github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/rules/cloud/policies/nifcloud/network/use_secure_tls_policy_test.go

github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/rules/cloud/policies/nifcloud/network/use_secure_tls_policy_test.go (about)

     1  package network
     2  
     3  import (
     4  	"testing"
     5  
     6  	"github.com/khulnasoft-lab/defsec/pkg/providers/nifcloud/network"
     7  	"github.com/khulnasoft-lab/defsec/pkg/scan"
     8  	"github.com/khulnasoft-lab/defsec/pkg/state"
     9  	defsecTypes "github.com/khulnasoft-lab/defsec/pkg/types"
    10  	"github.com/stretchr/testify/assert"
    11  )
    12  
    13  func TestCheckUseSecureTlsPolicy(t *testing.T) {
    14  	tests := []struct {
    15  		name     string
    16  		input    network.Network
    17  		expected bool
    18  	}{
    19  		{
    20  			name: "Load balancer listener using TLS v1.0",
    21  			input: network.Network{
    22  				LoadBalancers: []network.LoadBalancer{
    23  					{
    24  						Metadata: defsecTypes.NewTestMetadata(),
    25  						Listeners: []network.LoadBalancerListener{
    26  							{
    27  								Metadata:  defsecTypes.NewTestMetadata(),
    28  								TLSPolicy: defsecTypes.String("Standard Ciphers A ver1", defsecTypes.NewTestMetadata()),
    29  								Protocol:  defsecTypes.String("HTTPS", defsecTypes.NewTestMetadata()),
    30  							},
    31  						},
    32  					},
    33  				},
    34  			},
    35  			expected: true,
    36  		},
    37  		{
    38  			name: "Load balancer listener using TLS v1.2",
    39  			input: network.Network{
    40  				LoadBalancers: []network.LoadBalancer{
    41  					{
    42  						Metadata: defsecTypes.NewTestMetadata(),
    43  						Listeners: []network.LoadBalancerListener{
    44  							{
    45  								Metadata:  defsecTypes.NewTestMetadata(),
    46  								TLSPolicy: defsecTypes.String("Standard Ciphers D ver1", defsecTypes.NewTestMetadata()),
    47  								Protocol:  defsecTypes.String("HTTPS", defsecTypes.NewTestMetadata()),
    48  							},
    49  						},
    50  					},
    51  				},
    52  			},
    53  			expected: false,
    54  		},
    55  		{
    56  			name: "Load balancer listener using ICMP",
    57  			input: network.Network{
    58  				LoadBalancers: []network.LoadBalancer{
    59  					{
    60  						Metadata: defsecTypes.NewTestMetadata(),
    61  						Listeners: []network.LoadBalancerListener{
    62  							{
    63  								Metadata:  defsecTypes.NewTestMetadata(),
    64  								TLSPolicy: defsecTypes.String("", defsecTypes.NewTestMetadata()),
    65  								Protocol:  defsecTypes.String("ICMP", defsecTypes.NewTestMetadata()),
    66  							},
    67  						},
    68  					},
    69  				},
    70  			},
    71  			expected: false,
    72  		},
    73  	}
    74  	for _, test := range tests {
    75  		t.Run(test.name, func(t *testing.T) {
    76  			var testState state.State
    77  			testState.Nifcloud.Network = test.input
    78  			results := CheckUseSecureTlsPolicy.Evaluate(&testState)
    79  			var found bool
    80  			for _, result := range results {
    81  				if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckUseSecureTlsPolicy.Rule().LongID() {
    82  					found = true
    83  				}
    84  			}
    85  			if test.expected {
    86  				assert.True(t, found, "Rule should have been found")
    87  			} else {
    88  				assert.False(t, found, "Rule should not have been found")
    89  			}
    90  		})
    91  	}
    92  }