github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/rules/cloud/policies/nifcloud/sslcertificate/remove_expired_certificates_test.go (about) 1 package sslcertificate 2 3 import ( 4 "testing" 5 "time" 6 7 "github.com/khulnasoft-lab/defsec/pkg/providers/nifcloud/sslcertificate" 8 "github.com/khulnasoft-lab/defsec/pkg/scan" 9 "github.com/khulnasoft-lab/defsec/pkg/state" 10 defsecTypes "github.com/khulnasoft-lab/defsec/pkg/types" 11 "github.com/stretchr/testify/assert" 12 ) 13 14 func TestCheckRemoveExpiredCertificates(t *testing.T) { 15 tests := []struct { 16 name string 17 input sslcertificate.SSLCertificate 18 expected bool 19 }{ 20 { 21 name: "No certs", 22 input: sslcertificate.SSLCertificate{}, 23 expected: false, 24 }, 25 { 26 name: "Valid cert", 27 input: sslcertificate.SSLCertificate{ 28 ServerCertificates: []sslcertificate.ServerCertificate{ 29 { 30 Metadata: defsecTypes.NewTestMetadata(), 31 Expiration: defsecTypes.Time(time.Now().Add(time.Hour), defsecTypes.NewTestMetadata()), 32 }, 33 }, 34 }, 35 expected: false, 36 }, 37 { 38 name: "Expired cert", 39 input: sslcertificate.SSLCertificate{ 40 ServerCertificates: []sslcertificate.ServerCertificate{ 41 { 42 Metadata: defsecTypes.NewTestMetadata(), 43 Expiration: defsecTypes.Time(time.Now().Add(-time.Hour), defsecTypes.NewTestMetadata()), 44 }, 45 }, 46 }, 47 expected: true, 48 }, 49 } 50 for _, test := range tests { 51 t.Run(test.name, func(t *testing.T) { 52 var testState state.State 53 testState.Nifcloud.SSLCertificate = test.input 54 results := CheckRemoveExpiredCertificates.Evaluate(&testState) 55 var found bool 56 for _, result := range results { 57 if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckRemoveExpiredCertificates.Rule().LongID() { 58 found = true 59 } 60 } 61 if test.expected { 62 assert.True(t, found, "Rule should have been found") 63 } else { 64 assert.False(t, found, "Rule should not have been found") 65 } 66 }) 67 } 68 }