github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/rules/cloud/policies/azure/database/enable_ssl_enforcement_test.go (about) 1 package database 2 3 import ( 4 "testing" 5 6 defsecTypes "github.com/khulnasoft-lab/defsec/pkg/types" 7 8 "github.com/khulnasoft-lab/defsec/pkg/state" 9 10 "github.com/khulnasoft-lab/defsec/pkg/providers/azure/database" 11 "github.com/khulnasoft-lab/defsec/pkg/scan" 12 13 "github.com/stretchr/testify/assert" 14 ) 15 16 func TestCheckEnableSslEnforcement(t *testing.T) { 17 tests := []struct { 18 name string 19 input database.Database 20 expected bool 21 }{ 22 { 23 name: "MariaDB server SSL not enforced", 24 input: database.Database{ 25 MariaDBServers: []database.MariaDBServer{ 26 { 27 Metadata: defsecTypes.NewTestMetadata(), 28 Server: database.Server{ 29 Metadata: defsecTypes.NewTestMetadata(), 30 EnableSSLEnforcement: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), 31 }, 32 }, 33 }, 34 }, 35 expected: true, 36 }, 37 { 38 name: "MySQL server SSL not enforced", 39 input: database.Database{ 40 MySQLServers: []database.MySQLServer{ 41 { 42 Metadata: defsecTypes.NewTestMetadata(), 43 Server: database.Server{ 44 Metadata: defsecTypes.NewTestMetadata(), 45 EnableSSLEnforcement: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), 46 }, 47 }, 48 }, 49 }, 50 expected: true, 51 }, 52 { 53 name: "PostgreSQL server SSL not enforced", 54 input: database.Database{ 55 PostgreSQLServers: []database.PostgreSQLServer{ 56 { 57 Metadata: defsecTypes.NewTestMetadata(), 58 Server: database.Server{ 59 Metadata: defsecTypes.NewTestMetadata(), 60 EnableSSLEnforcement: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), 61 }, 62 }, 63 }, 64 }, 65 expected: true, 66 }, 67 { 68 name: "MariaDB server SSL enforced", 69 input: database.Database{ 70 MariaDBServers: []database.MariaDBServer{ 71 { 72 Metadata: defsecTypes.NewTestMetadata(), 73 Server: database.Server{ 74 Metadata: defsecTypes.NewTestMetadata(), 75 EnableSSLEnforcement: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), 76 }, 77 }, 78 }, 79 }, 80 expected: false, 81 }, 82 { 83 name: "MySQL server SSL enforced", 84 input: database.Database{ 85 MySQLServers: []database.MySQLServer{ 86 { 87 Metadata: defsecTypes.NewTestMetadata(), 88 Server: database.Server{ 89 Metadata: defsecTypes.NewTestMetadata(), 90 EnableSSLEnforcement: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), 91 }, 92 }, 93 }, 94 }, 95 expected: false, 96 }, 97 { 98 name: "PostgreSQL server SSL enforced", 99 input: database.Database{ 100 PostgreSQLServers: []database.PostgreSQLServer{ 101 { 102 Metadata: defsecTypes.NewTestMetadata(), 103 Server: database.Server{ 104 Metadata: defsecTypes.NewTestMetadata(), 105 EnableSSLEnforcement: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), 106 }, 107 }, 108 }, 109 }, 110 expected: false, 111 }, 112 } 113 for _, test := range tests { 114 t.Run(test.name, func(t *testing.T) { 115 var testState state.State 116 testState.Azure.Database = test.input 117 results := CheckEnableSslEnforcement.Evaluate(&testState) 118 var found bool 119 for _, result := range results { 120 if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckEnableSslEnforcement.Rule().LongID() { 121 found = true 122 } 123 } 124 if test.expected { 125 assert.True(t, found, "Rule should have been found") 126 } else { 127 assert.False(t, found, "Rule should not have been found") 128 } 129 }) 130 } 131 }