feat(aws): Add support to see successes in results (#4427)

Fixes: https://github.com/aquasecurity/trivy/discussions/4417 Signed-off-by: Simar <simar@linux.com>
2025-12-23 07:29:00 -08:00 · 2023-06-13 11:36:05 -06:00
parent 2cbf402b6a
commit aecd2f0bf0
3 changed files with 61 additions and 5 deletions
--- a/pkg/cloud/aws/commands/run_test.go
+++ b/pkg/cloud/aws/commands/run_test.go
@@ -76,6 +76,7 @@ func Test_Run(t *testing.T) {
 				CloudOptions: flag.CloudOptions{
 					MaxCacheAge: time.Hour * 24 * 365 * 100,
 				},
+				MisconfOptions: flag.MisconfOptions{IncludeNonFailures: true},
 			},
 			cacheContent: exampleS3Cache,
 			want: `{
@@ -99,7 +100,7 @@ func Test_Run(t *testing.T) {
      "Class": "config",
      "Type": "cloud",
      "MisconfSummary": {
-        "Successes": 0,
+        "Successes": 1,
        "Failures": 9,
        "Exceptions": 0
      },
@@ -272,6 +273,29 @@ func Test_Run(t *testing.T) {
            }
          }
        },
+        {
+          "Type": "AWS",
+          "ID": "AVD-AWS-0092",
+          "AVDID": "AVD-AWS-0092",
+          "Title": "S3 Buckets not publicly accessible through ACL.",
+          "Description": "Buckets should not have ACLs that allow public access",
+          "Resolution": "Don't use canned ACLs or switch to private acl",
+          "Severity": "HIGH",
+          "PrimaryURL": "https://avd.aquasec.com/misconfig/avd-aws-0092",
+          "References": [
+            "https://avd.aquasec.com/misconfig/avd-aws-0092"
+          ],
+          "Status": "PASS",
+          "Layer": {},
+          "CauseMetadata": {
+            "Resource": "arn:aws:s3:::examplebucket",
+            "Provider": "aws",
+            "Service": "s3",
+            "Code": {
+              "Lines": null
+            }
+          }
+        },
        {
          "Type": "AWS",
          "ID": "AVD-AWS-0093",
@@ -327,7 +351,7 @@ func Test_Run(t *testing.T) {
 `,
 		},
 		{
-			name: "custom rego rule",
+			name: "custom rego rule with passed results",
 			options: flag.Options{
 				AWSOptions: flag.AWSOptions{
 					Region:   "us-east-1",
@@ -347,6 +371,7 @@ func Test_Run(t *testing.T) {
 					},
 					SkipPolicyUpdate: true,
 				},
+				MisconfOptions: flag.MisconfOptions{IncludeNonFailures: true},
 			},
 			regoPolicy: `# METADATA
 # title: No example buckets
@@ -390,7 +415,7 @@ deny[res] {
      "Class": "config",
      "Type": "cloud",
      "MisconfSummary": {
-        "Successes": 0,
+        "Successes": 1,
        "Failures": 10,
        "Exceptions": 0
      },
@@ -563,6 +588,29 @@ deny[res] {
            }
          }
        },
+        {
+          "Type": "AWS",
+          "ID": "AVD-AWS-0092",
+          "AVDID": "AVD-AWS-0092",
+          "Title": "S3 Buckets not publicly accessible through ACL.",
+          "Description": "Buckets should not have ACLs that allow public access",
+          "Resolution": "Don't use canned ACLs or switch to private acl",
+          "Severity": "HIGH",
+          "PrimaryURL": "https://avd.aquasec.com/misconfig/avd-aws-0092",
+          "References": [
+            "https://avd.aquasec.com/misconfig/avd-aws-0092"
+          ],
+          "Status": "PASS",
+          "Layer": {},
+          "CauseMetadata": {
+            "Resource": "arn:aws:s3:::examplebucket",
+            "Provider": "aws",
+            "Service": "s3",
+            "Code": {
+              "Lines": null
+            }
+          }
+        },
        {
          "Type": "AWS",
          "ID": "AVD-AWS-0093",