github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/rules/cloud/policies/azure/keyvault/specify_network_acl_test.go (about) 1 package keyvault 2 3 import ( 4 "testing" 5 6 defsecTypes "github.com/khulnasoft-lab/defsec/pkg/types" 7 8 "github.com/khulnasoft-lab/defsec/pkg/state" 9 10 "github.com/khulnasoft-lab/defsec/pkg/providers/azure/keyvault" 11 "github.com/khulnasoft-lab/defsec/pkg/scan" 12 13 "github.com/stretchr/testify/assert" 14 ) 15 16 func TestCheckSpecifyNetworkAcl(t *testing.T) { 17 tests := []struct { 18 name string 19 input keyvault.KeyVault 20 expected bool 21 }{ 22 { 23 name: "Network ACL default action set to allow", 24 input: keyvault.KeyVault{ 25 Vaults: []keyvault.Vault{ 26 { 27 Metadata: defsecTypes.NewTestMetadata(), 28 NetworkACLs: keyvault.NetworkACLs{ 29 Metadata: defsecTypes.NewTestMetadata(), 30 DefaultAction: defsecTypes.String("Allow", defsecTypes.NewTestMetadata()), 31 }, 32 }, 33 }, 34 }, 35 expected: true, 36 }, 37 { 38 name: "Network ACL default action set to deny", 39 input: keyvault.KeyVault{ 40 Vaults: []keyvault.Vault{ 41 { 42 Metadata: defsecTypes.NewTestMetadata(), 43 NetworkACLs: keyvault.NetworkACLs{ 44 Metadata: defsecTypes.NewTestMetadata(), 45 DefaultAction: defsecTypes.String("Deny", defsecTypes.NewTestMetadata()), 46 }, 47 }, 48 }, 49 }, 50 expected: false, 51 }, 52 } 53 for _, test := range tests { 54 t.Run(test.name, func(t *testing.T) { 55 var testState state.State 56 testState.Azure.KeyVault = test.input 57 results := CheckSpecifyNetworkAcl.Evaluate(&testState) 58 var found bool 59 for _, result := range results { 60 if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckSpecifyNetworkAcl.Rule().LongID() { 61 found = true 62 } 63 } 64 if test.expected { 65 assert.True(t, found, "Rule should have been found") 66 } else { 67 assert.False(t, found, "Rule should not have been found") 68 } 69 }) 70 } 71 }