ben.carrasco/prowler
1
0
Fork 0
mirror of https://github.com/prowler-cloud/prowler.git synced 2026-03-22 03:08:23 +00:00
Code Issues Packages Projects Releases Wiki Activity

chore: add missing check tests

Browse Source
This commit is contained in:
Daniel Barranquero
2026-03-17 16:30:25 +01:00
parent 109ee80836
commit a25c5d4e6a
43 changed files with 2393 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

0
tests/providers/vercel/services/authentication/authentication_no_stale_tokens/__init__.py Normal file
View File

133
tests/providers/vercel/services/authentication/authentication_no_stale_tokens/authentication_no_stale_tokens_test.py Normal file
View File

@@ -0,0 +1,133 @@
from datetime import datetime, timedelta, timezone
from unittest import mock
from prowler.providers.vercel.services.authentication.authentication_service import (
VercelAuthToken,
)
from tests.providers.vercel.vercel_fixtures import set_mocked_vercel_provider
class Test_authentication_no_stale_tokens:
def test_no_tokens(self):
authentication_client = mock.MagicMock
authentication_client.tokens = {}
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=set_mocked_vercel_provider(),
),
mock.patch(
"prowler.providers.vercel.services.authentication.authentication_no_stale_tokens.authentication_no_stale_tokens.authentication_client",
new=authentication_client,
),
):
from prowler.providers.vercel.services.authentication.authentication_no_stale_tokens.authentication_no_stale_tokens import (
authentication_no_stale_tokens,
)
check = authentication_no_stale_tokens()
result = check.execute()
assert len(result) == 0
def test_token_active_recently(self):
token_id = "tok_1"
token_name = "Recent Token"
authentication_client = mock.MagicMock
authentication_client.tokens = {
token_id: VercelAuthToken(
id=token_id,
name=token_name,
active_at=datetime.now(timezone.utc) - timedelta(days=10),
)
}
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=set_mocked_vercel_provider(),
),
mock.patch(
"prowler.providers.vercel.services.authentication.authentication_no_stale_tokens.authentication_no_stale_tokens.authentication_client",
new=authentication_client,
),
):
from prowler.providers.vercel.services.authentication.authentication_no_stale_tokens.authentication_no_stale_tokens import (
authentication_no_stale_tokens,
)
check = authentication_no_stale_tokens()
result = check.execute()
assert len(result) == 1
assert result[0].resource_id == token_id
assert result[0].resource_name == token_name
assert result[0].status == "PASS"
assert "was last active on" in result[0].status_extended
def test_token_stale_90_days(self):
token_id = "tok_2"
token_name = "Stale Token"
authentication_client = mock.MagicMock
authentication_client.tokens = {
token_id: VercelAuthToken(
id=token_id,
name=token_name,
active_at=datetime.now(timezone.utc) - timedelta(days=120),
)
}
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=set_mocked_vercel_provider(),
),
mock.patch(
"prowler.providers.vercel.services.authentication.authentication_no_stale_tokens.authentication_no_stale_tokens.authentication_client",
new=authentication_client,
),
):
from prowler.providers.vercel.services.authentication.authentication_no_stale_tokens.authentication_no_stale_tokens import (
authentication_no_stale_tokens,
)
check = authentication_no_stale_tokens()
result = check.execute()
assert len(result) == 1
assert result[0].resource_id == token_id
assert result[0].resource_name == token_name
assert result[0].status == "FAIL"
assert "has not been used for" in result[0].status_extended
def test_token_no_activity(self):
token_id = "tok_3"
token_name = "Never Used Token"
authentication_client = mock.MagicMock
authentication_client.tokens = {
token_id: VercelAuthToken(
id=token_id,
name=token_name,
active_at=None,
)
}
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=set_mocked_vercel_provider(),
),
mock.patch(
"prowler.providers.vercel.services.authentication.authentication_no_stale_tokens.authentication_no_stale_tokens.authentication_client",
new=authentication_client,
),
):
from prowler.providers.vercel.services.authentication.authentication_no_stale_tokens.authentication_no_stale_tokens import (
authentication_no_stale_tokens,
)
check = authentication_no_stale_tokens()
result = check.execute()
assert len(result) == 1
assert result[0].resource_id == token_id
assert result[0].resource_name == token_name
assert result[0].status == "FAIL"
assert "no recorded activity" in result[0].status_extended

0
tests/providers/vercel/services/deployment/deployment_production_uses_stable_target/__init__.py Normal file
View File

143
tests/providers/vercel/services/deployment/deployment_production_uses_stable_target/deployment_production_uses_stable_target_test.py Normal file
View File

@@ -0,0 +1,143 @@
from unittest import mock
from prowler.providers.vercel.services.deployment.deployment_service import (
VercelDeployment,
)
from tests.providers.vercel.vercel_fixtures import (
DEPLOYMENT_ID,
PROJECT_ID,
PROJECT_NAME,
TEAM_ID,
set_mocked_vercel_provider,
)
class Test_deployment_production_uses_stable_target:
def test_no_deployments(self):
deployment_client = mock.MagicMock
deployment_client.deployments = {}
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=set_mocked_vercel_provider(),
),
mock.patch(
"prowler.providers.vercel.services.deployment.deployment_production_uses_stable_target.deployment_production_uses_stable_target.deployment_client",
new=deployment_client,
),
):
from prowler.providers.vercel.services.deployment.deployment_production_uses_stable_target.deployment_production_uses_stable_target import (
deployment_production_uses_stable_target,
)
check = deployment_production_uses_stable_target()
result = check.execute()
assert len(result) == 0
def test_stable_branch(self):
deployment_client = mock.MagicMock
deployment_client.deployments = {
DEPLOYMENT_ID: VercelDeployment(
id=DEPLOYMENT_ID,
name="my-app-abc123",
target="production",
git_source={"branch": "main"},
project_id=PROJECT_ID,
project_name=PROJECT_NAME,
team_id=TEAM_ID,
)
}
deployment_client.audit_config = {"stable_branches": ["main", "master"]}
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=set_mocked_vercel_provider(),
),
mock.patch(
"prowler.providers.vercel.services.deployment.deployment_production_uses_stable_target.deployment_production_uses_stable_target.deployment_client",
new=deployment_client,
),
):
from prowler.providers.vercel.services.deployment.deployment_production_uses_stable_target.deployment_production_uses_stable_target import (
deployment_production_uses_stable_target,
)
check = deployment_production_uses_stable_target()
result = check.execute()
assert len(result) == 1
assert result[0].resource_id == DEPLOYMENT_ID
assert result[0].resource_name == "my-app-abc123"
assert result[0].status == "PASS"
assert "stable branch" in result[0].status_extended
def test_non_stable_branch(self):
deployment_client = mock.MagicMock
deployment_client.deployments = {
DEPLOYMENT_ID: VercelDeployment(
id=DEPLOYMENT_ID,
name="my-app-abc123",
target="production",
git_source={"branch": "feature-xyz"},
project_id=PROJECT_ID,
project_name=PROJECT_NAME,
team_id=TEAM_ID,
)
}
deployment_client.audit_config = {"stable_branches": ["main", "master"]}
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=set_mocked_vercel_provider(),
),
mock.patch(
"prowler.providers.vercel.services.deployment.deployment_production_uses_stable_target.deployment_production_uses_stable_target.deployment_client",
new=deployment_client,
),
):
from prowler.providers.vercel.services.deployment.deployment_production_uses_stable_target.deployment_production_uses_stable_target import (
deployment_production_uses_stable_target,
)
check = deployment_production_uses_stable_target()
result = check.execute()
assert len(result) == 1
assert result[0].resource_id == DEPLOYMENT_ID
assert result[0].resource_name == "my-app-abc123"
assert result[0].status == "FAIL"
assert "instead of a" in result[0].status_extended
def test_non_production_skipped(self):
deployment_client = mock.MagicMock
deployment_client.deployments = {
DEPLOYMENT_ID: VercelDeployment(
id=DEPLOYMENT_ID,
name="my-app-abc123",
target="preview",
git_source={"branch": "feature-xyz"},
project_id=PROJECT_ID,
project_name=PROJECT_NAME,
team_id=TEAM_ID,
)
}
deployment_client.audit_config = {"stable_branches": ["main", "master"]}
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=set_mocked_vercel_provider(),
),
mock.patch(
"prowler.providers.vercel.services.deployment.deployment_production_uses_stable_target.deployment_production_uses_stable_target.deployment_client",
new=deployment_client,
),
):
from prowler.providers.vercel.services.deployment.deployment_production_uses_stable_target.deployment_production_uses_stable_target import (
deployment_production_uses_stable_target,
)
check = deployment_production_uses_stable_target()
result = check.execute()
assert len(result) == 0

0
tests/providers/vercel/services/domain/domain_dns_properly_configured/__init__.py Normal file
View File

100
tests/providers/vercel/services/domain/domain_dns_properly_configured/domain_dns_properly_configured_test.py Normal file
View File

@@ -0,0 +1,100 @@
from unittest import mock
from prowler.providers.vercel.services.domain.domain_service import VercelDomain
from tests.providers.vercel.vercel_fixtures import (
DOMAIN_NAME,
TEAM_ID,
set_mocked_vercel_provider,
)
DOMAIN_ID = "dom_test001"
class Test_domain_dns_properly_configured:
def test_no_domains(self):
domain_client = mock.MagicMock
domain_client.domains = {}
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=set_mocked_vercel_provider(),
),
mock.patch(
"prowler.providers.vercel.services.domain.domain_dns_properly_configured.domain_dns_properly_configured.domain_client",
new=domain_client,
),
):
from prowler.providers.vercel.services.domain.domain_dns_properly_configured.domain_dns_properly_configured import (
domain_dns_properly_configured,
)
check = domain_dns_properly_configured()
result = check.execute()
assert len(result) == 0
def test_configured(self):
domain_client = mock.MagicMock
domain_client.domains = {
DOMAIN_NAME: VercelDomain(
name=DOMAIN_NAME,
id=DOMAIN_ID,
configured=True,
team_id=TEAM_ID,
)
}
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=set_mocked_vercel_provider(),
),
mock.patch(
"prowler.providers.vercel.services.domain.domain_dns_properly_configured.domain_dns_properly_configured.domain_client",
new=domain_client,
),
):
from prowler.providers.vercel.services.domain.domain_dns_properly_configured.domain_dns_properly_configured import (
domain_dns_properly_configured,
)
check = domain_dns_properly_configured()
result = check.execute()
assert len(result) == 1
assert result[0].resource_id == DOMAIN_ID
assert result[0].resource_name == DOMAIN_NAME
assert result[0].status == "PASS"
assert "has DNS properly configured" in result[0].status_extended
def test_not_configured(self):
domain_client = mock.MagicMock
domain_client.domains = {
DOMAIN_NAME: VercelDomain(
name=DOMAIN_NAME,
id=DOMAIN_ID,
configured=False,
team_id=TEAM_ID,
)
}
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=set_mocked_vercel_provider(),
),
mock.patch(
"prowler.providers.vercel.services.domain.domain_dns_properly_configured.domain_dns_properly_configured.domain_client",
new=domain_client,
),
):
from prowler.providers.vercel.services.domain.domain_dns_properly_configured.domain_dns_properly_configured import (
domain_dns_properly_configured,
)
check = domain_dns_properly_configured()
result = check.execute()
assert len(result) == 1
assert result[0].resource_id == DOMAIN_ID
assert result[0].resource_name == DOMAIN_NAME
assert result[0].status == "FAIL"
assert "does not have DNS properly configured" in result[0].status_extended

0
tests/providers/vercel/services/domain/domain_no_wildcard_dns_exposure/__init__.py Normal file
View File

108
tests/providers/vercel/services/domain/domain_no_wildcard_dns_exposure/domain_no_wildcard_dns_exposure_test.py Normal file
View File

@@ -0,0 +1,108 @@
from unittest import mock
from prowler.providers.vercel.services.domain.domain_service import VercelDomain
from tests.providers.vercel.vercel_fixtures import (
DOMAIN_NAME,
TEAM_ID,
set_mocked_vercel_provider,
)
DOMAIN_ID = "dom_test001"
class Test_domain_no_wildcard_dns_exposure:
def test_no_domains(self):
domain_client = mock.MagicMock
domain_client.domains = {}
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=set_mocked_vercel_provider(),
),
mock.patch(
"prowler.providers.vercel.services.domain.domain_no_wildcard_dns_exposure.domain_no_wildcard_dns_exposure.domain_client",
new=domain_client,
),
):
from prowler.providers.vercel.services.domain.domain_no_wildcard_dns_exposure.domain_no_wildcard_dns_exposure import (
domain_no_wildcard_dns_exposure,
)
check = domain_no_wildcard_dns_exposure()
result = check.execute()
assert len(result) == 0
def test_no_wildcard_records(self):
domain_client = mock.MagicMock
domain_client.domains = {
DOMAIN_NAME: VercelDomain(
name=DOMAIN_NAME,
id=DOMAIN_ID,
dns_records=[
{"name": "www", "type": "CNAME", "value": "cname.vercel-dns.com"}
],
team_id=TEAM_ID,
)
}
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=set_mocked_vercel_provider(),
),
mock.patch(
"prowler.providers.vercel.services.domain.domain_no_wildcard_dns_exposure.domain_no_wildcard_dns_exposure.domain_client",
new=domain_client,
),
):
from prowler.providers.vercel.services.domain.domain_no_wildcard_dns_exposure.domain_no_wildcard_dns_exposure import (
domain_no_wildcard_dns_exposure,
)
check = domain_no_wildcard_dns_exposure()
result = check.execute()
assert len(result) == 1
assert result[0].resource_id == DOMAIN_ID
assert result[0].resource_name == DOMAIN_NAME
assert result[0].status == "PASS"
assert "no wildcard DNS records" in result[0].status_extended
def test_has_wildcard_records(self):
domain_client = mock.MagicMock
domain_client.domains = {
DOMAIN_NAME: VercelDomain(
name=DOMAIN_NAME,
id=DOMAIN_ID,
dns_records=[
{
"name": "*.example.com",
"type": "CNAME",
"value": "cname.vercel-dns.com",
},
],
team_id=TEAM_ID,
)
}
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=set_mocked_vercel_provider(),
),
mock.patch(
"prowler.providers.vercel.services.domain.domain_no_wildcard_dns_exposure.domain_no_wildcard_dns_exposure.domain_client",
new=domain_client,
),
):
from prowler.providers.vercel.services.domain.domain_no_wildcard_dns_exposure.domain_no_wildcard_dns_exposure import (
domain_no_wildcard_dns_exposure,
)
check = domain_no_wildcard_dns_exposure()
result = check.execute()
assert len(result) == 1
assert result[0].resource_id == DOMAIN_ID
assert result[0].resource_name == DOMAIN_NAME
assert result[0].status == "FAIL"
assert "wildcard DNS" in result[0].status_extended

0
tests/providers/vercel/services/domain/domain_verified/__init__.py Normal file
View File

100
tests/providers/vercel/services/domain/domain_verified/domain_verified_test.py Normal file
View File

@@ -0,0 +1,100 @@
from unittest import mock
from prowler.providers.vercel.services.domain.domain_service import VercelDomain
from tests.providers.vercel.vercel_fixtures import (
DOMAIN_NAME,
TEAM_ID,
set_mocked_vercel_provider,
)
DOMAIN_ID = "dom_test001"
class Test_domain_verified:
def test_no_domains(self):
domain_client = mock.MagicMock
domain_client.domains = {}
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=set_mocked_vercel_provider(),
),
mock.patch(
"prowler.providers.vercel.services.domain.domain_verified.domain_verified.domain_client",
new=domain_client,
),
):
from prowler.providers.vercel.services.domain.domain_verified.domain_verified import (
domain_verified,
)
check = domain_verified()
result = check.execute()
assert len(result) == 0
def test_verified(self):
domain_client = mock.MagicMock
domain_client.domains = {
DOMAIN_NAME: VercelDomain(
name=DOMAIN_NAME,
id=DOMAIN_ID,
verified=True,
team_id=TEAM_ID,
)
}
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=set_mocked_vercel_provider(),
),
mock.patch(
"prowler.providers.vercel.services.domain.domain_verified.domain_verified.domain_client",
new=domain_client,
),
):
from prowler.providers.vercel.services.domain.domain_verified.domain_verified import (
domain_verified,
)
check = domain_verified()
result = check.execute()
assert len(result) == 1
assert result[0].resource_id == DOMAIN_ID
assert result[0].resource_name == DOMAIN_NAME
assert result[0].status == "PASS"
assert "is verified" in result[0].status_extended
def test_not_verified(self):
domain_client = mock.MagicMock
domain_client.domains = {
DOMAIN_NAME: VercelDomain(
name=DOMAIN_NAME,
id=DOMAIN_ID,
verified=False,
team_id=TEAM_ID,
)
}
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=set_mocked_vercel_provider(),
),
mock.patch(
"prowler.providers.vercel.services.domain.domain_verified.domain_verified.domain_client",
new=domain_client,
),
):
from prowler.providers.vercel.services.domain.domain_verified.domain_verified import (
domain_verified,
)
check = domain_verified()
result = check.execute()
assert len(result) == 1
assert result[0].resource_id == DOMAIN_ID
assert result[0].resource_name == DOMAIN_NAME
assert result[0].status == "FAIL"
assert "is not verified" in result[0].status_extended

2
tests/providers/vercel/services/project/project_auto_expose_system_env_disabled/project_auto_expose_system_env_disabled_test.py
View File

@@ -93,5 +93,7 @@ class Test_project_auto_expose_system_env_disabled:
check = project_auto_expose_system_env_disabled()
result = check.execute()
assert len(result) == 1
assert result[0].resource_id == PROJECT_ID
assert result[0].resource_name == PROJECT_NAME
assert result[0].status == "FAIL"
assert "automatically exposes system" in result[0].status_extended

4
tests/providers/vercel/services/project/project_deployment_protection_enabled/project_deployment_protection_enabled_test.py
View File

@@ -100,6 +100,8 @@ class Test_project_deployment_protection_enabled:
check = project_deployment_protection_enabled()
result = check.execute()
assert len(result) == 1
assert result[0].resource_id == PROJECT_ID
assert result[0].resource_name == PROJECT_NAME
assert result[0].status == "FAIL"
assert "does not have deployment protection" in result[0].status_extended
@@ -131,4 +133,6 @@ class Test_project_deployment_protection_enabled:
check = project_deployment_protection_enabled()
result = check.execute()
assert len(result) == 1
assert result[0].resource_id == PROJECT_ID
assert result[0].resource_name == PROJECT_NAME
assert result[0].status == "FAIL"

0
tests/providers/vercel/services/project/project_directory_listing_disabled/__init__.py Normal file
View File

99
tests/providers/vercel/services/project/project_directory_listing_disabled/project_directory_listing_disabled_test.py Normal file
View File

@@ -0,0 +1,99 @@
from unittest import mock
from prowler.providers.vercel.services.project.project_service import VercelProject
from tests.providers.vercel.vercel_fixtures import (
PROJECT_ID,
PROJECT_NAME,
TEAM_ID,
set_mocked_vercel_provider,
)
class Test_project_directory_listing_disabled:
def test_no_projects(self):
project_client = mock.MagicMock
project_client.projects = {}
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=set_mocked_vercel_provider(),
),
mock.patch(
"prowler.providers.vercel.services.project.project_directory_listing_disabled.project_directory_listing_disabled.project_client",
new=project_client,
),
):
from prowler.providers.vercel.services.project.project_directory_listing_disabled.project_directory_listing_disabled import (
project_directory_listing_disabled,
)
check = project_directory_listing_disabled()
result = check.execute()
assert len(result) == 0
def test_listing_disabled(self):
project_client = mock.MagicMock
project_client.projects = {
PROJECT_ID: VercelProject(
id=PROJECT_ID,
name=PROJECT_NAME,
team_id=TEAM_ID,
directory_listing=False,
)
}
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=set_mocked_vercel_provider(),
),
mock.patch(
"prowler.providers.vercel.services.project.project_directory_listing_disabled.project_directory_listing_disabled.project_client",
new=project_client,
),
):
from prowler.providers.vercel.services.project.project_directory_listing_disabled.project_directory_listing_disabled import (
project_directory_listing_disabled,
)
check = project_directory_listing_disabled()
result = check.execute()
assert len(result) == 1
assert result[0].resource_id == PROJECT_ID
assert result[0].resource_name == PROJECT_NAME
assert result[0].status == "PASS"
assert "has directory listing disabled" in result[0].status_extended
def test_listing_enabled(self):
project_client = mock.MagicMock
project_client.projects = {
PROJECT_ID: VercelProject(
id=PROJECT_ID,
name=PROJECT_NAME,
team_id=TEAM_ID,
directory_listing=True,
)
}
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=set_mocked_vercel_provider(),
),
mock.patch(
"prowler.providers.vercel.services.project.project_directory_listing_disabled.project_directory_listing_disabled.project_client",
new=project_client,
),
):
from prowler.providers.vercel.services.project.project_directory_listing_disabled.project_directory_listing_disabled import (
project_directory_listing_disabled,
)
check = project_directory_listing_disabled()
result = check.execute()
assert len(result) == 1
assert result[0].resource_id == PROJECT_ID
assert result[0].resource_name == PROJECT_NAME
assert result[0].status == "FAIL"
assert "has directory listing enabled" in result[0].status_extended

0
tests/providers/vercel/services/project/project_environment_no_overly_broad_target/__init__.py Normal file
View File

118
tests/providers/vercel/services/project/project_environment_no_overly_broad_target/project_environment_no_overly_broad_target_test.py Normal file
View File

@@ -0,0 +1,118 @@
from unittest import mock
from prowler.providers.vercel.services.project.project_service import (
VercelEnvironmentVariable,
VercelProject,
)
from tests.providers.vercel.vercel_fixtures import (
PROJECT_ID,
PROJECT_NAME,
TEAM_ID,
set_mocked_vercel_provider,
)
class Test_project_environment_no_overly_broad_target:
def test_no_projects(self):
project_client = mock.MagicMock
project_client.projects = {}
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=set_mocked_vercel_provider(),
),
mock.patch(
"prowler.providers.vercel.services.project.project_environment_no_overly_broad_target.project_environment_no_overly_broad_target.project_client",
new=project_client,
),
):
from prowler.providers.vercel.services.project.project_environment_no_overly_broad_target.project_environment_no_overly_broad_target import (
project_environment_no_overly_broad_target,
)
check = project_environment_no_overly_broad_target()
result = check.execute()
assert len(result) == 0
def test_no_broad_vars(self):
project_client = mock.MagicMock
project_client.projects = {
PROJECT_ID: VercelProject(
id=PROJECT_ID,
name=PROJECT_NAME,
team_id=TEAM_ID,
environment_variables=[
VercelEnvironmentVariable(
id="env_001",
key="DATABASE_URL",
type="encrypted",
target=["production"],
project_id=PROJECT_ID,
),
],
)
}
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=set_mocked_vercel_provider(),
),
mock.patch(
"prowler.providers.vercel.services.project.project_environment_no_overly_broad_target.project_environment_no_overly_broad_target.project_client",
new=project_client,
),
):
from prowler.providers.vercel.services.project.project_environment_no_overly_broad_target.project_environment_no_overly_broad_target import (
project_environment_no_overly_broad_target,
)
check = project_environment_no_overly_broad_target()
result = check.execute()
assert len(result) == 1
assert result[0].resource_id == PROJECT_ID
assert result[0].resource_name == PROJECT_NAME
assert result[0].status == "PASS"
assert "no environment variables targeting" in result[0].status_extended
def test_var_targets_all_envs(self):
project_client = mock.MagicMock
project_client.projects = {
PROJECT_ID: VercelProject(
id=PROJECT_ID,
name=PROJECT_NAME,
team_id=TEAM_ID,
environment_variables=[
VercelEnvironmentVariable(
id="env_002",
key="SHARED_VAR",
type="plain",
target=["production", "preview", "development"],
project_id=PROJECT_ID,
),
],
)
}
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=set_mocked_vercel_provider(),
),
mock.patch(
"prowler.providers.vercel.services.project.project_environment_no_overly_broad_target.project_environment_no_overly_broad_target.project_client",
new=project_client,
),
):
from prowler.providers.vercel.services.project.project_environment_no_overly_broad_target.project_environment_no_overly_broad_target import (
project_environment_no_overly_broad_target,
)
check = project_environment_no_overly_broad_target()
result = check.execute()
assert len(result) == 1
assert result[0].resource_id == PROJECT_ID
assert result[0].resource_name == PROJECT_NAME
assert result[0].status == "FAIL"
assert "targeting all three environments" in result[0].status_extended

0
tests/providers/vercel/services/project/project_environment_no_secrets_in_plain_type/__init__.py Normal file
View File

156
tests/providers/vercel/services/project/project_environment_no_secrets_in_plain_type/project_environment_no_secrets_in_plain_type_test.py Normal file
View File

@@ -0,0 +1,156 @@
from unittest import mock
from prowler.providers.vercel.services.project.project_service import (
VercelEnvironmentVariable,
VercelProject,
)
from tests.providers.vercel.vercel_fixtures import (
PROJECT_ID,
PROJECT_NAME,
TEAM_ID,
set_mocked_vercel_provider,
)
class Test_project_environment_no_secrets_in_plain_type:
def test_no_projects(self):
project_client = mock.MagicMock
project_client.projects = {}
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=set_mocked_vercel_provider(),
),
mock.patch(
"prowler.providers.vercel.services.project.project_environment_no_secrets_in_plain_type.project_environment_no_secrets_in_plain_type.project_client",
new=project_client,
),
):
from prowler.providers.vercel.services.project.project_environment_no_secrets_in_plain_type.project_environment_no_secrets_in_plain_type import (
project_environment_no_secrets_in_plain_type,
)
check = project_environment_no_secrets_in_plain_type()
result = check.execute()
assert len(result) == 0
def test_no_secret_keys_plain(self):
project_client = mock.MagicMock
project_client.projects = {
PROJECT_ID: VercelProject(
id=PROJECT_ID,
name=PROJECT_NAME,
team_id=TEAM_ID,
environment_variables=[
VercelEnvironmentVariable(
id="env_001",
key="DATABASE_PASSWORD",
type="encrypted",
project_id=PROJECT_ID,
),
],
)
}
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=set_mocked_vercel_provider(),
),
mock.patch(
"prowler.providers.vercel.services.project.project_environment_no_secrets_in_plain_type.project_environment_no_secrets_in_plain_type.project_client",
new=project_client,
),
):
from prowler.providers.vercel.services.project.project_environment_no_secrets_in_plain_type.project_environment_no_secrets_in_plain_type import (
project_environment_no_secrets_in_plain_type,
)
check = project_environment_no_secrets_in_plain_type()
result = check.execute()
assert len(result) == 1
assert result[0].resource_id == PROJECT_ID
assert result[0].resource_name == PROJECT_NAME
assert result[0].status == "PASS"
assert "no secret-like environment variables" in result[0].status_extended
def test_secret_key_plain(self):
project_client = mock.MagicMock
project_client.projects = {
PROJECT_ID: VercelProject(
id=PROJECT_ID,
name=PROJECT_NAME,
team_id=TEAM_ID,
environment_variables=[
VercelEnvironmentVariable(
id="env_002",
key="MY_API_KEY",
type="plain",
project_id=PROJECT_ID,
),
],
)
}
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=set_mocked_vercel_provider(),
),
mock.patch(
"prowler.providers.vercel.services.project.project_environment_no_secrets_in_plain_type.project_environment_no_secrets_in_plain_type.project_client",
new=project_client,
),
):
from prowler.providers.vercel.services.project.project_environment_no_secrets_in_plain_type.project_environment_no_secrets_in_plain_type import (
project_environment_no_secrets_in_plain_type,
)
check = project_environment_no_secrets_in_plain_type()
result = check.execute()
assert len(result) == 1
assert result[0].resource_id == PROJECT_ID
assert result[0].resource_name == PROJECT_NAME
assert result[0].status == "FAIL"
assert "stored as plain text" in result[0].status_extended
def test_non_secret_key_plain(self):
project_client = mock.MagicMock
project_client.projects = {
PROJECT_ID: VercelProject(
id=PROJECT_ID,
name=PROJECT_NAME,
team_id=TEAM_ID,
environment_variables=[
VercelEnvironmentVariable(
id="env_003",
key="APP_NAME",
type="plain",
project_id=PROJECT_ID,
),
],
)
}
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=set_mocked_vercel_provider(),
),
mock.patch(
"prowler.providers.vercel.services.project.project_environment_no_secrets_in_plain_type.project_environment_no_secrets_in_plain_type.project_client",
new=project_client,
),
):
from prowler.providers.vercel.services.project.project_environment_no_secrets_in_plain_type.project_environment_no_secrets_in_plain_type import (
project_environment_no_secrets_in_plain_type,
)
check = project_environment_no_secrets_in_plain_type()
result = check.execute()
assert len(result) == 1
assert result[0].resource_id == PROJECT_ID
assert result[0].resource_name == PROJECT_NAME
assert result[0].status == "PASS"
assert "no secret-like environment variables" in result[0].status_extended

0
tests/providers/vercel/services/project/project_environment_production_vars_not_in_preview/__init__.py Normal file
View File

159
tests/providers/vercel/services/project/project_environment_production_vars_not_in_preview/project_environment_production_vars_not_in_preview_test.py Normal file
View File

@@ -0,0 +1,159 @@
from unittest import mock
from prowler.providers.vercel.services.project.project_service import (
VercelEnvironmentVariable,
VercelProject,
)
from tests.providers.vercel.vercel_fixtures import (
PROJECT_ID,
PROJECT_NAME,
TEAM_ID,
set_mocked_vercel_provider,
)
class Test_project_environment_production_vars_not_in_preview:
def test_no_projects(self):
project_client = mock.MagicMock
project_client.projects = {}
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=set_mocked_vercel_provider(),
),
mock.patch(
"prowler.providers.vercel.services.project.project_environment_production_vars_not_in_preview.project_environment_production_vars_not_in_preview.project_client",
new=project_client,
),
):
from prowler.providers.vercel.services.project.project_environment_production_vars_not_in_preview.project_environment_production_vars_not_in_preview import (
project_environment_production_vars_not_in_preview,
)
check = project_environment_production_vars_not_in_preview()
result = check.execute()
assert len(result) == 0
def test_prod_only_secret(self):
project_client = mock.MagicMock
project_client.projects = {
PROJECT_ID: VercelProject(
id=PROJECT_ID,
name=PROJECT_NAME,
team_id=TEAM_ID,
environment_variables=[
VercelEnvironmentVariable(
id="env_001",
key="DB_PASSWORD",
type="secret",
target=["production"],
project_id=PROJECT_ID,
),
],
)
}
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=set_mocked_vercel_provider(),
),
mock.patch(
"prowler.providers.vercel.services.project.project_environment_production_vars_not_in_preview.project_environment_production_vars_not_in_preview.project_client",
new=project_client,
),
):
from prowler.providers.vercel.services.project.project_environment_production_vars_not_in_preview.project_environment_production_vars_not_in_preview import (
project_environment_production_vars_not_in_preview,
)
check = project_environment_production_vars_not_in_preview()
result = check.execute()
assert len(result) == 1
assert result[0].resource_id == PROJECT_ID
assert result[0].resource_name == PROJECT_NAME
assert result[0].status == "PASS"
assert "no sensitive production environment" in result[0].status_extended
def test_prod_and_preview_secret(self):
project_client = mock.MagicMock
project_client.projects = {
PROJECT_ID: VercelProject(
id=PROJECT_ID,
name=PROJECT_NAME,
team_id=TEAM_ID,
environment_variables=[
VercelEnvironmentVariable(
id="env_002",
key="DB_PASSWORD",
type="secret",
target=["production", "preview"],
project_id=PROJECT_ID,
),
],
)
}
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=set_mocked_vercel_provider(),
),
mock.patch(
"prowler.providers.vercel.services.project.project_environment_production_vars_not_in_preview.project_environment_production_vars_not_in_preview.project_client",
new=project_client,
),
):
from prowler.providers.vercel.services.project.project_environment_production_vars_not_in_preview.project_environment_production_vars_not_in_preview import (
project_environment_production_vars_not_in_preview,
)
check = project_environment_production_vars_not_in_preview()
result = check.execute()
assert len(result) == 1
assert result[0].resource_id == PROJECT_ID
assert result[0].resource_name == PROJECT_NAME
assert result[0].status == "FAIL"
assert "also targeting preview" in result[0].status_extended
def test_prod_and_preview_plain(self):
project_client = mock.MagicMock
project_client.projects = {
PROJECT_ID: VercelProject(
id=PROJECT_ID,
name=PROJECT_NAME,
team_id=TEAM_ID,
environment_variables=[
VercelEnvironmentVariable(
id="env_003",
key="APP_URL",
type="plain",
target=["production", "preview"],
project_id=PROJECT_ID,
),
],
)
}
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=set_mocked_vercel_provider(),
),
mock.patch(
"prowler.providers.vercel.services.project.project_environment_production_vars_not_in_preview.project_environment_production_vars_not_in_preview.project_client",
new=project_client,
),
):
from prowler.providers.vercel.services.project.project_environment_production_vars_not_in_preview.project_environment_production_vars_not_in_preview import (
project_environment_production_vars_not_in_preview,
)
check = project_environment_production_vars_not_in_preview()
result = check.execute()
assert len(result) == 1
assert result[0].resource_id == PROJECT_ID
assert result[0].resource_name == PROJECT_NAME
assert result[0].status == "PASS"
assert "no sensitive production environment" in result[0].status_extended

4
tests/providers/vercel/services/project/project_environment_sensitive_vars_encrypted/project_environment_sensitive_vars_encrypted_test.py
View File

@@ -110,6 +110,8 @@ class Test_project_environment_sensitive_vars_encrypted:
check = project_environment_sensitive_vars_encrypted()
result = check.execute()
assert len(result) == 1
assert result[0].resource_id == PROJECT_ID
assert result[0].resource_name == PROJECT_NAME
assert result[0].status == "FAIL"
assert "plain text" in result[0].status_extended
assert "API_KEY" in result[0].status_extended
@@ -149,5 +151,7 @@ class Test_project_environment_sensitive_vars_encrypted:
check = project_environment_sensitive_vars_encrypted()
result = check.execute()
assert len(result) == 1
assert result[0].resource_id == PROJECT_ID
assert result[0].resource_name == PROJECT_NAME
assert result[0].status == "PASS"
assert "properly encrypted" in result[0].status_extended

0
tests/providers/vercel/services/project/project_git_fork_protection_enabled/__init__.py Normal file
View File

99
tests/providers/vercel/services/project/project_git_fork_protection_enabled/project_git_fork_protection_enabled_test.py Normal file
View File

@@ -0,0 +1,99 @@
from unittest import mock
from prowler.providers.vercel.services.project.project_service import VercelProject
from tests.providers.vercel.vercel_fixtures import (
PROJECT_ID,
PROJECT_NAME,
TEAM_ID,
set_mocked_vercel_provider,
)
class Test_project_git_fork_protection_enabled:
def test_no_projects(self):
project_client = mock.MagicMock
project_client.projects = {}
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=set_mocked_vercel_provider(),
),
mock.patch(
"prowler.providers.vercel.services.project.project_git_fork_protection_enabled.project_git_fork_protection_enabled.project_client",
new=project_client,
),
):
from prowler.providers.vercel.services.project.project_git_fork_protection_enabled.project_git_fork_protection_enabled import (
project_git_fork_protection_enabled,
)
check = project_git_fork_protection_enabled()
result = check.execute()
assert len(result) == 0
def test_fork_protection_enabled(self):
project_client = mock.MagicMock
project_client.projects = {
PROJECT_ID: VercelProject(
id=PROJECT_ID,
name=PROJECT_NAME,
team_id=TEAM_ID,
git_fork_protection=True,
)
}
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=set_mocked_vercel_provider(),
),
mock.patch(
"prowler.providers.vercel.services.project.project_git_fork_protection_enabled.project_git_fork_protection_enabled.project_client",
new=project_client,
),
):
from prowler.providers.vercel.services.project.project_git_fork_protection_enabled.project_git_fork_protection_enabled import (
project_git_fork_protection_enabled,
)
check = project_git_fork_protection_enabled()
result = check.execute()
assert len(result) == 1
assert result[0].resource_id == PROJECT_ID
assert result[0].resource_name == PROJECT_NAME
assert result[0].status == "PASS"
assert "has Git fork protection enabled" in result[0].status_extended
def test_fork_protection_disabled(self):
project_client = mock.MagicMock
project_client.projects = {
PROJECT_ID: VercelProject(
id=PROJECT_ID,
name=PROJECT_NAME,
team_id=TEAM_ID,
git_fork_protection=False,
)
}
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=set_mocked_vercel_provider(),
),
mock.patch(
"prowler.providers.vercel.services.project.project_git_fork_protection_enabled.project_git_fork_protection_enabled.project_client",
new=project_client,
),
):
from prowler.providers.vercel.services.project.project_git_fork_protection_enabled.project_git_fork_protection_enabled import (
project_git_fork_protection_enabled,
)
check = project_git_fork_protection_enabled()
result = check.execute()
assert len(result) == 1
assert result[0].resource_id == PROJECT_ID
assert result[0].resource_name == PROJECT_NAME
assert result[0].status == "FAIL"
assert "does not have Git fork protection" in result[0].status_extended

0
tests/providers/vercel/services/project/project_password_protection_enabled/__init__.py Normal file
View File

99
tests/providers/vercel/services/project/project_password_protection_enabled/project_password_protection_enabled_test.py Normal file
View File

@@ -0,0 +1,99 @@
from unittest import mock
from prowler.providers.vercel.services.project.project_service import VercelProject
from tests.providers.vercel.vercel_fixtures import (
PROJECT_ID,
PROJECT_NAME,
TEAM_ID,
set_mocked_vercel_provider,
)
class Test_project_password_protection_enabled:
def test_no_projects(self):
project_client = mock.MagicMock
project_client.projects = {}
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=set_mocked_vercel_provider(),
),
mock.patch(
"prowler.providers.vercel.services.project.project_password_protection_enabled.project_password_protection_enabled.project_client",
new=project_client,
),
):
from prowler.providers.vercel.services.project.project_password_protection_enabled.project_password_protection_enabled import (
project_password_protection_enabled,
)
check = project_password_protection_enabled()
result = check.execute()
assert len(result) == 0
def test_password_protection_configured(self):
project_client = mock.MagicMock
project_client.projects = {
PROJECT_ID: VercelProject(
id=PROJECT_ID,
name=PROJECT_NAME,
team_id=TEAM_ID,
password_protection={"deployment_type": "all"},
)
}
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=set_mocked_vercel_provider(),
),
mock.patch(
"prowler.providers.vercel.services.project.project_password_protection_enabled.project_password_protection_enabled.project_client",
new=project_client,
),
):
from prowler.providers.vercel.services.project.project_password_protection_enabled.project_password_protection_enabled import (
project_password_protection_enabled,
)
check = project_password_protection_enabled()
result = check.execute()
assert len(result) == 1
assert result[0].resource_id == PROJECT_ID
assert result[0].resource_name == PROJECT_NAME
assert result[0].status == "PASS"
assert "has password protection configured" in result[0].status_extended
def test_no_password_protection(self):
project_client = mock.MagicMock
project_client.projects = {
PROJECT_ID: VercelProject(
id=PROJECT_ID,
name=PROJECT_NAME,
team_id=TEAM_ID,
password_protection=None,
)
}
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=set_mocked_vercel_provider(),
),
mock.patch(
"prowler.providers.vercel.services.project.project_password_protection_enabled.project_password_protection_enabled.project_client",
new=project_client,
),
):
from prowler.providers.vercel.services.project.project_password_protection_enabled.project_password_protection_enabled import (
project_password_protection_enabled,
)
check = project_password_protection_enabled()
result = check.execute()
assert len(result) == 1
assert result[0].resource_id == PROJECT_ID
assert result[0].resource_name == PROJECT_NAME
assert result[0].status == "FAIL"
assert "does not have password protection" in result[0].status_extended

0
tests/providers/vercel/services/project/project_production_deployment_protection_enabled/__init__.py Normal file
View File

139
tests/providers/vercel/services/project/project_production_deployment_protection_enabled/project_production_deployment_protection_enabled_test.py Normal file
View File

@@ -0,0 +1,139 @@
from unittest import mock
from prowler.providers.vercel.services.project.project_service import (
DeploymentProtectionConfig,
VercelProject,
)
from tests.providers.vercel.vercel_fixtures import (
PROJECT_ID,
PROJECT_NAME,
TEAM_ID,
set_mocked_vercel_provider,
)
class Test_project_production_deployment_protection_enabled:
def test_no_projects(self):
project_client = mock.MagicMock
project_client.projects = {}
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=set_mocked_vercel_provider(),
),
mock.patch(
"prowler.providers.vercel.services.project.project_production_deployment_protection_enabled.project_production_deployment_protection_enabled.project_client",
new=project_client,
),
):
from prowler.providers.vercel.services.project.project_production_deployment_protection_enabled.project_production_deployment_protection_enabled import (
project_production_deployment_protection_enabled,
)
check = project_production_deployment_protection_enabled()
result = check.execute()
assert len(result) == 0
def test_protection_enabled(self):
project_client = mock.MagicMock
project_client.projects = {
PROJECT_ID: VercelProject(
id=PROJECT_ID,
name=PROJECT_NAME,
team_id=TEAM_ID,
production_deployment_protection=DeploymentProtectionConfig(
level="standard",
),
)
}
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=set_mocked_vercel_provider(),
),
mock.patch(
"prowler.providers.vercel.services.project.project_production_deployment_protection_enabled.project_production_deployment_protection_enabled.project_client",
new=project_client,
),
):
from prowler.providers.vercel.services.project.project_production_deployment_protection_enabled.project_production_deployment_protection_enabled import (
project_production_deployment_protection_enabled,
)
check = project_production_deployment_protection_enabled()
result = check.execute()
assert len(result) == 1
assert result[0].resource_id == PROJECT_ID
assert result[0].resource_name == PROJECT_NAME
assert result[0].status == "PASS"
assert "production deployment protection" in result[0].status_extended
def test_protection_none_level(self):
project_client = mock.MagicMock
project_client.projects = {
PROJECT_ID: VercelProject(
id=PROJECT_ID,
name=PROJECT_NAME,
team_id=TEAM_ID,
production_deployment_protection=DeploymentProtectionConfig(
level="none",
),
)
}
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=set_mocked_vercel_provider(),
),
mock.patch(
"prowler.providers.vercel.services.project.project_production_deployment_protection_enabled.project_production_deployment_protection_enabled.project_client",
new=project_client,
),
):
from prowler.providers.vercel.services.project.project_production_deployment_protection_enabled.project_production_deployment_protection_enabled import (
project_production_deployment_protection_enabled,
)
check = project_production_deployment_protection_enabled()
result = check.execute()
assert len(result) == 1
assert result[0].resource_id == PROJECT_ID
assert result[0].resource_name == PROJECT_NAME
assert result[0].status == "FAIL"
assert "does not have deployment protection" in result[0].status_extended
def test_protection_null(self):
project_client = mock.MagicMock
project_client.projects = {
PROJECT_ID: VercelProject(
id=PROJECT_ID,
name=PROJECT_NAME,
team_id=TEAM_ID,
production_deployment_protection=None,
)
}
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=set_mocked_vercel_provider(),
),
mock.patch(
"prowler.providers.vercel.services.project.project_production_deployment_protection_enabled.project_production_deployment_protection_enabled.project_client",
new=project_client,
),
):
from prowler.providers.vercel.services.project.project_production_deployment_protection_enabled.project_production_deployment_protection_enabled import (
project_production_deployment_protection_enabled,
)
check = project_production_deployment_protection_enabled()
result = check.execute()
assert len(result) == 1
assert result[0].resource_id == PROJECT_ID
assert result[0].resource_name == PROJECT_NAME
assert result[0].status == "FAIL"
assert "does not have deployment protection" in result[0].status_extended

0
tests/providers/vercel/services/project/project_skew_protection_enabled/__init__.py Normal file
View File

99
tests/providers/vercel/services/project/project_skew_protection_enabled/project_skew_protection_enabled_test.py Normal file
View File

@@ -0,0 +1,99 @@
from unittest import mock
from prowler.providers.vercel.services.project.project_service import VercelProject
from tests.providers.vercel.vercel_fixtures import (
PROJECT_ID,
PROJECT_NAME,
TEAM_ID,
set_mocked_vercel_provider,
)
class Test_project_skew_protection_enabled:
def test_no_projects(self):
project_client = mock.MagicMock
project_client.projects = {}
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=set_mocked_vercel_provider(),
),
mock.patch(
"prowler.providers.vercel.services.project.project_skew_protection_enabled.project_skew_protection_enabled.project_client",
new=project_client,
),
):
from prowler.providers.vercel.services.project.project_skew_protection_enabled.project_skew_protection_enabled import (
project_skew_protection_enabled,
)
check = project_skew_protection_enabled()
result = check.execute()
assert len(result) == 0
def test_skew_protection_enabled(self):
project_client = mock.MagicMock
project_client.projects = {
PROJECT_ID: VercelProject(
id=PROJECT_ID,
name=PROJECT_NAME,
team_id=TEAM_ID,
skew_protection=True,
)
}
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=set_mocked_vercel_provider(),
),
mock.patch(
"prowler.providers.vercel.services.project.project_skew_protection_enabled.project_skew_protection_enabled.project_client",
new=project_client,
),
):
from prowler.providers.vercel.services.project.project_skew_protection_enabled.project_skew_protection_enabled import (
project_skew_protection_enabled,
)
check = project_skew_protection_enabled()
result = check.execute()
assert len(result) == 1
assert result[0].resource_id == PROJECT_ID
assert result[0].resource_name == PROJECT_NAME
assert result[0].status == "PASS"
assert "has skew protection enabled" in result[0].status_extended
def test_skew_protection_disabled(self):
project_client = mock.MagicMock
project_client.projects = {
PROJECT_ID: VercelProject(
id=PROJECT_ID,
name=PROJECT_NAME,
team_id=TEAM_ID,
skew_protection=False,
)
}
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=set_mocked_vercel_provider(),
),
mock.patch(
"prowler.providers.vercel.services.project.project_skew_protection_enabled.project_skew_protection_enabled.project_client",
new=project_client,
),
):
from prowler.providers.vercel.services.project.project_skew_protection_enabled.project_skew_protection_enabled import (
project_skew_protection_enabled,
)
check = project_skew_protection_enabled()
result = check.execute()
assert len(result) == 1
assert result[0].resource_id == PROJECT_ID
assert result[0].resource_name == PROJECT_NAME
assert result[0].status == "FAIL"
assert "does not have skew protection enabled" in result[0].status_extended

0
tests/providers/vercel/services/security/security_custom_rules_configured/__init__.py Normal file
View File

107
tests/providers/vercel/services/security/security_custom_rules_configured/security_custom_rules_configured_test.py Normal file
View File

@@ -0,0 +1,107 @@
from unittest import mock
from prowler.providers.vercel.services.security.security_service import (
VercelFirewallConfig,
)
from tests.providers.vercel.vercel_fixtures import (
PROJECT_ID,
PROJECT_NAME,
TEAM_ID,
set_mocked_vercel_provider,
)
class Test_security_custom_rules_configured:
def test_no_configs(self):
security_client = mock.MagicMock
security_client.firewall_configs = {}
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=set_mocked_vercel_provider(),
),
mock.patch(
"prowler.providers.vercel.services.security.security_custom_rules_configured.security_custom_rules_configured.security_client",
new=security_client,
),
):
from prowler.providers.vercel.services.security.security_custom_rules_configured.security_custom_rules_configured import (
security_custom_rules_configured,
)
check = security_custom_rules_configured()
result = check.execute()
assert len(result) == 0
def test_custom_rules_configured(self):
security_client = mock.MagicMock
security_client.firewall_configs = {
PROJECT_ID: VercelFirewallConfig(
project_id=PROJECT_ID,
project_name=PROJECT_NAME,
team_id=TEAM_ID,
custom_rules=[{"id": "rule1", "name": "Block bots"}],
id=PROJECT_ID,
name=PROJECT_NAME,
)
}
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=set_mocked_vercel_provider(),
),
mock.patch(
"prowler.providers.vercel.services.security.security_custom_rules_configured.security_custom_rules_configured.security_client",
new=security_client,
),
):
from prowler.providers.vercel.services.security.security_custom_rules_configured.security_custom_rules_configured import (
security_custom_rules_configured,
)
check = security_custom_rules_configured()
result = check.execute()
assert len(result) == 1
assert result[0].resource_id == PROJECT_ID
assert result[0].resource_name == PROJECT_NAME
assert result[0].status == "PASS"
assert "custom firewall rule(s) configured" in result[0].status_extended
def test_no_custom_rules(self):
security_client = mock.MagicMock
security_client.firewall_configs = {
PROJECT_ID: VercelFirewallConfig(
project_id=PROJECT_ID,
project_name=PROJECT_NAME,
team_id=TEAM_ID,
custom_rules=[],
id=PROJECT_ID,
name=PROJECT_NAME,
)
}
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=set_mocked_vercel_provider(),
),
mock.patch(
"prowler.providers.vercel.services.security.security_custom_rules_configured.security_custom_rules_configured.security_client",
new=security_client,
),
):
from prowler.providers.vercel.services.security.security_custom_rules_configured.security_custom_rules_configured import (
security_custom_rules_configured,
)
check = security_custom_rules_configured()
result = check.execute()
assert len(result) == 1
assert result[0].resource_id == PROJECT_ID
assert result[0].resource_name == PROJECT_NAME
assert result[0].status == "FAIL"
assert (
"does not have any custom firewall rules" in result[0].status_extended
)

0
tests/providers/vercel/services/security/security_ip_blocking_rules_configured/__init__.py Normal file
View File

105
tests/providers/vercel/services/security/security_ip_blocking_rules_configured/security_ip_blocking_rules_configured_test.py Normal file
View File

@@ -0,0 +1,105 @@
from unittest import mock
from prowler.providers.vercel.services.security.security_service import (
VercelFirewallConfig,
)
from tests.providers.vercel.vercel_fixtures import (
PROJECT_ID,
PROJECT_NAME,
TEAM_ID,
set_mocked_vercel_provider,
)
class Test_security_ip_blocking_rules_configured:
def test_no_configs(self):
security_client = mock.MagicMock
security_client.firewall_configs = {}
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=set_mocked_vercel_provider(),
),
mock.patch(
"prowler.providers.vercel.services.security.security_ip_blocking_rules_configured.security_ip_blocking_rules_configured.security_client",
new=security_client,
),
):
from prowler.providers.vercel.services.security.security_ip_blocking_rules_configured.security_ip_blocking_rules_configured import (
security_ip_blocking_rules_configured,
)
check = security_ip_blocking_rules_configured()
result = check.execute()
assert len(result) == 0
def test_ip_rules_configured(self):
security_client = mock.MagicMock
security_client.firewall_configs = {
PROJECT_ID: VercelFirewallConfig(
project_id=PROJECT_ID,
project_name=PROJECT_NAME,
team_id=TEAM_ID,
ip_blocking_rules=[{"id": "rule1", "ip": "192.168.1.0/24"}],
id=PROJECT_ID,
name=PROJECT_NAME,
)
}
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=set_mocked_vercel_provider(),
),
mock.patch(
"prowler.providers.vercel.services.security.security_ip_blocking_rules_configured.security_ip_blocking_rules_configured.security_client",
new=security_client,
),
):
from prowler.providers.vercel.services.security.security_ip_blocking_rules_configured.security_ip_blocking_rules_configured import (
security_ip_blocking_rules_configured,
)
check = security_ip_blocking_rules_configured()
result = check.execute()
assert len(result) == 1
assert result[0].resource_id == PROJECT_ID
assert result[0].resource_name == PROJECT_NAME
assert result[0].status == "PASS"
assert "IP blocking rule(s) configured" in result[0].status_extended
def test_no_ip_rules(self):
security_client = mock.MagicMock
security_client.firewall_configs = {
PROJECT_ID: VercelFirewallConfig(
project_id=PROJECT_ID,
project_name=PROJECT_NAME,
team_id=TEAM_ID,
ip_blocking_rules=[],
id=PROJECT_ID,
name=PROJECT_NAME,
)
}
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=set_mocked_vercel_provider(),
),
mock.patch(
"prowler.providers.vercel.services.security.security_ip_blocking_rules_configured.security_ip_blocking_rules_configured.security_client",
new=security_client,
),
):
from prowler.providers.vercel.services.security.security_ip_blocking_rules_configured.security_ip_blocking_rules_configured import (
security_ip_blocking_rules_configured,
)
check = security_ip_blocking_rules_configured()
result = check.execute()
assert len(result) == 1
assert result[0].resource_id == PROJECT_ID
assert result[0].resource_name == PROJECT_NAME
assert result[0].status == "FAIL"
assert "does not have any IP blocking rules" in result[0].status_extended

0
tests/providers/vercel/services/security/security_rate_limiting_configured/__init__.py Normal file
View File

105
tests/providers/vercel/services/security/security_rate_limiting_configured/security_rate_limiting_configured_test.py Normal file
View File

@@ -0,0 +1,105 @@
from unittest import mock
from prowler.providers.vercel.services.security.security_service import (
VercelFirewallConfig,
)
from tests.providers.vercel.vercel_fixtures import (
PROJECT_ID,
PROJECT_NAME,
TEAM_ID,
set_mocked_vercel_provider,
)
class Test_security_rate_limiting_configured:
def test_no_configs(self):
security_client = mock.MagicMock
security_client.firewall_configs = {}
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=set_mocked_vercel_provider(),
),
mock.patch(
"prowler.providers.vercel.services.security.security_rate_limiting_configured.security_rate_limiting_configured.security_client",
new=security_client,
),
):
from prowler.providers.vercel.services.security.security_rate_limiting_configured.security_rate_limiting_configured import (
security_rate_limiting_configured,
)
check = security_rate_limiting_configured()
result = check.execute()
assert len(result) == 0
def test_rate_limiting_configured(self):
security_client = mock.MagicMock
security_client.firewall_configs = {
PROJECT_ID: VercelFirewallConfig(
project_id=PROJECT_ID,
project_name=PROJECT_NAME,
team_id=TEAM_ID,
rate_limiting_rules=[{"id": "rule1", "max_requests": 100}],
id=PROJECT_ID,
name=PROJECT_NAME,
)
}
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=set_mocked_vercel_provider(),
),
mock.patch(
"prowler.providers.vercel.services.security.security_rate_limiting_configured.security_rate_limiting_configured.security_client",
new=security_client,
),
):
from prowler.providers.vercel.services.security.security_rate_limiting_configured.security_rate_limiting_configured import (
security_rate_limiting_configured,
)
check = security_rate_limiting_configured()
result = check.execute()
assert len(result) == 1
assert result[0].resource_id == PROJECT_ID
assert result[0].resource_name == PROJECT_NAME
assert result[0].status == "PASS"
assert "rate limiting rule(s) configured" in result[0].status_extended
def test_no_rate_limiting(self):
security_client = mock.MagicMock
security_client.firewall_configs = {
PROJECT_ID: VercelFirewallConfig(
project_id=PROJECT_ID,
project_name=PROJECT_NAME,
team_id=TEAM_ID,
rate_limiting_rules=[],
id=PROJECT_ID,
name=PROJECT_NAME,
)
}
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=set_mocked_vercel_provider(),
),
mock.patch(
"prowler.providers.vercel.services.security.security_rate_limiting_configured.security_rate_limiting_configured.security_client",
new=security_client,
),
):
from prowler.providers.vercel.services.security.security_rate_limiting_configured.security_rate_limiting_configured import (
security_rate_limiting_configured,
)
check = security_rate_limiting_configured()
result = check.execute()
assert len(result) == 1
assert result[0].resource_id == PROJECT_ID
assert result[0].resource_name == PROJECT_NAME
assert result[0].status == "FAIL"
assert "does not have any rate limiting rules" in result[0].status_extended

0
tests/providers/vercel/services/team/team_directory_sync_enabled/__init__.py Normal file
View File

102
tests/providers/vercel/services/team/team_directory_sync_enabled/team_directory_sync_enabled_test.py Normal file
View File

@@ -0,0 +1,102 @@
from unittest import mock
from prowler.providers.vercel.services.team.team_service import VercelTeam
from tests.providers.vercel.vercel_fixtures import (
TEAM_ID,
TEAM_NAME,
TEAM_SLUG,
set_mocked_vercel_provider,
)
class Test_team_directory_sync_enabled:
def test_no_teams(self):
team_client = mock.MagicMock
team_client.teams = {}
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=set_mocked_vercel_provider(),
),
mock.patch(
"prowler.providers.vercel.services.team.team_directory_sync_enabled.team_directory_sync_enabled.team_client",
new=team_client,
),
):
from prowler.providers.vercel.services.team.team_directory_sync_enabled.team_directory_sync_enabled import (
team_directory_sync_enabled,
)
check = team_directory_sync_enabled()
result = check.execute()
assert len(result) == 0
def test_directory_sync_enabled(self):
team_client = mock.MagicMock
team_client.teams = {
TEAM_ID: VercelTeam(
id=TEAM_ID,
name=TEAM_NAME,
slug=TEAM_SLUG,
directory_sync_enabled=True,
)
}
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=set_mocked_vercel_provider(),
),
mock.patch(
"prowler.providers.vercel.services.team.team_directory_sync_enabled.team_directory_sync_enabled.team_client",
new=team_client,
),
):
from prowler.providers.vercel.services.team.team_directory_sync_enabled.team_directory_sync_enabled import (
team_directory_sync_enabled,
)
check = team_directory_sync_enabled()
result = check.execute()
assert len(result) == 1
assert result[0].resource_id == TEAM_ID
assert result[0].resource_name == TEAM_NAME
assert result[0].status == "PASS"
assert "has directory sync (SCIM) enabled" in result[0].status_extended
def test_directory_sync_disabled(self):
team_client = mock.MagicMock
team_client.teams = {
TEAM_ID: VercelTeam(
id=TEAM_ID,
name=TEAM_NAME,
slug=TEAM_SLUG,
directory_sync_enabled=False,
)
}
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=set_mocked_vercel_provider(),
),
mock.patch(
"prowler.providers.vercel.services.team.team_directory_sync_enabled.team_directory_sync_enabled.team_client",
new=team_client,
),
):
from prowler.providers.vercel.services.team.team_directory_sync_enabled.team_directory_sync_enabled import (
team_directory_sync_enabled,
)
check = team_directory_sync_enabled()
result = check.execute()
assert len(result) == 1
assert result[0].resource_id == TEAM_ID
assert result[0].resource_name == TEAM_NAME
assert result[0].status == "FAIL"
assert (
"does not have directory sync (SCIM) enabled"
in result[0].status_extended
)

0
tests/providers/vercel/services/team/team_member_no_stale_access/__init__.py Normal file
View File

160
tests/providers/vercel/services/team/team_member_no_stale_access/team_member_no_stale_access_test.py Normal file
View File

@@ -0,0 +1,160 @@
from datetime import datetime, timedelta, timezone
from unittest import mock
from prowler.providers.vercel.services.team.team_service import (
VercelTeam,
VercelTeamMember,
)
from tests.providers.vercel.vercel_fixtures import (
TEAM_ID,
TEAM_NAME,
TEAM_SLUG,
set_mocked_vercel_provider,
)
class Test_team_member_no_stale_access:
def test_no_teams(self):
team_client = mock.MagicMock
team_client.teams = {}
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=set_mocked_vercel_provider(),
),
mock.patch(
"prowler.providers.vercel.services.team.team_member_no_stale_access.team_member_no_stale_access.team_client",
new=team_client,
),
):
from prowler.providers.vercel.services.team.team_member_no_stale_access.team_member_no_stale_access import (
team_member_no_stale_access,
)
check = team_member_no_stale_access()
result = check.execute()
assert len(result) == 0
def test_no_stale_members(self):
team_client = mock.MagicMock
team_client.teams = {
TEAM_ID: VercelTeam(
id=TEAM_ID,
name=TEAM_NAME,
slug=TEAM_SLUG,
members=[
VercelTeamMember(
id="member_1",
email="new@example.com",
role="MEMBER",
status="active",
joined_at=datetime.now(timezone.utc) - timedelta(days=30),
),
],
)
}
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=set_mocked_vercel_provider(),
),
mock.patch(
"prowler.providers.vercel.services.team.team_member_no_stale_access.team_member_no_stale_access.team_client",
new=team_client,
),
):
from prowler.providers.vercel.services.team.team_member_no_stale_access.team_member_no_stale_access import (
team_member_no_stale_access,
)
check = team_member_no_stale_access()
result = check.execute()
assert len(result) == 1
assert result[0].resource_id == TEAM_ID
assert result[0].resource_name == TEAM_NAME
assert result[0].status == "PASS"
assert "no members with access older" in result[0].status_extended
def test_stale_member(self):
team_client = mock.MagicMock
team_client.teams = {
TEAM_ID: VercelTeam(
id=TEAM_ID,
name=TEAM_NAME,
slug=TEAM_SLUG,
members=[
VercelTeamMember(
id="member_1",
email="old@example.com",
role="MEMBER",
status="active",
joined_at=datetime.now(timezone.utc) - timedelta(days=120),
),
],
)
}
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=set_mocked_vercel_provider(),
),
mock.patch(
"prowler.providers.vercel.services.team.team_member_no_stale_access.team_member_no_stale_access.team_client",
new=team_client,
),
):
from prowler.providers.vercel.services.team.team_member_no_stale_access.team_member_no_stale_access import (
team_member_no_stale_access,
)
check = team_member_no_stale_access()
result = check.execute()
assert len(result) == 1
assert result[0].resource_id == TEAM_ID
assert result[0].resource_name == TEAM_NAME
assert result[0].status == "FAIL"
assert "joined more than" in result[0].status_extended
def test_non_active_member_skipped(self):
team_client = mock.MagicMock
team_client.teams = {
TEAM_ID: VercelTeam(
id=TEAM_ID,
name=TEAM_NAME,
slug=TEAM_SLUG,
members=[
VercelTeamMember(
id="member_1",
email="invited@example.com",
role="MEMBER",
status="invited",
joined_at=datetime.now(timezone.utc) - timedelta(days=120),
),
],
)
}
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=set_mocked_vercel_provider(),
),
mock.patch(
"prowler.providers.vercel.services.team.team_member_no_stale_access.team_member_no_stale_access.team_client",
new=team_client,
),
):
from prowler.providers.vercel.services.team.team_member_no_stale_access.team_member_no_stale_access import (
team_member_no_stale_access,
)
check = team_member_no_stale_access()
result = check.execute()
assert len(result) == 1
assert result[0].resource_id == TEAM_ID
assert result[0].resource_name == TEAM_NAME
assert result[0].status == "PASS"
assert "no members with access older" in result[0].status_extended

0
tests/providers/vercel/services/team/team_no_stale_invitations/__init__.py Normal file
View File

120
tests/providers/vercel/services/team/team_no_stale_invitations/team_no_stale_invitations_test.py Normal file
View File

@@ -0,0 +1,120 @@
from datetime import datetime, timedelta, timezone
from unittest import mock
from prowler.providers.vercel.services.team.team_service import (
VercelTeam,
VercelTeamMember,
)
from tests.providers.vercel.vercel_fixtures import (
TEAM_ID,
TEAM_NAME,
TEAM_SLUG,
set_mocked_vercel_provider,
)
class Test_team_no_stale_invitations:
def test_no_teams(self):
team_client = mock.MagicMock
team_client.teams = {}
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=set_mocked_vercel_provider(),
),
mock.patch(
"prowler.providers.vercel.services.team.team_no_stale_invitations.team_no_stale_invitations.team_client",
new=team_client,
),
):
from prowler.providers.vercel.services.team.team_no_stale_invitations.team_no_stale_invitations import (
team_no_stale_invitations,
)
check = team_no_stale_invitations()
result = check.execute()
assert len(result) == 0
def test_no_stale_invitations(self):
team_client = mock.MagicMock
team_client.teams = {
TEAM_ID: VercelTeam(
id=TEAM_ID,
name=TEAM_NAME,
slug=TEAM_SLUG,
members=[
VercelTeamMember(
id="member_1",
email="invited@example.com",
role="MEMBER",
status="invited",
created_at=datetime.now(timezone.utc) - timedelta(days=5),
),
],
)
}
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=set_mocked_vercel_provider(),
),
mock.patch(
"prowler.providers.vercel.services.team.team_no_stale_invitations.team_no_stale_invitations.team_client",
new=team_client,
),
):
from prowler.providers.vercel.services.team.team_no_stale_invitations.team_no_stale_invitations import (
team_no_stale_invitations,
)
check = team_no_stale_invitations()
result = check.execute()
assert len(result) == 1
assert result[0].resource_id == TEAM_ID
assert result[0].resource_name == TEAM_NAME
assert result[0].status == "PASS"
assert "no stale pending invitations" in result[0].status_extended
def test_stale_invitation(self):
team_client = mock.MagicMock
team_client.teams = {
TEAM_ID: VercelTeam(
id=TEAM_ID,
name=TEAM_NAME,
slug=TEAM_SLUG,
members=[
VercelTeamMember(
id="member_1",
email="old_invite@example.com",
role="MEMBER",
status="invited",
created_at=datetime.now(timezone.utc) - timedelta(days=60),
),
],
)
}
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=set_mocked_vercel_provider(),
),
mock.patch(
"prowler.providers.vercel.services.team.team_no_stale_invitations.team_no_stale_invitations.team_client",
new=team_client,
),
):
from prowler.providers.vercel.services.team.team_no_stale_invitations.team_no_stale_invitations import (
team_no_stale_invitations,
)
check = team_no_stale_invitations()
result = check.execute()
assert len(result) == 1
assert result[0].resource_id == TEAM_ID
assert result[0].resource_name == TEAM_NAME
assert result[0].status == "FAIL"
assert "stale" in result[0].status_extended
assert "pending invitation(s)" in result[0].status_extended

0
tests/providers/vercel/services/team/team_saml_sso_enforced/__init__.py Normal file
View File

132
tests/providers/vercel/services/team/team_saml_sso_enforced/team_saml_sso_enforced_test.py Normal file
View File

@@ -0,0 +1,132 @@
from unittest import mock
from prowler.providers.vercel.services.team.team_service import SAMLConfig, VercelTeam
from tests.providers.vercel.vercel_fixtures import (
TEAM_ID,
TEAM_NAME,
TEAM_SLUG,
set_mocked_vercel_provider,
)
class Test_team_saml_sso_enforced:
def test_no_teams(self):
team_client = mock.MagicMock
team_client.teams = {}
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=set_mocked_vercel_provider(),
),
mock.patch(
"prowler.providers.vercel.services.team.team_saml_sso_enforced.team_saml_sso_enforced.team_client",
new=team_client,
),
):
from prowler.providers.vercel.services.team.team_saml_sso_enforced.team_saml_sso_enforced import (
team_saml_sso_enforced,
)
check = team_saml_sso_enforced()
result = check.execute()
assert len(result) == 0
def test_saml_enforced(self):
team_client = mock.MagicMock
team_client.teams = {
TEAM_ID: VercelTeam(
id=TEAM_ID,
name=TEAM_NAME,
slug=TEAM_SLUG,
saml=SAMLConfig(status="enabled", enforced=True),
)
}
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=set_mocked_vercel_provider(),
),
mock.patch(
"prowler.providers.vercel.services.team.team_saml_sso_enforced.team_saml_sso_enforced.team_client",
new=team_client,
),
):
from prowler.providers.vercel.services.team.team_saml_sso_enforced.team_saml_sso_enforced import (
team_saml_sso_enforced,
)
check = team_saml_sso_enforced()
result = check.execute()
assert len(result) == 1
assert result[0].resource_id == TEAM_ID
assert result[0].resource_name == TEAM_NAME
assert result[0].status == "PASS"
assert "enforces SAML SSO" in result[0].status_extended
def test_saml_enabled_not_enforced(self):
team_client = mock.MagicMock
team_client.teams = {
TEAM_ID: VercelTeam(
id=TEAM_ID,
name=TEAM_NAME,
slug=TEAM_SLUG,
saml=SAMLConfig(status="enabled", enforced=False),
)
}
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=set_mocked_vercel_provider(),
),
mock.patch(
"prowler.providers.vercel.services.team.team_saml_sso_enforced.team_saml_sso_enforced.team_client",
new=team_client,
),
):
from prowler.providers.vercel.services.team.team_saml_sso_enforced.team_saml_sso_enforced import (
team_saml_sso_enforced,
)
check = team_saml_sso_enforced()
result = check.execute()
assert len(result) == 1
assert result[0].resource_id == TEAM_ID
assert result[0].resource_name == TEAM_NAME
assert result[0].status == "FAIL"
assert "does not enforce it" in result[0].status_extended
def test_saml_disabled(self):
team_client = mock.MagicMock
team_client.teams = {
TEAM_ID: VercelTeam(
id=TEAM_ID,
name=TEAM_NAME,
slug=TEAM_SLUG,
saml=SAMLConfig(status="disabled", enforced=False),
)
}
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=set_mocked_vercel_provider(),
),
mock.patch(
"prowler.providers.vercel.services.team.team_saml_sso_enforced.team_saml_sso_enforced.team_client",
new=team_client,
),
):
from prowler.providers.vercel.services.team.team_saml_sso_enforced.team_saml_sso_enforced import (
team_saml_sso_enforced,
)
check = team_saml_sso_enforced()
result = check.execute()
assert len(result) == 1
assert result[0].resource_id == TEAM_ID
assert result[0].resource_name == TEAM_NAME
assert result[0].status == "FAIL"
assert "does not have SAML SSO enforced" in result[0].status_extended