github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/rules/cloud/policies/azure/keyvault/no_purge_test.go

github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/rules/cloud/policies/azure/keyvault/no_purge_test.go (about)

     1  package keyvault
     2  
     3  import (
     4  	"testing"
     5  
     6  	defsecTypes "github.com/khulnasoft-lab/defsec/pkg/types"
     7  
     8  	"github.com/khulnasoft-lab/defsec/pkg/state"
     9  
    10  	"github.com/khulnasoft-lab/defsec/pkg/providers/azure/keyvault"
    11  	"github.com/khulnasoft-lab/defsec/pkg/scan"
    12  
    13  	"github.com/stretchr/testify/assert"
    14  )
    15  
    16  func TestCheckNoPurge(t *testing.T) {
    17  	tests := []struct {
    18  		name     string
    19  		input    keyvault.KeyVault
    20  		expected bool
    21  	}{
    22  		{
    23  			name: "Keyvault purge protection disabled",
    24  			input: keyvault.KeyVault{
    25  				Vaults: []keyvault.Vault{
    26  					{
    27  						Metadata:                defsecTypes.NewTestMetadata(),
    28  						EnablePurgeProtection:   defsecTypes.Bool(false, defsecTypes.NewTestMetadata()),
    29  						SoftDeleteRetentionDays: defsecTypes.Int(30, defsecTypes.NewTestMetadata()),
    30  					},
    31  				},
    32  			},
    33  			expected: true,
    34  		},
    35  		{
    36  			name: "Keyvault purge protection enabled but soft delete retention period set to 3 days",
    37  			input: keyvault.KeyVault{
    38  				Vaults: []keyvault.Vault{
    39  					{
    40  						Metadata:                defsecTypes.NewTestMetadata(),
    41  						EnablePurgeProtection:   defsecTypes.Bool(true, defsecTypes.NewTestMetadata()),
    42  						SoftDeleteRetentionDays: defsecTypes.Int(3, defsecTypes.NewTestMetadata()),
    43  					},
    44  				},
    45  			},
    46  			expected: true,
    47  		},
    48  		{
    49  			name: "Keyvault purge protection enabled and soft delete retention period set to 30 days",
    50  			input: keyvault.KeyVault{
    51  				Vaults: []keyvault.Vault{
    52  					{
    53  						Metadata:                defsecTypes.NewTestMetadata(),
    54  						EnablePurgeProtection:   defsecTypes.Bool(true, defsecTypes.NewTestMetadata()),
    55  						SoftDeleteRetentionDays: defsecTypes.Int(30, defsecTypes.NewTestMetadata()),
    56  					},
    57  				},
    58  			},
    59  			expected: false,
    60  		},
    61  	}
    62  	for _, test := range tests {
    63  		t.Run(test.name, func(t *testing.T) {
    64  			var testState state.State
    65  			testState.Azure.KeyVault = test.input
    66  			results := CheckNoPurge.Evaluate(&testState)
    67  			var found bool
    68  			for _, result := range results {
    69  				if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckNoPurge.Rule().LongID() {
    70  					found = true
    71  				}
    72  			}
    73  			if test.expected {
    74  				assert.True(t, found, "Rule should have been found")
    75  			} else {
    76  				assert.False(t, found, "Rule should not have been found")
    77  			}
    78  		})
    79  	}
    80  }