def test_run_scanner_rotation_period_whitelist_match( self, mock_output_results): self.scanner = kms_scanner.KMSScanner( {}, {}, self.service_config, self.model_name, '', unittest_utils.get_datafile_path( __file__, 'kms_scanner_whitelist_test.yaml')) self.scanner.run() crypto_key = self.scanner._retrieve() violations = self.scanner._find_violations(crypto_key) self.assertEquals(1, len(violations)) self.assertEquals(1, mock_output_results.call_count)
def test_run_scanner_purpose_match(self, mock_output_results): self.scanner = kms_scanner.KMSScanner( {}, {}, self.service_config, self.model_name, '', unittest_utils.get_datafile_path(__file__, 'kms_scanner_test_purpose.yaml')) self.scanner.run() crypto_key = self.scanner._retrieve() violations = self.scanner._find_violations(crypto_key) for violation in violations: self.assertEquals(violation.purpose, 'ENCRYPT_DECRYPT') self.assertEquals(1, mock_output_results.call_count)
def test_run_scanner_protection_level_match(self, mock_output_results): self.scanner = kms_scanner.KMSScanner( {}, {}, self.service_config, self.model_name, '', unittest_utils.get_datafile_path( __file__, 'kms_scanner_test_protection_level.yaml')) self.scanner.run() crypto_key = self.scanner._retrieve() violations = self.scanner._find_violations(crypto_key) for violation in violations: self.assertEqual(violation.protection_level, 'SOFTWARE') self.assertEqual(1, mock_output_results.call_count)
def test_run_scanner_algo_match(self, mock_output_results): self.scanner = kms_scanner.KMSScanner( {}, {}, self.service_config, self.model_name, '', unittest_utils.get_datafile_path(__file__, 'kms_scanner_test_algo.yaml')) self.scanner.run() crypto_key = self.scanner._retrieve() violations = self.scanner._find_violations(crypto_key) for violation in violations: self.assertEquals(violation.algorithm, 'GOOGLE_SYMMETRIC_ENCRYPTION') self.assertEquals(1, mock_output_results.call_count)
def test_run_scanner(self, mock_output_results): self.scanner = kms_scanner.KMSScanner( {}, {}, self.service_config, self.model_name, '', unittest_utils.get_datafile_path(__file__, 'kms_scanner_test_rules.yaml')) self.scanner.run() crypto_key = self.scanner._retrieve() violations = self.scanner._find_violations(crypto_key) for violation in violations: state = violation.primary_version.get('state') self.assertEquals(state, 'ENABLED') self.assertEquals(violation.resource_type, 'kms_cryptokey') self.assertEquals(violation.violation_type, VIOLATION_TYPE) self.assertEquals(1, mock_output_results.call_count)