github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/rules/cloud/policies/aws/iam/no_password_reuse_test.go (about) 1 package iam 2 3 import ( 4 "testing" 5 6 defsecTypes "github.com/khulnasoft-lab/defsec/pkg/types" 7 8 "github.com/khulnasoft-lab/defsec/pkg/state" 9 10 "github.com/khulnasoft-lab/defsec/pkg/providers/aws/iam" 11 "github.com/khulnasoft-lab/defsec/pkg/scan" 12 13 "github.com/stretchr/testify/assert" 14 ) 15 16 func TestCheckNoPasswordReuse(t *testing.T) { 17 tests := []struct { 18 name string 19 input iam.IAM 20 expected bool 21 }{ 22 { 23 name: "IAM with 1 password that can't be reused (min)", 24 input: iam.IAM{ 25 PasswordPolicy: iam.PasswordPolicy{ 26 Metadata: defsecTypes.NewTestMetadata(), 27 ReusePreventionCount: defsecTypes.Int(1, defsecTypes.NewTestMetadata()), 28 }, 29 }, 30 expected: true, 31 }, 32 { 33 name: "IAM with 5 passwords that can't be reused", 34 input: iam.IAM{ 35 PasswordPolicy: iam.PasswordPolicy{ 36 Metadata: defsecTypes.NewTestMetadata(), 37 ReusePreventionCount: defsecTypes.Int(5, defsecTypes.NewTestMetadata()), 38 }, 39 }, 40 expected: false, 41 }, 42 } 43 for _, test := range tests { 44 t.Run(test.name, func(t *testing.T) { 45 var testState state.State 46 testState.AWS.IAM = test.input 47 results := CheckNoPasswordReuse.Evaluate(&testState) 48 var found bool 49 for _, result := range results { 50 if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckNoPasswordReuse.Rule().LongID() { 51 found = true 52 } 53 } 54 if test.expected { 55 assert.True(t, found, "Rule should have been found") 56 } else { 57 assert.False(t, found, "Rule should not have been found") 58 } 59 }) 60 } 61 }