From 29c6fac6ce6d68fb9046b3b1bf1886319bd4a0ee Mon Sep 17 00:00:00 2001
From: Aditya Thebe <contact@adityathebe.com>
Date: Tue, 9 Jul 2024 19:37:12 +0545
Subject: [PATCH] feat: disable aws task definition scraper by default

---
 api/v1/aws.go      | 15 +++++++++--
 api/v1/aws_test.go | 66 ++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 79 insertions(+), 2 deletions(-)
 create mode 100644 api/v1/aws_test.go

diff --git a/api/v1/aws.go b/api/v1/aws.go
index 747089f0..8b945010 100644
--- a/api/v1/aws.go
+++ b/api/v1/aws.go
@@ -5,6 +5,7 @@ import (
 	"time"
 
 	"github.com/flanksource/commons/logger"
+	"github.com/samber/lo"
 )
 
 // AWS ...
@@ -75,26 +76,36 @@ const (
 	AWSEC2DHCPOptions      = "AWS::EC2::DHCPOptions"
 )
 
+var defaultAWSExclusions = []string{"ECSTaskDefinition"}
+
 func (aws AWS) Includes(resource string) bool {
 	if len(aws.Include) == 0 {
-		return true
+		return !lo.ContainsBy(defaultAWSExclusions, func(item string) bool {
+			return strings.EqualFold(item, resource)
+		})
 	}
+
 	for _, include := range aws.Include {
 		if strings.EqualFold(include, resource) {
 			return true
 		}
 	}
+
 	return false
 }
 
 func (aws AWS) Excludes(resource string) bool {
 	if len(aws.Exclude) == 0 {
-		return false
+		return !lo.ContainsBy(defaultAWSExclusions, func(item string) bool {
+			return strings.EqualFold(item, resource)
+		})
 	}
+
 	for _, exclude := range aws.Exclude {
 		if strings.EqualFold(exclude, resource) {
 			return true
 		}
 	}
+
 	return false
 }
diff --git a/api/v1/aws_test.go b/api/v1/aws_test.go
new file mode 100644
index 00000000..c73641ec
--- /dev/null
+++ b/api/v1/aws_test.go
@@ -0,0 +1,66 @@
+package v1
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestAWS_Includes(t *testing.T) {
+	tests := []struct {
+		name     string
+		config   AWS
+		resource string
+		want     bool
+	}{
+		{
+			name:     "empty include list, not in default exclusions",
+			config:   AWS{},
+			resource: "ec2",
+			want:     true,
+		},
+		{
+			name:     "empty include list, in default exclusions",
+			config:   AWS{},
+			resource: "ECSTASKDEFINITION",
+			want:     false,
+		},
+		{
+			name:     "explicit inclusion of default exclusion",
+			config:   AWS{Include: []string{"EcsTaskDefinition"}},
+			resource: "ECSTASKDEFINITION",
+			want:     true,
+		},
+		{
+			name: "non-empty include list, resource included",
+			config: AWS{
+				Include: []string{"s3", "ec2", "rds"},
+			},
+			resource: "ec2",
+			want:     true,
+		},
+		{
+			name: "non-empty include list, resource not included",
+			config: AWS{
+				Include: []string{"s3", "ec2", "rds"},
+			},
+			resource: "lambda",
+			want:     false,
+		},
+		{
+			name: "case-insensitive include",
+			config: AWS{
+				Include: []string{"S3", "EC2", "RDS"},
+			},
+			resource: "ec2",
+			want:     true,
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			got := tt.config.Includes(tt.resource)
+			assert.Equal(t, tt.want, got)
+		})
+	}
+}