github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/rules/cloud/policies/aws/elb/http_not_used_test.go (about) 1 package elb 2 3 import ( 4 "testing" 5 6 defsecTypes "github.com/khulnasoft-lab/defsec/pkg/types" 7 8 "github.com/khulnasoft-lab/defsec/pkg/state" 9 10 "github.com/khulnasoft-lab/defsec/pkg/providers/aws/elb" 11 "github.com/khulnasoft-lab/defsec/pkg/scan" 12 13 "github.com/stretchr/testify/assert" 14 ) 15 16 func TestCheckHttpNotUsed(t *testing.T) { 17 tests := []struct { 18 name string 19 input elb.ELB 20 expected bool 21 }{ 22 { 23 name: "Load balancer listener with HTTP protocol", 24 input: elb.ELB{ 25 LoadBalancers: []elb.LoadBalancer{ 26 { 27 Metadata: defsecTypes.NewTestMetadata(), 28 Type: defsecTypes.String(elb.TypeApplication, defsecTypes.NewTestMetadata()), 29 Listeners: []elb.Listener{ 30 { 31 Metadata: defsecTypes.NewTestMetadata(), 32 Protocol: defsecTypes.String("HTTP", defsecTypes.NewTestMetadata()), 33 DefaultActions: []elb.Action{ 34 { 35 Metadata: defsecTypes.NewTestMetadata(), 36 Type: defsecTypes.String("forward", defsecTypes.NewTestMetadata()), 37 }, 38 }, 39 }, 40 }, 41 }, 42 }, 43 }, 44 expected: true, 45 }, 46 { 47 name: "Load balancer listener with HTTP protocol but redirect default action", 48 input: elb.ELB{ 49 LoadBalancers: []elb.LoadBalancer{ 50 { 51 Metadata: defsecTypes.NewTestMetadata(), 52 Type: defsecTypes.String(elb.TypeApplication, defsecTypes.NewTestMetadata()), 53 Listeners: []elb.Listener{ 54 { 55 Metadata: defsecTypes.NewTestMetadata(), 56 Protocol: defsecTypes.String("HTTP", defsecTypes.NewTestMetadata()), 57 DefaultActions: []elb.Action{ 58 { 59 Metadata: defsecTypes.NewTestMetadata(), 60 Type: defsecTypes.String("redirect", defsecTypes.NewTestMetadata()), 61 }, 62 }, 63 }, 64 }, 65 }, 66 }, 67 }, 68 expected: false, 69 }, 70 { 71 name: "Load balancer listener with HTTP protocol but redirect among multiple default actions", 72 input: elb.ELB{ 73 LoadBalancers: []elb.LoadBalancer{ 74 { 75 Metadata: defsecTypes.NewTestMetadata(), 76 Type: defsecTypes.String(elb.TypeApplication, defsecTypes.NewTestMetadata()), 77 Listeners: []elb.Listener{ 78 { 79 Metadata: defsecTypes.NewTestMetadata(), 80 Protocol: defsecTypes.String("HTTP", defsecTypes.NewTestMetadata()), 81 DefaultActions: []elb.Action{ 82 { 83 Metadata: defsecTypes.NewTestMetadata(), 84 Type: defsecTypes.String("forward", defsecTypes.NewTestMetadata()), 85 }, 86 { 87 Metadata: defsecTypes.NewTestMetadata(), 88 Type: defsecTypes.String("redirect", defsecTypes.NewTestMetadata()), 89 }, 90 }, 91 }, 92 }, 93 }, 94 }, 95 }, 96 expected: false, 97 }, 98 { 99 name: "Load balancer listener with HTTPS protocol", 100 input: elb.ELB{ 101 LoadBalancers: []elb.LoadBalancer{ 102 { 103 Metadata: defsecTypes.NewTestMetadata(), 104 Type: defsecTypes.String(elb.TypeApplication, defsecTypes.NewTestMetadata()), 105 Listeners: []elb.Listener{ 106 { 107 Metadata: defsecTypes.NewTestMetadata(), 108 Protocol: defsecTypes.String("HTTPS", defsecTypes.NewTestMetadata()), 109 DefaultActions: []elb.Action{ 110 { 111 Metadata: defsecTypes.NewTestMetadata(), 112 Type: defsecTypes.String("forward", defsecTypes.NewTestMetadata()), 113 }, 114 }, 115 }, 116 }, 117 }, 118 }, 119 }, 120 expected: false, 121 }, 122 } 123 for _, test := range tests { 124 t.Run(test.name, func(t *testing.T) { 125 var testState state.State 126 testState.AWS.ELB = test.input 127 results := CheckHttpNotUsed.Evaluate(&testState) 128 var found bool 129 for _, result := range results { 130 if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckHttpNotUsed.Rule().LongID() { 131 found = true 132 } 133 } 134 if test.expected { 135 assert.True(t, found, "Rule should have been found") 136 } else { 137 assert.False(t, found, "Rule should not have been found") 138 } 139 }) 140 } 141 }