2024-02-20 09:59:56 +01:00
|
|
|
package posture
|
|
|
|
|
|
|
|
import (
|
|
|
|
"encoding/json"
|
2024-02-22 17:22:43 +01:00
|
|
|
"net/netip"
|
2024-02-20 09:59:56 +01:00
|
|
|
"testing"
|
|
|
|
|
|
|
|
"github.com/stretchr/testify/assert"
|
|
|
|
)
|
|
|
|
|
|
|
|
func TestChecks_MarshalJSON(t *testing.T) {
|
|
|
|
tests := []struct {
|
|
|
|
name string
|
|
|
|
checks *Checks
|
|
|
|
want []byte
|
|
|
|
wantErr bool
|
|
|
|
}{
|
|
|
|
{
|
|
|
|
name: "Valid Posture Checks Marshal",
|
|
|
|
checks: &Checks{
|
|
|
|
ID: "id1",
|
|
|
|
Name: "name1",
|
|
|
|
Description: "desc1",
|
|
|
|
AccountID: "acc1",
|
|
|
|
Checks: ChecksDefinition{
|
|
|
|
NBVersionCheck: &NBVersionCheck{
|
|
|
|
MinVersion: "1.0.0",
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
want: []byte(`
|
|
|
|
{
|
|
|
|
"ID": "id1",
|
|
|
|
"Name": "name1",
|
|
|
|
"Description": "desc1",
|
|
|
|
"Checks": {
|
|
|
|
"NBVersionCheck": {
|
|
|
|
"MinVersion": "1.0.0"
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
`),
|
|
|
|
wantErr: false,
|
|
|
|
},
|
|
|
|
{
|
|
|
|
name: "Empty Posture Checks Marshal",
|
|
|
|
checks: &Checks{
|
|
|
|
ID: "",
|
|
|
|
Name: "",
|
|
|
|
Description: "",
|
|
|
|
AccountID: "",
|
|
|
|
Checks: ChecksDefinition{
|
|
|
|
NBVersionCheck: &NBVersionCheck{},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
want: []byte(`
|
|
|
|
{
|
|
|
|
"ID": "",
|
|
|
|
"Name": "",
|
|
|
|
"Description": "",
|
|
|
|
"Checks": {
|
|
|
|
"NBVersionCheck": {
|
|
|
|
"MinVersion": ""
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
`),
|
|
|
|
wantErr: false,
|
|
|
|
},
|
|
|
|
}
|
|
|
|
|
|
|
|
for _, tt := range tests {
|
|
|
|
t.Run(tt.name, func(t *testing.T) {
|
|
|
|
got, err := json.Marshal(tt.checks)
|
|
|
|
if (err != nil) != tt.wantErr {
|
|
|
|
t.Errorf("Checks.MarshalJSON() error = %v, wantErr %v", err, tt.wantErr)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
assert.JSONEq(t, string(got), string(tt.want))
|
|
|
|
assert.Equal(t, tt.checks, tt.checks.Copy(), "original Checks should not be modified")
|
|
|
|
})
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
func TestChecks_UnmarshalJSON(t *testing.T) {
|
|
|
|
testCases := []struct {
|
|
|
|
name string
|
|
|
|
in []byte
|
|
|
|
expected *Checks
|
|
|
|
expectedError bool
|
|
|
|
}{
|
|
|
|
{
|
|
|
|
name: "Valid JSON Posture Checks Unmarshal",
|
|
|
|
in: []byte(`
|
|
|
|
{
|
|
|
|
"ID": "id1",
|
|
|
|
"Name": "name1",
|
|
|
|
"Description": "desc1",
|
|
|
|
"Checks": {
|
|
|
|
"NBVersionCheck": {
|
|
|
|
"MinVersion": "1.0.0"
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
`),
|
|
|
|
expected: &Checks{
|
|
|
|
ID: "id1",
|
|
|
|
Name: "name1",
|
|
|
|
Description: "desc1",
|
|
|
|
Checks: ChecksDefinition{
|
|
|
|
NBVersionCheck: &NBVersionCheck{
|
|
|
|
MinVersion: "1.0.0",
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
expectedError: false,
|
|
|
|
},
|
|
|
|
{
|
|
|
|
name: "Invalid JSON Posture Checks Unmarshal",
|
|
|
|
in: []byte(`{`),
|
|
|
|
expectedError: true,
|
|
|
|
},
|
|
|
|
{
|
|
|
|
name: "Empty JSON Posture Check Unmarshal",
|
|
|
|
in: []byte(`{}`),
|
|
|
|
expected: &Checks{},
|
|
|
|
expectedError: false,
|
|
|
|
},
|
|
|
|
}
|
|
|
|
|
|
|
|
for _, tc := range testCases {
|
|
|
|
t.Run(tc.name, func(t *testing.T) {
|
|
|
|
|
|
|
|
var checks Checks
|
|
|
|
err := json.Unmarshal(tc.in, &checks)
|
|
|
|
if tc.expectedError {
|
|
|
|
assert.Error(t, err)
|
|
|
|
} else {
|
|
|
|
assert.NoError(t, err)
|
|
|
|
assert.Equal(t, tc.expected, &checks)
|
|
|
|
}
|
|
|
|
})
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
func TestChecks_Validate(t *testing.T) {
|
|
|
|
testCases := []struct {
|
|
|
|
name string
|
|
|
|
checks Checks
|
|
|
|
expectedError bool
|
|
|
|
}{
|
|
|
|
{
|
|
|
|
name: "Valid checks version",
|
|
|
|
checks: Checks{
|
|
|
|
Checks: ChecksDefinition{
|
|
|
|
NBVersionCheck: &NBVersionCheck{
|
|
|
|
MinVersion: "0.25.0",
|
|
|
|
},
|
|
|
|
OSVersionCheck: &OSVersionCheck{
|
|
|
|
Ios: &MinVersionCheck{
|
|
|
|
MinVersion: "13.0.1",
|
|
|
|
},
|
|
|
|
Linux: &MinKernelVersionCheck{
|
|
|
|
MinKernelVersion: "5.3.3-dev",
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
expectedError: false,
|
|
|
|
},
|
|
|
|
{
|
|
|
|
name: "Invalid checks version",
|
|
|
|
checks: Checks{
|
|
|
|
Checks: ChecksDefinition{
|
|
|
|
NBVersionCheck: &NBVersionCheck{
|
|
|
|
MinVersion: "abc",
|
|
|
|
},
|
|
|
|
OSVersionCheck: &OSVersionCheck{
|
|
|
|
Android: &MinVersionCheck{
|
|
|
|
MinVersion: "dev",
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
expectedError: true,
|
|
|
|
},
|
|
|
|
{
|
|
|
|
name: "Combined valid and invalid checks version",
|
|
|
|
checks: Checks{
|
|
|
|
Checks: ChecksDefinition{
|
|
|
|
NBVersionCheck: &NBVersionCheck{
|
|
|
|
MinVersion: "abc",
|
|
|
|
},
|
|
|
|
OSVersionCheck: &OSVersionCheck{
|
|
|
|
Windows: &MinKernelVersionCheck{
|
|
|
|
MinKernelVersion: "10.0.1234",
|
|
|
|
},
|
|
|
|
Darwin: &MinVersionCheck{
|
|
|
|
MinVersion: "13.0.1",
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
expectedError: true,
|
|
|
|
},
|
|
|
|
}
|
|
|
|
|
|
|
|
for _, tc := range testCases {
|
|
|
|
t.Run(tc.name, func(t *testing.T) {
|
|
|
|
err := tc.checks.Validate()
|
|
|
|
if tc.expectedError {
|
|
|
|
assert.Error(t, err)
|
|
|
|
} else {
|
|
|
|
assert.NoError(t, err)
|
|
|
|
}
|
|
|
|
})
|
|
|
|
}
|
|
|
|
}
|
2024-02-22 17:22:43 +01:00
|
|
|
|
|
|
|
func TestChecks_Copy(t *testing.T) {
|
|
|
|
check := &Checks{
|
|
|
|
ID: "1",
|
|
|
|
Name: "default",
|
|
|
|
Description: "description",
|
|
|
|
AccountID: "accountID",
|
|
|
|
Checks: ChecksDefinition{
|
|
|
|
NBVersionCheck: &NBVersionCheck{
|
|
|
|
MinVersion: "0.25.0",
|
|
|
|
},
|
|
|
|
OSVersionCheck: &OSVersionCheck{
|
|
|
|
Android: &MinVersionCheck{
|
|
|
|
MinVersion: "13",
|
|
|
|
},
|
|
|
|
Darwin: &MinVersionCheck{
|
|
|
|
MinVersion: "14.2.0",
|
|
|
|
},
|
|
|
|
Ios: &MinVersionCheck{
|
|
|
|
MinVersion: "17.3.0",
|
|
|
|
},
|
|
|
|
Linux: &MinKernelVersionCheck{
|
|
|
|
MinKernelVersion: "6.5.11-linuxkit",
|
|
|
|
},
|
|
|
|
Windows: &MinKernelVersionCheck{
|
|
|
|
MinKernelVersion: "10.0.14393",
|
|
|
|
},
|
|
|
|
},
|
|
|
|
GeoLocationCheck: &GeoLocationCheck{
|
|
|
|
Locations: []Location{
|
|
|
|
{
|
|
|
|
CountryCode: "DE",
|
|
|
|
CityName: "Berlin",
|
|
|
|
},
|
|
|
|
},
|
|
|
|
Action: CheckActionAllow,
|
|
|
|
},
|
2024-02-27 11:59:48 +01:00
|
|
|
PeerNetworkRangeCheck: &PeerNetworkRangeCheck{
|
2024-02-22 17:22:43 +01:00
|
|
|
Ranges: []netip.Prefix{
|
|
|
|
netip.MustParsePrefix("192.168.0.0/24"),
|
|
|
|
netip.MustParsePrefix("10.0.0.0/8"),
|
|
|
|
},
|
|
|
|
Action: CheckActionDeny,
|
|
|
|
},
|
|
|
|
},
|
|
|
|
}
|
|
|
|
checkCopy := check.Copy()
|
|
|
|
|
|
|
|
assert.Equal(t, check.ID, checkCopy.ID)
|
|
|
|
assert.Equal(t, check.Name, checkCopy.Name)
|
|
|
|
assert.Equal(t, check.Description, checkCopy.Description)
|
|
|
|
assert.Equal(t, check.AccountID, checkCopy.AccountID)
|
|
|
|
assert.Equal(t, check.Checks.Copy(), checkCopy.Checks.Copy())
|
|
|
|
assert.ElementsMatch(t, check.GetChecks(), checkCopy.GetChecks())
|
|
|
|
|
|
|
|
// Updating the original check should not take effect on copy
|
|
|
|
check.Name = "name"
|
|
|
|
assert.NotSame(t, check, checkCopy)
|
|
|
|
}
|