Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
@aws-cdk/assertions-alpha
Advanced tools
The APIs of higher level constructs in this module are experimental and under active development. They are subject to non-backward compatible changes or removal in any future version. These are not subject to the Semantic Versioning model and breaking changes will be announced in the release notes. This means that while you may use them, you may need to update your source code when upgrading to a newer version of this package.
Functions for writing test asserting against CDK applications, with focus on CloudFormation templates.
The Template
class includes a set of methods for writing assertions against CloudFormation templates. Use one of the Template.fromXxx()
static methods to create an instance of this class.
To create Template
from CDK stack, start off with:
import { Stack } from '@aws-cdk/core';
import { Template } from '@aws-cdk/assertions';
const stack = new Stack(/* ... */);
// ...
const template = Template.fromStack(stack);
Alternatively, assertions can be run on an existing CloudFormation template -
const templateJson = '{ "Resources": ... }'; /* The CloudFormation template as JSON serialized string. */
const template = Template.fromString(templateJson);
The simplest assertion would be to assert that the template matches a given template.
const expected = {
Resources: {
Type: 'Foo::Bar',
Properties: {
Baz: 'Qux',
},
},
};
template.templateMatches(expected);
By default, the templateMatches()
API will use the an 'object-like' comparison,
which means that it will allow for the actual template to be a superset of the
given expectation. See Special Matchers for details on how
to change this.
Snapshot testing is a common technique to store a snapshot of the output and compare it during future changes. Since CloudFormation templates are human readable, they are a good target for åßsnapshot testing.
The toJSON()
method on the Template
can be used to produce a well formatted JSON
of the CloudFormation template that can be used as a snapshot.
See Snapshot Testing in Jest and Snapshot Testing in Java.
This module allows asserting the number of resources of a specific type found in a template.
template.resourceCountIs('Foo::Bar', 2);
Beyond resource counting, the module also allows asserting that a resource with specific properties are present.
The following code asserts that the Properties
section of a resource of type
Foo::Bar
contains the specified properties -
const expected = {
Foo: 'Bar',
Baz: 5,
Qux: [ 'Waldo', 'Fred' ],
};
template.hasResourceProperties('Foo::Bar', expected);
Alternatively, if you would like to assert the entire resource definition, you
can use the hasResource()
API.
const expected = {
Properties: { Foo: 'Bar' },
DependsOn: [ 'Waldo', 'Fred' ],
};
template.hasResource('Foo::Bar', expected);
Beyond assertions, the module provides APIs to retrieve matching resources.
The findResources()
API is complementary to the hasResource()
API, except,
instead of asserting its presence, it returns the set of matching resources.
By default, the hasResource()
and hasResourceProperties()
APIs perform deep
partial object matching. This behavior can be configured using matchers.
See subsequent section on special matchers.
The module allows you to assert that the CloudFormation template contains an Output
that matches specific properties. The following code asserts that a template contains
an Output with a logicalId
of Foo
and the specified properties -
const expected = {
Value: 'Bar',
Export: { Name: 'ExportBaz' },
};
template.hasOutput('Foo', expected);
If you want to match against all Outputs in the template, use *
as the logicalId
.
const expected = {
Value: 'Bar',
Export: { Name: 'ExportBaz' },
};
template.hasOutput('*', expected);
findOutputs()
will return a set of outputs that match the logicalId
and props
,
and you can use the '*'
special case as well.
const expected = {
Value: 'Fred',
};
const result = template.findOutputs('*', expected);
expect(result.Foo).toEqual({ Value: 'Fred', Description: 'FooFred' });
expect(result.Bar).toEqual({ Value: 'Fred', Description: 'BarFred' });
The APIs hasMapping()
and findMappings()
provide similar functionalities.
The expectation provided to the hasXxx()
, findXxx()
and templateMatches()
APIs, besides carrying literal values, as seen in the above examples, also accept
special matchers.
They are available as part of the Match
class.
The Match.objectLike()
API can be used to assert that the target is a superset
object of the provided pattern.
This API will perform a deep partial match on the target.
Deep partial matching is where objects are matched partially recursively. At each
level, the list of keys in the target is a subset of the provided pattern.
// Given a template -
// {
// "Resources": {
// "MyBar": {
// "Type": "Foo::Bar",
// "Properties": {
// "Fred": {
// "Wobble": "Flob",
// "Bob": "Cat"
// }
// }
// }
// }
// }
// The following will NOT throw an assertion error
const expected = {
Fred: Match.objectLike({
Wobble: 'Flob',
}),
};
template.hasResourceProperties('Foo::Bar', expected);
// The following will throw an assertion error
const unexpected = {
Fred: Match.objectLike({
Brew: 'Coffee',
}),
}
template.hasResourceProperties('Foo::Bar', unexpected);
The Match.objectEquals()
API can be used to assert a target as a deep exact
match.
The Match.absent()
matcher can be used to specify that a specific
value should not exist on the target. This can be used within Match.objectLike()
or outside of any matchers.
// Given a template -
// {
// "Resources": {
// "MyBar": {
// "Type": "Foo::Bar",
// "Properties": {
// "Fred": {
// "Wobble": "Flob",
// }
// }
// }
// }
// }
// The following will NOT throw an assertion error
const expected = {
Fred: Match.objectLike({
Bob: Match.absent(),
}),
};
template.hasResourceProperties('Foo::Bar', expected);
// The following will throw an assertion error
const unexpected = {
Fred: Match.objectLike({
Wobble: Match.absent(),
}),
};
template.hasResourceProperties('Foo::Bar', unexpected);
The Match.anyValue()
matcher can be used to specify that a specific value should be found
at the location. This matcher will fail if when the target location has null-ish values
(i.e., null
or undefined
).
This matcher can be combined with any of the other matchers.
// Given a template -
// {
// "Resources": {
// "MyBar": {
// "Type": "Foo::Bar",
// "Properties": {
// "Fred": {
// "Wobble": ["Flob", "Flib"],
// }
// }
// }
// }
// }
// The following will NOT throw an assertion error
const expected = {
Fred: {
Wobble: [Match.anyValue(), "Flip"],
},
};
template.hasResourceProperties('Foo::Bar', expected);
// The following will throw an assertion error
const unexpected = {
Fred: {
Wimble: Match.anyValue(),
},
};
template.hasResourceProperties('Foo::Bar', unexpected);
The Match.arrayWith()
API can be used to assert that the target is equal to or a subset
of the provided pattern array.
This API will perform subset match on the target.
// Given a template -
// {
// "Resources": {
// "MyBar": {
// "Type": "Foo::Bar",
// "Properties": {
// "Fred": ["Flob", "Cat"]
// }
// }
// }
// }
// The following will NOT throw an assertion error
const expected = {
Fred: Match.arrayWith(['Flob']),
};
template.hasResourceProperties('Foo::Bar', expected);
// The following will throw an assertion error
const unexpected = Match.objectLike({
Fred: Match.arrayWith(['Wobble']),
});
template.hasResourceProperties('Foo::Bar', unexpected);
Note: The list of items in the pattern array should be in order as they appear in the target array. Out of order will be recorded as a match failure.
Alternatively, the Match.arrayEquals()
API can be used to assert that the target is
exactly equal to the pattern array.
The not matcher inverts the search pattern and matches all patterns in the path that does not match the pattern specified.
// Given a template -
// {
// "Resources": {
// "MyBar": {
// "Type": "Foo::Bar",
// "Properties": {
// "Fred": ["Flob", "Cat"]
// }
// }
// }
// }
// The following will NOT throw an assertion error
const expected = {
Fred: Match.not(['Flob']),
};
template.hasResourceProperties('Foo::Bar', expected);
// The following will throw an assertion error
const unexpected = Match.objectLike({
Fred: Match.not(['Flob', 'Cat']),
});
template.hasResourceProperties('Foo::Bar', unexpected);
Often, we find that some CloudFormation Resource types declare properties as a string,
but actually expect JSON serialized as a string.
For example, the BuildSpec
property of AWS::CodeBuild::Project
,
the Definition
property of AWS::StepFunctions::StateMachine
,
to name a couple.
The Match.serializedJson()
matcher allows deep matching within a stringified JSON.
// Given a template -
// {
// "Resources": {
// "MyBar": {
// "Type": "Foo::Bar",
// "Properties": {
// "Baz": "{ \"Fred\": [\"Waldo\", \"Willow\"] }"
// }
// }
// }
// }
// The following will NOT throw an assertion error
const expected = {
Baz: Match.serializedJson({
Fred: Match.arrayWith(["Waldo"]),
}),
};
template.hasResourceProperties('Foo::Bar', expected);
// The following will throw an assertion error
const unexpected = {
Baz: Match.serializedJson({
Fred: ["Waldo", "Johnny"],
}),
};
template.hasResourceProperties('Foo::Bar', unexpected);
This matcher APIs documented above allow capturing values in the matching entry (Resource, Output, Mapping, etc.). The following code captures a string from a matching resource.
// Given a template -
// {
// "Resources": {
// "MyBar": {
// "Type": "Foo::Bar",
// "Properties": {
// "Fred": ["Flob", "Cat"],
// "Waldo": ["Qix", "Qux"],
// }
// }
// }
// }
const fredCapture = new Capture();
const waldoCapture = new Capture();
const expected = {
Fred: fredCapture,
Waldo: ["Qix", waldoCapture],
}
template.hasResourceProperties('Foo::Bar', expected);
fredCapture.asArray(); // returns ["Flob", "Cat"]
waldoCapture.asString(); // returns "Qux"
FAQs
An assertion library for use with CDK Apps
The npm package @aws-cdk/assertions-alpha receives a total of 207 weekly downloads. As such, @aws-cdk/assertions-alpha popularity was classified as not popular.
We found that @aws-cdk/assertions-alpha demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 5 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.