github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/rules/cloud/policies/nifcloud/rdb/no_public_ingress_db_sgr_test.go (about) 1 package rdb 2 3 import ( 4 "testing" 5 6 "github.com/khulnasoft-lab/defsec/pkg/providers/nifcloud/rdb" 7 defsecTypes "github.com/khulnasoft-lab/defsec/pkg/types" 8 9 "github.com/khulnasoft-lab/defsec/pkg/scan" 10 11 "github.com/khulnasoft-lab/defsec/pkg/state" 12 13 "github.com/stretchr/testify/assert" 14 ) 15 16 func TestCheckNoPublicIngressDBSgr(t *testing.T) { 17 tests := []struct { 18 name string 19 input rdb.RDB 20 expected bool 21 }{ 22 { 23 name: "NIFCLOUD ingress db security group rule with wildcard address", 24 input: rdb.RDB{ 25 DBSecurityGroups: []rdb.DBSecurityGroup{ 26 { 27 Metadata: defsecTypes.NewTestMetadata(), 28 CIDRs: []defsecTypes.StringValue{ 29 defsecTypes.String("0.0.0.0/0", defsecTypes.NewTestMetadata()), 30 }, 31 }, 32 }, 33 }, 34 expected: true, 35 }, 36 { 37 name: "NIFCLOUD ingress db security group rule with private address", 38 input: rdb.RDB{ 39 DBSecurityGroups: []rdb.DBSecurityGroup{ 40 { 41 Metadata: defsecTypes.NewTestMetadata(), 42 CIDRs: []defsecTypes.StringValue{ 43 defsecTypes.String("10.0.0.0/16", defsecTypes.NewTestMetadata()), 44 }, 45 }, 46 }, 47 }, 48 expected: false, 49 }, 50 } 51 for _, test := range tests { 52 t.Run(test.name, func(t *testing.T) { 53 var testState state.State 54 testState.Nifcloud.RDB = test.input 55 results := CheckNoPublicIngressDBSgr.Evaluate(&testState) 56 var found bool 57 for _, result := range results { 58 if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckNoPublicIngressDBSgr.Rule().LongID() { 59 found = true 60 } 61 } 62 if test.expected { 63 assert.True(t, found, "Rule should have been found") 64 } else { 65 assert.False(t, found, "Rule should not have been found") 66 } 67 }) 68 } 69 }