github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/rules/cloud/policies/aws/workspaces/enable_disk_encryption_test.go (about) 1 package workspaces 2 3 import ( 4 "testing" 5 6 defsecTypes "github.com/khulnasoft-lab/defsec/pkg/types" 7 8 "github.com/khulnasoft-lab/defsec/pkg/state" 9 10 "github.com/khulnasoft-lab/defsec/pkg/providers/aws/workspaces" 11 "github.com/khulnasoft-lab/defsec/pkg/scan" 12 13 "github.com/stretchr/testify/assert" 14 ) 15 16 func TestCheckEnableDiskEncryption(t *testing.T) { 17 tests := []struct { 18 name string 19 input workspaces.WorkSpaces 20 expected bool 21 }{ 22 { 23 name: "AWS Workspace with unencrypted root volume", 24 input: workspaces.WorkSpaces{ 25 WorkSpaces: []workspaces.WorkSpace{ 26 { 27 Metadata: defsecTypes.NewTestMetadata(), 28 RootVolume: workspaces.Volume{ 29 Metadata: defsecTypes.NewTestMetadata(), 30 Encryption: workspaces.Encryption{ 31 Metadata: defsecTypes.NewTestMetadata(), 32 Enabled: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), 33 }, 34 }, 35 UserVolume: workspaces.Volume{ 36 Metadata: defsecTypes.NewTestMetadata(), 37 Encryption: workspaces.Encryption{ 38 Metadata: defsecTypes.NewTestMetadata(), 39 Enabled: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), 40 }, 41 }, 42 }, 43 }, 44 }, 45 expected: true, 46 }, 47 { 48 name: "AWS Workspace with unencrypted user volume", 49 input: workspaces.WorkSpaces{ 50 WorkSpaces: []workspaces.WorkSpace{ 51 { 52 Metadata: defsecTypes.NewTestMetadata(), 53 RootVolume: workspaces.Volume{ 54 Metadata: defsecTypes.NewTestMetadata(), 55 Encryption: workspaces.Encryption{ 56 Metadata: defsecTypes.NewTestMetadata(), 57 Enabled: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), 58 }, 59 }, 60 UserVolume: workspaces.Volume{ 61 Metadata: defsecTypes.NewTestMetadata(), 62 Encryption: workspaces.Encryption{ 63 Metadata: defsecTypes.NewTestMetadata(), 64 Enabled: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), 65 }, 66 }, 67 }, 68 }, 69 }, 70 expected: true, 71 }, 72 73 { 74 name: "AWS Workspace with encrypted user and root volumes", 75 input: workspaces.WorkSpaces{ 76 WorkSpaces: []workspaces.WorkSpace{ 77 { 78 Metadata: defsecTypes.NewTestMetadata(), 79 RootVolume: workspaces.Volume{ 80 Metadata: defsecTypes.NewTestMetadata(), 81 Encryption: workspaces.Encryption{ 82 Metadata: defsecTypes.NewTestMetadata(), 83 Enabled: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), 84 }, 85 }, 86 UserVolume: workspaces.Volume{ 87 Metadata: defsecTypes.NewTestMetadata(), 88 Encryption: workspaces.Encryption{ 89 Metadata: defsecTypes.NewTestMetadata(), 90 Enabled: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), 91 }, 92 }, 93 }, 94 }, 95 }, 96 expected: false, 97 }, 98 } 99 for _, test := range tests { 100 t.Run(test.name, func(t *testing.T) { 101 var testState state.State 102 testState.AWS.WorkSpaces = test.input 103 results := CheckEnableDiskEncryption.Evaluate(&testState) 104 var found bool 105 for _, result := range results { 106 if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckEnableDiskEncryption.Rule().LongID() { 107 found = true 108 } 109 } 110 if test.expected { 111 assert.True(t, found, "Rule should have been found") 112 } else { 113 assert.False(t, found, "Rule should not have been found") 114 } 115 }) 116 } 117 }