update(tests): e2e test to scan all platforms

e2e/testcases/e2e-cli-testing_all_platforms_cloudproviders.go

@@ -0,0 +1,25 @@
+package testcases
+
+// e2e-cli-testing_all_platforms_cloudproviders - KICS scan
+// should perform a scan successfully for all supported platforms and cloud providers
+func init() { //nolint
+	testSample := TestCase{
+		Name: "should perform a scan successfully for all supported platforms and cloud providers",
+		Args: args{
+			Args: []cmdArgs{
+				[]string{"scan", "-o", "/path/e2e/output",
+					"--output-name", "E2E_CLI_TEST_ALL_PLATFORMS_CLOUDPROVIDERS",
+					"-p", "\"/path/test/fixtures/test_all_platforms_cloudproviders\"",
+				},
+			},
+			ExpectedResult: []ResultsValidation{
+				{
+					ResultsFile: "E2E_CLI_TEST_ALL_PLATFORMS_CLOUDPROVIDERS",
+				},
+			},
+		},
+		WantStatus: []int{60},
+	}
+
+	Tests = append(Tests, testSample)
+}

e2e/utils/json.go

@@ -144,7 +144,7 @@
 	}
 }
 
 func setFields(t *testing.T, expect, actual []string, expectFileName, actualFileName, location string) {
 	switch location {
 	case "payload":
 		var actualI model.Documents
@@ -201,11 +201,25 @@
 			}
 		}
 
+		sort.Slice(actualI.Queries, func(a, b int) bool {
+			return actualI.Queries[a].QueryID < actualI.Queries[b].QueryID
+		})
+		sort.Slice(expectI.Queries, func(a, b int) bool {
+			return expectI.Queries[a].QueryID < expectI.Queries[b].QueryID
+		})
+
 		for i := range actualI.Queries {
 			actualQuery := actualI.Queries[i]
 			expectQuery := expectI.Queries[i]
 
-			require.Equal(t, actualQuery.QueryName, expectQuery.QueryName,
+			sort.Slice(actualQuery.Files, func(a, b int) bool {
+				return actualQuery.Files[a].SimilarityID < actualQuery.Files[b].SimilarityID
+			})
+			sort.Slice(expectQuery.Files, func(a, b int) bool {
+				return expectQuery.Files[a].SimilarityID < expectQuery.Files[b].SimilarityID
+			})
+
+			require.Equal(t, actualQuery.QueryID, expectQuery.QueryID,
 				"Expected Result queries doesn't match the actual result queries [in the index: %d]."+
 					"\nExpected File: 'fixtures/%s'.\nActual File: 'output/%s'.",
 				i, expectFileName, actualFileName)
@@ -219,12 +233,6 @@
 				actualQuery.Files[j].FileName = ""
 				expectQuery.Files[j].FileName = ""
 			}
-			sort.Slice(actualQuery.Files, func(a, b int) bool {
-				return actualQuery.Files[a].SimilarityID < actualQuery.Files[b].SimilarityID
-			})
-			sort.Slice(expectQuery.Files, func(a, b int) bool {
-				return expectQuery.Files[a].SimilarityID < expectQuery.Files[b].SimilarityID
-			})
 		}
 
 		require.ElementsMatch(t, expectI.ScannedPaths, actualI.ScannedPaths,

test/fixtures/test_all_platforms_cloudproviders/ansible/aws/positive.yaml

@@ -0,0 +1,37 @@
+- name: my_elb_application
+  community.aws.elb_application_lb:
+    name: myelb
+    security_groups:
+      - sg-12345678
+      - my-sec-group
+    subnets:
+      - subnet-012345678
+      - subnet-abcdef000
+    listeners:
+      - Protocol: HTTP
+        Port: 80
+        SslPolicy: ELBSecurityPolicy-2015-05
+        Certificates:
+          - CertificateArn: arn:aws:iam::12345678987:server-certificate/test.domain.com
+        DefaultActions:
+          - Type: forward
+            TargetGroupName: targetname
+    state: present
+- name: my_elb_application2
+  community.aws.elb_application_lb:
+    name: myelb2
+    security_groups:
+      - sg-12345678
+      - my-sec-group
+    subnets:
+      - subnet-012345678
+      - subnet-abcdef000
+    listeners:
+      Port: 80
+      SslPolicy: ELBSecurityPolicy-2015-05
+      Certificates:
+        - CertificateArn: arn:aws:iam::12345678987:server-certificate/test.domain.com
+      DefaultActions:
+        - Type: forward
+          TargetGroupName: targetname
+    state: present

test/fixtures/test_all_platforms_cloudproviders/ansible/azure/positive.yaml

@@ -0,0 +1,7 @@
+- name: too_many_hosts
+  azure_rm_rediscachefirewallrule:
+      resource_group: myResourceGroup
+      cache_name: myRedisCache
+      name: myRule
+      start_ip_address: 192.168.1.1
+      end_ip_address: 192.169.1.4

test/fixtures/test_all_platforms_cloudproviders/ansible/config/positive1.cfg

@@ -0,0 +1,13 @@
+[defaults]
+action_warnings=True
+cowsay_enabled_stencils=bud-frogs, bunny, cheese, daemon, default, dragon, elephant-in-snake, elephant, eyes, hellokitty, kitty, luke-koala, meow, milk, moofasa, moose, ren, sheep, small, stegosaurus, stimpy, supermilker, three-eyes, turkey, turtle, tux, udder, vader-koala, vader, www
+cow_selection=default
+force_color=False
+nocolor=False
+nocows=False
+any_errors_fatal=False
+fact_caching=memory
+become=False
+become_ask_pass=False
+become_method=sudo
+become_user=root

test/fixtures/test_all_platforms_cloudproviders/ansible/gcp/positive.yaml

@@ -0,0 +1,85 @@
+- name: create a cluster1
+  google.cloud.gcp_container_cluster:
+    name: my-cluster1
+    initial_node_count: 2
+    master_auth:
+      username: cluster_admin
+      password: my-secret-password
+    node_config:
+      machine_type: n1-standard-4
+      disk_size_gb: 500
+    location: us-central1-a
+    project: test_project
+    auth_kind: serviceaccount
+    service_account_file: "/tmp/auth.pem"
+    state: present
+- name: create a cluster2
+  google.cloud.gcp_container_cluster:
+    name: my-cluster2
+    initial_node_count: 2
+    master_auth:
+      username: cluster_admin
+      password: my-secret-password
+    node_config:
+      machine_type: n1-standard-4
+      disk_size_gb: 500
+    location: us-central1-a
+    project: test_project
+    auth_kind: serviceaccount
+    service_account_file: "/tmp/auth.pem"
+    state: present
+    private_cluster_config:
+      enable_private_endpoint: yes
+- name: create a cluster3
+  google.cloud.gcp_container_cluster:
+    name: my-cluster3
+    initial_node_count: 2
+    master_auth:
+      username: cluster_admin
+      password: my-secret-password
+    node_config:
+      machine_type: n1-standard-4
+      disk_size_gb: 500
+    location: us-central1-a
+    project: test_project
+    auth_kind: serviceaccount
+    service_account_file: "/tmp/auth.pem"
+    state: present
+    private_cluster_config:
+      enable_private_nodes: yes
+- name: create a cluster4
+  google.cloud.gcp_container_cluster:
+    name: my-cluster4
+    initial_node_count: 2
+    master_auth:
+      username: cluster_admin
+      password: my-secret-password
+    node_config:
+      machine_type: n1-standard-4
+      disk_size_gb: 500
+    location: us-central1-a
+    project: test_project
+    auth_kind: serviceaccount
+    service_account_file: "/tmp/auth.pem"
+    state: present
+    private_cluster_config:
+      enable_private_endpoint: no
+      enable_private_nodes: yes
+- name: create a cluster5
+  google.cloud.gcp_container_cluster:
+    name: my-cluster5
+    initial_node_count: 2
+    master_auth:
+      username: cluster_admin
+      password: my-secret-password
+    node_config:
+      machine_type: n1-standard-4
+      disk_size_gb: 500
+    location: us-central1-a
+    project: test_project
+    auth_kind: serviceaccount
+    service_account_file: "/tmp/auth.pem"
+    state: present
+    private_cluster_config:
+      enable_private_endpoint: yes
+      enable_private_nodes: no

test/fixtures/test_all_platforms_cloudproviders/ansible/general/positive1.yaml

@@ -0,0 +1,62 @@
+---
+- hosts: localhost
+  name: become_user without become
+  become_user: bar
+
+  tasks:
+    - name: Simple hello
+      ansible.builtin.debug:
+        msg: hello
+
+---
+- hosts: localhost
+  name: become_user with become false
+  become_user: root
+  become: false
+
+  tasks:
+    - name: Simple hello
+      ansible.builtin.debug:
+        msg: hello
+
+---
+- hosts: localhost
+  tasks:
+    - name: become and become_user on different tasks
+      block:
+        - name: Sample become
+          become: true
+          ansible.builtin.command: ls .
+        - name: Sample become_user
+          become_user: foo
+          ansible.builtin.command: ls .
+
+---
+- hosts: localhost
+  tasks:
+    - name: become false
+      block:
+        - name: Sample become
+          become: true
+          ansible.builtin.command: ls .
+        - name: Sample become_user
+          become_user: postgres
+          become: false
+          ansible.builtin.command: ls .
+
+---
+- hosts: localhost
+  tasks:
+    - name: become_user with become task as false
+      ansible.builtin.command: whoami
+      become_user: mongodb
+      become: false
+      changed_when: false
+
+---
+- hosts: localhost
+  tasks:
+    - name: become_user without become
+      ansible.builtin.command: whoami
+      become_user: mysql
+      changed_when: false

test/fixtures/test_all_platforms_cloudproviders/ansible/hosts/positive1.ini

@@ -0,0 +1,14 @@
+[tower]
+150.50.1.1
+[automationhub]
+automationhub.acme.org
+[database]
+database-01.acme.org
+[all:vars]
+admin_password='<password>'
+pg_host='database-01.acme.org'
+pg_port='5432'
+pg_database='awx'
+pg_username='awx'
+pg_password='<password>'
+pg_sslmode='prefer'

test/fixtures/test_all_platforms_cloudproviders/arm/positive1.json

@@ -0,0 +1,32 @@
+{
+  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+  "contentVersion": "2.0.0.0",
+  "apiProfile": "2019-03-01-hybrid",
+  "parameters": {},
+  "variables": {},
+  "functions": [],
+  "resources": [
+    {
+      "name": "string",
+      "type": "microsoft.insights/logprofiles",
+      "apiVersion": "2016-03-01",
+      "location": "eastus",
+      "tags": {},
+      "properties": {
+        "storageAccountId": "storageAccountId",
+        "serviceBusRuleId": "serviceBusRuleId",
+        "locations": [
+          "eastus"
+        ],
+        "categories": [
+          "Writ"
+        ],
+        "retentionPolicy": {
+          "enabled": true,
+          "days": 450
+        }
+      }
+    }
+  ],
+  "outputs": {}
+}

test/fixtures/test_all_platforms_cloudproviders/buildah/positive.sh

@@ -0,0 +1,3 @@
+c=$(buildah from fedora)
+
+buildah run ${c} apt install python3-setuptools -y

test/fixtures/test_all_platforms_cloudproviders/cicd/github/positive2.yaml

@@ -0,0 +1,28 @@
+name: test-script-run
+
+on:
+  pull_request_target:
+    types: [opened]
+
+jobs:
+  script-run:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Run script
+        uses: actions/github-script@latest
+        with:
+          script: |
+            const fs = require('fs');
+            const body = fs.readFileSync('/tmp/${{ github.event.pull_request.title }}.txt', {encoding: 'utf8'});
+
+            await github.rest.issues.createComment({
+              issue_number: context.issue.number,
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              body: 'Thanks for reporting!'
+            })
+
+            return true;

test/fixtures/test_all_platforms_cloudproviders/cloudFormation/aws/positive1.yaml

@@ -0,0 +1,20 @@
+Resources:
+  NewAmpApp1:
+    Type: AWS::Amplify::Branch
+    Properties:
+      AppId: String
+      BranchName: String
+      BuildSpec: String
+      Description: String
+      EnableAutoBuild: false
+      EnablePerformanceMode: false
+      EnablePullRequestPreview: false
+      EnvironmentVariables:
+        - EnvironmentVariable
+      PullRequestEnvironmentName: String
+      Stage: String
+      BasicAuthConfig:
+        EnableBasicAuth: true
+        Password: "@skdsjdk0234!AB"
+        Username: admin
+