test: Add edge case test for s3_bucket_server_access_logging_enabled (#9725)

Co-authored-by: Pepe Fagoaga <pepe@prowler.com>
2026-01-25 02:08:11 +00:00 · 2026-01-12 10:06:34 +01:00
parent a57b6d78bf
commit 05466cff22
1 changed files with 39 additions and 0 deletions
--- a/tests/providers/aws/services/s3/s3_bucket_server_access_logging_enabled/s3_bucket_server_access_logging_enabled_test.py
+++ b/tests/providers/aws/services/s3/s3_bucket_server_access_logging_enabled/s3_bucket_server_access_logging_enabled_test.py
@@ -249,3 +249,42 @@ class Test_s3_bucket_server_access_logging_enabled:
                    by_id[bucket_pass].resource_arn
                    == f"arn:{aws_provider.identity.partition}:s3:::{bucket_pass}"
                )
+
+    @mock_aws
+    def test_bucket_logging_config_missing_loggingenabled_key(self):
+        s3_client_us_east_1 = client("s3", region_name=AWS_REGION_US_EAST_1)
+        bucket_name = "bucket_test_logging_empty"
+        s3_client_us_east_1.create_bucket(Bucket=bucket_name)
+
+        # Explicitly set empty logging status (no LoggingEnabled)
+        s3_client_us_east_1.put_bucket_logging(
+            Bucket=bucket_name,
+            BucketLoggingStatus={},
+        )
+
+        from prowler.providers.aws.services.s3.s3_service import S3
+
+        aws_provider = set_mocked_aws_provider([AWS_REGION_US_EAST_1])
+
+        with mock.patch(
+            "prowler.providers.common.provider.Provider.get_global_provider",
+            return_value=aws_provider,
+        ):
+            with mock.patch(
+                "prowler.providers.aws.services.s3.s3_bucket_server_access_logging_enabled.s3_bucket_server_access_logging_enabled.s3_client",
+                new=S3(aws_provider),
+            ):
+                from prowler.providers.aws.services.s3.s3_bucket_server_access_logging_enabled.s3_bucket_server_access_logging_enabled import (
+                    s3_bucket_server_access_logging_enabled,
+                )
+
+                check = s3_bucket_server_access_logging_enabled()
+                result = check.execute()
+
+                assert len(result) == 1
+                assert result[0].resource_id == bucket_name
+                assert result[0].status == "FAIL"
+                assert (
+                    result[0].status_extended
+                    == f"S3 Bucket {bucket_name} has server access logging disabled."
+                )