github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/rules/cloud/policies/azure/storage/use_secure_tls_policy_test.go (about) 1 package storage 2 3 import ( 4 "testing" 5 6 defsecTypes "github.com/khulnasoft-lab/defsec/pkg/types" 7 8 "github.com/khulnasoft-lab/defsec/pkg/state" 9 10 "github.com/khulnasoft-lab/defsec/pkg/providers/azure/storage" 11 "github.com/khulnasoft-lab/defsec/pkg/scan" 12 13 "github.com/stretchr/testify/assert" 14 ) 15 16 func TestCheckUseSecureTlsPolicy(t *testing.T) { 17 tests := []struct { 18 name string 19 input storage.Storage 20 expected bool 21 }{ 22 { 23 name: "Storage account minimum TLS version unspecified", 24 input: storage.Storage{ 25 Accounts: []storage.Account{ 26 { 27 Metadata: defsecTypes.NewTestMetadata(), 28 }, 29 }, 30 }, 31 expected: true, 32 }, 33 { 34 name: "Storage account minimum TLS version 1.0", 35 input: storage.Storage{ 36 Accounts: []storage.Account{ 37 { 38 Metadata: defsecTypes.NewTestMetadata(), 39 MinimumTLSVersion: defsecTypes.String("TLS1_0", defsecTypes.NewTestMetadata()), 40 }, 41 }, 42 }, 43 expected: true, 44 }, 45 { 46 name: "Storage account minimum TLS version 1.2", 47 input: storage.Storage{ 48 Accounts: []storage.Account{ 49 { 50 Metadata: defsecTypes.NewTestMetadata(), 51 MinimumTLSVersion: defsecTypes.String("TLS1_2", defsecTypes.NewTestMetadata()), 52 }, 53 }, 54 }, 55 expected: false, 56 }, 57 } 58 for _, test := range tests { 59 t.Run(test.name, func(t *testing.T) { 60 var testState state.State 61 testState.Azure.Storage = test.input 62 results := CheckUseSecureTlsPolicy.Evaluate(&testState) 63 var found bool 64 for _, result := range results { 65 if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckUseSecureTlsPolicy.Rule().LongID() { 66 found = true 67 } 68 } 69 if test.expected { 70 assert.True(t, found, "Rule should have been found") 71 } else { 72 assert.False(t, found, "Rule should not have been found") 73 } 74 }) 75 } 76 }