Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
@aws-cdk/assert
Advanced tools
This library contains helpers for writing unit tests and integration tests for CDK libraries
Write your unit tests like this:
const stack = new Stack();
new MyConstruct(stack, 'MyConstruct', {
...
});
expect(stack).to(someExpectation(...));
Here are the expectations you can use:
Check that the synthesized stack template looks like the given template, or is a superset of it. These functions match logical IDs and all properties of a resource.
matchTemplate(template, matchStyle)
exactlyMatchTemplate(template)
beASupersetOfTemplate(template)
Example:
expect(stack).to(beASupersetOfTemplate({
Resources: {
HostedZone674DD2B7: {
Type: "AWS::Route53::HostedZone",
Properties: {
Name: "test.private.",
VPCs: [{
VPCId: { Ref: 'VPC06C5F037' },
VPCRegion: { Ref: 'AWS::Region' }
}]
}
}
}
}));
If you only care that a resource of a particular type exists (regardless of its logical identifier), and that some of its properties are set to specific values:
haveResource(type, subsetOfProperties)
Example:
expect(stack).to(haveResource('AWS::CertificateManager::Certificate', {
DomainName: 'test.example.com'
// Note: some properties omitted here
}));
Integration tests are modeled as CDK apps that are deployed by the developers. If deployment succeeds, the synthesized template is saved in a local file and "locked". During build, the test app is only synthesized and compared against the checked-in file to protect against regressions.
Create any number of files called integ.*.ts
in your test
directory. These
should be CDK apps containing a single stack.
Add the following to your package.json
':
{
scripts: {
"test": ".... && cdk-integ-assert",
"integ": "cdk-integ"
},
...
devDependencies: {
"@aws-cdk/assert": "*",
"aws-cdk": "*"
}
}
This installs two tools into your scripts:
npm test
is executed (during build), the cdk-integ-assert
tool is
invoked. This tool will only synthesize the integration test stacks and
compare them to the .expected files. If the files differ (or do not exist),
the test will fail.npm run integ
is executed (manually by the developer), the cdk-integ
tool is invoked. This tool will actually attempt to deploy the integration
test stacks into the default environment. If it succeeds, the .expected file
will be updated to include the latest synthesized stack.The usage of cdk-integ
is:
cdk-integ [--no-clean] [filters...]
# or
npm run integ -- [--no-clean] [filters...]
--no-clean
is specified, the integration test stacks will not be cleaned
up. This can be used to perform manual validation on the stacks.FAQs
An assertion library for use with CDK Apps
We found that @aws-cdk/assert demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 4 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.