name: "should ignore files/code-blocks/code-lines during the scan [E2E-CLI-053]", + Args: args{ + Args: []cmdArgs{ + []string{"scan", "-p", "/path/e2e/fixtures/samples/scan-ignore/enable.tf"}, + []string{"scan", "-p", "/path/e2e/fixtures/samples/scan-ignore/disable.tf"}, + []string{"scan", "-p", "/path/e2e/fixtures/samples/scan-ignore/ignore-block.dockerfile"}, + []string{"scan", "-p", "/path/e2e/fixtures/samples/scan-ignore/ignore-lines.yaml"}, + []string{"scan", "-p", "/path/e2e/fixtures/samples/scan-ignore/ignore"}, + }, + }, + WantStatus: []int{40, 20, 30, 40, 0}, + } + + Tests = append(Tests, testSample) +} diff --git a/e2e/testcases/e2e-cli-054_scan_multiple-queries-path.go b/e2e/testcases/e2e-cli-054_scan_multiple-queries-path.go new file mode 100644 index 00000000000..7349fa1fd46 --- /dev/null +++ b/e2e/testcases/e2e-cli-054_scan_multiple-queries-path.go @@ -0,0 +1,26 @@ +package testcases + +import "regexp" + +// E2E-CLI-054 - Kics scan command with --queries-path using multiple entries +// should load and execute queries found in the provided paths +func init() { //nolint + testSample := TestCase{ + Name: "should load and execute queries from multiple paths [E2E-CLI-054]", + Args: args{ + Args: []cmdArgs{ + []string{"scan", "--queries-path", "/path/e2e/fixtures/samples/queries/valid/single_query," + + "/path/e2e/fixtures/samples/queries/valid/multiple_query", + "-p", "/path/e2e/fixtures/samples/bom-positive.tf"}, + }, + }, + Validation: func(outputText string) bool { + matchQueryPath1, _ := regexp.MatchString(`Athena Database Not Encrypted`, outputText) + matchQueryPath2, _ := regexp.MatchString(`S3 Bucket Without Enabled MFA Delete`, outputText) + return matchQueryPath1 && matchQueryPath2 + }, + WantStatus: []int{50}, + } + + Tests = append(Tests, testSample) +} diff --git a/e2e/testcases/e2e-cli-055_scan_resolve_openapi_files.go b/e2e/testcases/e2e-cli-055_scan_resolve_openapi_files.go new file mode 100644 index 00000000000..91fc8b339ef --- /dev/null +++ b/e2e/testcases/e2e-cli-055_scan_resolve_openapi_files.go @@ -0,0 +1,23 @@ +package testcases + +import "regexp" + +// E2E-CLI-055 - Kics scan command with openapi files that are not resolved +// should resolve openapi files and return results in same file +func init() { //nolint + testSample := TestCase{ + Name: "should resolve openapi files and return results in different files [E2E-CLI-055]", + Args: args{ + Args: []cmdArgs{ + []string{"scan", "-p", "/path/e2e/fixtures/samples/unresolved_openapi"}, + }, + }, + WantStatus: []int{50}, + Validation: func(outputText string) bool { + matchQueryPath1, _ := regexp.MatchString(`openapi.yaml`, outputText) + return matchQueryPath1 + }, + } + + Tests = append(Tests, testSample) +} diff --git a/e2e/testcases/e2e-cli-056_scan_timeout.go b/e2e/testcases/e2e-cli-056_scan_timeout.go new file mode 100644 index 00000000000..26250e845e7 --- /dev/null +++ b/e2e/testcases/e2e-cli-056_scan_timeout.go @@ -0,0 +1,29 @@ +package testcases + +import ( + "regexp" +) + +// E2E-CLI-056 - Kics scan command with timeout flag +// should stop a query execution when reaching the provided timeout (seconds) +func init() { //nolint + testSample := TestCase{ + Name: "should timeout queries when reaching the timeout limit [E2E-CLI-056]", + Args: args{ + Args: []cmdArgs{ + []string{"scan", "--config", "/path/e2e/fixtures/samples/configs/config.yaml", "-v"}, + []string{"scan", "-p", "/path/e2e/fixtures/samples/positive.dockerfile", "--timeout", "1", "-v"}, + []string{"scan", "-p", "/path/e2e/fixtures/samples/positive.dockerfile", "--timeout", "0", "-v"}, + }, + }, + WantStatus: []int{50, 50, 126}, + Validation: func(outputText string) bool { + matchTimeoutLog, _ := regexp.MatchString("Query execution timeout=(0|1|12)s", outputText) + // Check for validation error (for invalid timeout=0) + matchValidationError, _ := regexp.MatchString("invalid argument --timeout: value must be greater than 0", outputText) + return matchTimeoutLog || matchValidationError + }, + } + + Tests = append(Tests, testSample) +} diff --git a/e2e/testcases/e2e-cli-057_fix_all.go b/e2e/testcases/e2e-cli-057_fix_all.go new file mode 100644 index 00000000000..8d53565cce6 --- /dev/null +++ b/e2e/testcases/e2e-cli-057_fix_all.go @@ -0,0 +1,28 @@ +package testcases + +import ( + "regexp" +) + +// E2E-CLI-057 - Kics remediate command +// should remediate all remediation found +func init() { //nolint + generateResults("results-remediate-all") + + testSample := TestCase{ + Name: "should remediate all remediation found [E2E-CLI-057]", + Args: args{ + Args: []cmdArgs{ + []string{"remediate", "--results", "/path/e2e/tmp-kics-ar/results-remediate-all.json", "-v"}, + }, + }, + WantStatus: []int{0}, + Validation: func(outputText string) bool { + match1, _ := regexp.MatchString(`Selected remediation: 5`, outputText) + match2, _ := regexp.MatchString(`Remediation done: 5`, outputText) + return match1 && match2 + }, + } + + Tests = append(Tests, testSample) +} diff --git a/e2e/testcases/e2e-cli-058_fix_include_ids.go b/e2e/testcases/e2e-cli-058_fix_include_ids.go new file mode 100644 index 00000000000..1526d353f69 --- /dev/null +++ b/e2e/testcases/e2e-cli-058_fix_include_ids.go @@ -0,0 +1,31 @@ +package testcases + +import ( + "regexp" +) + +// E2E-CLI-057 - Kics remediate command +// should remediate all remediation found +func init() { //nolint + generateResults("results-remediate-include-ids") + + testSample := TestCase{ + Name: "should remediate the recommendations pointed in include-ids flag [E2E-CLI-058]", + Args: args{ + Args: []cmdArgs{ + []string{"remediate", "--results", "/path/e2e/tmp-kics-ar/results-remediate-include-ids.json", + "--include-ids", "f282fa13cf5e4ffd4bbb0ee2059f8d0240edcd2ca54b3bb71633145d961de5ce," + + "87abbee5d0ec977ba193371c702dca2c040ea902d2e606806a63b66119ff89bc", + "-v"}, + }, + }, + WantStatus: []int{0}, + Validation: func(outputText string) bool { + match1, _ := regexp.MatchString(`Selected remediation: 2`, outputText) + match2, _ := regexp.MatchString(`Remediation done: 2`, outputText) + return match1 && match2 + }, + } + + Tests = append(Tests, testSample) +} diff --git a/e2e/testcases/e2e-cli-059_help_fix.go b/e2e/testcases/e2e-cli-059_help_fix.go new file mode 100644 index 00000000000..ede40f3f54e --- /dev/null +++ b/e2e/testcases/e2e-cli-059_help_fix.go @@ -0,0 +1,18 @@ +package testcases + +// E2E-CLI-059 - KICS remediate command should display a help text in the CLI when provided with the +// --help flag and it should describe the options related with remediate plus the global options +func init() { //nolint + testSample := TestCase{ + Name: "should display the kics remediate help text [E2E-CLI-059]", + Args: args{ + Args: []cmdArgs{ + []string{"remediate", "--help"}, + }, + ExpectedOut: []string{"E2E_CLI_059"}, + }, + WantStatus: []int{0}, + } + + Tests = append(Tests, testSample) +} diff --git a/e2e/testcases/e2e-cli-060_fix_text.go b/e2e/testcases/e2e-cli-060_fix_text.go new file mode 100644 index 00000000000..f2f5b670402 --- /dev/null +++ b/e2e/testcases/e2e-cli-060_fix_text.go @@ -0,0 +1,18 @@ +package testcases + +// E2E-CLI-060 - KICS remediate command has a mandatory flag --results. The CLI should exhibit +// an error message and return exit code 126 +func init() { //nolint + testSample := TestCase{ + Name: "should display an error regarding missing --results flag [E2E-CLI-060]", + Args: args{ + Args: []cmdArgs{ + []string{"remediate"}, + }, + ExpectedOut: []string{"E2E_CLI_060"}, + }, + WantStatus: []int{126}, + } + + Tests = append(Tests, testSample) +} diff --git a/e2e/testcases/e2e-cli-061_scan_exclude_type.go b/e2e/testcases/e2e-cli-061_scan_exclude_type.go new file mode 100644 index 00000000000..3bab9e64720 --- /dev/null +++ b/e2e/testcases/e2e-cli-061_scan_exclude_type.go @@ -0,0 +1,23 @@ +// Package testcases provides end-to-end (E2E) testing functionality for the application. +package testcases + +// E2E-CLI-061 - KICS scan with a valid case insensitive --exclude-type flag +// should perform the scan successfully and return exit code 50 +func init() { //nolint + testSample := TestCase{ + Name: "should perform a valid scan with --exclude-type flag [E2E-CLI-061]", + Args: args{ + Args: []cmdArgs{ + []string{"scan", "-p", "\"/path/e2e/fixtures/samples/positive.dockerfile\",\"/path/e2e/fixtures/samples/terraform.tf\"", + "--silent", "--payload-path", "/path/e2e/output/E2E_CLI_061_PAYLOAD.json", "--exclude-type", + "TeRRafOrm"}, + }, + ExpectedPayload: []string{ + "E2E_CLI_061_PAYLOAD.json", + }, + }, + WantStatus: []int{50}, + } + + Tests = append(Tests, testSample) +} diff --git a/e2e/testcases/e2e-cli-062_tf_variables_comment_path.go b/e2e/testcases/e2e-cli-062_tf_variables_comment_path.go new file mode 100644 index 00000000000..524febbef5f --- /dev/null +++ b/e2e/testcases/e2e-cli-062_tf_variables_comment_path.go @@ -0,0 +1,22 @@ +// Package testcases provides end-to-end (E2E) testing functionality for the application. +package testcases + +// E2E-CLI-062 - KICS scan and get the variables using a variables path as a comment +// should perform the scan successfully and return exit code 0 +func init() { //nolint + testSample := TestCase{ + Name: "should perform a valid scan and get the variables using a variables path as a comment [E2E-CLI-062]", + Args: args{ + Args: []cmdArgs{ + []string{"scan", "-p", "\"/path/e2e/fixtures/samples/terraform-vars-path/tfFiles\"", + "--silent", "--payload-path", "/path/e2e/output/E2E_CLI_062_PAYLOAD.json"}, + }, + ExpectedPayload: []string{ + "E2E_CLI_062_PAYLOAD.json", + }, + }, + WantStatus: []int{0}, + } + + Tests = append(Tests, testSample) +} diff --git a/e2e/testcases/e2e-cli-063_tf_variables_flag_path.go b/e2e/testcases/e2e-cli-063_tf_variables_flag_path.go new file mode 100644 index 00000000000..65ddf4388f4 --- /dev/null +++ b/e2e/testcases/e2e-cli-063_tf_variables_flag_path.go @@ -0,0 +1,23 @@ +// Package testcases provides end-to-end (E2E) testing functionality for the application. +package testcases + +// E2E-CLI-063 - KICS scan and get the variables using a variables path as a flag +// should perform the scan successfully and return exit code 0 +func init() { //nolint + testSample := TestCase{ + Name: "should perform a valid scan and get the variables using a variables path as a flag [E2E-CLI-063]", + Args: args{ + Args: []cmdArgs{ + []string{"scan", "-p", "\"/path/e2e/fixtures/samples/terraform-vars-path/tfFiles\"", + "--silent", "--payload-path", "/path/e2e/output/E2E_CLI_063_PAYLOAD.json", + "--terraform-vars-path", "/path/e2e/fixtures/samples/terraform-vars-path/terraform-vars.tfvars"}, + }, + ExpectedPayload: []string{ + "E2E_CLI_063_PAYLOAD.json", + }, + }, + WantStatus: []int{0}, + } + + Tests = append(Tests, testSample) +} diff --git a/e2e/testcases/e2e-cli-064_json_file_ref.go b/e2e/testcases/e2e-cli-064_json_file_ref.go new file mode 100644 index 00000000000..b98432e31c0 --- /dev/null +++ b/e2e/testcases/e2e-cli-064_json_file_ref.go @@ -0,0 +1,19 @@ +// Package testcases provides end-to-end (E2E) testing functionality for the application. +package testcases + +// E2E-CLI-064 - KICS scan with json/yaml file with ## in non ref +// should perform the scan successfully and return exit code 0 +func init() { //nolint + testSample := TestCase{ + Name: "should perform a valid scan with json/yaml file with ## in non ref [E2E-CLI-064]", + Args: args{ + Args: []cmdArgs{ + []string{"scan", "-p", "\"/path/e2e/fixtures/samples/swagger\"", + "--silent"}, + }, + }, + WantStatus: []int{50}, + } + + Tests = append(Tests, testSample) +} diff --git a/e2e/testcases/e2e-cli-065_yaml_resolver_panic.go b/e2e/testcases/e2e-cli-065_yaml_resolver_panic.go new file mode 100644 index 00000000000..ab7744c2611 --- /dev/null +++ b/e2e/testcases/e2e-cli-065_yaml_resolver_panic.go @@ -0,0 +1,19 @@ +// Package testcases provides end-to-end (E2E) testing functionality for the application. +package testcases + +// E2E-CLI-065 - KICS scan +// should perform the scan successfully and return exit code 0 +func init() { //nolint + testSample := TestCase{ + Name: "should perform a valid scan [E2E-CLI-065]", + Args: args{ + Args: []cmdArgs{ + []string{"scan", "-p", "\"/path/e2e/fixtures/samples/panicYamlRef/file1.yaml\"", + "--silent"}, + }, + }, + WantStatus: []int{0}, + } + + Tests = append(Tests, testSample) +} diff --git a/e2e/testcases/e2e-cli-066_analyze_command.go b/e2e/testcases/e2e-cli-066_analyze_command.go new file mode 100644 index 00000000000..f848d7a7c94 --- /dev/null +++ b/e2e/testcases/e2e-cli-066_analyze_command.go @@ -0,0 +1,23 @@ +// Package testcases provides end-to-end (E2E) testing functionality for the application. +package testcases + +// E2E-CLI-066 - KICS analyze +// should finish successfully and return exit code 0 +func init() { //nolint + testSample := TestCase{ + Name: "should perform a valid analyze [E2E-CLI-066]", + Args: args{ + Args: []cmdArgs{ + []string{"analyze", + "--analyze-path", "/path/e2e/fixtures/samples/swagger", + "--analyze-results", "/path/e2e/output/E2E_CLI_066_ANALYZE_RESULTS.json"}, + }, + ExpectedAnalyzerResults: &ResultsValidation{ + ResultsFile: "E2E_CLI_066_ANALYZE_RESULTS", + ResultsFormats: []string{"json"}, + }, + }, + WantStatus: []int{0}, + } + Tests = append(Tests, testSample) +} diff --git a/e2e/testcases/e2e-cli-067_ignore_broken_symlink_eloop.go b/e2e/testcases/e2e-cli-067_ignore_broken_symlink_eloop.go new file mode 100644 index 00000000000..bf610791402 --- /dev/null +++ b/e2e/testcases/e2e-cli-067_ignore_broken_symlink_eloop.go @@ -0,0 +1,22 @@ +// Package testcases provides end-to-end (E2E) testing functionality for the application. +package testcases + +// E2E-CLI-067 - KICS scan but ignore broken symlinks and symlinks that create endless loops +// should perform the scan successfully and return exit code 0 +func init() { //nolint + testSample := TestCase{ + Name: "should perform a valid scan but ignore broken symlinks and symlinks that create endless loops [E2E-CLI-067]", + Args: args{ + Args: []cmdArgs{ + []string{"scan", "-p", "\"/path/test/fixtures/link_test/broken_symlink\"", "\"/path/test/fixtures/link_test/eloop_link\"", + "--silent", "--payload-path", "/path/e2e/output/E2E_CLI_067_PAYLOAD.json"}, + }, + ExpectedPayload: []string{ + "E2E_CLI_067_PAYLOAD.json", + }, + }, + WantStatus: []int{0}, + } + + Tests = append(Tests, testSample) +} diff --git a/e2e/testcases/e2e-cli-068_corrupted_dockerfile.go b/e2e/testcases/e2e-cli-068_corrupted_dockerfile.go new file mode 100644 index 00000000000..a454068801c --- /dev/null +++ b/e2e/testcases/e2e-cli-068_corrupted_dockerfile.go @@ -0,0 +1,26 @@ +// Package testcases provides end-to-end (E2E) testing functionality for the application. +package testcases + +// E2E-CLI-068 - KICS scan but recover from corrupted dockerfile +// should perform the scan successfully and return exit code 50 +func init() { //nolint + testSample := TestCase{ + Name: "should perform a valid scan and recover from a corrupted dockerfile [E2E-CLI-068]", + Args: args{ + Args: []cmdArgs{ + []string{"scan", "-o", "/path/e2e/output", "--output-name", "E2E_CLI_068_RESULT", + "-p", "/path/test/fixtures/dockerfile/corrupted_dockerfile", + }, + }, + ExpectedResult: []ResultsValidation{ + { + ResultsFile: "E2E_CLI_068_RESULT", + ResultsFormats: []string{"json"}, + }, + }, + }, + WantStatus: []int{50}, + } + + Tests = append(Tests, testSample) +} diff --git a/e2e/testcases/e2e-cli-069_ignore_experimental_query.go b/e2e/testcases/e2e-cli-069_ignore_experimental_query.go new file mode 100644 index 00000000000..2e9e07f6e45 --- /dev/null +++ b/e2e/testcases/e2e-cli-069_ignore_experimental_query.go @@ -0,0 +1,32 @@ +package testcases + +// E2E-CLI-069 - KICS scan and ignore experimental queries +// should perform the scan successfully and return exit code 40 +const ( + samplePath = "/path/test/fixtures/experimental_test/sample" + queriesPath = "/path/test/fixtures/experimental_test/queries" +) + +func init() { //nolint + paths := []string{samplePath, queriesPath} + + testSample := TestCase{ + Name: "should perform a valid scan and ignore the experimental queries [E2E-CLI-069]", + Args: args{ + Args: []cmdArgs{ + []string{"scan", "-o", "/path/e2e/output", "--output-name", "E2E_CLI_069_RESULT", + "-p", "\"" + paths[0] + "\"", "-q", "\"" + paths[1] + "\"", + }, + }, + ExpectedResult: []ResultsValidation{ + { + ResultsFile: "E2E_CLI_069_RESULT", + ResultsFormats: []string{"json"}, + }, + }, + }, + WantStatus: []int{40}, + } + + Tests = append(Tests, testSample) +} diff --git a/e2e/testcases/e2e-cli-070_not_ignore_experimental_query.go b/e2e/testcases/e2e-cli-070_not_ignore_experimental_query.go new file mode 100644 index 00000000000..bfe90c4c7ba --- /dev/null +++ b/e2e/testcases/e2e-cli-070_not_ignore_experimental_query.go @@ -0,0 +1,31 @@ +package testcases + +// E2E-CLI-070 - KICS scan and not ignore experimental queries +// should perform the scan successfully and return exit code 40 and 50 +func init() { //nolint + samplePath := "/path/test/fixtures/experimental_test/sample" + queriesPath := "/path/test/fixtures/experimental_test/queries" + + paths := []string{samplePath, queriesPath} + + testSample := TestCase{ + Name: "should perform a valid scan and not ignore the experimental queries [E2E-CLI-070]", + Args: args{ + Args: []cmdArgs{ + []string{"scan", "-o", "/path/e2e/output", "--output-name", "E2E_CLI_070_RESULT", + "-p", "\"" + paths[0] + "\"", "-q", "\"" + paths[1] + "\"", + "--experimental-queries", + }, + }, + ExpectedResult: []ResultsValidation{ + { + ResultsFile: "E2E_CLI_070_RESULT", + ResultsFormats: []string{"json"}, + }, + }, + }, + WantStatus: []int{50}, + } + + Tests = append(Tests, testSample) +} diff --git a/e2e/testcases/e2e-cli-071_no_flag_resolve_references.go b/e2e/testcases/e2e-cli-071_no_flag_resolve_references.go new file mode 100644 index 00000000000..c0de9e72766 --- /dev/null +++ b/e2e/testcases/e2e-cli-071_no_flag_resolve_references.go @@ -0,0 +1,27 @@ +package testcases + +// E2E-CLI-071 - KICS scan and ignore references +// should perform the scan successfully and return exit code 20 +func init() { //nolint + testSample := TestCase{ + Name: "should perform a valid scan and not resolve references [E2E-CLI-071]", + Args: args{ + Args: []cmdArgs{ + []string{"scan", "-o", "/path/e2e/output", + "--output-name", "E2E_CLI_071_RESULT", + "-p", "\"/path/test/fixtures/resolve_references\"", + "-i", "6c35d2c6-09f2-4e5c-a094-e0e91327071d,962fa01e-b791-4dcc-b04a-4a3e7389be5e", + }, + }, + ExpectedResult: []ResultsValidation{ + { + ResultsFile: "E2E_CLI_071_RESULT", + ResultsFormats: []string{"json"}, + }, + }, + }, + WantStatus: []int{20}, + } + + Tests = append(Tests, testSample) +} diff --git a/e2e/testcases/e2e-cli-071_tf_eval_func_unknown_type.go b/e2e/testcases/e2e-cli-071_tf_eval_func_unknown_type.go new file mode 100644 index 00000000000..2a68c32d74e --- /dev/null +++ b/e2e/testcases/e2e-cli-071_tf_eval_func_unknown_type.go @@ -0,0 +1,22 @@ +// Package testcases provides end-to-end (E2E) testing functionality for the application. +package testcases + +// E2E-CLI-071 - KICS scan while evaluating the terraform functions with unknown type +// should perform the scan successfully and return exit code 40 +func init() { //nolint + testSample := TestCase{ + Name: "should perform a valid scan while evaluating the terraform functions with unknown type [E2E-CLI-071]", + Args: args{ + Args: []cmdArgs{ + []string{"scan", "-p", "\"/path/e2e/fixtures/samples/tf-eval-func-unknown-type/main.tf\"", + "--silent", "--payload-path", "/path/e2e/output/E2E_CLI_071_PAYLOAD.json"}, + }, + ExpectedPayload: []string{ + "E2E_CLI_071_PAYLOAD.json", + }, + }, + WantStatus: []int{40}, + } + + Tests = append(Tests, testSample) +} diff --git a/e2e/testcases/e2e-cli-072_flag_resolve_references.go b/e2e/testcases/e2e-cli-072_flag_resolve_references.go new file mode 100644 index 00000000000..be9ace47de8 --- /dev/null +++ b/e2e/testcases/e2e-cli-072_flag_resolve_references.go @@ -0,0 +1,28 @@ +package testcases + +// E2E-CLI-072 - KICS scan and ignore references +// should perform the scan successfully and return exit code 40,20 +func init() { //nolint + testSample := TestCase{ + Name: "should perform a valid scan and resolve references [E2E-CLI-072]", + Args: args{ + Args: []cmdArgs{ + []string{"scan", "-o", "/path/e2e/output", + "--output-name", "E2E_CLI_072_RESULT", + "-p", "\"/path/test/fixtures/resolve_references\"", + "-i", "6c35d2c6-09f2-4e5c-a094-e0e91327071d,962fa01e-b791-4dcc-b04a-4a3e7389be5e", + "--enable-openapi-refs", + }, + }, + ExpectedResult: []ResultsValidation{ + { + ResultsFile: "E2E_CLI_072_RESULT", + ResultsFormats: []string{"json"}, + }, + }, + }, + WantStatus: []int{30}, + } + + Tests = append(Tests, testSample) +} diff --git a/e2e/testcases/e2e-cli-073_json_no_flag_resolve_references.go b/e2e/testcases/e2e-cli-073_json_no_flag_resolve_references.go new file mode 100644 index 00000000000..e27f8b74745 --- /dev/null +++ b/e2e/testcases/e2e-cli-073_json_no_flag_resolve_references.go @@ -0,0 +1,28 @@ +package testcases + +// E2E-CLI-073 - KICS scan and ignore references +// should perform the scan successfully and return exit code 0 +// no results expected +func init() { //nolint + testSample := TestCase{ + Name: "should perform a valid scan and not resolve references [E2E-CLI-073]", + Args: args{ + Args: []cmdArgs{ + []string{"scan", "-o", "/path/e2e/output", + "--output-name", "E2E_CLI_073_RESULT", + "-p", "\"/path/test/fixtures/resolve_references_json\"", + "-i", "750b40be-4bac-4f59-bdc4-1ca0e6c3450e", + }, + }, + ExpectedResult: []ResultsValidation{ + { + ResultsFile: "E2E_CLI_073_RESULT", + ResultsFormats: []string{"json"}, + }, + }, + }, + WantStatus: []int{0}, + } + + Tests = append(Tests, testSample) +} diff --git a/e2e/testcases/e2e-cli-074_json_flag_resolve_references.go b/e2e/testcases/e2e-cli-074_json_flag_resolve_references.go new file mode 100644 index 00000000000..90a5388c959 --- /dev/null +++ b/e2e/testcases/e2e-cli-074_json_flag_resolve_references.go @@ -0,0 +1,28 @@ +package testcases + +// E2E-CLI-074 - KICS scan and ignore references +// should perform the scan successfully and return exit code 20 +func init() { //nolint + testSample := TestCase{ + Name: "should perform a valid scan and resolve references [E2E-CLI-074]", + Args: args{ + Args: []cmdArgs{ + []string{"scan", "-o", "/path/e2e/output", + "--output-name", "E2E_CLI_074_RESULT", + "-p", "\"/path/test/fixtures/resolve_references_json\"", + "-i", "750b40be-4bac-4f59-bdc4-1ca0e6c3450e", + "--enable-openapi-refs", + }, + }, + ExpectedResult: []ResultsValidation{ + { + ResultsFile: "E2E_CLI_074_RESULT", + ResultsFormats: []string{"json"}, + }, + }, + }, + WantStatus: []int{20}, + } + + Tests = append(Tests, testSample) +} diff --git a/e2e/testcases/e2e-cli-075_ansible_host_detected.go b/e2e/testcases/e2e-cli-075_ansible_host_detected.go new file mode 100644 index 00000000000..241bf3a7d21 --- /dev/null +++ b/e2e/testcases/e2e-cli-075_ansible_host_detected.go @@ -0,0 +1,27 @@ +package testcases + +// E2E-CLI-075 - KICS scan +// should perform the scan successfully detect ansible and return result 40 +func init() { //nolint + testSample := TestCase{ + Name: "should perform a valid scan and and detect ansible [E2E-CLI-075]", + Args: args{ + Args: []cmdArgs{ + []string{"scan", "-o", "/path/e2e/output", + "--output-name", "E2E_CLI_075_RESULT", + "-p", "\"/path/test/fixtures/analyzer_test_ansible_host/e2e\"", + "-i", "1b2bf3ff-31e9-460e-bbfb-45e48f4f20cc", + }, + }, + ExpectedResult: []ResultsValidation{ + { + ResultsFile: "E2E_CLI_075_RESULT", + ResultsFormats: []string{"json"}, + }, + }, + }, + WantStatus: []int{40}, + } + + Tests = append(Tests, testSample) +} diff --git a/e2e/testcases/e2e-cli-076_max_file_size.go b/e2e/testcases/e2e-cli-076_max_file_size.go new file mode 100644 index 00000000000..380e7fc8743 --- /dev/null +++ b/e2e/testcases/e2e-cli-076_max_file_size.go @@ -0,0 +1,27 @@ +package testcases + +// E2E-CLI-076 - KICS scan +// should perform a scan without detecting anything since no files are scanned because of max file size +func init() { //nolint + testSample := TestCase{ + Name: "should perform a scan without detecting anything since no files are scanned because of max file size [E2E-CLI-076]", + Args: args{ + Args: []cmdArgs{ + []string{"scan", "-o", "/path/e2e/output", + "--output-name", "E2E_CLI_076_RESULT", + "-p", "\"/path/test/fixtures/max_file_size\"", + "--max-file-size", "3", + }, + }, + ExpectedResult: []ResultsValidation{ + { + ResultsFile: "E2E_CLI_076_RESULT", + ResultsFormats: []string{"json"}, + }, + }, + }, + WantStatus: []int{00}, + } + + Tests = append(Tests, testSample) +} diff --git a/e2e/testcases/e2e-cli-077_fix_similarity_id.go b/e2e/testcases/e2e-cli-077_fix_similarity_id.go new file mode 100644 index 00000000000..a7b52ab78c4 --- /dev/null +++ b/e2e/testcases/e2e-cli-077_fix_similarity_id.go @@ -0,0 +1,27 @@ +package testcases + +// E2E-CLI-077 - KICS scan +// should perform a scan, present two results, without the same similarity id +func init() { //nolint + testSample := TestCase{ + Name: "should perform a scan, present two results, without the same similarity id [E2E-CLI-077]", + Args: args{ + Args: []cmdArgs{ + []string{"scan", "-o", "/path/e2e/output", + "--output-name", "E2E_CLI_077_RESULT", + "-p", "\"/path/test/fixtures/similarity_id\"", + "-i", "488847ff-6031-487c-bf42-98fd6ac5c9a0", + }, + }, + ExpectedResult: []ResultsValidation{ + { + ResultsFile: "E2E_CLI_077_RESULT", + ResultsFormats: []string{"json"}, + }, + }, + }, + WantStatus: []int{40}, + } + + Tests = append(Tests, testSample) +} diff --git a/e2e/testcases/e2e-cli-078_similarity_id_minified_files.go b/e2e/testcases/e2e-cli-078_similarity_id_minified_files.go new file mode 100644 index 00000000000..829ad77767c --- /dev/null +++ b/e2e/testcases/e2e-cli-078_similarity_id_minified_files.go @@ -0,0 +1,27 @@ +package testcases + +// E2E-CLI-078 - KICS scan +// should perform a scan and return three different similarity ids on the results +func init() { //nolint + testSample := TestCase{ + Name: "should perform a scan and return three different similarity ids on the results [E2E-CLI-078]", + Args: args{ + Args: []cmdArgs{ + []string{"scan", "-o", "/path/e2e/output", + "--output-name", "E2E_CLI_078_RESULT", + "-p", "\"/path/test/fixtures/minified_files_similarity_id\"", + "-i", "00b78adf-b83f-419c-8ed8-c6018441dd3a", + }, + }, + ExpectedResult: []ResultsValidation{ + { + ResultsFile: "E2E_CLI_078_RESULT", + ResultsFormats: []string{"json"}, + }, + }, + }, + WantStatus: []int{40}, + } + + Tests = append(Tests, testSample) +} diff --git a/e2e/testcases/e2e-cli-079_cwe_sarif_result.go b/e2e/testcases/e2e-cli-079_cwe_sarif_result.go new file mode 100644 index 00000000000..14bd3eb0c6f --- /dev/null +++ b/e2e/testcases/e2e-cli-079_cwe_sarif_result.go @@ -0,0 +1,28 @@ +package testcases + +// E2E-CLI-079 - KICS scan +// should perform a scan saving the reports in sarif format, showing the cwe on results +func init() { //nolint + testSample := TestCase{ + Name: "should perform a scan saving the reports in sarif format, showing the cwe on results [E2E-CLI-079]", + Args: args{ + Args: []cmdArgs{ + []string{"scan", "-o", "/path/e2e/output", + "--output-name", "E2E_CLI_079_RESULT", + "-p", "\"/path/test/fixtures/test_sarif_cwe_report/run_block_injection/test\"", + "-q", "\"/path/test/fixtures/test_sarif_cwe_report/run_block_injection/query\"", + "--report-formats", "sarif", + }, + }, + ExpectedResult: []ResultsValidation{ + { + ResultsFile: "E2E_CLI_079_RESULT", + ResultsFormats: []string{"sarif"}, + }, + }, + }, + WantStatus: []int{50}, + } + + Tests = append(Tests, testSample) +} diff --git a/e2e/testcases/e2e-cli-080_cwe_sarif_result.go b/e2e/testcases/e2e-cli-080_cwe_sarif_result.go new file mode 100644 index 00000000000..abe3472d8a0 --- /dev/null +++ b/e2e/testcases/e2e-cli-080_cwe_sarif_result.go @@ -0,0 +1,28 @@ +package testcases + +// E2E-CLI-080 - KICS scan +// should perform a scan saving the reports in sarif format, showing no cwe field on results +func init() { //nolint + testSample := TestCase{ + Name: "should perform a scan saving the reports in sarif format, showing no cwe field on results [E2E-CLI-080]", + Args: args{ + Args: []cmdArgs{ + []string{"scan", "-o", "/path/e2e/output", + "--output-name", "E2E_CLI_080_RESULT", + "-p", "\"/path/test/fixtures/test_sarif_cwe_report/script_block_injection/test\"", + "-q", "\"/path/test/fixtures/test_sarif_cwe_report/script_block_injection/query\"", + "--report-formats", "sarif", + }, + }, + ExpectedResult: []ResultsValidation{ + { + ResultsFile: "E2E_CLI_080_RESULT", + ResultsFormats: []string{"sarif"}, + }, + }, + }, + WantStatus: []int{50}, + } + + Tests = append(Tests, testSample) +} diff --git a/e2e/testcases/e2e-cli-081_output_path_valid.go b/e2e/testcases/e2e-cli-081_output_path_valid.go new file mode 100644 index 00000000000..2e8e6576634 --- /dev/null +++ b/e2e/testcases/e2e-cli-081_output_path_valid.go @@ -0,0 +1,26 @@ +package testcases + +// E2E-CLI-081 - KICS scan +// should check if output path is valid +func init() { //nolint + testSample := TestCase{ + Name: "should check if output path is valid [E2E-CLI-081]", + Args: args{ + Args: []cmdArgs{ + []string{"scan", "-o", "/path/e2e/output", + "--output-name", "E2E_CLI_081_RESULT", + "-p", "\"/path/test/fixtures/test_output_path\"", + }, + }, + ExpectedResult: []ResultsValidation{ + { + ResultsFile: "E2E_CLI_081_RESULT", + ResultsFormats: []string{"json"}, + }, + }, + }, + WantStatus: []int{40}, + } + + Tests = append(Tests, testSample) +} diff --git a/e2e/testcases/e2e-cli-082_output_path_invalid.go b/e2e/testcases/e2e-cli-082_output_path_invalid.go new file mode 100644 index 00000000000..b68ef31b3d9 --- /dev/null +++ b/e2e/testcases/e2e-cli-082_output_path_invalid.go @@ -0,0 +1,23 @@ +package testcases + +// E2E-CLI-082 - KICS scan +// should check if output path is invalid +func init() { //nolint + testSample := TestCase{ + Name: "should check if output path is invalid [E2E-CLI-082]", + Args: args{ + Args: []cmdArgs{ + []string{"scan", "-o", "/path/e2e/output?", + "--output-name", "E2E_CLI_082_RESULT", + "-p", "\"/path/test/fixtures/test_output_path\"", + }, + }, + ExpectedOut: []string{ + "E2E_CLI_082_RESULT", + }, + }, + WantStatus: []int{126}, + } + + Tests = append(Tests, testSample) +} diff --git a/e2e/testcases/e2e-cli-083_helm_ignore.go b/e2e/testcases/e2e-cli-083_helm_ignore.go new file mode 100644 index 00000000000..450b9439d62 --- /dev/null +++ b/e2e/testcases/e2e-cli-083_helm_ignore.go @@ -0,0 +1,27 @@ +package testcases + +// E2E-CLI-083 - KICS scan +// should perform a scan and return zero results ignoring the file +func init() { //nolint + testSample := TestCase{ + Name: "should perform a scan and return zero results ignoring the file [E2E-CLI-083]", + Args: args{ + Args: []cmdArgs{ + []string{"scan", "-o", "/path/e2e/output", + "--output-name", "E2E_CLI_083_RESULT", + "-p", "\"/path/test/fixtures/helm_ignore\"", + "-i", "b7652612-de4e-4466-a0bf-1cd81f0c6063", + }, + }, + ExpectedResult: []ResultsValidation{ + { + ResultsFile: "E2E_CLI_083_RESULT", + ResultsFormats: []string{"json"}, + }, + }, + }, + WantStatus: []int{0}, + } + + Tests = append(Tests, testSample) +} diff --git a/e2e/testcases/e2e-cli-084_helm_ignore_block.go b/e2e/testcases/e2e-cli-084_helm_ignore_block.go new file mode 100644 index 00000000000..9511bd14da4 --- /dev/null +++ b/e2e/testcases/e2e-cli-084_helm_ignore_block.go @@ -0,0 +1,27 @@ +package testcases + +// E2E-CLI-084 - KICS scan +// should perform a scan and return zero results ignoring the block +func init() { //nolint + testSample := TestCase{ + Name: "should perform a scan and return zero results ignoring the block [E2E-CLI-084]", + Args: args{ + Args: []cmdArgs{ + []string{"scan", "-o", "/path/e2e/output", + "--output-name", "E2E_CLI_084_RESULT", + "-p", "\"/path/test/fixtures/helm_ignore_block\"", + "-i", "b7652612-de4e-4466-a0bf-1cd81f0c6063", + }, + }, + ExpectedResult: []ResultsValidation{ + { + ResultsFile: "E2E_CLI_084_RESULT", + ResultsFormats: []string{"json"}, + }, + }, + }, + WantStatus: []int{0}, + } + + Tests = append(Tests, testSample) +} diff --git a/e2e/testcases/e2e-cli-085_helm_disable_query.go b/e2e/testcases/e2e-cli-085_helm_disable_query.go new file mode 100644 index 00000000000..d120a35eeb8 --- /dev/null +++ b/e2e/testcases/e2e-cli-085_helm_disable_query.go @@ -0,0 +1,27 @@ +package testcases + +// E2E-CLI-085 - KICS scan +// should perform a scan and return zero results ignoring the query +func init() { //nolint + testSample := TestCase{ + Name: "should perform a scan and return zero results ignoring the query [E2E-CLI-085]", + Args: args{ + Args: []cmdArgs{ + []string{"scan", "-o", "/path/e2e/output", + "--output-name", "E2E_CLI_085_RESULT", + "-p", "\"/path/test/fixtures/helm_disable_query\"", + "-i", "b7652612-de4e-4466-a0bf-1cd81f0c6063", + }, + }, + ExpectedResult: []ResultsValidation{ + { + ResultsFile: "E2E_CLI_085_RESULT", + ResultsFormats: []string{"json"}, + }, + }, + }, + WantStatus: []int{0}, + } + + Tests = append(Tests, testSample) +} diff --git a/e2e/testcases/e2e-cli-086_parallel_scan_default.go b/e2e/testcases/e2e-cli-086_parallel_scan_default.go new file mode 100644 index 00000000000..f37dd8fd9b1 --- /dev/null +++ b/e2e/testcases/e2e-cli-086_parallel_scan_default.go @@ -0,0 +1,27 @@ +package testcases + +// E2E-CLI-086 - KICS scan +// should perform a scan, finishing successfully and return exit code 0 +func init() { //nolint + testSample := TestCase{ + Name: "should perform a scan and finish successfully [E2E-CLI-086]", + Args: args{ + Args: []cmdArgs{ + []string{"scan", "-o", "/path/e2e/output", + "--output-name", "E2E_CLI_086_RESULT", + "-p", "\"/path/e2e/fixtures/samples/terraform.tf\"", + "--parallel", "0", + }, + }, + ExpectedResult: []ResultsValidation{ + { + ResultsFile: "E2E_CLI_086_RESULT", + ResultsFormats: []string{"json"}, + }, + }, + }, + WantStatus: []int{50}, + } + + Tests = append(Tests, testSample) +} diff --git a/e2e/testcases/e2e-cli-087_parallel_scan_sequential.go b/e2e/testcases/e2e-cli-087_parallel_scan_sequential.go new file mode 100644 index 00000000000..45d569e045b --- /dev/null +++ b/e2e/testcases/e2e-cli-087_parallel_scan_sequential.go @@ -0,0 +1,27 @@ +package testcases + +// E2E-CLI-087 - KICS scan +// should perform a scan, finishing successfully and return exit code 0 +func init() { //nolint + testSample := TestCase{ + Name: "should perform a scan and finish successfully [E2E-CLI-087]", + Args: args{ + Args: []cmdArgs{ + []string{"scan", "-o", "/path/e2e/output", + "--output-name", "E2E_CLI_087_RESULT", + "-p", "\"/path/e2e/fixtures/samples/terraform.tf\"", + "--parallel", "1", + }, + }, + ExpectedResult: []ResultsValidation{ + { + ResultsFile: "E2E_CLI_087_RESULT", + ResultsFormats: []string{"json"}, + }, + }, + }, + WantStatus: []int{50}, + } + + Tests = append(Tests, testSample) +} diff --git a/e2e/testcases/e2e-cli-088_parallel_scan_6_workers.go b/e2e/testcases/e2e-cli-088_parallel_scan_6_workers.go new file mode 100644 index 00000000000..7d05e3d17d7 --- /dev/null +++ b/e2e/testcases/e2e-cli-088_parallel_scan_6_workers.go @@ -0,0 +1,27 @@ +package testcases + +// E2E-CLI-088 - KICS scan +// should perform a scan, finishing successfully and return exit code 0 +func init() { //nolint + testSample := TestCase{ + Name: "should perform a scan and finish successfully [E2E-CLI-088]", + Args: args{ + Args: []cmdArgs{ + []string{"scan", "-o", "/path/e2e/output", + "--output-name", "E2E_CLI_088_RESULT", + "-p", "\"/path/e2e/fixtures/samples/terraform.tf\"", + "--parallel", "6", + }, + }, + ExpectedResult: []ResultsValidation{ + { + ResultsFile: "E2E_CLI_088_RESULT", + ResultsFormats: []string{"json"}, + }, + }, + }, + WantStatus: []int{50}, + } + + Tests = append(Tests, testSample) +} diff --git a/e2e/testcases/e2e-cli-089_critical_severity.go b/e2e/testcases/e2e-cli-089_critical_severity.go new file mode 100644 index 00000000000..ea7d280e77b --- /dev/null +++ b/e2e/testcases/e2e-cli-089_critical_severity.go @@ -0,0 +1,26 @@ +package testcases + +// E2E-CLI-089 - KICS scan +// should perform a scan successfully giving results with critical severity and return exit code 60 +func init() { //nolint + testSample := TestCase{ + Name: "should perform a scan successfully giving results with critical severity and return exit code 60 [E2E-CLI-089]", + Args: args{ + Args: []cmdArgs{ + []string{"scan", "-o", "/path/e2e/output", + "--output-name", "E2E_CLI_089_RESULT", + "-p", "\"/path/test/fixtures/test_critical_severity/run_block_injection/test\"", + "-q", "\"/path/test/fixtures/test_critical_severity/run_block_injection/query\"", + }, + }, + ExpectedResult: []ResultsValidation{ + { + ResultsFile: "E2E_CLI_089_RESULT", + }, + }, + }, + WantStatus: []int{60}, + } + + Tests = append(Tests, testSample) +} diff --git a/e2e/testcases/e2e-cli-090_critical_severity_all_report_formats.go b/e2e/testcases/e2e-cli-090_critical_severity_all_report_formats.go new file mode 100644 index 00000000000..d3fb8fc0c2a --- /dev/null +++ b/e2e/testcases/e2e-cli-090_critical_severity_all_report_formats.go @@ -0,0 +1,28 @@ +package testcases + +// E2E-CLI-090 - Kics scan command with --report-formats and --output-path flags +// should export the results based on the formats provided by this flag, with critical severity +func init() { //nolint + testSample := TestCase{ + Name: "should export the results based on the formats provided by this flag, with critical severity [E2E-CLI-090]", + Args: args{ + Args: []cmdArgs{ + []string{"scan", "-o", "/path/e2e/output", + "--output-name", "E2E_CLI_090_RESULT", + "--report-formats", "asff,codeclimate,csv,cyclonedx,glsast,html,json,junit,pdf,sarif,sonarqube", + "-p", "\"/path/test/fixtures/test_critical_custom_queries/amazon_mq_broker_encryption_disabled/test\"", + "-q", "\"/path/test/fixtures/test_critical_custom_queries/amazon_mq_broker_encryption_disabled/query\"", + }, + }, + ExpectedResult: []ResultsValidation{ + { + ResultsFile: "E2E_CLI_090_RESULT", + ResultsFormats: []string{"asff", "codeclimate", "csv", "cyclonedx", "glsast", "html", "json", "junit", "pdf", "sarif", "sonarqube"}, + }, + }, + }, + WantStatus: []int{60}, + } + + Tests = append(Tests, testSample) +} diff --git a/e2e/testcases/e2e-cli-091_bicep_scan_output_payload.go b/e2e/testcases/e2e-cli-091_bicep_scan_output_payload.go new file mode 100644 index 00000000000..ff1e341ee77 --- /dev/null +++ b/e2e/testcases/e2e-cli-091_bicep_scan_output_payload.go @@ -0,0 +1,31 @@ +package testcases + +// E2E-CLI-091 - Kics scan command with -o and -d flags on bicep files +// should perform the scan successfully, evaluating the result and payload files +func init() { //nolint + testSample := TestCase{ + Name: "should perform a scan on bicep files and create a result and payload file [E2E-CLI-091]", + Args: args{ + Args: []cmdArgs{ + []string{"scan", "-o", "/path/e2e/output", + "--output-name", "E2E_CLI_091_RESULT", + "-p", "\"/path/test/fixtures/bicep_test/test\"", + "-d", "/path/e2e/output/E2E_CLI_091_PAYLOAD.json", + "--disable-secrets", + }, + }, + ExpectedResult: []ResultsValidation{ + { + ResultsFile: "E2E_CLI_091_RESULT", + ResultsFormats: []string{"json"}, + }, + }, + ExpectedPayload: []string{ + "E2E_CLI_091_PAYLOAD.json", + }, + }, + WantStatus: []int{20}, + } + + Tests = append(Tests, testSample) +} diff --git a/e2e/testcases/e2e-cli-092_gitignore_not_exclude_project.go b/e2e/testcases/e2e-cli-092_gitignore_not_exclude_project.go new file mode 100644 index 00000000000..58e826cec4c --- /dev/null +++ b/e2e/testcases/e2e-cli-092_gitignore_not_exclude_project.go @@ -0,0 +1,26 @@ +package testcases + +// E2E-CLI-092 - KICS scan +// should perform a scan and not ignore the entire project +func init() { //nolint + testSample := TestCase{ + Name: "should perform a scan and not ignore the entire project [E2E-CLI-092]", + Args: args{ + Args: []cmdArgs{ + []string{"scan", "-o", "/path/e2e/output", + "--output-name", "E2E_CLI_092_RESULT", + "-p", "\"/path/e2e/fixtures/samples/tmp-gitignore/project\"", + }, + }, + ExpectedResult: []ResultsValidation{ + { + ResultsFile: "E2E_CLI_092_RESULT", + ResultsFormats: []string{"json"}, + }, + }, + }, + WantStatus: []int{50}, + } + + Tests = append(Tests, testSample) +} diff --git a/e2e/testcases/e2e-cli-093_old_severity_metadata_field.go b/e2e/testcases/e2e-cli-093_old_severity_metadata_field.go new file mode 100644 index 00000000000..8979b5e620a --- /dev/null +++ b/e2e/testcases/e2e-cli-093_old_severity_metadata_field.go @@ -0,0 +1,110 @@ +package testcases + +var stringToTest = "should perform a scans successfully giving results with old severity and return exit code " + +// E2E-CLI-093 - KICS scan with old severity metadata field +// should perform a scan successfully giving results with old severity metadata field and return exit code according to the severity +func init() { //nolint + testSample01 := TestCase{ + Name: stringToTest + + "according to old severity [E2E-CLI-093_1]", + Args: args{ + Args: []cmdArgs{ + []string{"scan", "-o", "/path/e2e/output", + "--output-name", "E2E_CLI_093_RESULT", + "-p", "\"/path/test/fixtures/test_old_severity/test\"", + "-q", "\"/path/test/fixtures/test_old_severity/info\"", + "--old-severities", + }, + }, + ExpectedResult: []ResultsValidation{ + { + ResultsFile: "E2E_CLI_093_RESULT", + }, + }, + }, + WantStatus: []int{20}, + } + testSample02 := TestCase{ + Name: stringToTest + + "according to old severity [E2E-CLI-093_2]", + Args: args{ + Args: []cmdArgs{ + []string{"scan", "-o", "/path/e2e/output", + "--output-name", "E2E_CLI_093_RESULT_2", + "-p", "\"/path/test/fixtures/test_old_severity/test\"", + "-q", "\"/path/test/fixtures/test_old_severity/low\"", + "--old-severities", + }, + }, + ExpectedResult: []ResultsValidation{ + { + ResultsFile: "E2E_CLI_093_RESULT_2", + }, + }, + }, + WantStatus: []int{30, 40, 50, 60}, + } + testSample03 := TestCase{ + Name: stringToTest + + "according to old severity [E2E-CLI-093_3]", + Args: args{ + Args: []cmdArgs{ + []string{"scan", "-o", "/path/e2e/output", + "--output-name", "E2E_CLI_093_RESULT_3", + "-p", "\"/path/test/fixtures/test_old_severity/test\"", + "-q", "\"/path/test/fixtures/test_old_severity/medium\"", + "--old-severities", + }, + }, + ExpectedResult: []ResultsValidation{ + { + ResultsFile: "E2E_CLI_093_RESULT_3", + }, + }, + }, + WantStatus: []int{40}, + } + testSample04 := TestCase{ + Name: stringToTest + + "according to old severity [E2E-CLI-093_4]", + Args: args{ + Args: []cmdArgs{ + []string{"scan", "-o", "/path/e2e/output", + "--output-name", "E2E_CLI_093_RESULT_4", + "-p", "\"/path/test/fixtures/test_old_severity/test\"", + "-q", "\"/path/test/fixtures/test_old_severity/high\"", + "--old-severities", + }, + }, + ExpectedResult: []ResultsValidation{ + { + ResultsFile: "E2E_CLI_093_RESULT_4", + }, + }, + }, + WantStatus: []int{50}, + } + testSample05 := TestCase{ + Name: stringToTest + + "according to old severity [E2E-CLI-093_5]", + Args: args{ + Args: []cmdArgs{ + + []string{"scan", "-o", "/path/e2e/output", + "--output-name", "E2E_CLI_093_RESULT_5", + "-p", "\"/path/test/fixtures/test_old_severity/test\"", + "-q", "\"/path/test/fixtures/test_old_severity/critical\"", + "--old-severities", + }, + }, + ExpectedResult: []ResultsValidation{ + { + ResultsFile: "E2E_CLI_093_RESULT_5", + }, + }, + }, + WantStatus: []int{60}, + } + Tests = append(Tests, testSample01, testSample02, testSample03, testSample04, testSample05) +} diff --git a/e2e/testcases/e2e-cli-094_max_resolver_depth_0.go b/e2e/testcases/e2e-cli-094_max_resolver_depth_0.go new file mode 100644 index 00000000000..88ef2af39cb --- /dev/null +++ b/e2e/testcases/e2e-cli-094_max_resolver_depth_0.go @@ -0,0 +1,30 @@ +package testcases + +// E2E-CLI-094 - KICS scan and ignore references +// should perform the scan successfully and return exit code 20 +// this test is similar to E2E-CLI-071. Since the '--max-resolver-path' parameter is set to 0, it will not resolve any files +func init() { //nolint + testSample := TestCase{ + Name: "should perform a valid scan and not resolve references [E2E-CLI-094]", + Args: args{ + Args: []cmdArgs{ + []string{"scan", "-o", "/path/e2e/output", + "--output-name", "E2E_CLI_094_RESULT", + "-p", "\"/path/test/fixtures/resolve_references\"", + "-i", "6c35d2c6-09f2-4e5c-a094-e0e91327071d,962fa01e-b791-4dcc-b04a-4a3e7389be5e", + "--enable-openapi-refs", + "--max-resolver-depth", "0", + }, + }, + ExpectedResult: []ResultsValidation{ + { + ResultsFile: "E2E_CLI_094_RESULT", + ResultsFormats: []string{"json"}, + }, + }, + }, + WantStatus: []int{20}, + } + + Tests = append(Tests, testSample) +} diff --git a/e2e/testcases/e2e-cli-095_max_resolver_depth_default.go b/e2e/testcases/e2e-cli-095_max_resolver_depth_default.go new file mode 100644 index 00000000000..80a9686858c --- /dev/null +++ b/e2e/testcases/e2e-cli-095_max_resolver_depth_default.go @@ -0,0 +1,29 @@ +package testcases + +// E2E-CLI-095 - KICS scan and ignore references +// should perform the scan successfully and return exit code 0 +// this test sample contains a circular loop. It will stop after 15 iterations, having parsed 6887 lines +func init() { //nolint + testSample := TestCase{ + Name: "should perform a valid scan and resolve references [E2E-CLI-095]", + Args: args{ + Args: []cmdArgs{ + []string{"scan", "-o", "/path/e2e/output", + "--output-name", "E2E_CLI_095_RESULT", + "-p", "\"/path/test/fixtures/resolve_circular_loop\"", + "-i", "a88baa34-e2ad-44ea-ad6f-8cac87bc7c71", + "--max-resolver-depth", "15", + }, + }, + ExpectedResult: []ResultsValidation{ + { + ResultsFile: "E2E_CLI_095_RESULT", + ResultsFormats: []string{"json"}, + }, + }, + }, + WantStatus: []int{0}, + } + + Tests = append(Tests, testSample) +} diff --git a/e2e/testcases/e2e-cli-096_new_similarity_id_with_old_similarity_id.go b/e2e/testcases/e2e-cli-096_new_similarity_id_with_old_similarity_id.go new file mode 100644 index 00000000000..58d0cb18270 --- /dev/null +++ b/e2e/testcases/e2e-cli-096_new_similarity_id_with_old_similarity_id.go @@ -0,0 +1,27 @@ +package testcases + +// E2E-CLI-096 - KICS scan +// should perform a scan successfully giving results with similarity ids unique and the old similarity id +func init() { //nolint + testSample := TestCase{ + Name: "should perform a scan successfully giving results with similarity ids unique, showing the old similarity id [E2E-CLI-096]", + Args: args{ + Args: []cmdArgs{ + []string{"scan", "-o", "/path/e2e/output", + "--output-name", "E2E_CLI_096_RESULT", + "-p", "\"/path/test/fixtures/new_similarity_id\"", + "-i", "1828a670-5957-4bc5-9974-47da228f75e2,cf34805e-3872-4c08-bf92-6ff7bb0cfadb", + "--kics_compute_new_simid", + }, + }, + ExpectedResult: []ResultsValidation{ + { + ResultsFile: "E2E_CLI_096_RESULT", + }, + }, + }, + WantStatus: []int{40}, + } + + Tests = append(Tests, testSample) +} diff --git a/e2e/testcases/e2e-cli-097_new_similarity_id_without_old_similarity_id.go b/e2e/testcases/e2e-cli-097_new_similarity_id_without_old_similarity_id.go new file mode 100644 index 00000000000..1384d524371 --- /dev/null +++ b/e2e/testcases/e2e-cli-097_new_similarity_id_without_old_similarity_id.go @@ -0,0 +1,26 @@ +package testcases + +// E2E-CLI-097 - KICS scan +// should perform a scan successfully giving results with similarity ids unique without showing the old similarity id +func init() { //nolint + testSample := TestCase{ + Name: "should perform a scan successfully giving results with similarity ids unique without showing the old similarity id [E2E-CLI-097]", + Args: args{ + Args: []cmdArgs{ + []string{"scan", "-o", "/path/e2e/output", + "--output-name", "E2E_CLI_097_RESULT", + "-p", "\"/path/test/fixtures/new_similarity_id\"", + "-i", "1828a670-5957-4bc5-9974-47da228f75e2,cf34805e-3872-4c08-bf92-6ff7bb0cfadb", + }, + }, + ExpectedResult: []ResultsValidation{ + { + ResultsFile: "E2E_CLI_097_RESULT", + }, + }, + }, + WantStatus: []int{40}, + } + + Tests = append(Tests, testSample) +} diff --git a/e2e/testcases/e2e-cli-098_include_ids_with_new_queryid_validation.go b/e2e/testcases/e2e-cli-098_include_ids_with_new_queryid_validation.go new file mode 100644 index 00000000000..dccdf43fe8b --- /dev/null +++ b/e2e/testcases/e2e-cli-098_include_ids_with_new_queryid_validation.go @@ -0,0 +1,31 @@ +package testcases + +// E2E-CLI-098 +// should perform the scan successfully and return exit code 50 +// this test sample contains a different query_id +// that is not a UUID, but contains a prefix ('t:', 'p:', or 'a:') + uint64 +func init() { //nolint + testSample := TestCase{ + Name: "should perform a valid scan and return one HIGH result [E2E-CLI-098]", + Args: args{ + Args: []cmdArgs{ + []string{"scan", "-o", "/path/e2e/output", + "--output-name", "E2E_CLI_098_RESULT", + "-q", "\"/path/test/fixtures/new_queryid_validation\"", + "-p", "\"/path/test/fixtures/new_queryid_validation/Dockerfile\"", + // QueryID 'a:123' does not exist, however, since the first one does, it should perform the scan successfully + "-i", "t:8820143918834007824,a:123", + }, + }, + ExpectedResult: []ResultsValidation{ + { + ResultsFile: "E2E_CLI_098_RESULT", + ResultsFormats: []string{"json"}, + }, + }, + }, + WantStatus: []int{50}, + } + + Tests = append(Tests, testSample) +} diff --git a/e2e/testcases/e2e-cli-099_compare_openapi_payload_json_yaml.go b/e2e/testcases/e2e-cli-099_compare_openapi_payload_json_yaml.go new file mode 100644 index 00000000000..f9d9ac9dd30 --- /dev/null +++ b/e2e/testcases/e2e-cli-099_compare_openapi_payload_json_yaml.go @@ -0,0 +1,30 @@ +// Package testcases provides end-to-end (E2E) testing functionality for the application. +package testcases + +// E2E-CLI-099 - KICS scan with OpenAPI reference resolution enabled on JSON and YAML files containing circular references. +// The scan should complete successfully, returning exit code 50, producing equivalent payloads for both formats. +// The only differences should be the file extensions between payloads. +func init() { //nolint + testSample := TestCase{ + Name: "scan should generate equivalent payloads for OpenAPI YAML and JSON files with circular references [E2E-CLI-099]", + Args: args{ + Args: []cmdArgs{ + []string{ + "scan", "-p", "\"/path/e2e/fixtures/samples/compare-openapi-payload-json-yaml/openAPIJson/openAPI.json\"", + "-v", "-d", "/path/e2e/output/E2E_CLI_099_JSON_PAYLOAD.json", "--enable-openapi-refs", + }, + []string{ + "scan", "-p", "\"/path/e2e/fixtures/samples/compare-openapi-payload-json-yaml/openAPIYaml/openAPI.yaml\"", + "-v", "-d", "/path/e2e/output/E2E_CLI_099_YAML_PAYLOAD.json", "--enable-openapi-refs", + }, + }, + ExpectedPayload: []string{ + "E2E_CLI_099_JSON_PAYLOAD.json", + "E2E_CLI_099_YAML_PAYLOAD.json", + }, + }, + WantStatus: []int{50, 50}, + } + + Tests = append(Tests, testSample) +} diff --git a/e2e/testcases/e2e-cli-100_scan_skip_blacklisted_files.go b/e2e/testcases/e2e-cli-100_scan_skip_blacklisted_files.go new file mode 100644 index 00000000000..5898351adee --- /dev/null +++ b/e2e/testcases/e2e-cli-100_scan_skip_blacklisted_files.go @@ -0,0 +1,85 @@ +package testcases + +// E2E-CLI-100 - KICS should scan a folder containing only unsupported files (FHIR, azure-pipelines-vscode) +// and successfully skip them without errors, returning exit code 0 +func init() { //nolint + testSampleFHIR := TestCase{ + Name: "should scan a folder with FHIR files and skip them successfully [E2E-CLI-100]", + Args: args{ + Args: []cmdArgs{ + []string{"scan", "-o", "/path/e2e/output", + "--output-name", "E2E_CLI_100_RESULT", "-v", + "-p", "\"/path/e2e/fixtures/samples/blacklisted-files/fhir\"", + }, + }, + ExpectedResult: []ResultsValidation{ + { + ResultsFile: "E2E_CLI_100_RESULT", + ResultsFormats: []string{"json"}, + }, + }, + }, + WantStatus: []int{0}, + } + + testSampleAzurePipelines := TestCase{ + Name: "should scan a folder with azure-pipelines-vscode files and skip them successfully [E2E-CLI-100]", + Args: args{ + Args: []cmdArgs{ + []string{"scan", "-o", "/path/e2e/output", + "--output-name", "E2E_CLI_100_RESULT", "-v", + "-p", "\"/path/e2e/fixtures/samples/blacklisted-files/azurepipelinesvscode\"", + }, + }, + ExpectedResult: []ResultsValidation{ + { + ResultsFile: "E2E_CLI_100_RESULT", + ResultsFormats: []string{"json"}, + }, + }, + }, + WantStatus: []int{0}, + } + + testBlacklistedFilesWithExcludeTypeFlag := TestCase{ + Name: "should scan a folder with blacklisted files, with flag --exclude-type, and skip them successfully [E2E-CLI-100]", + Args: args{ + Args: []cmdArgs{ + []string{"scan", "-o", "/path/e2e/output", + "--output-name", "E2E_CLI_100_RESULT", "-v", + "-p", "\"/path/e2e/fixtures/samples/blacklisted-files\"", + "--exclude-type", "openapi", + }, + }, + ExpectedResult: []ResultsValidation{ + { + ResultsFile: "E2E_CLI_100_RESULT", + ResultsFormats: []string{"json"}, + }, + }, + }, + WantStatus: []int{0}, + } + + testBlacklistedFilesWithTypeFlag := TestCase{ + Name: "should scan a folder with blacklisted files, with flag --type, and skip them successfully [E2E-CLI-100]", + Args: args{ + Args: []cmdArgs{ + []string{"scan", "-o", "/path/e2e/output", + "--output-name", "E2E_CLI_100_RESULT", "-v", + "-p", "\"/path/e2e/fixtures/samples/blacklisted-files\"", + "--type", "azureresourcemanager", + }, + }, + ExpectedResult: []ResultsValidation{ + { + ResultsFile: "E2E_CLI_100_RESULT", + ResultsFormats: []string{"json"}, + }, + }, + }, + WantStatus: []int{0}, + } + + Tests = append(Tests, testSampleFHIR, testSampleAzurePipelines, testBlacklistedFilesWithExcludeTypeFlag, testBlacklistedFilesWithTypeFlag) +} diff --git a/e2e/testcases/e2e-cli-101_bicep_exclude_commands.go b/e2e/testcases/e2e-cli-101_bicep_exclude_commands.go new file mode 100644 index 00000000000..b6e3b2f5cd0 --- /dev/null +++ b/e2e/testcases/e2e-cli-101_bicep_exclude_commands.go @@ -0,0 +1,62 @@ +package testcases + +// E2E-CLI-101 - KICS should fail to scan a Bicep file when explicitly included or excluded by type. +// Covers short (-t), long (--type), and exclude (--exclude-type) flags. +// Expected: exit code 126. +func init() { //nolint + testBicepTypeFlagShort := TestCase{ + Name: "test bicep scan fail with list of platform types to scan, short version [E2E-CLI-101]", + Args: args{ + Args: []cmdArgs{ + []string{"scan", "-o", "/path/e2e/output", + "-p", "\"/path/e2e/fixtures/samples/bicep_sample.bicep\"", + "-t", "Bicep", + }, + }, + ExpectedResult: []ResultsValidation{ + { + ResultsFile: "E2E-CLI-101", + }, + }, + }, + WantStatus: []int{126}, + } + + testBicepTypeFlagLong := TestCase{ + Name: "test bicep scan fail with list of platform types to scan, long version [E2E-CLI-101]", + Args: args{ + Args: []cmdArgs{ + []string{"scan", "-o", "/path/e2e/output", + "-p", "\"/path/e2e/fixtures/samples/bicep_sample.bicep\"", + "--type", "Bicep", + }, + }, + ExpectedResult: []ResultsValidation{ + { + ResultsFile: "E2E-CLI-101", + }, + }, + }, + WantStatus: []int{126}, + } + + testBicepExcludeTypeFlag := TestCase{ + Name: "test bicep scan fail with list of platform types to exclude from scan [E2E-CLI-101]", + Args: args{ + Args: []cmdArgs{ + []string{"scan", "-o", "/path/e2e/output", + "-p", "\"/path/e2e/fixtures/samples/bicep_sample.bicep\"", + "--exclude-type", "Bicep", + }, + }, + ExpectedResult: []ResultsValidation{ + { + ResultsFile: "E2E-CLI-101", + }, + }, + }, + WantStatus: []int{126}, + } + + Tests = append(Tests, testBicepTypeFlagShort, testBicepTypeFlagLong, testBicepExcludeTypeFlag) +} diff --git a/e2e/testcases/e2e-cli-102_scan_utf16_zip_file.go b/e2e/testcases/e2e-cli-102_scan_utf16_zip_file.go new file mode 100644 index 00000000000..79a7b643eec --- /dev/null +++ b/e2e/testcases/e2e-cli-102_scan_utf16_zip_file.go @@ -0,0 +1,22 @@ +package testcases + +// E2E-CLI-102 - KICS should scan a zip folder containing UTF-16 encoded files +// and successfully complete the scan with proper encoding handling, returning exit code 40 +func init() { //nolint + testSample := TestCase{ + Name: "should perform a scan on zip file with UTF-16 files and return exit code 40 [E2E-CLI-102]", + Args: args{ + Args: []cmdArgs{ + []string{"scan", "--payload-path", "/path/e2e/output/E2E_CLI_102_PAYLOAD", + "-p", "/path/e2e/fixtures/samples/utf16_encoded_files.zip", + }, + }, + ExpectedPayload: []string{ + "E2E_CLI_102_PAYLOAD.json", + }, + }, + WantStatus: []int{40}, + } + + Tests = append(Tests, testSample) +} diff --git a/e2e/testcases/e2e-cli-103_bicep_existing_parent_payload.go b/e2e/testcases/e2e-cli-103_bicep_existing_parent_payload.go new file mode 100644 index 00000000000..27595a145e4 --- /dev/null +++ b/e2e/testcases/e2e-cli-103_bicep_existing_parent_payload.go @@ -0,0 +1,22 @@ +package testcases + +// E2E-CLI-103 - KICS Bicep scan should not include existing resources in payload file +// Tests that resources marked with 'existing' keyword are excluded from payload output +func init() { //nolint + testSample := TestCase{ + Name: "should perform a scan on bicep file with existing resources and return exit code 0 [E2E-CLI-103]", + Args: args{ + Args: []cmdArgs{ + []string{"scan", "--payload-path", "/path/e2e/output/E2E_CLI_103_PAYLOAD", + "-p", "/path/test/fixtures/bicep_test/existing_parent.bicep", + }, + }, + ExpectedPayload: []string{ + "E2E_CLI_103_PAYLOAD.json", + }, + }, + WantStatus: []int{0}, // Since existing resources are ignored, no vulnerabilities should be found for them + } + + Tests = append(Tests, testSample) +} From 86b3155c1e7782f4882a8bb17030715f96d067e1 Mon Sep 17 00:00:00 2001 From: ArturRibeiro-CX <153724638+cx-artur-ribeiro@users.noreply.github.com> Date: Sat, 17 Jan 2026 14:07:48 +0000 Subject: [PATCH 08/10] Fix edge cases following Terraform's validate command output and add test cases --- pkg/parser/terraform/locals.go | 133 +++++++++++++----- pkg/parser/terraform/locals_test.go | 105 ++++++++++---- .../circular/circular_reference.tf | 2 +- .../cross_file/cross_file_locals_a.tf | 2 +- .../cross_file/cross_file_locals_b.tf | 2 +- .../forward_ref/forward_reference.tf | 4 +- .../isolated/isolated_locals.tf | 2 +- .../multi_blocks/multiple_blocks.tf | 2 +- .../no_locals/no_locals.tf | 2 +- .../override/override_locals_a.tf | 2 +- .../override/override_locals_b.tf | 4 +- .../simple/simple_locals.tf | 2 +- .../with_vars/locals_with_vars.tf | 2 +- 13 files changed, 188 insertions(+), 76 deletions(-) diff --git a/pkg/parser/terraform/locals.go b/pkg/parser/terraform/locals.go index ecdc0a06c63..83015c34083 100644 --- a/pkg/parser/terraform/locals.go +++ b/pkg/parser/terraform/locals.go @@ -1,6 +1,7 @@ package terraform import ( + "fmt" "maps" "path/filepath" "sync" @@ -44,6 +45,74 @@ func extractLocalsFromFile(filename string) (map[string]*hclsyntax.Attribute, er return localsAttrs, nil } +func extractLocalDependencies(expr hclsyntax.Expression) []string { + var deps []string + + hclsyntax.VisitAll(expr, func(node hclsyntax.Node) hcl.Diagnostics { + if traversal, ok := node.(*hclsyntax.ScopeTraversalExpr); ok { + if len(traversal.Traversal) > 0 { + if root, ok := traversal.Traversal[0].(hcl.TraverseRoot); ok { + if root.Name == "local" && len(traversal.Traversal) > 1 { + if attr, ok := traversal.Traversal[1].(hcl.TraverseAttr); ok { + deps = append(deps, attr.Name) + } + } + } + } + } + return nil + }) + + return deps +} + +func topologicalSort(graph map[string][]string) ([]string, error) { + visited := make(map[string]bool) + recStack := make(map[string]bool) + var result []string + + var visit func(string) error + visit = func(node string) error { + // Check if a node is currently in the recursion stack + if recStack[node] { + return fmt.Errorf("cycle detected in locals: local.%s", node) + } + + // Check if a node has already been visited + // If not in the recursion stack, we already visited it and skip + if visited[node] { + return nil + } + + // Currently visiting a node + recStack[node] = true + for _, dep := range graph[node] { + if _, exists := graph[dep]; exists { + if err := visit(dep); err != nil { + return err + } + } + } + + // Visited the node and dependencies are resolved + // Remove from recursion stack and mark as visited + recStack[node] = false + visited[node] = true + result = append(result, node) + return nil + } + + for node := range graph { + if !visited[node] { + if err := visit(node); err != nil { + return nil, err + } + } + } + + return result, nil +} + func evaluateLocal(attr *hclsyntax.Attribute, localsMap converter.VariableMap) (cty.Value, bool) { evalCtx := &hcl.EvalContext{ Variables: make(map[string]cty.Value), @@ -79,7 +148,7 @@ func buildLocalsForDirectory(currentPath string) (converter.VariableMap, error) return localsMap, nil } - // collect all locals attributes from all files in the directory + // Collect all locals attributes with duplicate detection allLocalsAttrs := make(map[string]*hclsyntax.Attribute) for _, tfFile := range tfFiles { @@ -90,49 +159,43 @@ func buildLocalsForDirectory(currentPath string) (converter.VariableMap, error) continue } - maps.Copy(allLocalsAttrs, fileLocals) + // Check for duplicate local values + for name, attr := range fileLocals { + if existing, exists := allLocalsAttrs[name]; exists { + log.Error().Msgf("Duplicate local value definition: A local value named '%s' was already defined at %s. Local value names must be unique within a module.", + name, existing.NameRange.Filename) + return localsMap, fmt.Errorf("duplicate local value definition: %s", name) + } + allLocalsAttrs[name] = attr + } } if len(allLocalsAttrs) == 0 { return localsMap, nil } - // Locals can reference other locals, so we evaluate in multiple passes - maxIterations := len(allLocalsAttrs) + 1 - evaluated := make(map[string]bool) - - for range maxIterations { - madeProgress := false - - for name, attr := range allLocalsAttrs { - if evaluated[name] { - continue - } + // Build dependency graph + depGraph := make(map[string][]string) + for name, attr := range allLocalsAttrs { + depGraph[name] = extractLocalDependencies(attr.Expr) + } - value, success := evaluateLocal(attr, localsMap) - if !success { - continue - } + // Topological sort with cycle detection + evalOrder, err := topologicalSort(depGraph) + if err != nil { + log.Error().Msgf("Cycle in locals at %s: %v", currentPath, err) + return localsMap, err + } + // Evaluate in dependency order + for _, name := range evalOrder { + attr := allLocalsAttrs[name] + value, success := evaluateLocal(attr, localsMap) + if !success { + log.Warn().Msgf("Could not evaluate local.%s (missing references or evaluation error)", name) + localsMap[name] = cty.StringVal("${local." + name + "}") + } else { localsMap[name] = value - evaluated[name] = true - madeProgress = true - } - - if len(evaluated) == len(allLocalsAttrs) { - break - } - - // No progress made - circular dependencies or missing references - if !madeProgress { - // Store unevaluated locals as placeholders - for name := range allLocalsAttrs { - if !evaluated[name] { - log.Debug().Msgf("Could not evaluate local.%s in %s", name, currentPath) - localsMap[name] = cty.StringVal("${local." + name + "}") - } - } - break } } diff --git a/pkg/parser/terraform/locals_test.go b/pkg/parser/terraform/locals_test.go index 7582c5987b0..19a088d24bf 100644 --- a/pkg/parser/terraform/locals_test.go +++ b/pkg/parser/terraform/locals_test.go @@ -189,30 +189,32 @@ func TestBuildLocalsForDirectory_ForwardReferences(t *testing.T) { }) } +func TestBuildLocalsForDirectory_DuplicateLocals(t *testing.T) { + t.Run("Should error when duplicate locals are defined across files", func(t *testing.T) { + inputVariableMap = make(converter.VariableMap) + currentPath := filepath.Join("..", "..", "..", "test", "fixtures", "test_terraform_locals", "duplicates") + + localsMap, err := buildLocalsForDirectory(currentPath) + require.Error(t, err, "Should error on duplicate locals") + require.Contains(t, err.Error(), "duplicate local value definition", "Error message should mention duplicate local value definition") + require.Empty(t, localsMap, "localsMap should be empty when error occurs") + }) + + t.Cleanup(func() { + inputVariableMap = make(converter.VariableMap) + localsCache = make(map[string]converter.VariableMap) + }) +} + func TestBuildLocalsForDirectory_OverrideLocals(t *testing.T) { - t.Run("Should handle locals overwriting other locals from different files", func(t *testing.T) { + t.Run("Should NOT override - duplicate detection should catch this", func(t *testing.T) { inputVariableMap = make(converter.VariableMap) currentPath := filepath.Join("..", "..", "..", "test", "fixtures", "test_terraform_locals", "override") localsMap, err := buildLocalsForDirectory(currentPath) - require.NoError(t, err) - - // app_name will be either "first_name" or "overridden_name" depending on file processing order - // Both files define app_name, and later file wins - // Need to work on file prioritization - appName, exists := localsMap["app_name"] - require.True(t, exists, "app_name should exist") - require.NotNil(t, appName) - - // The value should be one of these two for now - actualName := appName.AsString() - require.True(t, actualName == "first_name" || actualName == "overridden_name", - "app_name should be either 'first_name' or 'overridden_name', got: %s", actualName) - - // app_version should exist from override_locals_a.tf - appVersion, exists := localsMap["app_version"] - require.True(t, exists, "app_version should exist") - require.Equal(t, "1.0.0", appVersion.AsString()) + require.Error(t, err, "Duplicate locals should cause error") + require.Contains(t, err.Error(), "duplicate local value definition", "Error should mention duplicate local value definition") + require.Empty(t, localsMap, "localsMap should be empty on error") }) t.Cleanup(func() { @@ -255,23 +257,70 @@ func TestBuildLocalsForDirectory_MultipleBlocks(t *testing.T) { } func TestBuildLocalsForDirectory_CircularReference(t *testing.T) { - t.Run("Should handle circular references gracefully", func(t *testing.T) { + t.Run("Should error on circular references", func(t *testing.T) { inputVariableMap = make(converter.VariableMap) currentPath := filepath.Join("..", "..", "..", "test", "fixtures", "test_terraform_locals", "circular") localsMap, err := buildLocalsForDirectory(currentPath) + require.Error(t, err, "Circular references should cause error") + require.Contains(t, err.Error(), "cycle", "Error should mention cycle") + require.Empty(t, localsMap, "localsMap should be empty on error") + }) + + t.Cleanup(func() { + inputVariableMap = make(converter.VariableMap) + localsCache = make(map[string]converter.VariableMap) + }) +} + +func TestBuildLocalsForDirectory_SubdirectoryIsolation(t *testing.T) { + t.Run("Should not access locals from parent directory", func(t *testing.T) { + inputVariableMap = make(converter.VariableMap) + parentPath := filepath.Join("..", "..", "..", "test", "fixtures", "test_terraform_locals", "subdir_isolation", "parent") + childPath := filepath.Join("..", "..", "..", "test", "fixtures", "test_terraform_locals", "subdir_isolation", "parent", "child") + + // Build locals for parent directory + parentLocals, err := buildLocalsForDirectory(parentPath) require.NoError(t, err) + require.Contains(t, parentLocals, "parent_value", "Parent should have parent_value") + require.Contains(t, parentLocals, "shared_name", "Parent should have shared_name") + require.Equal(t, 2, len(parentLocals), "Parent should have exactly 2 locals") - // Circular references should be stored as placeholders - circularA, exists := localsMap["circular_a"] - require.True(t, exists, "circular_a should exist") + // Build locals for child directory (separate module) + childLocals, err := buildLocalsForDirectory(childPath) + require.NoError(t, err) + require.Contains(t, childLocals, "child_value", "Child should have child_value") + require.Contains(t, childLocals, "shared_name", "Child should have shared_name") + require.NotContains(t, childLocals, "parent_value", "Child should NOT have parent_value") + require.Equal(t, 2, len(childLocals), "Child should have exactly 2 locals") + + // Verify the shared_name values are different (proving isolation) + parentSharedName := parentLocals["shared_name"].AsString() + childSharedName := childLocals["shared_name"].AsString() + require.Equal(t, "from_parent", parentSharedName, "Parent's shared_name should be 'from_parent'") + require.Equal(t, "from_child", childSharedName, "Child's shared_name should be 'from_child'") + require.NotEqual(t, parentSharedName, childSharedName, "shared_name should be different in parent and child") + }) - circularB, exists := localsMap["circular_b"] - require.True(t, exists, "circular_b should exist") + t.Cleanup(func() { + inputVariableMap = make(converter.VariableMap) + localsCache = make(map[string]converter.VariableMap) + }) +} + +func TestBuildLocalsForDirectory_MissingVariableReference(t *testing.T) { + t.Run("Should use placeholder for locals with missing variable references", func(t *testing.T) { + inputVariableMap = make(converter.VariableMap) + currentPath := filepath.Join("..", "..", "..", "test", "fixtures", "test_terraform_locals", "missing_var") + + localsMap, err := buildLocalsForDirectory(currentPath) + require.NoError(t, err, "Missing var should not cause error") - // Both should be string placeholders - require.Equal(t, cty.String, circularA.Type()) - require.Equal(t, cty.String, circularB.Type()) + // Local referencing missing var should have placeholder + localWithMissingVar, exists := localsMap["with_missing_var"] + require.True(t, exists, "Local with missing var should exist") + require.Equal(t, cty.String, localWithMissingVar.Type(), "Should be string placeholder") + require.Contains(t, localWithMissingVar.AsString(), "${local.", "Should contain placeholder pattern") }) t.Cleanup(func() { diff --git a/test/fixtures/test_terraform_locals/circular/circular_reference.tf b/test/fixtures/test_terraform_locals/circular/circular_reference.tf index 17b10e86ec2..4676e9728c8 100644 --- a/test/fixtures/test_terraform_locals/circular/circular_reference.tf +++ b/test/fixtures/test_terraform_locals/circular/circular_reference.tf @@ -4,7 +4,7 @@ locals { circular_b = local.circular_a } -resource "test" "circular" { +resource "terraform_data" "circular" { value_a = local.circular_a value_b = local.circular_b } diff --git a/test/fixtures/test_terraform_locals/cross_file/cross_file_locals_a.tf b/test/fixtures/test_terraform_locals/cross_file/cross_file_locals_a.tf index ee1476a67b6..70486d9219d 100644 --- a/test/fixtures/test_terraform_locals/cross_file/cross_file_locals_a.tf +++ b/test/fixtures/test_terraform_locals/cross_file/cross_file_locals_a.tf @@ -3,7 +3,7 @@ locals { base_port = 8080 } -resource "test" "a" { +resource "terraform_data" "a" { name = local.base_name port = local.base_port } diff --git a/test/fixtures/test_terraform_locals/cross_file/cross_file_locals_b.tf b/test/fixtures/test_terraform_locals/cross_file/cross_file_locals_b.tf index 0f020836def..222e6752013 100644 --- a/test/fixtures/test_terraform_locals/cross_file/cross_file_locals_b.tf +++ b/test/fixtures/test_terraform_locals/cross_file/cross_file_locals_b.tf @@ -3,7 +3,7 @@ locals { full_port = local.base_port } -resource "test" "b" { +resource "terraform_data" "b" { name = local.full_name port = local.full_port } diff --git a/test/fixtures/test_terraform_locals/forward_ref/forward_reference.tf b/test/fixtures/test_terraform_locals/forward_ref/forward_reference.tf index a9e891d82e2..4d6430e9c90 100644 --- a/test/fixtures/test_terraform_locals/forward_ref/forward_reference.tf +++ b/test/fixtures/test_terraform_locals/forward_ref/forward_reference.tf @@ -2,13 +2,13 @@ locals { # This references 'backend_name' which is defined later in the same block full_backend = "${local.backend_name}-production" backend_name = "api" - + # This references 'db_port' which is defined later connection_string = "localhost:${local.db_port}" db_port = 5432 } -resource "test" "forward_ref" { +resource "terraform_data" "forward_ref" { backend = local.full_backend connection = local.connection_string } diff --git a/test/fixtures/test_terraform_locals/isolated/isolated_locals.tf b/test/fixtures/test_terraform_locals/isolated/isolated_locals.tf index 2a629335bca..bf4280e2ac1 100644 --- a/test/fixtures/test_terraform_locals/isolated/isolated_locals.tf +++ b/test/fixtures/test_terraform_locals/isolated/isolated_locals.tf @@ -2,7 +2,7 @@ locals { isolated_value = "isolated" } -resource "test" "isolated" { +resource "terraform_data" "isolated" { value = local.isolated_value } diff --git a/test/fixtures/test_terraform_locals/multi_blocks/multiple_blocks.tf b/test/fixtures/test_terraform_locals/multi_blocks/multiple_blocks.tf index 81a1bf99cf6..29820718d54 100644 --- a/test/fixtures/test_terraform_locals/multi_blocks/multiple_blocks.tf +++ b/test/fixtures/test_terraform_locals/multi_blocks/multiple_blocks.tf @@ -13,7 +13,7 @@ locals { combined = "${local.first_local}-${local.second_local}" } -resource "test" "multi_blocks" { +resource "terraform_data" "multi_blocks" { first = local.first_local second = local.second_local third = local.third_local diff --git a/test/fixtures/test_terraform_locals/no_locals/no_locals.tf b/test/fixtures/test_terraform_locals/no_locals/no_locals.tf index 4857079dbea..74308408e44 100644 --- a/test/fixtures/test_terraform_locals/no_locals/no_locals.tf +++ b/test/fixtures/test_terraform_locals/no_locals/no_locals.tf @@ -3,7 +3,7 @@ variable "test_var" { default = "test" } -resource "test" "no_locals" { +resource "terraform_data" "no_locals" { name = var.test_var } diff --git a/test/fixtures/test_terraform_locals/override/override_locals_a.tf b/test/fixtures/test_terraform_locals/override/override_locals_a.tf index d44310f06b9..e022ca1b9c7 100644 --- a/test/fixtures/test_terraform_locals/override/override_locals_a.tf +++ b/test/fixtures/test_terraform_locals/override/override_locals_a.tf @@ -3,7 +3,7 @@ locals { app_version = "1.0.0" } -resource "test" "override_a" { +resource "terraform_data" "override_a" { name = local.app_name version = local.app_version } diff --git a/test/fixtures/test_terraform_locals/override/override_locals_b.tf b/test/fixtures/test_terraform_locals/override/override_locals_b.tf index dcc3b363d57..405ad880b9a 100644 --- a/test/fixtures/test_terraform_locals/override/override_locals_b.tf +++ b/test/fixtures/test_terraform_locals/override/override_locals_b.tf @@ -3,7 +3,7 @@ locals { app_name = "overridden_name" } -resource "test" "override_b" { - name = local.app_name +resource "terraform_data" "override_b" { + input = local.app_name } diff --git a/test/fixtures/test_terraform_locals/simple/simple_locals.tf b/test/fixtures/test_terraform_locals/simple/simple_locals.tf index 6c0114427b9..944640d5446 100644 --- a/test/fixtures/test_terraform_locals/simple/simple_locals.tf +++ b/test/fixtures/test_terraform_locals/simple/simple_locals.tf @@ -9,7 +9,7 @@ locals { simple_bool = true } -resource "test" "example" { +resource "terraform_data" "example" { name = local.simple_string count = local.simple_number active = local.simple_bool diff --git a/test/fixtures/test_terraform_locals/with_vars/locals_with_vars.tf b/test/fixtures/test_terraform_locals/with_vars/locals_with_vars.tf index 7d90ec57ea5..913bc1db033 100644 --- a/test/fixtures/test_terraform_locals/with_vars/locals_with_vars.tf +++ b/test/fixtures/test_terraform_locals/with_vars/locals_with_vars.tf @@ -13,7 +13,7 @@ locals { tag_name = var.environment } -resource "test" "with_vars" { +resource "terraform_data" "with_vars" { prefix = local.resource_prefix tag = local.tag_name } From 9ff0e0b17e3e613759886a58df2e20a112e38808 Mon Sep 17 00:00:00 2001 From: ArturRibeiro-CX <153724638+cx-artur-ribeiro@users.noreply.github.com> Date: Sat, 17 Jan 2026 14:17:20 +0000 Subject: [PATCH 09/10] fix lint --- pkg/parser/terraform/locals.go | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/pkg/parser/terraform/locals.go b/pkg/parser/terraform/locals.go index 83015c34083..af4c4a70ae8 100644 --- a/pkg/parser/terraform/locals.go +++ b/pkg/parser/terraform/locals.go @@ -48,6 +48,7 @@ func extractLocalsFromFile(filename string) (map[string]*hclsyntax.Attribute, er func extractLocalDependencies(expr hclsyntax.Expression) []string { var deps []string + // nolint:errcheck hclsyntax.VisitAll(expr, func(node hclsyntax.Node) hcl.Diagnostics { if traversal, ok := node.(*hclsyntax.ScopeTraversalExpr); ok { if len(traversal.Traversal) > 0 { @@ -162,7 +163,9 @@ func buildLocalsForDirectory(currentPath string) (converter.VariableMap, error) // Check for duplicate local values for name, attr := range fileLocals { if existing, exists := allLocalsAttrs[name]; exists { - log.Error().Msgf("Duplicate local value definition: A local value named '%s' was already defined at %s. Local value names must be unique within a module.", + log.Error().Msgf("Duplicate local value definition: "+ + "A local value named '%s' was already defined at %s. "+ + "Local value names must be unique within a module.", name, existing.NameRange.Filename) return localsMap, fmt.Errorf("duplicate local value definition: %s", name) } From e6e4f54a584e9ee209300bc32cced8efe94b8105 Mon Sep 17 00:00:00 2001 From: ArturRibeiro-CX <153724638+cx-artur-ribeiro@users.noreply.github.com> Date: Sat, 17 Jan 2026 14:22:12 +0000 Subject: [PATCH 10/10] add missing test files --- .../test_terraform_locals/duplicates/file1.tf | 9 +++++++++ .../test_terraform_locals/duplicates/file2.tf | 10 ++++++++++ .../missing_var/locals_with_missing_var.tf | 14 ++++++++++++++ .../subdir_isolation/parent/child/child.tf | 13 +++++++++++++ .../subdir_isolation/parent/parent.tf | 9 +++++++++ 5 files changed, 55 insertions(+) create mode 100644 test/fixtures/test_terraform_locals/duplicates/file1.tf create mode 100644 test/fixtures/test_terraform_locals/duplicates/file2.tf create mode 100644 test/fixtures/test_terraform_locals/missing_var/locals_with_missing_var.tf create mode 100644 test/fixtures/test_terraform_locals/subdir_isolation/parent/child/child.tf create mode 100644 test/fixtures/test_terraform_locals/subdir_isolation/parent/parent.tf diff --git a/test/fixtures/test_terraform_locals/duplicates/file1.tf b/test/fixtures/test_terraform_locals/duplicates/file1.tf new file mode 100644 index 00000000000..57bf4250bb4 --- /dev/null +++ b/test/fixtures/test_terraform_locals/duplicates/file1.tf @@ -0,0 +1,9 @@ +locals { + duplicate_name = "from_file1" + unique_to_file1 = "value1" +} + +resource "terraform_data" "from_file1" { + input = local.duplicate_name +} + diff --git a/test/fixtures/test_terraform_locals/duplicates/file2.tf b/test/fixtures/test_terraform_locals/duplicates/file2.tf new file mode 100644 index 00000000000..1e0633ad323 --- /dev/null +++ b/test/fixtures/test_terraform_locals/duplicates/file2.tf @@ -0,0 +1,10 @@ +# This creates a duplicate local which should cause an error +locals { + duplicate_name = "from_file2" + unique_to_file2 = "value2" +} + +resource "terraform_data" "from_file2" { + input = local.duplicate_name +} + diff --git a/test/fixtures/test_terraform_locals/missing_var/locals_with_missing_var.tf b/test/fixtures/test_terraform_locals/missing_var/locals_with_missing_var.tf new file mode 100644 index 00000000000..84ae481cdf4 --- /dev/null +++ b/test/fixtures/test_terraform_locals/missing_var/locals_with_missing_var.tf @@ -0,0 +1,14 @@ +# This local references a variable that doesn't exist +# Should result in a placeholder value with warning +locals { + with_missing_var = var.nonexistent_variable + valid_local = "this_works" +} + +resource "terraform_data" "example" { + input = { + value = local.valid_local + missing = local.with_missing_var + } +} + diff --git a/test/fixtures/test_terraform_locals/subdir_isolation/parent/child/child.tf b/test/fixtures/test_terraform_locals/subdir_isolation/parent/child/child.tf new file mode 100644 index 00000000000..5aaa590058e --- /dev/null +++ b/test/fixtures/test_terraform_locals/subdir_isolation/parent/child/child.tf @@ -0,0 +1,13 @@ +# This is a separate module (subdirectory) +# It should NOT have access to parent's locals +locals { + child_value = "child" + shared_name = "from_child" +} + +resource "terraform_data" "child" { + input = local.child_value + # This would fail if parent_value is not accessible (which is correct) + # parent_ref = local.parent_value +} + diff --git a/test/fixtures/test_terraform_locals/subdir_isolation/parent/parent.tf b/test/fixtures/test_terraform_locals/subdir_isolation/parent/parent.tf new file mode 100644 index 00000000000..dd690325fcf --- /dev/null +++ b/test/fixtures/test_terraform_locals/subdir_isolation/parent/parent.tf @@ -0,0 +1,9 @@ +locals { + parent_value = "parent" + shared_name = "from_parent" +} + +resource "terraform_data" "parent" { + input = local.parent_value +} +