github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/rules/cloud/policies/google/sql/encrypt_in_transit_data_test.go

github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/rules/cloud/policies/google/sql/encrypt_in_transit_data_test.go (about)

     1  package sql
     2  
     3  import (
     4  	"testing"
     5  
     6  	defsecTypes "github.com/khulnasoft-lab/defsec/pkg/types"
     7  
     8  	"github.com/khulnasoft-lab/defsec/pkg/state"
     9  
    10  	"github.com/khulnasoft-lab/defsec/pkg/providers/google/sql"
    11  	"github.com/khulnasoft-lab/defsec/pkg/scan"
    12  
    13  	"github.com/stretchr/testify/assert"
    14  )
    15  
    16  func TestCheckEncryptInTransitData(t *testing.T) {
    17  	tests := []struct {
    18  		name     string
    19  		input    sql.SQL
    20  		expected bool
    21  	}{
    22  		{
    23  			name: "DB instance TLS not required",
    24  			input: sql.SQL{
    25  				Instances: []sql.DatabaseInstance{
    26  					{
    27  						Metadata: defsecTypes.NewTestMetadata(),
    28  						Settings: sql.Settings{
    29  							Metadata: defsecTypes.NewTestMetadata(),
    30  							IPConfiguration: sql.IPConfiguration{
    31  								Metadata:   defsecTypes.NewTestMetadata(),
    32  								RequireTLS: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()),
    33  							},
    34  						},
    35  					},
    36  				},
    37  			},
    38  			expected: true,
    39  		},
    40  		{
    41  			name: "DB instance TLS required",
    42  			input: sql.SQL{
    43  				Instances: []sql.DatabaseInstance{
    44  					{
    45  						Metadata: defsecTypes.NewTestMetadata(),
    46  						Settings: sql.Settings{
    47  							Metadata: defsecTypes.NewTestMetadata(),
    48  							IPConfiguration: sql.IPConfiguration{
    49  								Metadata:   defsecTypes.NewTestMetadata(),
    50  								RequireTLS: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()),
    51  							},
    52  						},
    53  					},
    54  				},
    55  			},
    56  			expected: false,
    57  		},
    58  	}
    59  	for _, test := range tests {
    60  		t.Run(test.name, func(t *testing.T) {
    61  			var testState state.State
    62  			testState.Google.SQL = test.input
    63  			results := CheckEncryptInTransitData.Evaluate(&testState)
    64  			var found bool
    65  			for _, result := range results {
    66  				if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckEncryptInTransitData.Rule().LongID() {
    67  					found = true
    68  				}
    69  			}
    70  			if test.expected {
    71  				assert.True(t, found, "Rule should have been found")
    72  			} else {
    73  				assert.False(t, found, "Rule should not have been found")
    74  			}
    75  		})
    76  	}
    77  }