ben.carrasco/prowler
1
0
Fork 0
mirror of https://github.com/prowler-cloud/prowler.git synced 2026-04-06 02:58:15 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat: add tests

Browse Source
This commit is contained in:
HugoPBrito
2025-12-16 13:39:31 +01:00
parent 346c17b57d
commit 95087dcba7
10 changed files with 1569 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

84
tests/providers/cloudflare/services/firewall/firewall_service_test.py Normal file
View File

@@ -0,0 +1,84 @@
from typing import Optional
from pydantic import BaseModel
from tests.providers.cloudflare.cloudflare_fixtures import ZONE_ID, ZONE_NAME
class CloudflareFirewallRule(BaseModel):
"""Cloudflare firewall rule representation for testing."""
id: Optional[str] = None
zone_id: str
zone_name: str
ruleset_id: Optional[str] = None
phase: Optional[str] = None
action: Optional[str] = None
expression: Optional[str] = None
description: Optional[str] = None
enabled: bool = True
class TestFirewallService:
def test_cloudflare_firewall_rule_model(self):
rule = CloudflareFirewallRule(
id="rule-123",
zone_id=ZONE_ID,
zone_name=ZONE_NAME,
ruleset_id="ruleset-456",
phase="http_ratelimit",
action="block",
expression="(http.request.uri.path contains '/api/')",
description="Rate limit API requests",
enabled=True,
)
assert rule.id == "rule-123"
assert rule.zone_id == ZONE_ID
assert rule.zone_name == ZONE_NAME
assert rule.ruleset_id == "ruleset-456"
assert rule.phase == "http_ratelimit"
assert rule.action == "block"
assert rule.expression == "(http.request.uri.path contains '/api/')"
assert rule.description == "Rate limit API requests"
assert rule.enabled is True
def test_cloudflare_firewall_rule_defaults(self):
rule = CloudflareFirewallRule(
zone_id=ZONE_ID,
zone_name=ZONE_NAME,
)
assert rule.id is None
assert rule.zone_id == ZONE_ID
assert rule.zone_name == ZONE_NAME
assert rule.ruleset_id is None
assert rule.phase is None
assert rule.action is None
assert rule.expression is None
assert rule.description is None
assert rule.enabled is True
def test_cloudflare_firewall_rule_disabled(self):
rule = CloudflareFirewallRule(
id="rule-disabled",
zone_id=ZONE_ID,
zone_name=ZONE_NAME,
phase="http_ratelimit",
enabled=False,
)
assert rule.enabled is False
def test_cloudflare_firewall_rule_custom_phase(self):
rule = CloudflareFirewallRule(
id="rule-custom",
zone_id=ZONE_ID,
zone_name=ZONE_NAME,
phase="http_request_firewall_custom",
action="challenge",
expression="(cf.threat_score > 10)",
)
assert rule.phase == "http_request_firewall_custom"
assert rule.action == "challenge"

138
tests/providers/cloudflare/services/zones/zones_always_online_disabled/zones_always_online_disabled_test.py Normal file
View File

@@ -0,0 +1,138 @@
from unittest import mock
from prowler.providers.cloudflare.services.zones.zones_service import (
CloudflareZone,
CloudflareZoneSettings,
)
from tests.providers.cloudflare.cloudflare_fixtures import (
ZONE_ID,
ZONE_NAME,
set_mocked_cloudflare_provider,
)
class Test_zones_always_online_disabled:
def test_no_zones(self):
zones_client = mock.MagicMock
zones_client.zones = {}
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=set_mocked_cloudflare_provider(),
),
mock.patch(
"prowler.providers.cloudflare.services.zones.zones_always_online_disabled.zones_always_online_disabled.zones_client",
new=zones_client,
),
):
from prowler.providers.cloudflare.services.zones.zones_always_online_disabled.zones_always_online_disabled import (
zones_always_online_disabled,
)
check = zones_always_online_disabled()
result = check.execute()
assert len(result) == 0
def test_zone_always_online_disabled(self):
zones_client = mock.MagicMock
zones_client.zones = {
ZONE_ID: CloudflareZone(
id=ZONE_ID,
name=ZONE_NAME,
status="active",
paused=False,
settings=CloudflareZoneSettings(
always_online="off",
),
)
}
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=set_mocked_cloudflare_provider(),
),
mock.patch(
"prowler.providers.cloudflare.services.zones.zones_always_online_disabled.zones_always_online_disabled.zones_client",
new=zones_client,
),
):
from prowler.providers.cloudflare.services.zones.zones_always_online_disabled.zones_always_online_disabled import (
zones_always_online_disabled,
)
check = zones_always_online_disabled()
result = check.execute()
assert len(result) == 1
assert result[0].resource_id == ZONE_ID
assert result[0].resource_name == ZONE_NAME
assert result[0].status == "PASS"
assert "Always Online is disabled" in result[0].status_extended
def test_zone_always_online_enabled(self):
zones_client = mock.MagicMock
zones_client.zones = {
ZONE_ID: CloudflareZone(
id=ZONE_ID,
name=ZONE_NAME,
status="active",
paused=False,
settings=CloudflareZoneSettings(
always_online="on",
),
)
}
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=set_mocked_cloudflare_provider(),
),
mock.patch(
"prowler.providers.cloudflare.services.zones.zones_always_online_disabled.zones_always_online_disabled.zones_client",
new=zones_client,
),
):
from prowler.providers.cloudflare.services.zones.zones_always_online_disabled.zones_always_online_disabled import (
zones_always_online_disabled,
)
check = zones_always_online_disabled()
result = check.execute()
assert len(result) == 1
assert result[0].status == "FAIL"
assert "Always Online is enabled" in result[0].status_extended
def test_zone_always_online_none(self):
zones_client = mock.MagicMock
zones_client.zones = {
ZONE_ID: CloudflareZone(
id=ZONE_ID,
name=ZONE_NAME,
status="active",
paused=False,
settings=CloudflareZoneSettings(
always_online=None,
),
)
}
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=set_mocked_cloudflare_provider(),
),
mock.patch(
"prowler.providers.cloudflare.services.zones.zones_always_online_disabled.zones_always_online_disabled.zones_client",
new=zones_client,
),
):
from prowler.providers.cloudflare.services.zones.zones_always_online_disabled.zones_always_online_disabled import (
zones_always_online_disabled,
)
check = zones_always_online_disabled()
result = check.execute()
assert len(result) == 1
assert result[0].status == "FAIL"

139
tests/providers/cloudflare/services/zones/zones_bot_fight_mode_enabled/zones_bot_fight_mode_enabled_test.py Normal file
View File

@@ -0,0 +1,139 @@
from unittest import mock
from prowler.providers.cloudflare.services.zones.zones_service import (
CloudflareZone,
CloudflareZoneSettings,
)
from tests.providers.cloudflare.cloudflare_fixtures import (
ZONE_ID,
ZONE_NAME,
set_mocked_cloudflare_provider,
)
class Test_zones_bot_fight_mode_enabled:
def test_no_zones(self):
zones_client = mock.MagicMock
zones_client.zones = {}
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=set_mocked_cloudflare_provider(),
),
mock.patch(
"prowler.providers.cloudflare.services.zones.zones_bot_fight_mode_enabled.zones_bot_fight_mode_enabled.zones_client",
new=zones_client,
),
):
from prowler.providers.cloudflare.services.zones.zones_bot_fight_mode_enabled.zones_bot_fight_mode_enabled import (
zones_bot_fight_mode_enabled,
)
check = zones_bot_fight_mode_enabled()
result = check.execute()
assert len(result) == 0
def test_zone_bot_fight_mode_enabled(self):
zones_client = mock.MagicMock
zones_client.zones = {
ZONE_ID: CloudflareZone(
id=ZONE_ID,
name=ZONE_NAME,
status="active",
paused=False,
settings=CloudflareZoneSettings(
browser_check="on",
),
)
}
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=set_mocked_cloudflare_provider(),
),
mock.patch(
"prowler.providers.cloudflare.services.zones.zones_bot_fight_mode_enabled.zones_bot_fight_mode_enabled.zones_client",
new=zones_client,
),
):
from prowler.providers.cloudflare.services.zones.zones_bot_fight_mode_enabled.zones_bot_fight_mode_enabled import (
zones_bot_fight_mode_enabled,
)
check = zones_bot_fight_mode_enabled()
result = check.execute()
assert len(result) == 1
assert result[0].resource_id == ZONE_ID
assert result[0].resource_name == ZONE_NAME
assert result[0].status == "PASS"
assert "Bot Fight Mode" in result[0].status_extended
assert "enabled" in result[0].status_extended
def test_zone_bot_fight_mode_disabled(self):
zones_client = mock.MagicMock
zones_client.zones = {
ZONE_ID: CloudflareZone(
id=ZONE_ID,
name=ZONE_NAME,
status="active",
paused=False,
settings=CloudflareZoneSettings(
browser_check="off",
),
)
}
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=set_mocked_cloudflare_provider(),
),
mock.patch(
"prowler.providers.cloudflare.services.zones.zones_bot_fight_mode_enabled.zones_bot_fight_mode_enabled.zones_client",
new=zones_client,
),
):
from prowler.providers.cloudflare.services.zones.zones_bot_fight_mode_enabled.zones_bot_fight_mode_enabled import (
zones_bot_fight_mode_enabled,
)
check = zones_bot_fight_mode_enabled()
result = check.execute()
assert len(result) == 1
assert result[0].status == "FAIL"
assert "not enabled" in result[0].status_extended
def test_zone_bot_fight_mode_none(self):
zones_client = mock.MagicMock
zones_client.zones = {
ZONE_ID: CloudflareZone(
id=ZONE_ID,
name=ZONE_NAME,
status="active",
paused=False,
settings=CloudflareZoneSettings(
browser_check=None,
),
)
}
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=set_mocked_cloudflare_provider(),
),
mock.patch(
"prowler.providers.cloudflare.services.zones.zones_bot_fight_mode_enabled.zones_bot_fight_mode_enabled.zones_client",
new=zones_client,
),
):
from prowler.providers.cloudflare.services.zones.zones_bot_fight_mode_enabled.zones_bot_fight_mode_enabled import (
zones_bot_fight_mode_enabled,
)
check = zones_bot_fight_mode_enabled()
result = check.execute()
assert len(result) == 1
assert result[0].status == "FAIL"

173
tests/providers/cloudflare/services/zones/zones_challenge_passage_configured/zones_challenge_passage_configured_test.py Normal file
View File

@@ -0,0 +1,173 @@
from unittest import mock
from prowler.providers.cloudflare.services.zones.zones_service import (
CloudflareZone,
CloudflareZoneSettings,
)
from tests.providers.cloudflare.cloudflare_fixtures import (
ZONE_ID,
ZONE_NAME,
set_mocked_cloudflare_provider,
)
class Test_zones_challenge_passage_configured:
def test_no_zones(self):
zones_client = mock.MagicMock
zones_client.zones = {}
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=set_mocked_cloudflare_provider(),
),
mock.patch(
"prowler.providers.cloudflare.services.zones.zones_challenge_passage_configured.zones_challenge_passage_configured.zones_client",
new=zones_client,
),
):
from prowler.providers.cloudflare.services.zones.zones_challenge_passage_configured.zones_challenge_passage_configured import (
zones_challenge_passage_configured,
)
check = zones_challenge_passage_configured()
result = check.execute()
assert len(result) == 0
def test_zone_challenge_passage_correct(self):
zones_client = mock.MagicMock
zones_client.zones = {
ZONE_ID: CloudflareZone(
id=ZONE_ID,
name=ZONE_NAME,
status="active",
paused=False,
settings=CloudflareZoneSettings(
challenge_ttl=3600, # Recommended value
),
)
}
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=set_mocked_cloudflare_provider(),
),
mock.patch(
"prowler.providers.cloudflare.services.zones.zones_challenge_passage_configured.zones_challenge_passage_configured.zones_client",
new=zones_client,
),
):
from prowler.providers.cloudflare.services.zones.zones_challenge_passage_configured.zones_challenge_passage_configured import (
zones_challenge_passage_configured,
)
check = zones_challenge_passage_configured()
result = check.execute()
assert len(result) == 1
assert result[0].resource_id == ZONE_ID
assert result[0].resource_name == ZONE_NAME
assert result[0].status == "PASS"
assert "3600" in result[0].status_extended
def test_zone_challenge_passage_too_long(self):
zones_client = mock.MagicMock
zones_client.zones = {
ZONE_ID: CloudflareZone(
id=ZONE_ID,
name=ZONE_NAME,
status="active",
paused=False,
settings=CloudflareZoneSettings(
challenge_ttl=86400, # Too long (24 hours)
),
)
}
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=set_mocked_cloudflare_provider(),
),
mock.patch(
"prowler.providers.cloudflare.services.zones.zones_challenge_passage_configured.zones_challenge_passage_configured.zones_client",
new=zones_client,
),
):
from prowler.providers.cloudflare.services.zones.zones_challenge_passage_configured.zones_challenge_passage_configured import (
zones_challenge_passage_configured,
)
check = zones_challenge_passage_configured()
result = check.execute()
assert len(result) == 1
assert result[0].status == "FAIL"
assert "86400" in result[0].status_extended
assert "recommended" in result[0].status_extended
def test_zone_challenge_passage_too_short(self):
zones_client = mock.MagicMock
zones_client.zones = {
ZONE_ID: CloudflareZone(
id=ZONE_ID,
name=ZONE_NAME,
status="active",
paused=False,
settings=CloudflareZoneSettings(
challenge_ttl=300, # Too short (5 minutes)
),
)
}
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=set_mocked_cloudflare_provider(),
),
mock.patch(
"prowler.providers.cloudflare.services.zones.zones_challenge_passage_configured.zones_challenge_passage_configured.zones_client",
new=zones_client,
),
):
from prowler.providers.cloudflare.services.zones.zones_challenge_passage_configured.zones_challenge_passage_configured import (
zones_challenge_passage_configured,
)
check = zones_challenge_passage_configured()
result = check.execute()
assert len(result) == 1
assert result[0].status == "FAIL"
assert "300" in result[0].status_extended
def test_zone_challenge_passage_none(self):
zones_client = mock.MagicMock
zones_client.zones = {
ZONE_ID: CloudflareZone(
id=ZONE_ID,
name=ZONE_NAME,
status="active",
paused=False,
settings=CloudflareZoneSettings(
challenge_ttl=None,
),
)
}
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=set_mocked_cloudflare_provider(),
),
mock.patch(
"prowler.providers.cloudflare.services.zones.zones_challenge_passage_configured.zones_challenge_passage_configured.zones_client",
new=zones_client,
),
):
from prowler.providers.cloudflare.services.zones.zones_challenge_passage_configured.zones_challenge_passage_configured import (
zones_challenge_passage_configured,
)
check = zones_challenge_passage_configured()
result = check.execute()
assert len(result) == 1
assert result[0].status == "FAIL"

140
tests/providers/cloudflare/services/zones/zones_development_mode_disabled/zones_development_mode_disabled_test.py Normal file
View File

@@ -0,0 +1,140 @@
from unittest import mock
from prowler.providers.cloudflare.services.zones.zones_service import (
CloudflareZone,
CloudflareZoneSettings,
)
from tests.providers.cloudflare.cloudflare_fixtures import (
ZONE_ID,
ZONE_NAME,
set_mocked_cloudflare_provider,
)
class Test_zones_development_mode_disabled:
def test_no_zones(self):
zones_client = mock.MagicMock
zones_client.zones = {}
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=set_mocked_cloudflare_provider(),
),
mock.patch(
"prowler.providers.cloudflare.services.zones.zones_development_mode_disabled.zones_development_mode_disabled.zones_client",
new=zones_client,
),
):
from prowler.providers.cloudflare.services.zones.zones_development_mode_disabled.zones_development_mode_disabled import (
zones_development_mode_disabled,
)
check = zones_development_mode_disabled()
result = check.execute()
assert len(result) == 0
def test_zone_development_mode_disabled(self):
zones_client = mock.MagicMock
zones_client.zones = {
ZONE_ID: CloudflareZone(
id=ZONE_ID,
name=ZONE_NAME,
status="active",
paused=False,
settings=CloudflareZoneSettings(
development_mode="off",
),
)
}
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=set_mocked_cloudflare_provider(),
),
mock.patch(
"prowler.providers.cloudflare.services.zones.zones_development_mode_disabled.zones_development_mode_disabled.zones_client",
new=zones_client,
),
):
from prowler.providers.cloudflare.services.zones.zones_development_mode_disabled.zones_development_mode_disabled import (
zones_development_mode_disabled,
)
check = zones_development_mode_disabled()
result = check.execute()
assert len(result) == 1
assert result[0].resource_id == ZONE_ID
assert result[0].resource_name == ZONE_NAME
assert result[0].status == "PASS"
assert "Development mode is disabled" in result[0].status_extended
def test_zone_development_mode_enabled(self):
zones_client = mock.MagicMock
zones_client.zones = {
ZONE_ID: CloudflareZone(
id=ZONE_ID,
name=ZONE_NAME,
status="active",
paused=False,
settings=CloudflareZoneSettings(
development_mode="on",
),
)
}
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=set_mocked_cloudflare_provider(),
),
mock.patch(
"prowler.providers.cloudflare.services.zones.zones_development_mode_disabled.zones_development_mode_disabled.zones_client",
new=zones_client,
),
):
from prowler.providers.cloudflare.services.zones.zones_development_mode_disabled.zones_development_mode_disabled import (
zones_development_mode_disabled,
)
check = zones_development_mode_disabled()
result = check.execute()
assert len(result) == 1
assert result[0].status == "FAIL"
assert "Development mode is enabled" in result[0].status_extended
assert "bypasses" in result[0].status_extended
def test_zone_development_mode_none(self):
zones_client = mock.MagicMock
zones_client.zones = {
ZONE_ID: CloudflareZone(
id=ZONE_ID,
name=ZONE_NAME,
status="active",
paused=False,
settings=CloudflareZoneSettings(
development_mode=None,
),
)
}
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=set_mocked_cloudflare_provider(),
),
mock.patch(
"prowler.providers.cloudflare.services.zones.zones_development_mode_disabled.zones_development_mode_disabled.zones_client",
new=zones_client,
),
):
from prowler.providers.cloudflare.services.zones.zones_development_mode_disabled.zones_development_mode_disabled import (
zones_development_mode_disabled,
)
check = zones_development_mode_disabled()
result = check.execute()
assert len(result) == 1
# None or empty string should be treated as disabled (PASS)
assert result[0].status == "PASS"

138
tests/providers/cloudflare/services/zones/zones_hotlink_protection_enabled/zones_hotlink_protection_enabled_test.py Normal file
View File

@@ -0,0 +1,138 @@
from unittest import mock
from prowler.providers.cloudflare.services.zones.zones_service import (
CloudflareZone,
CloudflareZoneSettings,
)
from tests.providers.cloudflare.cloudflare_fixtures import (
ZONE_ID,
ZONE_NAME,
set_mocked_cloudflare_provider,
)
class Test_zones_hotlink_protection_enabled:
def test_no_zones(self):
zones_client = mock.MagicMock
zones_client.zones = {}
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=set_mocked_cloudflare_provider(),
),
mock.patch(
"prowler.providers.cloudflare.services.zones.zones_hotlink_protection_enabled.zones_hotlink_protection_enabled.zones_client",
new=zones_client,
),
):
from prowler.providers.cloudflare.services.zones.zones_hotlink_protection_enabled.zones_hotlink_protection_enabled import (
zones_hotlink_protection_enabled,
)
check = zones_hotlink_protection_enabled()
result = check.execute()
assert len(result) == 0
def test_zone_hotlink_protection_enabled(self):
zones_client = mock.MagicMock
zones_client.zones = {
ZONE_ID: CloudflareZone(
id=ZONE_ID,
name=ZONE_NAME,
status="active",
paused=False,
settings=CloudflareZoneSettings(
hotlink_protection="on",
),
)
}
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=set_mocked_cloudflare_provider(),
),
mock.patch(
"prowler.providers.cloudflare.services.zones.zones_hotlink_protection_enabled.zones_hotlink_protection_enabled.zones_client",
new=zones_client,
),
):
from prowler.providers.cloudflare.services.zones.zones_hotlink_protection_enabled.zones_hotlink_protection_enabled import (
zones_hotlink_protection_enabled,
)
check = zones_hotlink_protection_enabled()
result = check.execute()
assert len(result) == 1
assert result[0].resource_id == ZONE_ID
assert result[0].resource_name == ZONE_NAME
assert result[0].status == "PASS"
assert "Hotlink Protection is enabled" in result[0].status_extended
def test_zone_hotlink_protection_disabled(self):
zones_client = mock.MagicMock
zones_client.zones = {
ZONE_ID: CloudflareZone(
id=ZONE_ID,
name=ZONE_NAME,
status="active",
paused=False,
settings=CloudflareZoneSettings(
hotlink_protection="off",
),
)
}
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=set_mocked_cloudflare_provider(),
),
mock.patch(
"prowler.providers.cloudflare.services.zones.zones_hotlink_protection_enabled.zones_hotlink_protection_enabled.zones_client",
new=zones_client,
),
):
from prowler.providers.cloudflare.services.zones.zones_hotlink_protection_enabled.zones_hotlink_protection_enabled import (
zones_hotlink_protection_enabled,
)
check = zones_hotlink_protection_enabled()
result = check.execute()
assert len(result) == 1
assert result[0].status == "FAIL"
assert "Hotlink Protection is not enabled" in result[0].status_extended
def test_zone_hotlink_protection_none(self):
zones_client = mock.MagicMock
zones_client.zones = {
ZONE_ID: CloudflareZone(
id=ZONE_ID,
name=ZONE_NAME,
status="active",
paused=False,
settings=CloudflareZoneSettings(
hotlink_protection=None,
),
)
}
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=set_mocked_cloudflare_provider(),
),
mock.patch(
"prowler.providers.cloudflare.services.zones.zones_hotlink_protection_enabled.zones_hotlink_protection_enabled.zones_client",
new=zones_client,
),
):
from prowler.providers.cloudflare.services.zones.zones_hotlink_protection_enabled.zones_hotlink_protection_enabled import (
zones_hotlink_protection_enabled,
)
check = zones_hotlink_protection_enabled()
result = check.execute()
assert len(result) == 1
assert result[0].status == "FAIL"

138
tests/providers/cloudflare/services/zones/zones_ip_geolocation_enabled/zones_ip_geolocation_enabled_test.py Normal file
View File

@@ -0,0 +1,138 @@
from unittest import mock
from prowler.providers.cloudflare.services.zones.zones_service import (
CloudflareZone,
CloudflareZoneSettings,
)
from tests.providers.cloudflare.cloudflare_fixtures import (
ZONE_ID,
ZONE_NAME,
set_mocked_cloudflare_provider,
)
class Test_zones_ip_geolocation_enabled:
def test_no_zones(self):
zones_client = mock.MagicMock
zones_client.zones = {}
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=set_mocked_cloudflare_provider(),
),
mock.patch(
"prowler.providers.cloudflare.services.zones.zones_ip_geolocation_enabled.zones_ip_geolocation_enabled.zones_client",
new=zones_client,
),
):
from prowler.providers.cloudflare.services.zones.zones_ip_geolocation_enabled.zones_ip_geolocation_enabled import (
zones_ip_geolocation_enabled,
)
check = zones_ip_geolocation_enabled()
result = check.execute()
assert len(result) == 0
def test_zone_ip_geolocation_enabled(self):
zones_client = mock.MagicMock
zones_client.zones = {
ZONE_ID: CloudflareZone(
id=ZONE_ID,
name=ZONE_NAME,
status="active",
paused=False,
settings=CloudflareZoneSettings(
ip_geolocation="on",
),
)
}
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=set_mocked_cloudflare_provider(),
),
mock.patch(
"prowler.providers.cloudflare.services.zones.zones_ip_geolocation_enabled.zones_ip_geolocation_enabled.zones_client",
new=zones_client,
),
):
from prowler.providers.cloudflare.services.zones.zones_ip_geolocation_enabled.zones_ip_geolocation_enabled import (
zones_ip_geolocation_enabled,
)
check = zones_ip_geolocation_enabled()
result = check.execute()
assert len(result) == 1
assert result[0].resource_id == ZONE_ID
assert result[0].resource_name == ZONE_NAME
assert result[0].status == "PASS"
assert "IP Geolocation is enabled" in result[0].status_extended
def test_zone_ip_geolocation_disabled(self):
zones_client = mock.MagicMock
zones_client.zones = {
ZONE_ID: CloudflareZone(
id=ZONE_ID,
name=ZONE_NAME,
status="active",
paused=False,
settings=CloudflareZoneSettings(
ip_geolocation="off",
),
)
}
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=set_mocked_cloudflare_provider(),
),
mock.patch(
"prowler.providers.cloudflare.services.zones.zones_ip_geolocation_enabled.zones_ip_geolocation_enabled.zones_client",
new=zones_client,
),
):
from prowler.providers.cloudflare.services.zones.zones_ip_geolocation_enabled.zones_ip_geolocation_enabled import (
zones_ip_geolocation_enabled,
)
check = zones_ip_geolocation_enabled()
result = check.execute()
assert len(result) == 1
assert result[0].status == "FAIL"
assert "IP Geolocation is not enabled" in result[0].status_extended
def test_zone_ip_geolocation_none(self):
zones_client = mock.MagicMock
zones_client.zones = {
ZONE_ID: CloudflareZone(
id=ZONE_ID,
name=ZONE_NAME,
status="active",
paused=False,
settings=CloudflareZoneSettings(
ip_geolocation=None,
),
)
}
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=set_mocked_cloudflare_provider(),
),
mock.patch(
"prowler.providers.cloudflare.services.zones.zones_ip_geolocation_enabled.zones_ip_geolocation_enabled.zones_client",
new=zones_client,
),
):
from prowler.providers.cloudflare.services.zones.zones_ip_geolocation_enabled.zones_ip_geolocation_enabled import (
zones_ip_geolocation_enabled,
)
check = zones_ip_geolocation_enabled()
result = check.execute()
assert len(result) == 1
assert result[0].status == "FAIL"

343
tests/providers/cloudflare/services/zones/zones_rate_limiting_enabled/zones_rate_limiting_enabled_test.py Normal file
View File

@@ -0,0 +1,343 @@
from typing import Optional
from unittest import mock
from pydantic import BaseModel
from prowler.providers.cloudflare.services.zones.zones_service import (
CloudflareZone,
CloudflareZoneSettings,
)
from tests.providers.cloudflare.cloudflare_fixtures import (
ZONE_ID,
ZONE_NAME,
set_mocked_cloudflare_provider,
)
class CloudflareFirewallRule(BaseModel):
"""Cloudflare firewall rule representation for testing."""
id: Optional[str] = None
zone_id: str
zone_name: str
ruleset_id: Optional[str] = None
phase: Optional[str] = None
action: Optional[str] = None
expression: Optional[str] = None
description: Optional[str] = None
enabled: bool = True
class Test_zones_rate_limiting_enabled:
def test_no_zones(self):
zones_client = mock.MagicMock
zones_client.zones = {}
firewall_client = mock.MagicMock
firewall_client.rules = []
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=set_mocked_cloudflare_provider(),
),
mock.patch(
"prowler.providers.cloudflare.services.zones.zones_rate_limiting_enabled.zones_rate_limiting_enabled.zones_client",
new=zones_client,
),
mock.patch(
"prowler.providers.cloudflare.services.zones.zones_rate_limiting_enabled.zones_rate_limiting_enabled.firewall_client",
new=firewall_client,
),
):
from prowler.providers.cloudflare.services.zones.zones_rate_limiting_enabled.zones_rate_limiting_enabled import (
zones_rate_limiting_enabled,
)
check = zones_rate_limiting_enabled()
result = check.execute()
assert len(result) == 0
def test_zone_with_rate_limiting_rules(self):
zones_client = mock.MagicMock
zones_client.zones = {
ZONE_ID: CloudflareZone(
id=ZONE_ID,
name=ZONE_NAME,
status="active",
paused=False,
settings=CloudflareZoneSettings(),
)
}
firewall_client = mock.MagicMock
firewall_client.rules = [
CloudflareFirewallRule(
id="rule-1",
zone_id=ZONE_ID,
zone_name=ZONE_NAME,
ruleset_id="ruleset-1",
phase="http_ratelimit",
action="block",
expression="(http.request.uri.path contains '/api/')",
enabled=True,
)
]
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=set_mocked_cloudflare_provider(),
),
mock.patch(
"prowler.providers.cloudflare.services.zones.zones_rate_limiting_enabled.zones_rate_limiting_enabled.zones_client",
new=zones_client,
),
mock.patch(
"prowler.providers.cloudflare.services.zones.zones_rate_limiting_enabled.zones_rate_limiting_enabled.firewall_client",
new=firewall_client,
),
):
from prowler.providers.cloudflare.services.zones.zones_rate_limiting_enabled.zones_rate_limiting_enabled import (
zones_rate_limiting_enabled,
)
check = zones_rate_limiting_enabled()
result = check.execute()
assert len(result) == 1
assert result[0].resource_id == ZONE_ID
assert result[0].resource_name == ZONE_NAME
assert result[0].status == "PASS"
assert "Rate limiting is configured" in result[0].status_extended
assert "1 rule(s)" in result[0].status_extended
def test_zone_with_multiple_rate_limiting_rules(self):
zones_client = mock.MagicMock
zones_client.zones = {
ZONE_ID: CloudflareZone(
id=ZONE_ID,
name=ZONE_NAME,
status="active",
paused=False,
settings=CloudflareZoneSettings(),
)
}
firewall_client = mock.MagicMock
firewall_client.rules = [
CloudflareFirewallRule(
id="rule-1",
zone_id=ZONE_ID,
zone_name=ZONE_NAME,
phase="http_ratelimit",
enabled=True,
),
CloudflareFirewallRule(
id="rule-2",
zone_id=ZONE_ID,
zone_name=ZONE_NAME,
phase="http_ratelimit",
enabled=True,
),
]
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=set_mocked_cloudflare_provider(),
),
mock.patch(
"prowler.providers.cloudflare.services.zones.zones_rate_limiting_enabled.zones_rate_limiting_enabled.zones_client",
new=zones_client,
),
mock.patch(
"prowler.providers.cloudflare.services.zones.zones_rate_limiting_enabled.zones_rate_limiting_enabled.firewall_client",
new=firewall_client,
),
):
from prowler.providers.cloudflare.services.zones.zones_rate_limiting_enabled.zones_rate_limiting_enabled import (
zones_rate_limiting_enabled,
)
check = zones_rate_limiting_enabled()
result = check.execute()
assert len(result) == 1
assert result[0].status == "PASS"
assert "2 rule(s)" in result[0].status_extended
def test_zone_without_rate_limiting_rules(self):
zones_client = mock.MagicMock
zones_client.zones = {
ZONE_ID: CloudflareZone(
id=ZONE_ID,
name=ZONE_NAME,
status="active",
paused=False,
settings=CloudflareZoneSettings(),
)
}
firewall_client = mock.MagicMock
firewall_client.rules = []
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=set_mocked_cloudflare_provider(),
),
mock.patch(
"prowler.providers.cloudflare.services.zones.zones_rate_limiting_enabled.zones_rate_limiting_enabled.zones_client",
new=zones_client,
),
mock.patch(
"prowler.providers.cloudflare.services.zones.zones_rate_limiting_enabled.zones_rate_limiting_enabled.firewall_client",
new=firewall_client,
),
):
from prowler.providers.cloudflare.services.zones.zones_rate_limiting_enabled.zones_rate_limiting_enabled import (
zones_rate_limiting_enabled,
)
check = zones_rate_limiting_enabled()
result = check.execute()
assert len(result) == 1
assert result[0].status == "FAIL"
assert "No rate limiting rules configured" in result[0].status_extended
def test_zone_with_disabled_rate_limiting_rules(self):
zones_client = mock.MagicMock
zones_client.zones = {
ZONE_ID: CloudflareZone(
id=ZONE_ID,
name=ZONE_NAME,
status="active",
paused=False,
settings=CloudflareZoneSettings(),
)
}
firewall_client = mock.MagicMock
firewall_client.rules = [
CloudflareFirewallRule(
id="rule-1",
zone_id=ZONE_ID,
zone_name=ZONE_NAME,
phase="http_ratelimit",
enabled=False, # Disabled
)
]
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=set_mocked_cloudflare_provider(),
),
mock.patch(
"prowler.providers.cloudflare.services.zones.zones_rate_limiting_enabled.zones_rate_limiting_enabled.zones_client",
new=zones_client,
),
mock.patch(
"prowler.providers.cloudflare.services.zones.zones_rate_limiting_enabled.zones_rate_limiting_enabled.firewall_client",
new=firewall_client,
),
):
from prowler.providers.cloudflare.services.zones.zones_rate_limiting_enabled.zones_rate_limiting_enabled import (
zones_rate_limiting_enabled,
)
check = zones_rate_limiting_enabled()
result = check.execute()
assert len(result) == 1
assert result[0].status == "FAIL"
def test_zone_with_different_phase_rules(self):
zones_client = mock.MagicMock
zones_client.zones = {
ZONE_ID: CloudflareZone(
id=ZONE_ID,
name=ZONE_NAME,
status="active",
paused=False,
settings=CloudflareZoneSettings(),
)
}
firewall_client = mock.MagicMock
firewall_client.rules = [
CloudflareFirewallRule(
id="rule-1",
zone_id=ZONE_ID,
zone_name=ZONE_NAME,
phase="http_request_firewall_custom", # Different phase
enabled=True,
)
]
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=set_mocked_cloudflare_provider(),
),
mock.patch(
"prowler.providers.cloudflare.services.zones.zones_rate_limiting_enabled.zones_rate_limiting_enabled.zones_client",
new=zones_client,
),
mock.patch(
"prowler.providers.cloudflare.services.zones.zones_rate_limiting_enabled.zones_rate_limiting_enabled.firewall_client",
new=firewall_client,
),
):
from prowler.providers.cloudflare.services.zones.zones_rate_limiting_enabled.zones_rate_limiting_enabled import (
zones_rate_limiting_enabled,
)
check = zones_rate_limiting_enabled()
result = check.execute()
assert len(result) == 1
assert result[0].status == "FAIL"
def test_zone_with_rate_limiting_rules_for_different_zone(self):
zones_client = mock.MagicMock
zones_client.zones = {
ZONE_ID: CloudflareZone(
id=ZONE_ID,
name=ZONE_NAME,
status="active",
paused=False,
settings=CloudflareZoneSettings(),
)
}
firewall_client = mock.MagicMock
firewall_client.rules = [
CloudflareFirewallRule(
id="rule-1",
zone_id="other-zone-id",
zone_name="other.com",
phase="http_ratelimit",
enabled=True,
)
]
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=set_mocked_cloudflare_provider(),
),
mock.patch(
"prowler.providers.cloudflare.services.zones.zones_rate_limiting_enabled.zones_rate_limiting_enabled.zones_client",
new=zones_client,
),
mock.patch(
"prowler.providers.cloudflare.services.zones.zones_rate_limiting_enabled.zones_rate_limiting_enabled.firewall_client",
new=firewall_client,
),
):
from prowler.providers.cloudflare.services.zones.zones_rate_limiting_enabled.zones_rate_limiting_enabled import (
zones_rate_limiting_enabled,
)
check = zones_rate_limiting_enabled()
result = check.execute()
assert len(result) == 1
assert result[0].status == "FAIL"

138
tests/providers/cloudflare/services/zones/zones_server_side_excludes_enabled/zones_server_side_excludes_enabled_test.py Normal file
View File

@@ -0,0 +1,138 @@
from unittest import mock
from prowler.providers.cloudflare.services.zones.zones_service import (
CloudflareZone,
CloudflareZoneSettings,
)
from tests.providers.cloudflare.cloudflare_fixtures import (
ZONE_ID,
ZONE_NAME,
set_mocked_cloudflare_provider,
)
class Test_zones_server_side_excludes_enabled:
def test_no_zones(self):
zones_client = mock.MagicMock
zones_client.zones = {}
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=set_mocked_cloudflare_provider(),
),
mock.patch(
"prowler.providers.cloudflare.services.zones.zones_server_side_excludes_enabled.zones_server_side_excludes_enabled.zones_client",
new=zones_client,
),
):
from prowler.providers.cloudflare.services.zones.zones_server_side_excludes_enabled.zones_server_side_excludes_enabled import (
zones_server_side_excludes_enabled,
)
check = zones_server_side_excludes_enabled()
result = check.execute()
assert len(result) == 0
def test_zone_server_side_excludes_enabled(self):
zones_client = mock.MagicMock
zones_client.zones = {
ZONE_ID: CloudflareZone(
id=ZONE_ID,
name=ZONE_NAME,
status="active",
paused=False,
settings=CloudflareZoneSettings(
server_side_exclude="on",
),
)
}
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=set_mocked_cloudflare_provider(),
),
mock.patch(
"prowler.providers.cloudflare.services.zones.zones_server_side_excludes_enabled.zones_server_side_excludes_enabled.zones_client",
new=zones_client,
),
):
from prowler.providers.cloudflare.services.zones.zones_server_side_excludes_enabled.zones_server_side_excludes_enabled import (
zones_server_side_excludes_enabled,
)
check = zones_server_side_excludes_enabled()
result = check.execute()
assert len(result) == 1
assert result[0].resource_id == ZONE_ID
assert result[0].resource_name == ZONE_NAME
assert result[0].status == "PASS"
assert "Server Side Excludes is enabled" in result[0].status_extended
def test_zone_server_side_excludes_disabled(self):
zones_client = mock.MagicMock
zones_client.zones = {
ZONE_ID: CloudflareZone(
id=ZONE_ID,
name=ZONE_NAME,
status="active",
paused=False,
settings=CloudflareZoneSettings(
server_side_exclude="off",
),
)
}
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=set_mocked_cloudflare_provider(),
),
mock.patch(
"prowler.providers.cloudflare.services.zones.zones_server_side_excludes_enabled.zones_server_side_excludes_enabled.zones_client",
new=zones_client,
),
):
from prowler.providers.cloudflare.services.zones.zones_server_side_excludes_enabled.zones_server_side_excludes_enabled import (
zones_server_side_excludes_enabled,
)
check = zones_server_side_excludes_enabled()
result = check.execute()
assert len(result) == 1
assert result[0].status == "FAIL"
assert "Server Side Excludes is not enabled" in result[0].status_extended
def test_zone_server_side_excludes_none(self):
zones_client = mock.MagicMock
zones_client.zones = {
ZONE_ID: CloudflareZone(
id=ZONE_ID,
name=ZONE_NAME,
status="active",
paused=False,
settings=CloudflareZoneSettings(
server_side_exclude=None,
),
)
}
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=set_mocked_cloudflare_provider(),
),
mock.patch(
"prowler.providers.cloudflare.services.zones.zones_server_side_excludes_enabled.zones_server_side_excludes_enabled.zones_client",
new=zones_client,
),
):
from prowler.providers.cloudflare.services.zones.zones_server_side_excludes_enabled.zones_server_side_excludes_enabled import (
zones_server_side_excludes_enabled,
)
check = zones_server_side_excludes_enabled()
result = check.execute()
assert len(result) == 1
assert result[0].status == "FAIL"

138
tests/providers/cloudflare/services/zones/zones_waf_enabled/zones_waf_enabled_test.py Normal file
View File

@@ -0,0 +1,138 @@
from unittest import mock
from prowler.providers.cloudflare.services.zones.zones_service import (
CloudflareZone,
CloudflareZoneSettings,
)
from tests.providers.cloudflare.cloudflare_fixtures import (
ZONE_ID,
ZONE_NAME,
set_mocked_cloudflare_provider,
)
class Test_zones_waf_enabled:
def test_no_zones(self):
zones_client = mock.MagicMock
zones_client.zones = {}
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=set_mocked_cloudflare_provider(),
),
mock.patch(
"prowler.providers.cloudflare.services.zones.zones_waf_enabled.zones_waf_enabled.zones_client",
new=zones_client,
),
):
from prowler.providers.cloudflare.services.zones.zones_waf_enabled.zones_waf_enabled import (
zones_waf_enabled,
)
check = zones_waf_enabled()
result = check.execute()
assert len(result) == 0
def test_zone_waf_enabled(self):
zones_client = mock.MagicMock
zones_client.zones = {
ZONE_ID: CloudflareZone(
id=ZONE_ID,
name=ZONE_NAME,
status="active",
paused=False,
settings=CloudflareZoneSettings(
waf="on",
),
)
}
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=set_mocked_cloudflare_provider(),
),
mock.patch(
"prowler.providers.cloudflare.services.zones.zones_waf_enabled.zones_waf_enabled.zones_client",
new=zones_client,
),
):
from prowler.providers.cloudflare.services.zones.zones_waf_enabled.zones_waf_enabled import (
zones_waf_enabled,
)
check = zones_waf_enabled()
result = check.execute()
assert len(result) == 1
assert result[0].resource_id == ZONE_ID
assert result[0].resource_name == ZONE_NAME
assert result[0].status == "PASS"
assert "WAF is enabled" in result[0].status_extended
def test_zone_waf_disabled(self):
zones_client = mock.MagicMock
zones_client.zones = {
ZONE_ID: CloudflareZone(
id=ZONE_ID,
name=ZONE_NAME,
status="active",
paused=False,
settings=CloudflareZoneSettings(
waf="off",
),
)
}
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=set_mocked_cloudflare_provider(),
),
mock.patch(
"prowler.providers.cloudflare.services.zones.zones_waf_enabled.zones_waf_enabled.zones_client",
new=zones_client,
),
):
from prowler.providers.cloudflare.services.zones.zones_waf_enabled.zones_waf_enabled import (
zones_waf_enabled,
)
check = zones_waf_enabled()
result = check.execute()
assert len(result) == 1
assert result[0].status == "FAIL"
assert "WAF is not enabled" in result[0].status_extended
def test_zone_waf_none(self):
zones_client = mock.MagicMock
zones_client.zones = {
ZONE_ID: CloudflareZone(
id=ZONE_ID,
name=ZONE_NAME,
status="active",
paused=False,
settings=CloudflareZoneSettings(
waf=None,
),
)
}
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=set_mocked_cloudflare_provider(),
),
mock.patch(
"prowler.providers.cloudflare.services.zones.zones_waf_enabled.zones_waf_enabled.zones_client",
new=zones_client,
),
):
from prowler.providers.cloudflare.services.zones.zones_waf_enabled.zones_waf_enabled import (
zones_waf_enabled,
)
check = zones_waf_enabled()
result = check.execute()
assert len(result) == 1
assert result[0].status == "FAIL"