github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/rules/cloud/policies/aws/cloudfront/use_secure_tls_policy_test.go (about) 1 package cloudfront 2 3 import ( 4 "testing" 5 6 defsecTypes "github.com/khulnasoft-lab/defsec/pkg/types" 7 8 "github.com/khulnasoft-lab/defsec/pkg/state" 9 10 "github.com/khulnasoft-lab/defsec/pkg/providers/aws/cloudfront" 11 "github.com/khulnasoft-lab/defsec/pkg/scan" 12 13 "github.com/stretchr/testify/assert" 14 ) 15 16 func TestCheckUseSecureTlsPolicy(t *testing.T) { 17 tests := []struct { 18 name string 19 input cloudfront.Cloudfront 20 expected bool 21 }{ 22 { 23 name: "CloudFront distribution using TLS v1.0", 24 input: cloudfront.Cloudfront{ 25 Distributions: []cloudfront.Distribution{ 26 { 27 Metadata: defsecTypes.NewTestMetadata(), 28 ViewerCertificate: cloudfront.ViewerCertificate{ 29 Metadata: defsecTypes.NewTestMetadata(), 30 MinimumProtocolVersion: defsecTypes.String("TLSv1.0", defsecTypes.NewTestMetadata()), 31 }, 32 }, 33 }, 34 }, 35 expected: true, 36 }, 37 { 38 name: "CloudFront distribution using TLS v1.2", 39 input: cloudfront.Cloudfront{ 40 Distributions: []cloudfront.Distribution{ 41 { 42 Metadata: defsecTypes.NewTestMetadata(), 43 ViewerCertificate: cloudfront.ViewerCertificate{ 44 Metadata: defsecTypes.NewTestMetadata(), 45 MinimumProtocolVersion: defsecTypes.String(cloudfront.ProtocolVersionTLS1_2, defsecTypes.NewTestMetadata()), 46 }, 47 }, 48 }, 49 }, 50 expected: false, 51 }, 52 } 53 for _, test := range tests { 54 t.Run(test.name, func(t *testing.T) { 55 var testState state.State 56 testState.AWS.Cloudfront = test.input 57 results := CheckUseSecureTlsPolicy.Evaluate(&testState) 58 var found bool 59 for _, result := range results { 60 if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckUseSecureTlsPolicy.Rule().LongID() { 61 found = true 62 } 63 } 64 if test.expected { 65 assert.True(t, found, "Rule should have been found") 66 } else { 67 assert.False(t, found, "Rule should not have been found") 68 } 69 }) 70 } 71 }