github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/rules/cloud/policies/github/repositories/enable_vulnerability_alerts_test.go

github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/rules/cloud/policies/github/repositories/enable_vulnerability_alerts_test.go (about)

     1  package repositories
     2  
     3  import (
     4  	"testing"
     5  
     6  	defsecTypes "github.com/khulnasoft-lab/defsec/pkg/types"
     7  
     8  	"github.com/khulnasoft-lab/defsec/pkg/state"
     9  
    10  	"github.com/khulnasoft-lab/defsec/pkg/providers/github"
    11  	"github.com/khulnasoft-lab/defsec/pkg/scan"
    12  
    13  	"github.com/stretchr/testify/assert"
    14  )
    15  
    16  func TestCheckEnableVulnerabilityAlerts(t *testing.T) {
    17  	tests := []struct {
    18  		name     string
    19  		input    []github.Repository
    20  		expected bool
    21  	}{
    22  		{
    23  			name: "Vulnerability alerts enabled for repository",
    24  			input: []github.Repository{
    25  				{
    26  					Metadata:            defsecTypes.NewTestMetadata(),
    27  					VulnerabilityAlerts: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()),
    28  					Archived:            defsecTypes.Bool(false, defsecTypes.NewTestMetadata()),
    29  				},
    30  			},
    31  			expected: false,
    32  		},
    33  		{
    34  			name: "Vulnerability alerts disabled for repository",
    35  			input: []github.Repository{
    36  				{
    37  					Metadata:            defsecTypes.NewTestMetadata(),
    38  					VulnerabilityAlerts: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()),
    39  					Archived:            defsecTypes.Bool(false, defsecTypes.NewTestMetadata()),
    40  				},
    41  			},
    42  			expected: true,
    43  		},
    44  		{
    45  			name: "Vulnerability alerts disabled for archived repository",
    46  			input: []github.Repository{
    47  				{
    48  					Metadata:            defsecTypes.NewTestMetadata(),
    49  					VulnerabilityAlerts: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()),
    50  					Archived:            defsecTypes.Bool(true, defsecTypes.NewTestMetadata()),
    51  				},
    52  			},
    53  			expected: false,
    54  		},
    55  	}
    56  	for _, test := range tests {
    57  		t.Run(test.name, func(t *testing.T) {
    58  			var testState state.State
    59  			testState.GitHub.Repositories = test.input
    60  			results := CheckEnableVulnerabilityAlerts.Evaluate(&testState)
    61  			var found bool
    62  			for _, result := range results {
    63  				if result.Status() != scan.StatusPassed && result.Rule().LongID() == CheckEnableVulnerabilityAlerts.Rule().LongID() {
    64  					found = true
    65  				}
    66  			}
    67  			if test.expected {
    68  				assert.True(t, found, "Rule should have been found")
    69  			} else {
    70  				assert.False(t, found, "Rule should not have been found")
    71  			}
    72  		})
    73  	}
    74  }