github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/rules/cloud/policies/aws/s3/specify_public_access_block_test.go (about) 1 package s3 2 3 import ( 4 "testing" 5 6 "github.com/khulnasoft-lab/defsec/pkg/types" 7 8 "github.com/khulnasoft-lab/defsec/pkg/state" 9 10 "github.com/khulnasoft-lab/defsec/pkg/providers/aws/s3" 11 "github.com/khulnasoft-lab/defsec/pkg/scan" 12 13 "github.com/stretchr/testify/assert" 14 ) 15 16 func TestCheckBucketsHavePublicAccessBlocks(t *testing.T) { 17 tests := []struct { 18 name string 19 input s3.S3 20 expected bool 21 }{ 22 { 23 name: "Public access block missing", 24 input: s3.S3{ 25 Buckets: []s3.Bucket{ 26 { 27 Metadata: types.NewTestMetadata(), 28 }, 29 }, 30 }, 31 expected: true, 32 }, 33 { 34 name: "Public access block present", 35 input: s3.S3{ 36 Buckets: []s3.Bucket{ 37 { 38 Metadata: types.NewTestMetadata(), 39 PublicAccessBlock: &s3.PublicAccessBlock{ 40 Metadata: types.NewTestMetadata(), 41 }, 42 }, 43 }, 44 }, 45 expected: false, 46 }, 47 } 48 for _, test := range tests { 49 t.Run(test.name, func(t *testing.T) { 50 var testState state.State 51 testState.AWS.S3 = test.input 52 results := CheckBucketsHavePublicAccessBlocks.Evaluate(&testState) 53 var found bool 54 for _, result := range results { 55 if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckBucketsHavePublicAccessBlocks.Rule().LongID() { 56 found = true 57 } 58 } 59 if test.expected { 60 assert.True(t, found, "Rule should have been found") 61 } else { 62 assert.False(t, found, "Rule should not have been found") 63 } 64 }) 65 } 66 }