Cover wrong trust boundary type with tests

Threagile · Jun 5, 2024 · 83c1b29 · 83c1b29
1 parent 496bed8
commit 83c1b29
Show file tree

Hide file tree

Showing 2 changed files with 104 additions and 0 deletions.
diff --git a/...s/builtin/wrong_trust_boundary_content.go → ...ltin/wrong_trust_boundary_content_rule.go b/...s/builtin/wrong_trust_boundary_content.go → ...ltin/wrong_trust_boundary_content_rule.go
diff --git a/pkg/security/risks/builtin/wrong_trust_boundary_content_rule_test.go b/pkg/security/risks/builtin/wrong_trust_boundary_content_rule_test.go
@@ -0,0 +1,104 @@
+package builtin
+
+import (
+	"fmt"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/threagile/threagile/pkg/security/types"
+)
+
+func TestWrongTrustBoundaryContentRuleGenerateRisksEmptyModelNotRisksCreated(t *testing.T) {
+	rule := NewWrongTrustBoundaryContentRule()
+
+	risks, err := rule.GenerateRisks(&types.Model{})
+
+	assert.Nil(t, err)
+	assert.Empty(t, risks)
+}
+
+type WrongTrustBoundaryContentRuleTest struct {
+	tbType  types.TrustBoundaryType
+	machine types.TechnicalAssetMachine
+
+	riskCreated bool
+}
+
+func TestWrongTrustBoundaryContentRuleSendDataAssetRisksCreated(t *testing.T) {
+	testCases := map[string]WrongTrustBoundaryContentRuleTest{
+		"NetworkOnPrem": {
+			tbType:      types.NetworkOnPrem,
+			riskCreated: false,
+		},
+		"NetworkDedicatedHoster": {
+			tbType:      types.NetworkDedicatedHoster,
+			riskCreated: false,
+		},
+		"NetworkVirtualLAN": {
+			tbType:      types.NetworkVirtualLAN,
+			riskCreated: false,
+		},
+		"NetworkCloudProvider": {
+			tbType:      types.NetworkCloudProvider,
+			riskCreated: false,
+		},
+		"NetworkCloudSecurityGroup": {
+			tbType:      types.NetworkCloudSecurityGroup,
+			riskCreated: false,
+		},
+		"ExecutionEnvironment": {
+			tbType:      types.ExecutionEnvironment,
+			riskCreated: false,
+		},
+		"container": {
+			tbType:      types.NetworkPolicyNamespaceIsolation,
+			machine:     types.Container,
+			riskCreated: false,
+		},
+		"serverless": {
+			tbType:      types.NetworkPolicyNamespaceIsolation,
+			machine:     types.Serverless,
+			riskCreated: false,
+		},
+		"virtual": {
+			tbType:      types.NetworkPolicyNamespaceIsolation,
+			machine:     types.Virtual,
+			riskCreated: true,
+		},
+		"physical": {
+			tbType:      types.NetworkPolicyNamespaceIsolation,
+			machine:     types.Physical,
+			riskCreated: true,
+		},
+	}
+	for name, testCase := range testCases {
+		t.Run(name, func(t *testing.T) {
+			rule := NewWrongTrustBoundaryContentRule()
+			risks, err := rule.GenerateRisks(&types.Model{
+				TechnicalAssets: map[string]*types.TechnicalAsset{
+					"ta": {
+						Id:      "ta",
+						Title:   "Test Technical Asset",
+						Machine: testCase.machine,
+					},
+				},
+				TrustBoundaries: map[string]*types.TrustBoundary{
+					"tb1": {
+						Type:                  testCase.tbType,
+						TechnicalAssetsInside: []string{"ta"},
+					},
+				},
+			})
+
+			assert.Nil(t, err)
+			if testCase.riskCreated {
+				assert.Len(t, risks, 1)
+				assert.Equal(t, types.LowImpact, risks[0].ExploitationImpact)
+				expTitle := fmt.Sprintf("<b>Wrong Trust Boundary Content</b> (non-container asset inside container trust boundary) at <b>%s</b>", "Test Technical Asset")
+				assert.Equal(t, expTitle, risks[0].Title)
+			} else {
+				assert.Empty(t, risks)
+			}
+		})
+	}
+}