github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/rules/cloud/policies/aws/accessanalyzer/enable_access_analyzer_test.go

github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/rules/cloud/policies/aws/accessanalyzer/enable_access_analyzer_test.go (about)

     1  package accessanalyzer
     2  
     3  import (
     4  	"testing"
     5  
     6  	defsecTypes "github.com/khulnasoft-lab/defsec/pkg/types"
     7  
     8  	"github.com/khulnasoft-lab/defsec/pkg/providers/aws/accessanalyzer"
     9  
    10  	"github.com/khulnasoft-lab/defsec/pkg/state"
    11  
    12  	"github.com/khulnasoft-lab/defsec/pkg/scan"
    13  
    14  	"github.com/stretchr/testify/assert"
    15  )
    16  
    17  func TestASCheckNoSecretsInUserData(t *testing.T) {
    18  	tests := []struct {
    19  		name     string
    20  		input    accessanalyzer.AccessAnalyzer
    21  		expected bool
    22  	}{
    23  		{
    24  			name:     "No analyzers enabled",
    25  			input:    accessanalyzer.AccessAnalyzer{},
    26  			expected: true,
    27  		},
    28  		{
    29  			name: "Analyzer disabled",
    30  			input: accessanalyzer.AccessAnalyzer{
    31  				Analyzers: []accessanalyzer.Analyzer{
    32  					{
    33  						Metadata: defsecTypes.NewTestMetadata(),
    34  						ARN:      defsecTypes.String("arn:aws:accessanalyzer:us-east-1:123456789012:analyzer/test", defsecTypes.NewTestMetadata()),
    35  						Name:     defsecTypes.String("test", defsecTypes.NewTestMetadata()),
    36  						Active:   defsecTypes.Bool(false, defsecTypes.NewTestMetadata()),
    37  					},
    38  				},
    39  			},
    40  			expected: true,
    41  		},
    42  		{
    43  			name: "Analyzer enabled",
    44  			input: accessanalyzer.AccessAnalyzer{
    45  				Analyzers: []accessanalyzer.Analyzer{
    46  					{
    47  						Metadata: defsecTypes.NewTestMetadata(),
    48  						ARN:      defsecTypes.String("arn:aws:accessanalyzer:us-east-1:123456789012:analyzer/test", defsecTypes.NewTestMetadata()),
    49  						Name:     defsecTypes.String("test", defsecTypes.NewTestMetadata()),
    50  						Active:   defsecTypes.Bool(true, defsecTypes.NewTestMetadata()),
    51  					},
    52  				},
    53  			},
    54  			expected: false,
    55  		},
    56  	}
    57  	for _, test := range tests {
    58  		t.Run(test.name, func(t *testing.T) {
    59  			var testState state.State
    60  			testState.AWS.AccessAnalyzer = test.input
    61  			results := CheckEnableAccessAnalyzer.Evaluate(&testState)
    62  			var found bool
    63  			for _, result := range results {
    64  				if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckEnableAccessAnalyzer.Rule().LongID() {
    65  					found = true
    66  				}
    67  			}
    68  			if test.expected {
    69  				assert.True(t, found, "Rule should have been found")
    70  			} else {
    71  				assert.False(t, found, "Rule should not have been found")
    72  			}
    73  		})
    74  	}
    75  }