github.com/cloudfoundry-incubator/windows-utilities-tests@v0.11.1-0.20230315194243-a2ce46b74d8a/assets/wuts-release/jobs/check_windowsdefender/templates/modules/CheckWindowsDefender.Tests.ps1 (about) 1 Import-Module ./CheckWindowsDefender.psd1 2 3 function Get-MpPreference {} 4 5 Describe "Assert-DefenderEnabled" { 6 BeforeEach { 7 $TrueValues = @("DisableCatchupFullScan", "DisableCatchupQuickScan", "DisableEmailScanning", 8 "DisableRemovableDriveScanning", "DisableRestorePoint", "DisableScanningMappedNetworkDrivesForFullScan" 9 ) 10 $FalseValues = @("DisableArchiveScanning", "DisableAutoExclusions", "DisableBehaviorMonitoring", 11 "DisableBlockAtFirstSeen", "DisableIOAVProtection", "DisablePrivacyMode", 12 "DisableRealtimeMonitoring", "DisableScanningNetworkFiles", "DisableScriptScanning" 13 ) 14 $Global:FakeMpStatus = New-Object -TypeName 'Microsoft.Management.Infrastructure.CimInstance' -ArgumentList @('MSFT_MpPreference') 15 $Global:FakeMpStatus.CimInstanceProperties.Add([Microsoft.Management.Infrastructure.CimProperty]::Create( 16 "DisableIntrusionPreventionSystem", "", [Microsoft.Management.Infrastructure.CimType]::String, 17 [Microsoft.Management.Infrastructure.CimFlags]::NullValue 18 )) 19 } 20 21 It "returns True when expected Defender features are enabled" { 22 foreach ($property in $TrueValues) { 23 $Global:FakeMpStatus.CimInstanceProperties.Add([Microsoft.Management.Infrastructure.CimProperty]::Create( 24 $property, $True, [Microsoft.Management.Infrastructure.CimFlags]::None 25 )) 26 } 27 foreach ($property in $FalseValues) { 28 $Global:FakeMpStatus.CimInstanceProperties.Add([Microsoft.Management.Infrastructure.CimProperty]::Create( 29 $property, $false, [Microsoft.Management.Infrastructure.CimFlags]::None 30 )) 31 } 32 33 Mock Get-MpPreference { return $Global:FakeMpStatus } -ModuleName CheckWindowsDefender 34 35 $result = Assert-DefenderEnabled 36 $result | Should Be $True 37 } 38 39 It "return false and logs disabled features when expected Defender features are disabled" { 40 foreach ($property in ($TrueValues + $FalseValues)) { 41 $Global:FakeMpStatus.CimInstanceProperties.Add([Microsoft.Management.Infrastructure.CimProperty]::Create( 42 $property, $True, [Microsoft.Management.Infrastructure.CimFlags]::None 43 )) 44 } 45 46 Mock Get-MpPreference { return $Global:FakeMpStatus } -ModuleName CheckWindowsDefender 47 Mock Write-Log { } -ModuleName CheckWindowsDefender 48 49 $result = Assert-DefenderEnabled 50 $result | Should Be $False 51 52 foreach ($property in $FalseValues) { 53 $propertyName = $property.Replace('Disable', '') 54 $expectedMessage = "Expected $propertyName to be enabled, it is disabled" 55 Assert-MockCalled Write-Log -Exactly 1 -Scope It -ModuleName CheckWindowsDefender -ParameterFilter { $Message -eq $expectedMessage } 56 } 57 } 58 59 It "returns false and logs enabled features when Defender features are unexpectedly enabled" { 60 foreach ($property in ($TrueValues + $FalseValues)) { 61 $Global:FakeMpStatus.CimInstanceProperties.Add([Microsoft.Management.Infrastructure.CimProperty]::Create( 62 $property, $false, [Microsoft.Management.Infrastructure.CimType]::Boolean, [Microsoft.Management.Infrastructure.CimFlags]::None 63 )) 64 } 65 66 Mock Get-MpPreference { return $Global:FakeMpStatus } -ModuleName CheckWindowsDefender 67 Mock Write-Log { } -ModuleName CheckWindowsDefender 68 69 $result = Assert-DefenderEnabled 70 $result | Should Be $False 71 72 foreach ($property in $TrueValues) { 73 $propertyName = $property.Replace('Disable', '') 74 $expectedMessage = "Expected $propertyName to be disabled, it is enabled" 75 Assert-MockCalled Write-Log -Exactly 1 -Scope It -ModuleName CheckWindowsDefender -ParameterFilter { $Message -eq $expectedMessage } 76 } 77 } 78 79 It "doesn't log that the intrusion prevention system is enabled or disabled" { 80 Mock Get-MpPreference { return $Global:FakeMpStatus } -ModuleName CheckWindowsDefender 81 Mock Write-Log { } -ModuleName CheckWindowsDefender 82 83 $result = Assert-DefenderEnabled 84 $result | Should Be $True 85 86 Assert-MockCalled Write-Log -Exactly 0 -Scope It -ModuleName CheckWindowsDefender -ParameterFilter { 87 $Message -eq "Expected DisableIntrusionPreventionSystem to be enabled, it is disabled" 88 } 89 Assert-MockCalled Write-Log -Exactly 0 -Scope It -ModuleName CheckWindowsDefender -ParameterFilter { 90 $Message -eq "Expected DisableIntrusionPreventionSystem to be disabled, it is enabled" 91 } 92 } 93 } 94 95 Describe "Assert-DefenderDisabled" { 96 BeforeEach { 97 $AllValues = @("DisableArchiveScanning", "DisableAutoExclusions", "DisableBehaviorMonitoring", 98 "DisableBlockAtFirstSeen", "DisableIOAVProtection", "DisablePrivacyMode", 99 "DisableRealtimeMonitoring", "DisableScanningNetworkFiles", "DisableScriptScanning", 100 "DisableCatchupFullScan", "DisableCatchupQuickScan", "DisableEmailScanning", 101 "DisableRemovableDriveScanning", "DisableRestorePoint", "DisableScanningMappedNetworkDrivesForFullScan" 102 ) 103 104 $Global:FakeMpStatus = New-Object -TypeName 'Microsoft.Management.Infrastructure.CimInstance' -ArgumentList @('MSFT_MpPreference') 105 106 $Global:FakeMpStatus.CimInstanceProperties.Add([Microsoft.Management.Infrastructure.CimProperty]::Create( 107 "DisableIntrusionPreventionSystem", "", [Microsoft.Management.Infrastructure.CimType]::String, 108 [Microsoft.Management.Infrastructure.CimFlags]::NullValue 109 )) 110 } 111 112 It "returns True when expected Windows Defender features are disabled" { 113 foreach ($property in $AllValues) { 114 $Global:FakeMpStatus.CimInstanceProperties.Add([Microsoft.Management.Infrastructure.CimProperty]::Create( 115 $property, $True, [Microsoft.Management.Infrastructure.CimFlags]::None 116 )) 117 } 118 119 Mock Get-MpPreference { return $Global:FakeMpStatus } -ModuleName CheckWindowsDefender 120 121 $result = Assert-DefenderDisabled 122 $result | should be $True 123 } 124 125 It "returns false and logs enabled features when expected Windows Defender features are not disabled" { 126 foreach ($property in $AllValues) { 127 $Global:FakeMpStatus.CimInstanceProperties.Add([Microsoft.Management.Infrastructure.CimProperty]::Create( 128 $property, $False, [Microsoft.Management.Infrastructure.CimFlags]::None 129 )) 130 } 131 132 Mock Get-MpPreference { return $Global:FakeMpstatus } -ModuleName CheckWindowsDefender 133 Mock Write-Log {} -ModuleName CheckWindowsDefender 134 135 $result = Assert-DefenderDisabled 136 $result | should be $False 137 138 foreach ($property in $AllValues) { 139 $propertyName = $property.Replace('Disable', '') 140 $expectedMessage = "Expected $propertyName to be disabled, it is enabled" 141 Assert-MockCalled Write-Log -Exactly 1 -Scope It -ModuleName CheckWindowsDefender -ParameterFilter { $Message -eq $expectedMessage } 142 } 143 } 144 145 It "doesn't log that the intrusion prevention system is enabled or disabled" { 146 Mock Get-MpPreference { return $Global:FakeMpStatus } -ModuleName CheckWindowsDefender 147 Mock Write-Log { } -ModuleName CheckWindowsDefender 148 149 $result = Assert-DefenderDisabled 150 $result | Should Be $True 151 152 Assert-MockCalled Write-Log -Exactly 1 -Scope It -ModuleName CheckWindowsDefender -ParameterFilter { 153 $Message -eq "Expected DisableIntrusionPreventionSystem to be disabled, it is enabled" 154 } 155 } 156 } 157 158 Remove-Module -Name CheckWindowsDefender