github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/rules/cloud/policies/aws/apigateway/use_secure_tls_policy_test.go (about) 1 package apigateway 2 3 import ( 4 "testing" 5 6 defsecTypes "github.com/khulnasoft-lab/defsec/pkg/types" 7 8 v1 "github.com/khulnasoft-lab/defsec/pkg/providers/aws/apigateway/v1" 9 10 "github.com/khulnasoft-lab/defsec/pkg/state" 11 12 "github.com/khulnasoft-lab/defsec/pkg/scan" 13 14 "github.com/stretchr/testify/assert" 15 ) 16 17 func TestCheckUseSecureTlsPolicy(t *testing.T) { 18 tests := []struct { 19 name string 20 input v1.APIGateway 21 expected bool 22 }{ 23 { 24 name: "API Gateway domain name with TLS version 1.0", 25 input: v1.APIGateway{ 26 DomainNames: []v1.DomainName{ 27 { 28 Metadata: defsecTypes.NewTestMetadata(), 29 SecurityPolicy: defsecTypes.String("TLS_1_0", defsecTypes.NewTestMetadata()), 30 }, 31 }, 32 }, 33 expected: true, 34 }, 35 { 36 name: "API Gateway domain name with TLS version 1.2", 37 input: v1.APIGateway{ 38 DomainNames: []v1.DomainName{ 39 { 40 Metadata: defsecTypes.NewTestMetadata(), 41 SecurityPolicy: defsecTypes.String("TLS_1_2", defsecTypes.NewTestMetadata()), 42 }, 43 }, 44 }, 45 expected: false, 46 }, 47 } 48 for _, test := range tests { 49 t.Run(test.name, func(t *testing.T) { 50 var testState state.State 51 testState.AWS.APIGateway.V1 = test.input 52 results := CheckUseSecureTlsPolicy.Evaluate(&testState) 53 var found bool 54 for _, result := range results { 55 if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckUseSecureTlsPolicy.Rule().LongID() { 56 found = true 57 } 58 } 59 if test.expected { 60 assert.True(t, found, "Rule should have been found") 61 } else { 62 assert.False(t, found, "Rule should not have been found") 63 } 64 }) 65 } 66 }