github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/rules/cloud/policies/google/dns/no_rsa_sha1_test.go (about)

     1  package dns
     2  
     3  import (
     4  	"testing"
     5  
     6  	defsecTypes "github.com/khulnasoft-lab/defsec/pkg/types"
     7  
     8  	"github.com/khulnasoft-lab/defsec/pkg/state"
     9  
    10  	"github.com/khulnasoft-lab/defsec/pkg/providers/google/dns"
    11  	"github.com/khulnasoft-lab/defsec/pkg/scan"
    12  
    13  	"github.com/stretchr/testify/assert"
    14  )
    15  
    16  func TestCheckNoRsaSha1(t *testing.T) {
    17  	tests := []struct {
    18  		name     string
    19  		input    dns.DNS
    20  		expected bool
    21  	}{
    22  		{
    23  			name: "Zone signing using RSA SHA1 key",
    24  			input: dns.DNS{
    25  				ManagedZones: []dns.ManagedZone{
    26  					{
    27  						Metadata: defsecTypes.NewTestMetadata(),
    28  						DNSSec: dns.DNSSec{
    29  							Metadata: defsecTypes.NewTestMetadata(),
    30  							DefaultKeySpecs: dns.KeySpecs{
    31  								Metadata: defsecTypes.NewTestMetadata(),
    32  								KeySigningKey: dns.Key{
    33  									Metadata:  defsecTypes.NewTestMetadata(),
    34  									Algorithm: defsecTypes.String("rsasha1", defsecTypes.NewTestMetadata()),
    35  								},
    36  								ZoneSigningKey: dns.Key{
    37  									Metadata:  defsecTypes.NewTestMetadata(),
    38  									Algorithm: defsecTypes.String("rsasha1", defsecTypes.NewTestMetadata()),
    39  								},
    40  							},
    41  						},
    42  					},
    43  				},
    44  			},
    45  			expected: true,
    46  		},
    47  		{
    48  			name: "Zone signing using RSA SHA512 key",
    49  			input: dns.DNS{
    50  				ManagedZones: []dns.ManagedZone{
    51  					{
    52  						Metadata: defsecTypes.NewTestMetadata(),
    53  						DNSSec: dns.DNSSec{
    54  							Metadata: defsecTypes.NewTestMetadata(),
    55  							DefaultKeySpecs: dns.KeySpecs{
    56  								Metadata: defsecTypes.NewTestMetadata(),
    57  								KeySigningKey: dns.Key{
    58  									Metadata:  defsecTypes.NewTestMetadata(),
    59  									Algorithm: defsecTypes.String("rsasha512", defsecTypes.NewTestMetadata()),
    60  								},
    61  								ZoneSigningKey: dns.Key{
    62  									Metadata:  defsecTypes.NewTestMetadata(),
    63  									Algorithm: defsecTypes.String("rsasha512", defsecTypes.NewTestMetadata()),
    64  								},
    65  							},
    66  						},
    67  					},
    68  				},
    69  			},
    70  			expected: false,
    71  		},
    72  	}
    73  	for _, test := range tests {
    74  		t.Run(test.name, func(t *testing.T) {
    75  			var testState state.State
    76  			testState.Google.DNS = test.input
    77  			results := CheckNoRsaSha1.Evaluate(&testState)
    78  			var found bool
    79  			for _, result := range results {
    80  				if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckNoRsaSha1.Rule().LongID() {
    81  					found = true
    82  				}
    83  			}
    84  			if test.expected {
    85  				assert.True(t, found, "Rule should have been found")
    86  			} else {
    87  				assert.False(t, found, "Rule should not have been found")
    88  			}
    89  		})
    90  	}
    91  }