feat(Azure): Add 4 new checks related to SQLServer and Vulnerability Assessment (#3372)

tests/lib/check/check_test.py

@@ -129,6 +129,48 @@ expected_packages = [
         name="prowler.providers.azure.services.sqlserver.sqlserver_vulnerability_assessment_enabled.sqlserver_vulnerability_assessment_enabled",
         ispkg=False,
     ),
+    ModuleInfo(
+        module_finder=FileFinder(
+            "/root_dir/prowler/providers/azure/services/sqlserver"
+        ),
+        name="prowler.providers.azure.services.sqlserver.sqlserver_va_periodic_recurring_scans_enabled",
+        ispkg=True,
+    ),
+    ModuleInfo(
+        module_finder=FileFinder(
+            "/root_dir/prowler/providers/azure/services/sqlserver/sqlserver_va_periodic_recurring_scans_enabled"
+        ),
+        name="prowler.providers.azure.services.sqlserver.sqlserver_va_periodic_recurring_scans_enabled.sqlserver_va_periodic_recurring_scans_enabled",
+        ispkg=False,
+    ),
+    ModuleInfo(
+        module_finder=FileFinder(
+            "/root_dir/prowler/providers/azure/services/sqlserver"
+        ),
+        name="prowler.providers.azure.services.sqlserver.sqlserver_va_scan_reports_configured",
+        ispkg=True,
+    ),
+    ModuleInfo(
+        module_finder=FileFinder(
+            "/root_dir/prowler/providers/azure/services/sqlserver/sqlserver_va_scan_reports_configured"
+        ),
+        name="prowler.providers.azure.services.sqlserver.sqlserver_va_scan_reports_configured.sqlserver_va_scan_reports_configured",
+        ispkg=False,
+    ),
+    ModuleInfo(
+        module_finder=FileFinder(
+            "/root_dir/prowler/providers/azure/services/sqlserver"
+        ),
+        name="prowler.providers.azure.services.sqlserver.sqlserver_va_emails_notifications_admins_enabled",
+        ispkg=True,
+    ),
+    ModuleInfo(
+        module_finder=FileFinder(
+            "/root_dir/prowler/providers/azure/services/sqlserver/sqlserver_va_emails_notifications_admins_enabled"
+        ),
+        name="prowler.providers.azure.services.sqlserver.sqlserver_va_emails_notifications_admins_enabled.sqlserver_va_emails_notifications_admins_enabled",
+        ispkg=False,
+    ),
 ]
 
 
@@ -236,6 +278,48 @@ def mock_list_modules(*_):
             name="prowler.providers.azure.services.sqlserver.sqlserver_vulnerability_assessment_enabled.sqlserver_vulnerability_assessment_enabled",
             ispkg=False,
         ),
+        ModuleInfo(
+            module_finder=FileFinder(
+                "/root_dir/prowler/providers/azure/services/sqlserver"
+            ),
+            name="prowler.providers.azure.services.sqlserver.sqlserver_va_periodic_recurring_scans_enabled",
+            ispkg=True,
+        ),
+        ModuleInfo(
+            module_finder=FileFinder(
+                "/root_dir/prowler/providers/azure/services/sqlserver/sqlserver_va_periodic_recurring_scans_enabled"
+            ),
+            name="prowler.providers.azure.services.sqlserver.sqlserver_va_periodic_recurring_scans_enabled.sqlserver_va_periodic_recurring_scans_enabled",
+            ispkg=False,
+        ),
+        ModuleInfo(
+            module_finder=FileFinder(
+                "/root_dir/prowler/providers/azure/services/sqlserver"
+            ),
+            name="prowler.providers.azure.services.sqlserver.sqlserver_va_scan_reports_configured",
+            ispkg=True,
+        ),
+        ModuleInfo(
+            module_finder=FileFinder(
+                "/root_dir/prowler/providers/azure/services/sqlserver/sqlserver_va_scan_reports_configured"
+            ),
+            name="prowler.providers.azure.services.sqlserver.sqlserver_va_scan_reports_configured.sqlserver_va_scan_reports_configured",
+            ispkg=False,
+        ),
+        ModuleInfo(
+            module_finder=FileFinder(
+                "/root_dir/prowler/providers/azure/services/sqlserver"
+            ),
+            name="prowler.providers.azure.services.sqlserver.sqlserver_va_emails_notifications_admins_enabled",
+            ispkg=True,
+        ),
+        ModuleInfo(
+            module_finder=FileFinder(
+                "/root_dir/prowler/providers/azure/services/sqlserver/sqlserver_va_emails_notifications_admins_enabled"
+            ),
+            name="prowler.providers.azure.services.sqlserver.sqlserver_va_emails_notifications_admins_enabled.sqlserver_va_emails_notifications_admins_enabled",
+            ispkg=False,
+        ),
     ]
     return modules
 
@@ -633,6 +717,18 @@ class Test_Check:
                 "sqlserver_vulnerability_assessment_enabled",
                 "/root_dir/prowler/providers/azure/services/sqlserver/sqlserver_vulnerability_assessment_enabled",
             ),
+            (
+                "sqlserver_va_periodic_recurring_scans_enabled",
+                "/root_dir/prowler/providers/azure/services/sqlserver/sqlserver_va_periodic_recurring_scans_enabled",
+            ),
+            (
+                "sqlserver_va_scan_reports_configured",
+                "/root_dir/prowler/providers/azure/services/sqlserver/sqlserver_va_scan_reports_configured",
+            ),
+            (
+                "sqlserver_va_emails_notifications_admins_enabled",
+                "/root_dir/prowler/providers/azure/services/sqlserver/sqlserver_va_emails_notifications_admins_enabled",
+            ),
         ]
         returned_checks = recover_checks_from_provider(provider, service)
         assert returned_checks == expected_checks

tests/providers/azure/services/sqlserver/sqlserver_microsoft_defender_enabled/sqlserver_microsoft_defender_enabled_test.py

@@ -0,0 +1,135 @@
+from unittest import mock
+from uuid import uuid4
+
+from azure.mgmt.sql.models import ServerSecurityAlertPolicy
+
+from prowler.providers.azure.services.sqlserver.sqlserver_service import Server
+
+AZURE_SUBSCRIPTION = str(uuid4())
+
+
+class Test_sqlserver_microsoft_defender_enabled:
+    def test_no_sql_servers(self):
+        sqlserver_client = mock.MagicMock
+        sqlserver_client.sql_servers = {}
+
+        with mock.patch(
+            "prowler.providers.azure.services.sqlserver.sqlserver_microsoft_defender_enabled.sqlserver_microsoft_defender_enabled.sqlserver_client",
+            new=sqlserver_client,
+        ):
+            from prowler.providers.azure.services.sqlserver.sqlserver_microsoft_defender_enabled.sqlserver_microsoft_defender_enabled import (
+                sqlserver_microsoft_defender_enabled,
+            )
+
+            check = sqlserver_microsoft_defender_enabled()
+            result = check.execute()
+            assert len(result) == 0
+
+    def test_sql_servers_no_security_alert_policies(self):
+        sqlserver_client = mock.MagicMock
+        sql_server_name = "SQL Server Name"
+        sql_server_id = str(uuid4())
+        sqlserver_client.sql_servers = {
+            AZURE_SUBSCRIPTION: [
+                Server(
+                    id=sql_server_id,
+                    name=sql_server_name,
+                    public_network_access="",
+                    minimal_tls_version="",
+                    administrators=None,
+                    auditing_policies=[],
+                    firewall_rules=None,
+                    security_alert_policies=None,
+                )
+            ]
+        }
+
+        with mock.patch(
+            "prowler.providers.azure.services.sqlserver.sqlserver_microsoft_defender_enabled.sqlserver_microsoft_defender_enabled.sqlserver_client",
+            new=sqlserver_client,
+        ):
+            from prowler.providers.azure.services.sqlserver.sqlserver_microsoft_defender_enabled.sqlserver_microsoft_defender_enabled import (
+                sqlserver_microsoft_defender_enabled,
+            )
+
+            check = sqlserver_microsoft_defender_enabled()
+            result = check.execute()
+            assert len(result) == 0
+
+    def test_sql_servers_microsoft_defender_disabled(self):
+        sqlserver_client = mock.MagicMock
+        sql_server_name = "SQL Server Name"
+        sql_server_id = str(uuid4())
+        sqlserver_client.sql_servers = {
+            AZURE_SUBSCRIPTION: [
+                Server(
+                    id=sql_server_id,
+                    name=sql_server_name,
+                    public_network_access="",
+                    minimal_tls_version="",
+                    administrators=None,
+                    auditing_policies=[],
+                    firewall_rules=None,
+                    security_alert_policies=ServerSecurityAlertPolicy(state="Disabled"),
+                )
+            ]
+        }
+
+        with mock.patch(
+            "prowler.providers.azure.services.sqlserver.sqlserver_microsoft_defender_enabled.sqlserver_microsoft_defender_enabled.sqlserver_client",
+            new=sqlserver_client,
+        ):
+            from prowler.providers.azure.services.sqlserver.sqlserver_microsoft_defender_enabled.sqlserver_microsoft_defender_enabled import (
+                sqlserver_microsoft_defender_enabled,
+            )
+
+            check = sqlserver_microsoft_defender_enabled()
+            result = check.execute()
+            assert len(result) == 1
+            assert result[0].status == "FAIL"
+            assert (
+                result[0].status_extended
+                == f"SQL Server {sql_server_name} from subscription {AZURE_SUBSCRIPTION} has microsoft defender disabled."
+            )
+            assert result[0].subscription == AZURE_SUBSCRIPTION
+            assert result[0].resource_name == sql_server_name
+            assert result[0].resource_id == sql_server_id
+
+    def test_sql_servers_microsoft_defender_enabled(self):
+        sqlserver_client = mock.MagicMock
+        sql_server_name = "SQL Server Name"
+        sql_server_id = str(uuid4())
+        sqlserver_client.sql_servers = {
+            AZURE_SUBSCRIPTION: [
+                Server(
+                    id=sql_server_id,
+                    name=sql_server_name,
+                    public_network_access="",
+                    minimal_tls_version="",
+                    administrators=None,
+                    auditing_policies=[],
+                    firewall_rules=None,
+                    security_alert_policies=ServerSecurityAlertPolicy(state="Enabled"),
+                )
+            ]
+        }
+
+        with mock.patch(
+            "prowler.providers.azure.services.sqlserver.sqlserver_microsoft_defender_enabled.sqlserver_microsoft_defender_enabled.sqlserver_client",
+            new=sqlserver_client,
+        ):
+            from prowler.providers.azure.services.sqlserver.sqlserver_microsoft_defender_enabled.sqlserver_microsoft_defender_enabled import (
+                sqlserver_microsoft_defender_enabled,
+            )
+
+            check = sqlserver_microsoft_defender_enabled()
+            result = check.execute()
+            assert len(result) == 1
+            assert result[0].status == "PASS"
+            assert (
+                result[0].status_extended
+                == f"SQL Server {sql_server_name} from subscription {AZURE_SUBSCRIPTION} has microsoft defender enabled."
+            )
+            assert result[0].subscription == AZURE_SUBSCRIPTION
+            assert result[0].resource_name == sql_server_name
+            assert result[0].resource_id == sql_server_id

tests/providers/azure/services/sqlserver/sqlserver_service_test.py

@@ -2,6 +2,9 @@ from unittest.mock import patch
 
 from azure.mgmt.sql.models import (
     EncryptionProtector,
+    FirewallRule,
+    ServerBlobAuditingPolicy,
+    ServerSecurityAlertPolicy,
     ServerVulnerabilityAssessment,
     TransparentDataEncryption,
 )
@@ -34,8 +37,8 @@ def mock_sqlserver_get_sql_servers(_):
                 public_network_access="public_network_access",
                 minimal_tls_version="minimal_tls_version",
                 administrators=None,
-                auditing_policies=None,
-                firewall_rules=None,
+                auditing_policies=ServerBlobAuditingPolicy(state="Disabled"),
+                firewall_rules=FirewallRule(name="name"),
                 encryption_protector=EncryptionProtector(
                     server_key_type="AzureKeyVault"
                 ),
@@ -43,6 +46,7 @@ def mock_sqlserver_get_sql_servers(_):
                 vulnerability_assessment=ServerVulnerabilityAssessment(
                     storage_container_path="/subcription_id/resource_group/sql_server"
                 ),
+                security_alert_policies=ServerSecurityAlertPolicy(state="Disabled"),
             )
         ]
     }
@@ -84,8 +88,18 @@ class Test_SqlServer_Service:
             == "minimal_tls_version"
         )
         assert sql_server.sql_servers[AZURE_SUBSCRIPTION][0].administrators is None
-        assert sql_server.sql_servers[AZURE_SUBSCRIPTION][0].auditing_policies is None
-        assert sql_server.sql_servers[AZURE_SUBSCRIPTION][0].firewall_rules is None
+        assert (
+            sql_server.sql_servers[AZURE_SUBSCRIPTION][
+                0
+            ].auditing_policies.__class__.__name__
+            == "ServerBlobAuditingPolicy"
+        )
+        assert (
+            sql_server.sql_servers[AZURE_SUBSCRIPTION][
+                0
+            ].firewall_rules.__class__.__name__
+            == "FirewallRule"
+        )
         assert (
             sql_server.sql_servers[AZURE_SUBSCRIPTION][
                 0
@@ -176,3 +190,49 @@ class Test_SqlServer_Service:
             ].vulnerability_assessment.storage_container_path
             == storage_container_path
         )
+
+    def test__get_server_blob_auditing_policies__(self):
+        sql_server = SQLServer(set_mocked_azure_audit_info())
+        auditing_policies = ServerBlobAuditingPolicy(state="Disabled")
+        assert (
+            sql_server.sql_servers[AZURE_SUBSCRIPTION][
+                0
+            ].auditing_policies.__class__.__name__
+            == "ServerBlobAuditingPolicy"
+        )
+        assert (
+            sql_server.sql_servers[AZURE_SUBSCRIPTION][0].auditing_policies
+            == auditing_policies
+        )
+
+    def test__get_firewall_rules__(self):
+        sql_server = SQLServer(set_mocked_azure_audit_info())
+        firewall_rules = FirewallRule(name="name")
+        assert (
+            sql_server.sql_servers[AZURE_SUBSCRIPTION][
+                0
+            ].firewall_rules.__class__.__name__
+            == "FirewallRule"
+        )
+        assert (
+            sql_server.sql_servers[AZURE_SUBSCRIPTION][0].firewall_rules
+            == firewall_rules
+        )
+
+    def test__get_server_security_alert_policies__(self):
+        sql_server = SQLServer(set_mocked_azure_audit_info())
+        security_alert_policies = ServerSecurityAlertPolicy(state="Disabled")
+        assert (
+            sql_server.sql_servers[AZURE_SUBSCRIPTION][
+                0
+            ].security_alert_policies.__class__.__name__
+            == "ServerSecurityAlertPolicy"
+        )
+        assert (
+            sql_server.sql_servers[AZURE_SUBSCRIPTION][0].security_alert_policies
+            == security_alert_policies
+        )
+        assert (
+            sql_server.sql_servers[AZURE_SUBSCRIPTION][0].security_alert_policies.state
+            == "Disabled"
+        )

tests/providers/azure/services/sqlserver/sqlserver_va_emails_notifications_admins_enabled/sqlserver_va_emails_notifications_admins_enabled_test.py

@@ -0,0 +1,208 @@
+from unittest import mock
+from uuid import uuid4
+
+from azure.mgmt.sql.models import (
+    ServerVulnerabilityAssessment,
+    VulnerabilityAssessmentRecurringScansProperties,
+)
+
+from prowler.providers.azure.services.sqlserver.sqlserver_service import Server
+
+AZURE_SUBSCRIPTION = str(uuid4())
+
+
+class Test_sqlserver_va_emails_notifications_admins_enabled:
+    def test_no_sql_servers(self):
+        sqlserver_client = mock.MagicMock
+        sqlserver_client.sql_servers = {}
+
+        with mock.patch(
+            "prowler.providers.azure.services.sqlserver.sqlserver_va_emails_notifications_admins_enabled.sqlserver_va_emails_notifications_admins_enabled.sqlserver_client",
+            new=sqlserver_client,
+        ):
+            from prowler.providers.azure.services.sqlserver.sqlserver_va_emails_notifications_admins_enabled.sqlserver_va_emails_notifications_admins_enabled import (
+                sqlserver_va_emails_notifications_admins_enabled,
+            )
+
+            check = sqlserver_va_emails_notifications_admins_enabled()
+            result = check.execute()
+            assert len(result) == 0
+
+    def test_sql_servers_no_vulnerability_assessment(self):
+        sqlserver_client = mock.MagicMock
+        sql_server_name = "SQL Server Name"
+        sql_server_id = str(uuid4())
+        sqlserver_client.sql_servers = {
+            AZURE_SUBSCRIPTION: [
+                Server(
+                    id=sql_server_id,
+                    name=sql_server_name,
+                    public_network_access="",
+                    minimal_tls_version="",
+                    administrators=None,
+                    auditing_policies=None,
+                    firewall_rules=None,
+                    databases=None,
+                    encryption_protector=None,
+                    vulnerability_assessment=None,
+                )
+            ]
+        }
+
+        with mock.patch(
+            "prowler.providers.azure.services.sqlserver.sqlserver_va_emails_notifications_admins_enabled.sqlserver_va_emails_notifications_admins_enabled.sqlserver_client",
+            new=sqlserver_client,
+        ):
+            from prowler.providers.azure.services.sqlserver.sqlserver_va_emails_notifications_admins_enabled.sqlserver_va_emails_notifications_admins_enabled import (
+                sqlserver_va_emails_notifications_admins_enabled,
+            )
+
+            check = sqlserver_va_emails_notifications_admins_enabled()
+            result = check.execute()
+            assert len(result) == 1
+            assert result[0].status == "FAIL"
+            assert (
+                result[0].status_extended
+                == f"SQL Server {sql_server_name} from subscription {AZURE_SUBSCRIPTION} has vulnerability assessment disabled."
+            )
+            assert result[0].subscription == AZURE_SUBSCRIPTION
+            assert result[0].resource_name == sql_server_name
+            assert result[0].resource_id == sql_server_id
+
+    def test_sql_servers_no_vulnerability_assessment_no_admin_emails(self):
+        sqlserver_client = mock.MagicMock
+        sql_server_name = "SQL Server Name"
+        sql_server_id = str(uuid4())
+        sqlserver_client.sql_servers = {
+            AZURE_SUBSCRIPTION: [
+                Server(
+                    id=sql_server_id,
+                    name=sql_server_name,
+                    public_network_access="",
+                    minimal_tls_version="",
+                    administrators=None,
+                    auditing_policies=None,
+                    firewall_rules=None,
+                    databases=None,
+                    encryption_protector=None,
+                    vulnerability_assessment=ServerVulnerabilityAssessment(
+                        storage_container_path="/subcription_id/resource_group/sql_server",
+                        recurring_scans=VulnerabilityAssessmentRecurringScansProperties(
+                            email_subscription_admins=None
+                        ),
+                    ),
+                )
+            ]
+        }
+
+        with mock.patch(
+            "prowler.providers.azure.services.sqlserver.sqlserver_va_emails_notifications_admins_enabled.sqlserver_va_emails_notifications_admins_enabled.sqlserver_client",
+            new=sqlserver_client,
+        ):
+            from prowler.providers.azure.services.sqlserver.sqlserver_va_emails_notifications_admins_enabled.sqlserver_va_emails_notifications_admins_enabled import (
+                sqlserver_va_emails_notifications_admins_enabled,
+            )
+
+            check = sqlserver_va_emails_notifications_admins_enabled()
+            result = check.execute()
+            assert len(result) == 1
+            assert result[0].status == "FAIL"
+            assert (
+                result[0].status_extended
+                == f"SQL Server {sql_server_name} from subscription {AZURE_SUBSCRIPTION} has vulnerability assessment enabled but no scan reports configured for subscription admins."
+            )
+            assert result[0].subscription == AZURE_SUBSCRIPTION
+            assert result[0].resource_name == sql_server_name
+            assert result[0].resource_id == sql_server_id
+
+    def test_sql_servers_vulnerability_assessment_admin_emails_false(self):
+        sqlserver_client = mock.MagicMock
+        sql_server_name = "SQL Server Name"
+        sql_server_id = str(uuid4())
+        sqlserver_client.sql_servers = {
+            AZURE_SUBSCRIPTION: [
+                Server(
+                    id=sql_server_id,
+                    name=sql_server_name,
+                    public_network_access="",
+                    minimal_tls_version="",
+                    administrators=None,
+                    auditing_policies=None,
+                    firewall_rules=None,
+                    databases=None,
+                    encryption_protector=None,
+                    vulnerability_assessment=ServerVulnerabilityAssessment(
+                        storage_container_path="/subcription_id/resource_group/sql_server",
+                        recurring_scans=VulnerabilityAssessmentRecurringScansProperties(
+                            email_subscription_admins=False
+                        ),
+                    ),
+                )
+            ]
+        }
+
+        with mock.patch(
+            "prowler.providers.azure.services.sqlserver.sqlserver_va_emails_notifications_admins_enabled.sqlserver_va_emails_notifications_admins_enabled.sqlserver_client",
+            new=sqlserver_client,
+        ):
+            from prowler.providers.azure.services.sqlserver.sqlserver_va_emails_notifications_admins_enabled.sqlserver_va_emails_notifications_admins_enabled import (
+                sqlserver_va_emails_notifications_admins_enabled,
+            )
+
+            check = sqlserver_va_emails_notifications_admins_enabled()
+            result = check.execute()
+            assert len(result) == 1
+            assert result[0].status == "FAIL"
+            assert (
+                result[0].status_extended
+                == f"SQL Server {sql_server_name} from subscription {AZURE_SUBSCRIPTION} has vulnerability assessment enabled but no scan reports configured for subscription admins."
+            )
+            assert result[0].subscription == AZURE_SUBSCRIPTION
+            assert result[0].resource_name == sql_server_name
+            assert result[0].resource_id == sql_server_id
+
+    def test_sql_servers_vulnerability_assessment_no_email_subscription_admins(self):
+        sqlserver_client = mock.MagicMock
+        sql_server_name = "SQL Server Name"
+        sql_server_id = str(uuid4())
+        sqlserver_client.sql_servers = {
+            AZURE_SUBSCRIPTION: [
+                Server(
+                    id=sql_server_id,
+                    name=sql_server_name,
+                    public_network_access="",
+                    minimal_tls_version="",
+                    administrators=None,
+                    auditing_policies=None,
+                    firewall_rules=None,
+                    databases=None,
+                    encryption_protector=None,
+                    vulnerability_assessment=ServerVulnerabilityAssessment(
+                        storage_container_path="/subcription_id/resource_group/sql_server",
+                        recurring_scans=VulnerabilityAssessmentRecurringScansProperties(
+                            email_subscription_admins=True
+                        ),
+                    ),
+                )
+            ]
+        }
+
+        with mock.patch(
+            "prowler.providers.azure.services.sqlserver.sqlserver_va_emails_notifications_admins_enabled.sqlserver_va_emails_notifications_admins_enabled.sqlserver_client",
+            new=sqlserver_client,
+        ):
+            from prowler.providers.azure.services.sqlserver.sqlserver_va_emails_notifications_admins_enabled.sqlserver_va_emails_notifications_admins_enabled import (
+                sqlserver_va_emails_notifications_admins_enabled,
+            )
+
+            check = sqlserver_va_emails_notifications_admins_enabled()
+            result = check.execute()
+            assert len(result) == 1
+            assert result[0].status == "PASS"
+            assert (
+                result[0].status_extended
+                == f"SQL Server {sql_server_name} from subscription {AZURE_SUBSCRIPTION} has vulnerability assessment enabled and scan reports configured for subscription admins."
+            )
+            assert result[0].subscription == AZURE_SUBSCRIPTION
+            assert result[0].resource_name == sql_server_name
+            assert result[0].resource_id == sql_server_id

tests/providers/azure/services/sqlserver/sqlserver_va_periodic_recurring_scans_enabled/sqlserver_va_periodic_recurring_scans_enabled_test.py

@@ -0,0 +1,205 @@
+from unittest import mock
+from uuid import uuid4
+
+from azure.mgmt.sql.models import (
+    ServerVulnerabilityAssessment,
+    VulnerabilityAssessmentRecurringScansProperties,
+)
+
+from prowler.providers.azure.services.sqlserver.sqlserver_service import Server
+
+AZURE_SUBSCRIPTION = str(uuid4())
+
+
+class Test_sqlserver_va_periodic_recurring_scans_enabled:
+    def test_no_sql_servers(self):
+        sqlserver_client = mock.MagicMock
+        sqlserver_client.sql_servers = {}
+
+        with mock.patch(
+            "prowler.providers.azure.services.sqlserver.sqlserver_va_periodic_recurring_scans_enabled.sqlserver_va_periodic_recurring_scans_enabled.sqlserver_client",
+            new=sqlserver_client,
+        ):
+            from prowler.providers.azure.services.sqlserver.sqlserver_va_periodic_recurring_scans_enabled.sqlserver_va_periodic_recurring_scans_enabled import (
+                sqlserver_va_periodic_recurring_scans_enabled,
+            )
+
+            check = sqlserver_va_periodic_recurring_scans_enabled()
+            result = check.execute()
+            assert len(result) == 0
+
+    def test_sql_servers_no_vulnerability_assessment(self):
+        sqlserver_client = mock.MagicMock
+        sql_server_name = "SQL Server Name"
+        sql_server_id = str(uuid4())
+        sqlserver_client.sql_servers = {
+            AZURE_SUBSCRIPTION: [
+                Server(
+                    id=sql_server_id,
+                    name=sql_server_name,
+                    public_network_access="",
+                    minimal_tls_version="",
+                    administrators=None,
+                    auditing_policies=None,
+                    firewall_rules=None,
+                    databases=None,
+                    encryption_protector=None,
+                    vulnerability_assessment=None,
+                )
+            ]
+        }
+
+        with mock.patch(
+            "prowler.providers.azure.services.sqlserver.sqlserver_va_periodic_recurring_scans_enabled.sqlserver_va_periodic_recurring_scans_enabled.sqlserver_client",
+            new=sqlserver_client,
+        ):
+            from prowler.providers.azure.services.sqlserver.sqlserver_va_periodic_recurring_scans_enabled.sqlserver_va_periodic_recurring_scans_enabled import (
+                sqlserver_va_periodic_recurring_scans_enabled,
+            )
+
+            check = sqlserver_va_periodic_recurring_scans_enabled()
+            result = check.execute()
+            assert len(result) == 1
+            assert result[0].status == "FAIL"
+            assert (
+                result[0].status_extended
+                == f"SQL Server {sql_server_name} from subscription {AZURE_SUBSCRIPTION} has vulnerability assessment disabled."
+            )
+            assert result[0].subscription == AZURE_SUBSCRIPTION
+            assert result[0].resource_name == sql_server_name
+            assert result[0].resource_id == sql_server_id
+
+    def test_sql_servers_no_vulnerability_assessment_storage_container_path(self):
+        sqlserver_client = mock.MagicMock
+        sql_server_name = "SQL Server Name"
+        sql_server_id = str(uuid4())
+        sqlserver_client.sql_servers = {
+            AZURE_SUBSCRIPTION: [
+                Server(
+                    id=sql_server_id,
+                    name=sql_server_name,
+                    public_network_access="",
+                    minimal_tls_version="",
+                    administrators=None,
+                    auditing_policies=None,
+                    firewall_rules=None,
+                    databases=None,
+                    encryption_protector=None,
+                    vulnerability_assessment=ServerVulnerabilityAssessment(
+                        storage_container_path=None
+                    ),
+                )
+            ]
+        }
+
+        with mock.patch(
+            "prowler.providers.azure.services.sqlserver.sqlserver_va_periodic_recurring_scans_enabled.sqlserver_va_periodic_recurring_scans_enabled.sqlserver_client",
+            new=sqlserver_client,
+        ):
+            from prowler.providers.azure.services.sqlserver.sqlserver_va_periodic_recurring_scans_enabled.sqlserver_va_periodic_recurring_scans_enabled import (
+                sqlserver_va_periodic_recurring_scans_enabled,
+            )
+
+            check = sqlserver_va_periodic_recurring_scans_enabled()
+            result = check.execute()
+            assert len(result) == 1
+            assert result[0].status == "FAIL"
+            assert (
+                result[0].status_extended
+                == f"SQL Server {sql_server_name} from subscription {AZURE_SUBSCRIPTION} has vulnerability assessment disabled."
+            )
+            assert result[0].subscription == AZURE_SUBSCRIPTION
+            assert result[0].resource_name == sql_server_name
+            assert result[0].resource_id == sql_server_id
+
+    def test_sql_servers_vulnerability_assessment_recuring_scans_disabled(self):
+        sqlserver_client = mock.MagicMock
+        sql_server_name = "SQL Server Name"
+        sql_server_id = str(uuid4())
+        sqlserver_client.sql_servers = {
+            AZURE_SUBSCRIPTION: [
+                Server(
+                    id=sql_server_id,
+                    name=sql_server_name,
+                    public_network_access="",
+                    minimal_tls_version="",
+                    administrators=None,
+                    auditing_policies=None,
+                    firewall_rules=None,
+                    databases=None,
+                    encryption_protector=None,
+                    vulnerability_assessment=ServerVulnerabilityAssessment(
+                        storage_container_path="/subcription_id/resource_group/sql_server",
+                        recurring_scans=VulnerabilityAssessmentRecurringScansProperties(
+                            is_enabled=False
+                        ),
+                    ),
+                )
+            ]
+        }
+
+        with mock.patch(
+            "prowler.providers.azure.services.sqlserver.sqlserver_va_periodic_recurring_scans_enabled.sqlserver_va_periodic_recurring_scans_enabled.sqlserver_client",
+            new=sqlserver_client,
+        ):
+            from prowler.providers.azure.services.sqlserver.sqlserver_va_periodic_recurring_scans_enabled.sqlserver_va_periodic_recurring_scans_enabled import (
+                sqlserver_va_periodic_recurring_scans_enabled,
+            )
+
+            check = sqlserver_va_periodic_recurring_scans_enabled()
+            result = check.execute()
+            assert len(result) == 1
+            assert result[0].status == "FAIL"
+            assert (
+                result[0].status_extended
+                == f"SQL Server {sql_server_name} from subscription {AZURE_SUBSCRIPTION} has vulnerability assessment enabled but no recurring scans."
+            )
+            assert result[0].subscription == AZURE_SUBSCRIPTION
+            assert result[0].resource_name == sql_server_name
+            assert result[0].resource_id == sql_server_id
+
+    def test_sql_servers_vulnerability_assessment_recuring_scans_enabled(self):
+        sqlserver_client = mock.MagicMock
+        sql_server_name = "SQL Server Name"
+        sql_server_id = str(uuid4())
+        sqlserver_client.sql_servers = {
+            AZURE_SUBSCRIPTION: [
+                Server(
+                    id=sql_server_id,
+                    name=sql_server_name,
+                    public_network_access="",
+                    minimal_tls_version="",
+                    administrators=None,
+                    auditing_policies=None,
+                    firewall_rules=None,
+                    databases=None,
+                    encryption_protector=None,
+                    vulnerability_assessment=ServerVulnerabilityAssessment(
+                        storage_container_path="/subcription_id/resource_group/sql_server",
+                        recurring_scans=VulnerabilityAssessmentRecurringScansProperties(
+                            is_enabled=True
+                        ),
+                    ),
+                )
+            ]
+        }
+
+        with mock.patch(
+            "prowler.providers.azure.services.sqlserver.sqlserver_va_periodic_recurring_scans_enabled.sqlserver_va_periodic_recurring_scans_enabled.sqlserver_client",
+            new=sqlserver_client,
+        ):
+            from prowler.providers.azure.services.sqlserver.sqlserver_va_periodic_recurring_scans_enabled.sqlserver_va_periodic_recurring_scans_enabled import (
+                sqlserver_va_periodic_recurring_scans_enabled,
+            )
+
+            check = sqlserver_va_periodic_recurring_scans_enabled()
+            result = check.execute()
+            assert len(result) == 1
+            assert result[0].status == "PASS"
+            assert (
+                result[0].status_extended
+                == f"SQL Server {sql_server_name} from subscription {AZURE_SUBSCRIPTION} has periodic recurring scans enabled."
+            )
+            assert result[0].subscription == AZURE_SUBSCRIPTION
+            assert result[0].resource_name == sql_server_name
+            assert result[0].resource_id == sql_server_id

tests/providers/azure/services/sqlserver/sqlserver_va_scan_reports_configured/sqlserver_va_scan_reports_configured_test.py

@@ -0,0 +1,254 @@
+from unittest import mock
+from uuid import uuid4
+
+from azure.mgmt.sql.models import (
+    ServerVulnerabilityAssessment,
+    VulnerabilityAssessmentRecurringScansProperties,
+)
+
+from prowler.providers.azure.services.sqlserver.sqlserver_service import Server
+
+AZURE_SUBSCRIPTION = str(uuid4())
+
+
+class Test_sqlserver_va_scan_reports_configured:
+    def test_no_sql_servers(self):
+        sqlserver_client = mock.MagicMock
+        sqlserver_client.sql_servers = {}
+
+        with mock.patch(
+            "prowler.providers.azure.services.sqlserver.sqlserver_va_scan_reports_configured.sqlserver_va_scan_reports_configured.sqlserver_client",
+            new=sqlserver_client,
+        ):
+            from prowler.providers.azure.services.sqlserver.sqlserver_va_scan_reports_configured.sqlserver_va_scan_reports_configured import (
+                sqlserver_va_scan_reports_configured,
+            )
+
+            check = sqlserver_va_scan_reports_configured()
+            result = check.execute()
+            assert len(result) == 0
+
+    def test_sql_servers_no_vulnerability_assessment(self):
+        sqlserver_client = mock.MagicMock
+        sql_server_name = "SQL Server Name"
+        sql_server_id = str(uuid4())
+        sqlserver_client.sql_servers = {
+            AZURE_SUBSCRIPTION: [
+                Server(
+                    id=sql_server_id,
+                    name=sql_server_name,
+                    public_network_access="",
+                    minimal_tls_version="",
+                    administrators=None,
+                    auditing_policies=None,
+                    firewall_rules=None,
+                    databases=None,
+                    encryption_protector=None,
+                    vulnerability_assessment=None,
+                )
+            ]
+        }
+
+        with mock.patch(
+            "prowler.providers.azure.services.sqlserver.sqlserver_va_scan_reports_configured.sqlserver_va_scan_reports_configured.sqlserver_client",
+            new=sqlserver_client,
+        ):
+            from prowler.providers.azure.services.sqlserver.sqlserver_va_scan_reports_configured.sqlserver_va_scan_reports_configured import (
+                sqlserver_va_scan_reports_configured,
+            )
+
+            check = sqlserver_va_scan_reports_configured()
+            result = check.execute()
+            assert len(result) == 1
+            assert result[0].status == "FAIL"
+            assert (
+                result[0].status_extended
+                == f"SQL Server {sql_server_name} from subscription {AZURE_SUBSCRIPTION} has vulnerability assessment disabled."
+            )
+            assert result[0].subscription == AZURE_SUBSCRIPTION
+            assert result[0].resource_name == sql_server_name
+            assert result[0].resource_id == sql_server_id
+
+    def test_sql_servers_no_vulnerability_assessment_emails(self):
+        sqlserver_client = mock.MagicMock
+        sql_server_name = "SQL Server Name"
+        sql_server_id = str(uuid4())
+        sqlserver_client.sql_servers = {
+            AZURE_SUBSCRIPTION: [
+                Server(
+                    id=sql_server_id,
+                    name=sql_server_name,
+                    public_network_access="",
+                    minimal_tls_version="",
+                    administrators=None,
+                    auditing_policies=None,
+                    firewall_rules=None,
+                    databases=None,
+                    encryption_protector=None,
+                    vulnerability_assessment=ServerVulnerabilityAssessment(
+                        storage_container_path="/subcription_id/resource_group/sql_server",
+                        recurring_scans=VulnerabilityAssessmentRecurringScansProperties(
+                            emails=None, email_subscription_admins=False
+                        ),
+                    ),
+                )
+            ]
+        }
+
+        with mock.patch(
+            "prowler.providers.azure.services.sqlserver.sqlserver_va_scan_reports_configured.sqlserver_va_scan_reports_configured.sqlserver_client",
+            new=sqlserver_client,
+        ):
+            from prowler.providers.azure.services.sqlserver.sqlserver_va_scan_reports_configured.sqlserver_va_scan_reports_configured import (
+                sqlserver_va_scan_reports_configured,
+            )
+
+            check = sqlserver_va_scan_reports_configured()
+            result = check.execute()
+            assert len(result) == 1
+            assert result[0].status == "FAIL"
+            assert (
+                result[0].status_extended
+                == f"SQL Server {sql_server_name} from subscription {AZURE_SUBSCRIPTION} has vulnerability assessment enabled but no scan reports configured."
+            )
+            assert result[0].subscription == AZURE_SUBSCRIPTION
+            assert result[0].resource_name == sql_server_name
+            assert result[0].resource_id == sql_server_id
+
+    def test_sql_servers_vulnerability_assessment_emails_none(self):
+        sqlserver_client = mock.MagicMock
+        sql_server_name = "SQL Server Name"
+        sql_server_id = str(uuid4())
+        sqlserver_client.sql_servers = {
+            AZURE_SUBSCRIPTION: [
+                Server(
+                    id=sql_server_id,
+                    name=sql_server_name,
+                    public_network_access="",
+                    minimal_tls_version="",
+                    administrators=None,
+                    auditing_policies=None,
+                    firewall_rules=None,
+                    databases=None,
+                    encryption_protector=None,
+                    vulnerability_assessment=ServerVulnerabilityAssessment(
+                        storage_container_path="/subcription_id/resource_group/sql_server",
+                        recurring_scans=VulnerabilityAssessmentRecurringScansProperties(
+                            emails=None, email_subscription_admins=True
+                        ),
+                    ),
+                )
+            ]
+        }
+
+        with mock.patch(
+            "prowler.providers.azure.services.sqlserver.sqlserver_va_scan_reports_configured.sqlserver_va_scan_reports_configured.sqlserver_client",
+            new=sqlserver_client,
+        ):
+            from prowler.providers.azure.services.sqlserver.sqlserver_va_scan_reports_configured.sqlserver_va_scan_reports_configured import (
+                sqlserver_va_scan_reports_configured,
+            )
+
+            check = sqlserver_va_scan_reports_configured()
+            result = check.execute()
+            assert len(result) == 1
+            assert result[0].status == "PASS"
+            assert (
+                result[0].status_extended
+                == f"SQL Server {sql_server_name} from subscription {AZURE_SUBSCRIPTION} has vulnerability assessment enabled and scan reports configured."
+            )
+            assert result[0].subscription == AZURE_SUBSCRIPTION
+            assert result[0].resource_name == sql_server_name
+            assert result[0].resource_id == sql_server_id
+
+    def test_sql_servers_vulnerability_assessment_no_email_subscription_admins(self):
+        sqlserver_client = mock.MagicMock
+        sql_server_name = "SQL Server Name"
+        sql_server_id = str(uuid4())
+        sqlserver_client.sql_servers = {
+            AZURE_SUBSCRIPTION: [
+                Server(
+                    id=sql_server_id,
+                    name=sql_server_name,
+                    public_network_access="",
+                    minimal_tls_version="",
+                    administrators=None,
+                    auditing_policies=None,
+                    firewall_rules=None,
+                    databases=None,
+                    encryption_protector=None,
+                    vulnerability_assessment=ServerVulnerabilityAssessment(
+                        storage_container_path="/subcription_id/resource_group/sql_server",
+                        recurring_scans=VulnerabilityAssessmentRecurringScansProperties(
+                            emails=["email@email.com"], email_subscription_admins=False
+                        ),
+                    ),
+                )
+            ]
+        }
+
+        with mock.patch(
+            "prowler.providers.azure.services.sqlserver.sqlserver_va_scan_reports_configured.sqlserver_va_scan_reports_configured.sqlserver_client",
+            new=sqlserver_client,
+        ):
+            from prowler.providers.azure.services.sqlserver.sqlserver_va_scan_reports_configured.sqlserver_va_scan_reports_configured import (
+                sqlserver_va_scan_reports_configured,
+            )
+
+            check = sqlserver_va_scan_reports_configured()
+            result = check.execute()
+            assert len(result) == 1
+            assert result[0].status == "PASS"
+            assert (
+                result[0].status_extended
+                == f"SQL Server {sql_server_name} from subscription {AZURE_SUBSCRIPTION} has vulnerability assessment enabled and scan reports configured."
+            )
+            assert result[0].subscription == AZURE_SUBSCRIPTION
+            assert result[0].resource_name == sql_server_name
+            assert result[0].resource_id == sql_server_id
+
+    def test_sql_servers_vulnerability_assessment_both_emails(self):
+        sqlserver_client = mock.MagicMock
+        sql_server_name = "SQL Server Name"
+        sql_server_id = str(uuid4())
+        sqlserver_client.sql_servers = {
+            AZURE_SUBSCRIPTION: [
+                Server(
+                    id=sql_server_id,
+                    name=sql_server_name,
+                    public_network_access="",
+                    minimal_tls_version="",
+                    administrators=None,
+                    auditing_policies=None,
+                    firewall_rules=None,
+                    databases=None,
+                    encryption_protector=None,
+                    vulnerability_assessment=ServerVulnerabilityAssessment(
+                        storage_container_path="/subcription_id/resource_group/sql_server",
+                        recurring_scans=VulnerabilityAssessmentRecurringScansProperties(
+                            emails=["email@email.com"], email_subscription_admins=True
+                        ),
+                    ),
+                )
+            ]
+        }
+
+        with mock.patch(
+            "prowler.providers.azure.services.sqlserver.sqlserver_va_scan_reports_configured.sqlserver_va_scan_reports_configured.sqlserver_client",
+            new=sqlserver_client,
+        ):
+            from prowler.providers.azure.services.sqlserver.sqlserver_va_scan_reports_configured.sqlserver_va_scan_reports_configured import (
+                sqlserver_va_scan_reports_configured,
+            )
+
+            check = sqlserver_va_scan_reports_configured()
+            result = check.execute()
+            assert len(result) == 1
+            assert result[0].status == "PASS"
+            assert (
+                result[0].status_extended
+                == f"SQL Server {sql_server_name} from subscription {AZURE_SUBSCRIPTION} has vulnerability assessment enabled and scan reports configured."
+            )
+            assert result[0].subscription == AZURE_SUBSCRIPTION
+            assert result[0].resource_name == sql_server_name
+            assert result[0].resource_id == sql_server_id