github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/rules/cloud/policies/google/bigquery/no_public_access_test.go

github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/rules/cloud/policies/google/bigquery/no_public_access_test.go (about)

     1  package bigquery
     2  
     3  import (
     4  	"testing"
     5  
     6  	defsecTypes "github.com/khulnasoft-lab/defsec/pkg/types"
     7  
     8  	"github.com/khulnasoft-lab/defsec/pkg/state"
     9  
    10  	"github.com/khulnasoft-lab/defsec/pkg/providers/google/bigquery"
    11  	"github.com/khulnasoft-lab/defsec/pkg/scan"
    12  
    13  	"github.com/stretchr/testify/assert"
    14  )
    15  
    16  func TestCheckNoPublicAccess(t *testing.T) {
    17  	tests := []struct {
    18  		name     string
    19  		input    bigquery.BigQuery
    20  		expected bool
    21  	}{
    22  		{
    23  			name: "positive result",
    24  			input: bigquery.BigQuery{
    25  				Datasets: []bigquery.Dataset{
    26  					{
    27  						Metadata: defsecTypes.NewTestMetadata(),
    28  						AccessGrants: []bigquery.AccessGrant{
    29  							{
    30  								SpecialGroup: defsecTypes.String(
    31  									bigquery.SpecialGroupAllAuthenticatedUsers,
    32  									defsecTypes.NewTestMetadata(),
    33  								),
    34  							},
    35  						},
    36  					},
    37  				},
    38  			},
    39  			expected: true,
    40  		},
    41  		{
    42  			name: "negative result",
    43  			input: bigquery.BigQuery{
    44  				Datasets: []bigquery.Dataset{
    45  					{
    46  						Metadata: defsecTypes.NewTestMetadata(),
    47  						AccessGrants: []bigquery.AccessGrant{
    48  							{
    49  								SpecialGroup: defsecTypes.String(
    50  									"anotherGroup",
    51  									defsecTypes.NewTestMetadata(),
    52  								),
    53  							},
    54  						},
    55  					},
    56  				},
    57  			},
    58  			expected: false,
    59  		},
    60  	}
    61  	for _, test := range tests {
    62  		t.Run(test.name, func(t *testing.T) {
    63  			var testState state.State
    64  			testState.Google.BigQuery = test.input
    65  			results := CheckNoPublicAccess.Evaluate(&testState)
    66  			var found bool
    67  			for _, result := range results {
    68  				if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckNoPublicAccess.Rule().LongID() {
    69  					found = true
    70  				}
    71  			}
    72  			if test.expected {
    73  				assert.True(t, found, "Rule should have been found")
    74  			} else {
    75  				assert.False(t, found, "Rule should not have been found")
    76  			}
    77  		})
    78  	}
    79  }