From e16925e3c9a05263c409e5c07d57e11d736c1335 Mon Sep 17 00:00:00 2001
From: jpomfret <jpomfret7@gmail.com>
Date: Sun, 5 Jun 2022 13:55:04 +0100
Subject: [PATCH] #884 trustworthy

---
 checks/Databasev5.Tests.ps1                | 12 +++++++++++-
 internal/functions/Get-AllDatabaseInfo.ps1 |  5 +++++
 2 files changed, 16 insertions(+), 1 deletion(-)

diff --git a/checks/Databasev5.Tests.ps1 b/checks/Databasev5.Tests.ps1
index e35567ec..5b959173 100644
--- a/checks/Databasev5.Tests.ps1
+++ b/checks/Databasev5.Tests.ps1
@@ -163,10 +163,20 @@ Describe "Auto Update Statistics" -Tag AutoUpdateStatistics, Low, Database -ForE
 
 Describe "Auto Update Statistics Asynchronously" -Tag AutoUpdateStatisticsAsynchronously, Low, Database -ForEach $InstancesToTest {
     $skip = Get-DbcConfigValue skip.database.autoupdatestatisticsasynchronously
-
+    
     Context "Testing Auto Update Statistics Asynchronously on <_.Name>" {
         It "Database <_.Name> should have Auto Update Statistics Asynchronously set to <_.ConfigValues.autoupdatestatsasync> on <_.SqlInstance>" -Skip:$skip -ForEach $psitem.Databases.Where{ if ($Database) { $_.Name -in $Database } else { $psitem.ConfigValues.autoupdatestatsasyncexclude -notcontains $PsItem.Name } } {
             $psitem.AutoUpdateStatisticsAsync | Should -Be $psitem.ConfigValues.autoupdatestatsasync  -Because "This value is expected for autoupdate statistics asynchronously"
         }
     }
+}
+
+Describe "Trustworthy Option" -Tag Trustworthy, DISA, Varied, CIS, Database -ForEach $InstancesToTest {
+    $skip = Get-DbcConfigValue skip.database.trustworthy
+
+    Context "Testing database trustworthy option on <_.Name>" {
+        It "Database <_.Name> should have Trustworthy set to false on <_.SqlInstance>" -Skip:$skip -ForEach $psitem.Databases.Where{ if ($Database) { $_.Name -in $Database } else { $psitem.ConfigValues.trustworthyexclude -notcontains $PsItem.Name } } {
+            $psitem.Trustworthy | Should -BeFalse -Because "Trustworthy has security implications and may expose your SQL Server to additional risk"
+        }
+    }
 }
\ No newline at end of file
diff --git a/internal/functions/Get-AllDatabaseInfo.ps1 b/internal/functions/Get-AllDatabaseInfo.ps1
index 71d77b0f..17c6c1ae 100644
--- a/internal/functions/Get-AllDatabaseInfo.ps1
+++ b/internal/functions/Get-AllDatabaseInfo.ps1
@@ -112,6 +112,10 @@ function Get-AllDatabaseInfo {
             $ConfigValues | Add-Member -MemberType NoteProperty -Name 'autoupdatestatsasync' -Value (Get-DbcConfigValue policy.database.autoupdatestatisticsasynchronously)
             $ConfigValues | Add-Member -MemberType NoteProperty -Name 'autoupdatestatsasyncexclude' -Value (Get-DbcConfigValue policy.autoupdatestatisticsasynchronously.excludedb)
         }
+        'Trustworthy' {
+            $trustworthy = $true
+            $ConfigValues | Add-Member -MemberType NoteProperty -Name 'trustworthyexclude' -Value (Get-DbcConfigValue  policy.database.trustworthyexcludedb)
+        }
         Default { }
     }
 
@@ -139,6 +143,7 @@ function Get-AllDatabaseInfo {
                 AutoShrink                  = if ($autoshrink) { $psitem.AutoShrink}
                 VLF                         = if ($vlf) { ($psitem.Query("DBCC LOGINFO") | Measure-Object).Count }
                 LogFileCount                = if ($logfilecount) { ($psitem.LogFiles | Measure-Object).Count }
+                Trustworthy                 = if ($trustworthy) { $psitem.Trustworthy }
             }
         }
     }