go.mondoo.com/cnquery@v0.0.0-20231005093811-59568235f6ea/providers/os/resources/windows/auditpol_test.go

go.mondoo.com/cnquery@v0.0.0-20231005093811-59568235f6ea/providers/os/resources/windows/auditpol_test.go (about)

     1  // Copyright (c) Mondoo, Inc.
     2  // SPDX-License-Identifier: BUSL-1.1
     3  
     4  package windows_test
     5  
     6  import (
     7  	"testing"
     8  
     9  	"github.com/stretchr/testify/assert"
    10  	"github.com/stretchr/testify/require"
    11  	"go.mondoo.com/cnquery/providers/os/connection/mock"
    12  	"go.mondoo.com/cnquery/providers/os/resources/windows"
    13  )
    14  
    15  func TestParseAuditpol(t *testing.T) {
    16  	mock, err := mock.New("./testdata/auditpol.toml", nil)
    17  	require.NoError(t, err)
    18  
    19  	f, err := mock.RunCommand("auditpol /get /category:* /r")
    20  	require.NoError(t, err)
    21  
    22  	auditpol, err := windows.ParseAuditpol(f.Stdout)
    23  	require.NoError(t, err)
    24  
    25  	assert.Equal(t, 60, len(auditpol))
    26  
    27  	expected := &windows.AuditpolEntry{
    28  		MachineName:      "Test",
    29  		PolicyTarget:     "System",
    30  		Subcategory:      "Kernel Object",
    31  		SubcategoryGUID:  "0CCE921F-69AE-11D9-BED3-505054503030",
    32  		InclusionSetting: "No Auditing",
    33  		ExclusionSetting: "",
    34  	}
    35  	found := findPol(auditpol, "Kernel Object")
    36  	assert.Equal(t, expected, found)
    37  }
    38  
    39  func findPol(auditpol []windows.AuditpolEntry, subcategory string) *windows.AuditpolEntry {
    40  	for i := range auditpol {
    41  		if auditpol[i].Subcategory == subcategory {
    42  			return &auditpol[i]
    43  		}
    44  	}
    45  	return nil
    46  }