github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/rules/cloud/policies/aws/s3/encryption_customer_key_test.go (about) 1 package s3 2 3 import ( 4 "testing" 5 6 defsecTypes "github.com/khulnasoft-lab/defsec/pkg/types" 7 8 "github.com/khulnasoft-lab/defsec/pkg/state" 9 10 "github.com/khulnasoft-lab/defsec/pkg/providers/aws/s3" 11 "github.com/khulnasoft-lab/defsec/pkg/scan" 12 13 "github.com/stretchr/testify/assert" 14 ) 15 16 func TestCheckEncryptionCustomerKey(t *testing.T) { 17 tests := []struct { 18 name string 19 input s3.S3 20 expected bool 21 }{ 22 { 23 name: "S3 Bucket missing KMS key", 24 input: s3.S3{ 25 Buckets: []s3.Bucket{ 26 { 27 Metadata: defsecTypes.NewTestMetadata(), 28 Encryption: s3.Encryption{ 29 Metadata: defsecTypes.Metadata{}, 30 Enabled: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), 31 KMSKeyId: defsecTypes.String("", defsecTypes.NewTestMetadata()), 32 }, 33 }, 34 }, 35 }, 36 expected: true, 37 }, 38 { 39 name: "S3 Bucket with KMS key", 40 input: s3.S3{ 41 Buckets: []s3.Bucket{ 42 { 43 Metadata: defsecTypes.NewTestMetadata(), 44 Encryption: s3.Encryption{ 45 Metadata: defsecTypes.Metadata{}, 46 Enabled: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), 47 KMSKeyId: defsecTypes.String("some-sort-of-key", defsecTypes.NewTestMetadata()), 48 }, 49 }, 50 }, 51 }, 52 expected: false, 53 }, 54 } 55 56 for _, test := range tests { 57 t.Run(test.name, func(t *testing.T) { 58 var testState state.State 59 testState.AWS.S3 = test.input 60 results := CheckEncryptionCustomerKey.Evaluate(&testState) 61 var found bool 62 for _, result := range results { 63 if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckEncryptionCustomerKey.Rule().LongID() { 64 found = true 65 } 66 } 67 if test.expected { 68 assert.True(t, found, "Rule should have been found") 69 } else { 70 assert.False(t, found, "Rule should not have been found") 71 } 72 }) 73 } 74 }