github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/rules/cloud/policies/aws/rds/no_public_db_access_test.go (about) 1 package rds 2 3 import ( 4 "testing" 5 6 defsecTypes "github.com/khulnasoft-lab/defsec/pkg/types" 7 8 "github.com/khulnasoft-lab/defsec/pkg/state" 9 10 "github.com/khulnasoft-lab/defsec/pkg/providers/aws/rds" 11 "github.com/khulnasoft-lab/defsec/pkg/scan" 12 13 "github.com/stretchr/testify/assert" 14 ) 15 16 func TestCheckNoPublicDbAccess(t *testing.T) { 17 tests := []struct { 18 name string 19 input rds.RDS 20 expected bool 21 }{ 22 { 23 name: "RDS Instance with public access enabled", 24 input: rds.RDS{ 25 Instances: []rds.Instance{ 26 { 27 Metadata: defsecTypes.NewTestMetadata(), 28 PublicAccess: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), 29 }, 30 }, 31 }, 32 expected: true, 33 }, 34 { 35 name: "RDS Instance with public access disabled", 36 input: rds.RDS{ 37 Clusters: []rds.Cluster{ 38 { 39 Metadata: defsecTypes.NewTestMetadata(), 40 Instances: []rds.ClusterInstance{ 41 { 42 Instance: rds.Instance{ 43 Metadata: defsecTypes.NewTestMetadata(), 44 PublicAccess: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), 45 }, 46 }, 47 }, 48 }, 49 }, 50 }, 51 expected: false, 52 }, 53 } 54 for _, test := range tests { 55 t.Run(test.name, func(t *testing.T) { 56 var testState state.State 57 testState.AWS.RDS = test.input 58 results := CheckNoPublicDbAccess.Evaluate(&testState) 59 var found bool 60 for _, result := range results { 61 if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckNoPublicDbAccess.Rule().LongID() { 62 found = true 63 } 64 } 65 if test.expected { 66 assert.True(t, found, "Rule should have been found") 67 } else { 68 assert.False(t, found, "Rule should not have been found") 69 } 70 }) 71 } 72 }