github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/rules/cloud/policies/azure/database/enable_audit_test.go (about) 1 package database 2 3 import ( 4 "testing" 5 6 defsecTypes "github.com/khulnasoft-lab/defsec/pkg/types" 7 8 "github.com/khulnasoft-lab/defsec/pkg/state" 9 10 "github.com/khulnasoft-lab/defsec/pkg/providers/azure/database" 11 "github.com/khulnasoft-lab/defsec/pkg/scan" 12 13 "github.com/stretchr/testify/assert" 14 ) 15 16 func TestCheckEnableAudit(t *testing.T) { 17 tests := []struct { 18 name string 19 input database.Database 20 expected bool 21 }{ 22 { 23 name: "MS SQL server extended audit policy not configured", 24 input: database.Database{ 25 MSSQLServers: []database.MSSQLServer{ 26 { 27 Metadata: defsecTypes.NewTestMetadata(), 28 ExtendedAuditingPolicies: []database.ExtendedAuditingPolicy{}, 29 }, 30 }, 31 }, 32 expected: true, 33 }, 34 { 35 name: "MS SQL server extended audit policy configured", 36 input: database.Database{ 37 MSSQLServers: []database.MSSQLServer{ 38 { 39 Metadata: defsecTypes.NewTestMetadata(), 40 ExtendedAuditingPolicies: []database.ExtendedAuditingPolicy{ 41 { 42 Metadata: defsecTypes.NewTestMetadata(), 43 RetentionInDays: defsecTypes.Int(6, defsecTypes.NewTestMetadata()), 44 }, 45 }, 46 }, 47 }, 48 }, 49 expected: false, 50 }, 51 } 52 for _, test := range tests { 53 t.Run(test.name, func(t *testing.T) { 54 var testState state.State 55 testState.Azure.Database = test.input 56 results := CheckEnableAudit.Evaluate(&testState) 57 var found bool 58 for _, result := range results { 59 if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckEnableAudit.Rule().LongID() { 60 found = true 61 } 62 } 63 if test.expected { 64 assert.True(t, found, "Rule should have been found") 65 } else { 66 assert.False(t, found, "Rule should not have been found") 67 } 68 }) 69 } 70 }