mirror of
https://github.com/ghndrx/prowler.git
synced 2026-02-10 14:55:00 +00:00
5b5b0b0405
Co-authored-by: Toni de la Fuente <toni@blyx.com> Co-authored-by: sergargar <sergio@verica.io> Co-authored-by: Pepe Fagoaga <pepe@verica.io>
63 lines
2.1 KiB
Python
63 lines
2.1 KiB
Python
from unittest import mock
|
|
|
|
from providers.aws.services.securityhub.securityhub_service import SecurityHubHub
|
|
|
|
|
|
class Test_accessanalyzer_enabled_without_findings:
|
|
def test_securityhub_hub_inactive(self):
|
|
securityhub_client = mock.MagicMock
|
|
securityhub_client.securityhubs = [
|
|
SecurityHubHub(
|
|
"",
|
|
"Security Hub",
|
|
"NOT_AVAILABLE",
|
|
"",
|
|
"eu-west-1",
|
|
)
|
|
]
|
|
with mock.patch(
|
|
"providers.aws.services.securityhub.securityhub_service.SecurityHub",
|
|
new=securityhub_client,
|
|
):
|
|
# Test Check
|
|
from providers.aws.services.securityhub.securityhub_enabled.securityhub_enabled import (
|
|
securityhub_enabled,
|
|
)
|
|
|
|
check = securityhub_enabled()
|
|
result = check.execute()
|
|
|
|
assert result[0].status == "FAIL"
|
|
assert result[0].status_extended == "Security Hub is not enabled"
|
|
assert result[0].resource_id == "Security Hub"
|
|
|
|
def test_securityhub_hub_active(self):
|
|
securityhub_client = mock.MagicMock
|
|
securityhub_client.securityhubs = [
|
|
SecurityHubHub(
|
|
"arn:aws:securityhub:us-east-1:0123456789012:hub/default",
|
|
"default",
|
|
"ACTIVE",
|
|
"cis-aws-foundations-benchmark/v/1.2.0",
|
|
"eu-west-1",
|
|
)
|
|
]
|
|
with mock.patch(
|
|
"providers.aws.services.securityhub.securityhub_service.SecurityHub",
|
|
new=securityhub_client,
|
|
):
|
|
# Test Check
|
|
from providers.aws.services.securityhub.securityhub_enabled.securityhub_enabled import (
|
|
securityhub_enabled,
|
|
)
|
|
|
|
check = securityhub_enabled()
|
|
result = check.execute()
|
|
|
|
assert result[0].status == "PASS"
|
|
assert (
|
|
result[0].status_extended
|
|
== "Security Hub is enabled with standards cis-aws-foundations-benchmark/v/1.2.0"
|
|
)
|
|
assert result[0].resource_id == "default"
|