From 3d5fc1f34c32685ac92d2f100ed377e25ee2d9e2 Mon Sep 17 00:00:00 2001 From: Yevhen Zavhorodnii Date: Wed, 29 May 2024 18:26:27 +0100 Subject: [PATCH] Add tests for incomplete model rule --- .../builtin/incomplete_model_rule_test.go | 181 ++++++++++++++++++ 1 file changed, 181 insertions(+) create mode 100644 pkg/security/risks/builtin/incomplete_model_rule_test.go diff --git a/pkg/security/risks/builtin/incomplete_model_rule_test.go b/pkg/security/risks/builtin/incomplete_model_rule_test.go new file mode 100644 index 00000000..c4a3a5c3 --- /dev/null +++ b/pkg/security/risks/builtin/incomplete_model_rule_test.go @@ -0,0 +1,181 @@ +package builtin + +import ( + "testing" + + "github.com/stretchr/testify/assert" + "github.com/threagile/threagile/pkg/security/types" +) + +func TestIncompleteModelRuleGenerateRisksEmptyModelNotRisksCreated(t *testing.T) { + rule := NewIncompleteModelRule() + + risks, err := rule.GenerateRisks(&types.Model{}) + + assert.Nil(t, err) + assert.Empty(t, risks) +} + +func TestIncompleteModelRuleGenerateRisksOutOfScopeNotRisksCreated(t *testing.T) { + rule := NewIncompleteModelRule() + + risks, err := rule.GenerateRisks(&types.Model{ + TechnicalAssets: map[string]*types.TechnicalAsset{ + "ta1": { + Title: "Test Technical Asset", + OutOfScope: true, + }, + }, + }) + + assert.Nil(t, err) + assert.Empty(t, risks) +} + +func TestIncompleteModelRuleGenerateRisksTechnicalAssetWithoutCommunicationLinksNoRisksCreated(t *testing.T) { + rule := NewIncompleteModelRule() + + risks, err := rule.GenerateRisks(&types.Model{ + TechnicalAssets: map[string]*types.TechnicalAsset{ + "ta1": { + Title: "Test Technical Asset", + Technologies: types.TechnologyList{ + { + Name: "tool", + Attributes: map[string]bool{ + types.UnknownTechnology: false, + }, + }, + }, + }, + }, + }) + + assert.Nil(t, err) + assert.Empty(t, risks) +} + +func TestIncompleteModelRuleGenerateRisksTechnicalAssetContainTechnologyWithoutAttributesRisksCreated(t *testing.T) { + rule := NewIncompleteModelRule() + + risks, err := rule.GenerateRisks(&types.Model{ + TechnicalAssets: map[string]*types.TechnicalAsset{ + "ta1": { + Title: "Test Technical Asset", + Technologies: types.TechnologyList{ + { + Name: "tool", + }, + }, + }, + }, + }) + + assert.Nil(t, err) + assert.Len(t, risks, 1) + assert.Equal(t, "Unknown Technology specified at technical asset Test Technical Asset", risks[0].Title) + assert.Equal(t, types.LowImpact, risks[0].ExploitationImpact) +} + +func TestIncompleteModelRuleGenerateRisksTechnicalAssetContainUnknownTechnologiesRisksCreated(t *testing.T) { + rule := NewIncompleteModelRule() + + risks, err := rule.GenerateRisks(&types.Model{ + TechnicalAssets: map[string]*types.TechnicalAsset{ + "ta1": { + Title: "Test Technical Asset", + Technologies: types.TechnologyList{ + { + Name: "unknown", + Attributes: map[string]bool{ + types.UnknownTechnology: true, + }, + }, + }, + }, + }, + }) + + assert.Nil(t, err) + assert.Len(t, risks, 1) + assert.Equal(t, "Unknown Technology specified at technical asset Test Technical Asset", risks[0].Title) + assert.Equal(t, types.LowImpact, risks[0].ExploitationImpact) +} + +func TestIncompleteModelRuleGenerateRisksNoTechnologySpecifiedRisksCreated(t *testing.T) { + rule := NewIncompleteModelRule() + + risks, err := rule.GenerateRisks(&types.Model{ + TechnicalAssets: map[string]*types.TechnicalAsset{ + "ta1": { + Title: "Test Technical Asset", + Technologies: types.TechnologyList{}, + }, + }, + }) + + assert.Nil(t, err) + assert.Len(t, risks, 1) + assert.Equal(t, "Unknown Technology specified at technical asset Test Technical Asset", risks[0].Title) + assert.Equal(t, types.LowImpact, risks[0].ExploitationImpact) +} + +func TestIncompleteModelRuleGenerateRisksKnownProtocolCommunicationLinksNoRisksCreated(t *testing.T) { + rule := NewIncompleteModelRule() + + risks, err := rule.GenerateRisks(&types.Model{ + TechnicalAssets: map[string]*types.TechnicalAsset{ + "ta1": { + Title: "Test Technical Asset", + Technologies: types.TechnologyList{ + { + Name: "tool", + Attributes: map[string]bool{ + types.UnknownTechnology: false, + }, + }, + }, + CommunicationLinks: []*types.CommunicationLink{ + { + Title: "Test Communication Link", + Protocol: types.HTTPS, + }, + }, + }, + }, + }) + + assert.Nil(t, err) + assert.Empty(t, risks) +} + +func TestIncompleteModelRuleGenerateRisksUnknownProtocolCommunicationLinksRisksCreated(t *testing.T) { + rule := NewIncompleteModelRule() + + risks, err := rule.GenerateRisks(&types.Model{ + TechnicalAssets: map[string]*types.TechnicalAsset{ + "ta1": { + Title: "Test Technical Asset", + Technologies: types.TechnologyList{ + { + Name: "tool", + Attributes: map[string]bool{ + types.UnknownTechnology: false, + }, + }, + }, + CommunicationLinks: []*types.CommunicationLink{ + { + Title: "Test Communication Link", + Protocol: types.UnknownProtocol, + }, + }, + }, + }, + }) + + assert.Nil(t, err) + assert.Len(t, risks, 1) + assert.Equal(t, "Unknown Protocol specified for communication link Test Communication Link at technical asset Test Technical Asset", risks[0].Title) + assert.Equal(t, types.LowImpact, risks[0].ExploitationImpact) +}