github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/rules/cloud/policies/github/branch_protections/require_signed_commits_test.go (about) 1 package branch_protections 2 3 import ( 4 "testing" 5 6 defsecTypes "github.com/khulnasoft-lab/defsec/pkg/types" 7 8 "github.com/khulnasoft-lab/defsec/pkg/state" 9 10 "github.com/khulnasoft-lab/defsec/pkg/providers/github" 11 "github.com/khulnasoft-lab/defsec/pkg/scan" 12 13 "github.com/stretchr/testify/assert" 14 ) 15 16 func TestCheckRequireSignedCommits(t *testing.T) { 17 tests := []struct { 18 name string 19 input []github.BranchProtection 20 expected bool 21 }{ 22 { 23 name: "Require signed commits enabled for branch", 24 input: []github.BranchProtection{ 25 { 26 Metadata: defsecTypes.NewTestMetadata(), 27 RequireSignedCommits: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), 28 }, 29 }, 30 expected: false, 31 }, 32 { 33 name: "Require signed commits disabled for repository", 34 input: []github.BranchProtection{ 35 { 36 Metadata: defsecTypes.NewTestMetadata(), 37 RequireSignedCommits: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), 38 }, 39 }, 40 expected: true, 41 }, 42 } 43 for _, test := range tests { 44 t.Run(test.name, func(t *testing.T) { 45 var testState state.State 46 testState.GitHub.BranchProtections = test.input 47 results := CheckRequireSignedCommits.Evaluate(&testState) 48 var found bool 49 for _, result := range results { 50 if result.Status() != scan.StatusPassed && result.Rule().LongID() == CheckRequireSignedCommits.Rule().LongID() { 51 found = true 52 } 53 } 54 if test.expected { 55 assert.True(t, found, "Rule should have been found") 56 } else { 57 assert.False(t, found, "Rule should not have been found") 58 } 59 }) 60 } 61 }