github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/rules/cloud/policies/nifcloud/network/http_not_used_test.go (about) 1 package network 2 3 import ( 4 "testing" 5 6 defsecTypes "github.com/khulnasoft-lab/defsec/pkg/types" 7 8 "github.com/khulnasoft-lab/defsec/pkg/state" 9 10 "github.com/khulnasoft-lab/defsec/pkg/providers/nifcloud/network" 11 "github.com/khulnasoft-lab/defsec/pkg/scan" 12 13 "github.com/stretchr/testify/assert" 14 ) 15 16 func TestCheckHttpNotUsed(t *testing.T) { 17 tests := []struct { 18 name string 19 input network.Network 20 expected bool 21 }{ 22 { 23 name: "Elastic Load balancer listener with HTTP protocol on global", 24 input: network.Network{ 25 ElasticLoadBalancers: []network.ElasticLoadBalancer{ 26 { 27 Metadata: defsecTypes.NewTestMetadata(), 28 NetworkInterfaces: []network.NetworkInterface{{ 29 Metadata: defsecTypes.NewTestMetadata(), 30 NetworkID: defsecTypes.String("net-COMMON_GLOBAL", defsecTypes.NewTestMetadata()), 31 IsVipNetwork: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), 32 }}, 33 Listeners: []network.ElasticLoadBalancerListener{ 34 { 35 Metadata: defsecTypes.NewTestMetadata(), 36 Protocol: defsecTypes.String("HTTP", defsecTypes.NewTestMetadata()), 37 }, 38 }, 39 }, 40 }, 41 }, 42 expected: true, 43 }, 44 { 45 name: "Elastic Load balancer listener with HTTP protocol on internal", 46 input: network.Network{ 47 ElasticLoadBalancers: []network.ElasticLoadBalancer{ 48 { 49 Metadata: defsecTypes.NewTestMetadata(), 50 NetworkInterfaces: []network.NetworkInterface{{ 51 Metadata: defsecTypes.NewTestMetadata(), 52 NetworkID: defsecTypes.String("some-network", defsecTypes.NewTestMetadata()), 53 IsVipNetwork: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), 54 }}, 55 Listeners: []network.ElasticLoadBalancerListener{ 56 { 57 Metadata: defsecTypes.NewTestMetadata(), 58 Protocol: defsecTypes.String("HTTP", defsecTypes.NewTestMetadata()), 59 }, 60 }, 61 }, 62 }, 63 }, 64 expected: false, 65 }, 66 { 67 name: "Elastic Load balancer listener with HTTPS protocol on global", 68 input: network.Network{ 69 ElasticLoadBalancers: []network.ElasticLoadBalancer{ 70 { 71 Metadata: defsecTypes.NewTestMetadata(), 72 NetworkInterfaces: []network.NetworkInterface{{ 73 Metadata: defsecTypes.NewTestMetadata(), 74 NetworkID: defsecTypes.String("net-COMMON_GLOBAL", defsecTypes.NewTestMetadata()), 75 IsVipNetwork: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), 76 }}, 77 Listeners: []network.ElasticLoadBalancerListener{ 78 { 79 Metadata: defsecTypes.NewTestMetadata(), 80 Protocol: defsecTypes.String("HTTPS", defsecTypes.NewTestMetadata()), 81 }, 82 }, 83 }, 84 }, 85 }, 86 expected: false, 87 }, 88 { 89 name: "Load balancer listener with HTTP protocol", 90 input: network.Network{ 91 LoadBalancers: []network.LoadBalancer{ 92 { 93 Metadata: defsecTypes.NewTestMetadata(), 94 Listeners: []network.LoadBalancerListener{ 95 { 96 Metadata: defsecTypes.NewTestMetadata(), 97 Protocol: defsecTypes.String("HTTP", defsecTypes.NewTestMetadata()), 98 }, 99 }, 100 }, 101 }, 102 }, 103 expected: true, 104 }, 105 { 106 name: "Load balancer listener with HTTPS protocol", 107 input: network.Network{ 108 LoadBalancers: []network.LoadBalancer{ 109 { 110 Metadata: defsecTypes.NewTestMetadata(), 111 Listeners: []network.LoadBalancerListener{ 112 { 113 Metadata: defsecTypes.NewTestMetadata(), 114 Protocol: defsecTypes.String("HTTPS", defsecTypes.NewTestMetadata()), 115 }, 116 }, 117 }, 118 }, 119 }, 120 expected: false, 121 }, 122 } 123 for _, test := range tests { 124 t.Run(test.name, func(t *testing.T) { 125 var testState state.State 126 testState.Nifcloud.Network = test.input 127 results := CheckHttpNotUsed.Evaluate(&testState) 128 var found bool 129 for _, result := range results { 130 if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckHttpNotUsed.Rule().LongID() { 131 found = true 132 } 133 } 134 if test.expected { 135 assert.True(t, found, "Rule should have been found") 136 } else { 137 assert.False(t, found, "Rule should not have been found") 138 } 139 }) 140 } 141 }