fix(bigquery_dataset_public_access): handle status correctly (#2542)

2026-02-10 14:55:00 +00:00 · 2023-07-03 13:01:51 +02:00
parent 6403feaff9
commit 6a2fb37615
2 changed files with 103 additions and 3 deletions
--- a/prowler/providers/gcp/services/bigquery/bigquery_dataset_public_access/bigquery_dataset_public_access.py
+++ b/prowler/providers/gcp/services/bigquery/bigquery_dataset_public_access/bigquery_dataset_public_access.py
@@ -12,11 +12,13 @@ class bigquery_dataset_public_access(Check):
            report.resource_name = dataset.name
            report.location = dataset.region
            report.status = "PASS"
-            report.status_extended = f"Dataset {dataset.name} is publicly accessible!"
-            if not dataset.public:
+            report.status_extended = (
+                f"Dataset {dataset.name} is not publicly accessible"
+            )
+            if dataset.public:
                report.status = "FAIL"
                report.status_extended = (
-                    f"Dataset {dataset.name} is not publicly accessible"
+                    f"Dataset {dataset.name} is publicly accessible!"
                )
            findings.append(report)

--- a/tests/providers/gcp/services/bigquery/bigquery_dataset_public_access/bigquery_dataset_public_access_test.py
+++ b/tests/providers/gcp/services/bigquery/bigquery_dataset_public_access/bigquery_dataset_public_access_test.py
@@ -0,0 +1,98 @@
+from re import search
+from unittest import mock
+
+GCP_PROJECT_ID = "123456789012"
+
+
+class Test_bigquery_dataset_public_access:
+    def test_bigquery_no_datasets(self):
+        bigquery_client = mock.MagicMock
+        bigquery_client.datasets = []
+
+        with mock.patch(
+            "prowler.providers.gcp.services.bigquery.bigquery_dataset_public_access.bigquery_dataset_public_access.bigquery_client",
+            new=bigquery_client,
+        ):
+            from prowler.providers.gcp.services.bigquery.bigquery_dataset_public_access.bigquery_dataset_public_access import (
+                bigquery_dataset_public_access,
+            )
+
+            check = bigquery_dataset_public_access()
+            result = check.execute()
+            assert len(result) == 0
+
+    def test_one_compliant_dataset(self):
+        from prowler.providers.gcp.services.bigquery.bigquery_service import Dataset
+
+        dataset = Dataset(
+            name="test",
+            id="1234567890",
+            region="us-central1",
+            cmk_encryption=False,
+            public=False,
+            project_id=GCP_PROJECT_ID,
+        )
+
+        bigquery_client = mock.MagicMock
+        bigquery_client.project_ids = [GCP_PROJECT_ID]
+        bigquery_client.datasets = [dataset]
+
+        with mock.patch(
+            "prowler.providers.gcp.services.bigquery.bigquery_dataset_public_access.bigquery_dataset_public_access.bigquery_client",
+            new=bigquery_client,
+        ):
+            from prowler.providers.gcp.services.bigquery.bigquery_dataset_public_access.bigquery_dataset_public_access import (
+                bigquery_dataset_public_access,
+            )
+
+            check = bigquery_dataset_public_access()
+            result = check.execute()
+
+            assert len(result) == 1
+            assert result[0].status == "PASS"
+            assert search(
+                f"Dataset {dataset.name} is not publicly accessible",
+                result[0].status_extended,
+            )
+            assert result[0].resource_id == dataset.id
+            assert result[0].resource_name == dataset.name
+            assert result[0].project_id == dataset.project_id
+            assert result[0].location == dataset.region
+
+    def test_one_non_compliant_dataset(self):
+        from prowler.providers.gcp.services.bigquery.bigquery_service import Dataset
+
+        dataset = Dataset(
+            name="test",
+            id="1234567890",
+            region="us-central1",
+            cmk_encryption=False,
+            public=True,
+            project_id=GCP_PROJECT_ID,
+        )
+
+        bigquery_client = mock.MagicMock
+        bigquery_client.project_ids = [GCP_PROJECT_ID]
+        bigquery_client.datasets = [dataset]
+
+        with mock.patch(
+            "prowler.providers.gcp.services.bigquery.bigquery_dataset_public_access.bigquery_dataset_public_access.bigquery_client",
+            new=bigquery_client,
+        ):
+            from prowler.providers.gcp.services.bigquery.bigquery_dataset_public_access.bigquery_dataset_public_access import (
+                bigquery_dataset_public_access,
+            )
+
+            check = bigquery_dataset_public_access()
+            result = check.execute()
+
+            assert len(result) == 1
+            assert result[0].status == "FAIL"
+            assert search(
+                f"Dataset {dataset.name} is publicly accessible!",
+                result[0].status_extended,
+            )
+            assert result[0].resource_id == dataset.id
+            assert result[0].resource_name == dataset.name
+            assert result[0].project_id == dataset.project_id
+            assert result[0].location == dataset.region