github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/rules/cloud/policies/aws/apigateway/enable_cache_encryption_test.go

github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/rules/cloud/policies/aws/apigateway/enable_cache_encryption_test.go (about)

     1  package apigateway
     2  
     3  import (
     4  	"testing"
     5  
     6  	defsecTypes "github.com/khulnasoft-lab/defsec/pkg/types"
     7  
     8  	v1 "github.com/khulnasoft-lab/defsec/pkg/providers/aws/apigateway/v1"
     9  
    10  	"github.com/khulnasoft-lab/defsec/pkg/state"
    11  
    12  	"github.com/khulnasoft-lab/defsec/pkg/scan"
    13  
    14  	"github.com/stretchr/testify/assert"
    15  )
    16  
    17  func TestCheckEnableCacheEncryption(t *testing.T) {
    18  	tests := []struct {
    19  		name     string
    20  		input    v1.APIGateway
    21  		expected bool
    22  	}{
    23  		{
    24  			name: "API Gateway stage with unencrypted cache",
    25  			input: v1.APIGateway{
    26  				APIs: []v1.API{
    27  					{
    28  						Metadata: defsecTypes.NewTestMetadata(),
    29  						Stages: []v1.Stage{
    30  							{
    31  								Metadata: defsecTypes.NewTestMetadata(),
    32  								RESTMethodSettings: []v1.RESTMethodSettings{
    33  									{
    34  										Metadata:           defsecTypes.NewTestMetadata(),
    35  										CacheDataEncrypted: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()),
    36  										CacheEnabled:       defsecTypes.Bool(true, defsecTypes.NewTestMetadata()),
    37  									},
    38  								},
    39  							},
    40  						},
    41  					},
    42  				},
    43  			},
    44  			expected: true,
    45  		},
    46  		{
    47  			name: "API Gateway stage with encrypted cache",
    48  			input: v1.APIGateway{
    49  				APIs: []v1.API{
    50  					{
    51  						Metadata: defsecTypes.NewTestMetadata(),
    52  						Stages: []v1.Stage{
    53  							{
    54  								Metadata: defsecTypes.NewTestMetadata(),
    55  								RESTMethodSettings: []v1.RESTMethodSettings{
    56  									{
    57  										Metadata:           defsecTypes.NewTestMetadata(),
    58  										CacheDataEncrypted: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()),
    59  										CacheEnabled:       defsecTypes.Bool(true, defsecTypes.NewTestMetadata()),
    60  									},
    61  								},
    62  							},
    63  						},
    64  					},
    65  				},
    66  			},
    67  			expected: false,
    68  		},
    69  		{
    70  			name: "API Gateway stage with caching disabled",
    71  			input: v1.APIGateway{
    72  				APIs: []v1.API{
    73  					{
    74  						Metadata: defsecTypes.NewTestMetadata(),
    75  						Stages: []v1.Stage{
    76  							{
    77  								Metadata: defsecTypes.NewTestMetadata(),
    78  								RESTMethodSettings: []v1.RESTMethodSettings{
    79  									{
    80  										Metadata:           defsecTypes.NewTestMetadata(),
    81  										CacheDataEncrypted: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()),
    82  										CacheEnabled:       defsecTypes.Bool(false, defsecTypes.NewTestMetadata()),
    83  									},
    84  								},
    85  							},
    86  						},
    87  					},
    88  				},
    89  			},
    90  			expected: false,
    91  		},
    92  	}
    93  	for _, test := range tests {
    94  		t.Run(test.name, func(t *testing.T) {
    95  			var testState state.State
    96  			testState.AWS.APIGateway.V1 = test.input
    97  			results := CheckEnableCacheEncryption.Evaluate(&testState)
    98  			var found bool
    99  			for _, result := range results {
   100  				if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckEnableCacheEncryption.Rule().LongID() {
   101  					found = true
   102  				}
   103  			}
   104  			if test.expected {
   105  				assert.True(t, found, "Rule should have been found")
   106  			} else {
   107  				assert.False(t, found, "Rule should not have been found")
   108  			}
   109  		})
   110  	}
   111  }