ben.carrasco/prowler
1
0
Fork 0
mirror of https://github.com/prowler-cloud/prowler.git synced 2026-04-06 02:58:15 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat: add tests

Browse Source
This commit is contained in:
HugoPBrito
2025-12-16 13:32:08 +01:00
parent 32f39e2366
commit c8af89aa23
11 changed files with 1916 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
prowler/providers/cloudflare/services/zones/zones_dmarc_record_exists/zones_dmarc_record_exists.py
View File

@@ -21,7 +21,7 @@ class zones_dmarc_record_exists(Check):
and record.type == "TXT"
and record.name
and record.name.startswith("_dmarc")
and "v=DMARC1" in record.content.upper()
and "V=DMARC1" in record.content.upper()
]
if dmarc_records:

119
tests/providers/cloudflare/services/dns/dns_service_test.py Normal file
View File

@@ -0,0 +1,119 @@
from typing import Optional
from pydantic import BaseModel
from tests.providers.cloudflare.cloudflare_fixtures import ZONE_ID, ZONE_NAME
class CloudflareDNSRecord(BaseModel):
"""Cloudflare DNS record representation for testing."""
id: str
zone_id: str
zone_name: str
name: Optional[str] = None
type: Optional[str] = None
content: str = ""
ttl: Optional[int] = None
proxied: bool = False
class TestDNSService:
def test_cloudflare_dns_record_model(self):
record = CloudflareDNSRecord(
id="record-123",
zone_id=ZONE_ID,
zone_name=ZONE_NAME,
name="www.example.com",
type="A",
content="192.0.2.1",
ttl=3600,
proxied=True,
)
assert record.id == "record-123"
assert record.zone_id == ZONE_ID
assert record.zone_name == ZONE_NAME
assert record.name == "www.example.com"
assert record.type == "A"
assert record.content == "192.0.2.1"
assert record.ttl == 3600
assert record.proxied is True
def test_cloudflare_dns_record_defaults(self):
record = CloudflareDNSRecord(
id="record-123",
zone_id=ZONE_ID,
zone_name=ZONE_NAME,
)
assert record.id == "record-123"
assert record.zone_id == ZONE_ID
assert record.zone_name == ZONE_NAME
assert record.name is None
assert record.type is None
assert record.content == ""
assert record.ttl is None
assert record.proxied is False
def test_cloudflare_dns_record_txt(self):
record = CloudflareDNSRecord(
id="record-txt",
zone_id=ZONE_ID,
zone_name=ZONE_NAME,
name=ZONE_NAME,
type="TXT",
content="v=spf1 include:_spf.google.com ~all",
ttl=1,
proxied=False,
)
assert record.type == "TXT"
assert "v=spf1" in record.content
assert record.proxied is False
def test_cloudflare_dns_record_cname(self):
record = CloudflareDNSRecord(
id="record-cname",
zone_id=ZONE_ID,
zone_name=ZONE_NAME,
name="www.example.com",
type="CNAME",
content="example.com",
ttl=3600,
proxied=True,
)
assert record.type == "CNAME"
assert record.content == "example.com"
assert record.proxied is True
def test_cloudflare_dns_record_mx(self):
record = CloudflareDNSRecord(
id="record-mx",
zone_id=ZONE_ID,
zone_name=ZONE_NAME,
name=ZONE_NAME,
type="MX",
content="10 mail.example.com",
ttl=3600,
proxied=False,
)
assert record.type == "MX"
assert "mail.example.com" in record.content
def test_cloudflare_dns_record_caa(self):
record = CloudflareDNSRecord(
id="record-caa",
zone_id=ZONE_ID,
zone_name=ZONE_NAME,
name=ZONE_NAME,
type="CAA",
content='0 issue "letsencrypt.org"',
ttl=3600,
proxied=False,
)
assert record.type == "CAA"
assert "letsencrypt.org" in record.content

143
tests/providers/cloudflare/services/zones/zones_automatic_https_rewrites_enabled/zones_automatic_https_rewrites_enabled_test.py Normal file
View File

@@ -0,0 +1,143 @@
from unittest import mock
from prowler.providers.cloudflare.services.zones.zones_service import (
CloudflareZone,
CloudflareZoneSettings,
)
from tests.providers.cloudflare.cloudflare_fixtures import (
ZONE_ID,
ZONE_NAME,
set_mocked_cloudflare_provider,
)
class Test_zones_automatic_https_rewrites_enabled:
def test_no_zones(self):
zones_client = mock.MagicMock
zones_client.zones = {}
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=set_mocked_cloudflare_provider(),
),
mock.patch(
"prowler.providers.cloudflare.services.zones.zones_automatic_https_rewrites_enabled.zones_automatic_https_rewrites_enabled.zones_client",
new=zones_client,
),
):
from prowler.providers.cloudflare.services.zones.zones_automatic_https_rewrites_enabled.zones_automatic_https_rewrites_enabled import (
zones_automatic_https_rewrites_enabled,
)
check = zones_automatic_https_rewrites_enabled()
result = check.execute()
assert len(result) == 0
def test_zone_automatic_https_rewrites_enabled(self):
zones_client = mock.MagicMock
zones_client.zones = {
ZONE_ID: CloudflareZone(
id=ZONE_ID,
name=ZONE_NAME,
status="active",
paused=False,
settings=CloudflareZoneSettings(
automatic_https_rewrites="on",
),
)
}
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=set_mocked_cloudflare_provider(),
),
mock.patch(
"prowler.providers.cloudflare.services.zones.zones_automatic_https_rewrites_enabled.zones_automatic_https_rewrites_enabled.zones_client",
new=zones_client,
),
):
from prowler.providers.cloudflare.services.zones.zones_automatic_https_rewrites_enabled.zones_automatic_https_rewrites_enabled import (
zones_automatic_https_rewrites_enabled,
)
check = zones_automatic_https_rewrites_enabled()
result = check.execute()
assert len(result) == 1
assert result[0].resource_id == ZONE_ID
assert result[0].resource_name == ZONE_NAME
assert result[0].status == "PASS"
assert "Automatic HTTPS Rewrites is enabled" in result[0].status_extended
def test_zone_automatic_https_rewrites_disabled(self):
zones_client = mock.MagicMock
zones_client.zones = {
ZONE_ID: CloudflareZone(
id=ZONE_ID,
name=ZONE_NAME,
status="active",
paused=False,
settings=CloudflareZoneSettings(
automatic_https_rewrites="off",
),
)
}
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=set_mocked_cloudflare_provider(),
),
mock.patch(
"prowler.providers.cloudflare.services.zones.zones_automatic_https_rewrites_enabled.zones_automatic_https_rewrites_enabled.zones_client",
new=zones_client,
),
):
from prowler.providers.cloudflare.services.zones.zones_automatic_https_rewrites_enabled.zones_automatic_https_rewrites_enabled import (
zones_automatic_https_rewrites_enabled,
)
check = zones_automatic_https_rewrites_enabled()
result = check.execute()
assert len(result) == 1
assert result[0].status == "FAIL"
assert (
"Automatic HTTPS Rewrites is not enabled" in result[0].status_extended
)
def test_zone_automatic_https_rewrites_none(self):
zones_client = mock.MagicMock
zones_client.zones = {
ZONE_ID: CloudflareZone(
id=ZONE_ID,
name=ZONE_NAME,
status="active",
paused=False,
settings=CloudflareZoneSettings(
automatic_https_rewrites=None,
),
)
}
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=set_mocked_cloudflare_provider(),
),
mock.patch(
"prowler.providers.cloudflare.services.zones.zones_automatic_https_rewrites_enabled.zones_automatic_https_rewrites_enabled.zones_client",
new=zones_client,
),
):
from prowler.providers.cloudflare.services.zones.zones_automatic_https_rewrites_enabled.zones_automatic_https_rewrites_enabled import (
zones_automatic_https_rewrites_enabled,
)
check = zones_automatic_https_rewrites_enabled()
result = check.execute()
assert len(result) == 1
assert result[0].status == "FAIL"
assert (
"Automatic HTTPS Rewrites is not enabled" in result[0].status_extended
)

260
tests/providers/cloudflare/services/zones/zones_caa_record_exists/zones_caa_record_exists_test.py Normal file
View File

@@ -0,0 +1,260 @@
from typing import Optional
from unittest import mock
from pydantic import BaseModel
from prowler.providers.cloudflare.services.zones.zones_service import (
CloudflareZone,
CloudflareZoneSettings,
)
from tests.providers.cloudflare.cloudflare_fixtures import (
ZONE_ID,
ZONE_NAME,
set_mocked_cloudflare_provider,
)
class CloudflareDNSRecord(BaseModel):
"""Cloudflare DNS record representation for testing."""
id: str
zone_id: str
zone_name: str
name: Optional[str] = None
type: Optional[str] = None
content: str = ""
ttl: Optional[int] = None
proxied: bool = False
class Test_zones_caa_record_exists:
def test_no_zones(self):
zones_client = mock.MagicMock
zones_client.zones = {}
dns_client = mock.MagicMock
dns_client.records = []
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=set_mocked_cloudflare_provider(),
),
mock.patch(
"prowler.providers.cloudflare.services.zones.zones_caa_record_exists.zones_caa_record_exists.zones_client",
new=zones_client,
),
mock.patch(
"prowler.providers.cloudflare.services.zones.zones_caa_record_exists.zones_caa_record_exists.dns_client",
new=dns_client,
),
):
from prowler.providers.cloudflare.services.zones.zones_caa_record_exists.zones_caa_record_exists import (
zones_caa_record_exists,
)
check = zones_caa_record_exists()
result = check.execute()
assert len(result) == 0
def test_zone_with_caa_record(self):
zones_client = mock.MagicMock
zones_client.zones = {
ZONE_ID: CloudflareZone(
id=ZONE_ID,
name=ZONE_NAME,
status="active",
paused=False,
settings=CloudflareZoneSettings(),
)
}
dns_client = mock.MagicMock
dns_client.records = [
CloudflareDNSRecord(
id="record-1",
zone_id=ZONE_ID,
zone_name=ZONE_NAME,
name=ZONE_NAME,
type="CAA",
content='0 issue "letsencrypt.org"',
)
]
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=set_mocked_cloudflare_provider(),
),
mock.patch(
"prowler.providers.cloudflare.services.zones.zones_caa_record_exists.zones_caa_record_exists.zones_client",
new=zones_client,
),
mock.patch(
"prowler.providers.cloudflare.services.zones.zones_caa_record_exists.zones_caa_record_exists.dns_client",
new=dns_client,
),
):
from prowler.providers.cloudflare.services.zones.zones_caa_record_exists.zones_caa_record_exists import (
zones_caa_record_exists,
)
check = zones_caa_record_exists()
result = check.execute()
assert len(result) == 1
assert result[0].resource_id == ZONE_ID
assert result[0].resource_name == ZONE_NAME
assert result[0].status == "PASS"
assert "CAA record exists" in result[0].status_extended
def test_zone_with_multiple_caa_records(self):
zones_client = mock.MagicMock
zones_client.zones = {
ZONE_ID: CloudflareZone(
id=ZONE_ID,
name=ZONE_NAME,
status="active",
paused=False,
settings=CloudflareZoneSettings(),
)
}
dns_client = mock.MagicMock
dns_client.records = [
CloudflareDNSRecord(
id="record-1",
zone_id=ZONE_ID,
zone_name=ZONE_NAME,
name=ZONE_NAME,
type="CAA",
content='0 issue "letsencrypt.org"',
),
CloudflareDNSRecord(
id="record-2",
zone_id=ZONE_ID,
zone_name=ZONE_NAME,
name=ZONE_NAME,
type="CAA",
content='0 issuewild ";"',
),
]
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=set_mocked_cloudflare_provider(),
),
mock.patch(
"prowler.providers.cloudflare.services.zones.zones_caa_record_exists.zones_caa_record_exists.zones_client",
new=zones_client,
),
mock.patch(
"prowler.providers.cloudflare.services.zones.zones_caa_record_exists.zones_caa_record_exists.dns_client",
new=dns_client,
),
):
from prowler.providers.cloudflare.services.zones.zones_caa_record_exists.zones_caa_record_exists import (
zones_caa_record_exists,
)
check = zones_caa_record_exists()
result = check.execute()
assert len(result) == 1
assert result[0].status == "PASS"
assert "2 record(s)" in result[0].status_extended
def test_zone_without_caa_record(self):
zones_client = mock.MagicMock
zones_client.zones = {
ZONE_ID: CloudflareZone(
id=ZONE_ID,
name=ZONE_NAME,
status="active",
paused=False,
settings=CloudflareZoneSettings(),
)
}
dns_client = mock.MagicMock
dns_client.records = [
CloudflareDNSRecord(
id="record-1",
zone_id=ZONE_ID,
zone_name=ZONE_NAME,
name=ZONE_NAME,
type="A",
content="192.0.2.1",
)
]
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=set_mocked_cloudflare_provider(),
),
mock.patch(
"prowler.providers.cloudflare.services.zones.zones_caa_record_exists.zones_caa_record_exists.zones_client",
new=zones_client,
),
mock.patch(
"prowler.providers.cloudflare.services.zones.zones_caa_record_exists.zones_caa_record_exists.dns_client",
new=dns_client,
),
):
from prowler.providers.cloudflare.services.zones.zones_caa_record_exists.zones_caa_record_exists import (
zones_caa_record_exists,
)
check = zones_caa_record_exists()
result = check.execute()
assert len(result) == 1
assert result[0].status == "FAIL"
assert "No CAA record found" in result[0].status_extended
def test_zone_with_caa_record_for_different_zone(self):
zones_client = mock.MagicMock
zones_client.zones = {
ZONE_ID: CloudflareZone(
id=ZONE_ID,
name=ZONE_NAME,
status="active",
paused=False,
settings=CloudflareZoneSettings(),
)
}
dns_client = mock.MagicMock
dns_client.records = [
CloudflareDNSRecord(
id="record-1",
zone_id="other-zone-id",
zone_name="other.com",
name="other.com",
type="CAA",
content='0 issue "letsencrypt.org"',
)
]
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=set_mocked_cloudflare_provider(),
),
mock.patch(
"prowler.providers.cloudflare.services.zones.zones_caa_record_exists.zones_caa_record_exists.zones_client",
new=zones_client,
),
mock.patch(
"prowler.providers.cloudflare.services.zones.zones_caa_record_exists.zones_caa_record_exists.dns_client",
new=dns_client,
),
):
from prowler.providers.cloudflare.services.zones.zones_caa_record_exists.zones_caa_record_exists import (
zones_caa_record_exists,
)
check = zones_caa_record_exists()
result = check.execute()
assert len(result) == 1
assert result[0].status == "FAIL"
assert "No CAA record found" in result[0].status_extended

300
tests/providers/cloudflare/services/zones/zones_dmarc_record_exists/zones_dmarc_record_exists_test.py Normal file
View File

@@ -0,0 +1,300 @@
from typing import Optional
from unittest import mock
from pydantic import BaseModel
from prowler.providers.cloudflare.services.zones.zones_service import (
CloudflareZone,
CloudflareZoneSettings,
)
from tests.providers.cloudflare.cloudflare_fixtures import (
ZONE_ID,
ZONE_NAME,
set_mocked_cloudflare_provider,
)
class CloudflareDNSRecord(BaseModel):
"""Cloudflare DNS record representation for testing."""
id: str
zone_id: str
zone_name: str
name: Optional[str] = None
type: Optional[str] = None
content: str = ""
ttl: Optional[int] = None
proxied: bool = False
class Test_zones_dmarc_record_exists:
def test_no_zones(self):
zones_client = mock.MagicMock
zones_client.zones = {}
dns_client = mock.MagicMock
dns_client.records = []
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=set_mocked_cloudflare_provider(),
),
mock.patch(
"prowler.providers.cloudflare.services.zones.zones_dmarc_record_exists.zones_dmarc_record_exists.zones_client",
new=zones_client,
),
mock.patch(
"prowler.providers.cloudflare.services.zones.zones_dmarc_record_exists.zones_dmarc_record_exists.dns_client",
new=dns_client,
),
):
from prowler.providers.cloudflare.services.zones.zones_dmarc_record_exists.zones_dmarc_record_exists import (
zones_dmarc_record_exists,
)
check = zones_dmarc_record_exists()
result = check.execute()
assert len(result) == 0
def test_zone_with_dmarc_record(self):
zones_client = mock.MagicMock
zones_client.zones = {
ZONE_ID: CloudflareZone(
id=ZONE_ID,
name=ZONE_NAME,
status="active",
paused=False,
settings=CloudflareZoneSettings(),
)
}
dns_client = mock.MagicMock
dns_client.records = [
CloudflareDNSRecord(
id="record-1",
zone_id=ZONE_ID,
zone_name=ZONE_NAME,
name=f"_dmarc.{ZONE_NAME}",
type="TXT",
content="v=DMARC1; p=reject; rua=mailto:dmarc@example.com",
)
]
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=set_mocked_cloudflare_provider(),
),
mock.patch(
"prowler.providers.cloudflare.services.zones.zones_dmarc_record_exists.zones_dmarc_record_exists.zones_client",
new=zones_client,
),
mock.patch(
"prowler.providers.cloudflare.services.zones.zones_dmarc_record_exists.zones_dmarc_record_exists.dns_client",
new=dns_client,
),
):
from prowler.providers.cloudflare.services.zones.zones_dmarc_record_exists.zones_dmarc_record_exists import (
zones_dmarc_record_exists,
)
check = zones_dmarc_record_exists()
result = check.execute()
assert len(result) == 1
assert result[0].resource_id == ZONE_ID
assert result[0].resource_name == ZONE_NAME
assert result[0].status == "PASS"
assert "DMARC record exists" in result[0].status_extended
def test_zone_without_dmarc_record(self):
zones_client = mock.MagicMock
zones_client.zones = {
ZONE_ID: CloudflareZone(
id=ZONE_ID,
name=ZONE_NAME,
status="active",
paused=False,
settings=CloudflareZoneSettings(),
)
}
dns_client = mock.MagicMock
dns_client.records = [
CloudflareDNSRecord(
id="record-1",
zone_id=ZONE_ID,
zone_name=ZONE_NAME,
name=ZONE_NAME,
type="A",
content="192.0.2.1",
)
]
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=set_mocked_cloudflare_provider(),
),
mock.patch(
"prowler.providers.cloudflare.services.zones.zones_dmarc_record_exists.zones_dmarc_record_exists.zones_client",
new=zones_client,
),
mock.patch(
"prowler.providers.cloudflare.services.zones.zones_dmarc_record_exists.zones_dmarc_record_exists.dns_client",
new=dns_client,
),
):
from prowler.providers.cloudflare.services.zones.zones_dmarc_record_exists.zones_dmarc_record_exists import (
zones_dmarc_record_exists,
)
check = zones_dmarc_record_exists()
result = check.execute()
assert len(result) == 1
assert result[0].status == "FAIL"
assert "No DMARC record found" in result[0].status_extended
def test_zone_with_txt_record_but_not_dmarc(self):
zones_client = mock.MagicMock
zones_client.zones = {
ZONE_ID: CloudflareZone(
id=ZONE_ID,
name=ZONE_NAME,
status="active",
paused=False,
settings=CloudflareZoneSettings(),
)
}
dns_client = mock.MagicMock
dns_client.records = [
CloudflareDNSRecord(
id="record-1",
zone_id=ZONE_ID,
zone_name=ZONE_NAME,
name=f"_dmarc.{ZONE_NAME}",
type="TXT",
content="some other txt record",
)
]
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=set_mocked_cloudflare_provider(),
),
mock.patch(
"prowler.providers.cloudflare.services.zones.zones_dmarc_record_exists.zones_dmarc_record_exists.zones_client",
new=zones_client,
),
mock.patch(
"prowler.providers.cloudflare.services.zones.zones_dmarc_record_exists.zones_dmarc_record_exists.dns_client",
new=dns_client,
),
):
from prowler.providers.cloudflare.services.zones.zones_dmarc_record_exists.zones_dmarc_record_exists import (
zones_dmarc_record_exists,
)
check = zones_dmarc_record_exists()
result = check.execute()
assert len(result) == 1
assert result[0].status == "FAIL"
assert "No DMARC record found" in result[0].status_extended
def test_zone_with_dmarc_record_lowercase(self):
zones_client = mock.MagicMock
zones_client.zones = {
ZONE_ID: CloudflareZone(
id=ZONE_ID,
name=ZONE_NAME,
status="active",
paused=False,
settings=CloudflareZoneSettings(),
)
}
dns_client = mock.MagicMock
dns_client.records = [
CloudflareDNSRecord(
id="record-1",
zone_id=ZONE_ID,
zone_name=ZONE_NAME,
name=f"_dmarc.{ZONE_NAME}",
type="TXT",
content="v=dmarc1; p=reject; rua=mailto:dmarc@example.com",
)
]
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=set_mocked_cloudflare_provider(),
),
mock.patch(
"prowler.providers.cloudflare.services.zones.zones_dmarc_record_exists.zones_dmarc_record_exists.zones_client",
new=zones_client,
),
mock.patch(
"prowler.providers.cloudflare.services.zones.zones_dmarc_record_exists.zones_dmarc_record_exists.dns_client",
new=dns_client,
),
):
from prowler.providers.cloudflare.services.zones.zones_dmarc_record_exists.zones_dmarc_record_exists import (
zones_dmarc_record_exists,
)
check = zones_dmarc_record_exists()
result = check.execute()
assert len(result) == 1
assert result[0].status == "PASS"
assert "DMARC record exists" in result[0].status_extended
def test_zone_with_dmarc_record_different_zone(self):
zones_client = mock.MagicMock
zones_client.zones = {
ZONE_ID: CloudflareZone(
id=ZONE_ID,
name=ZONE_NAME,
status="active",
paused=False,
settings=CloudflareZoneSettings(),
)
}
dns_client = mock.MagicMock
dns_client.records = [
CloudflareDNSRecord(
id="record-1",
zone_id="other-zone-id",
zone_name="other.com",
name="_dmarc.other.com",
type="TXT",
content="v=DMARC1; p=reject",
)
]
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=set_mocked_cloudflare_provider(),
),
mock.patch(
"prowler.providers.cloudflare.services.zones.zones_dmarc_record_exists.zones_dmarc_record_exists.zones_client",
new=zones_client,
),
mock.patch(
"prowler.providers.cloudflare.services.zones.zones_dmarc_record_exists.zones_dmarc_record_exists.dns_client",
new=dns_client,
),
):
from prowler.providers.cloudflare.services.zones.zones_dmarc_record_exists.zones_dmarc_record_exists import (
zones_dmarc_record_exists,
)
check = zones_dmarc_record_exists()
result = check.execute()
assert len(result) == 1
assert result[0].status == "FAIL"
assert "No DMARC record found" in result[0].status_extended

139
tests/providers/cloudflare/services/zones/zones_email_obfuscation_enabled/zones_email_obfuscation_enabled_test.py Normal file
View File

@@ -0,0 +1,139 @@
from unittest import mock
from prowler.providers.cloudflare.services.zones.zones_service import (
CloudflareZone,
CloudflareZoneSettings,
)
from tests.providers.cloudflare.cloudflare_fixtures import (
ZONE_ID,
ZONE_NAME,
set_mocked_cloudflare_provider,
)
class Test_zones_email_obfuscation_enabled:
def test_no_zones(self):
zones_client = mock.MagicMock
zones_client.zones = {}
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=set_mocked_cloudflare_provider(),
),
mock.patch(
"prowler.providers.cloudflare.services.zones.zones_email_obfuscation_enabled.zones_email_obfuscation_enabled.zones_client",
new=zones_client,
),
):
from prowler.providers.cloudflare.services.zones.zones_email_obfuscation_enabled.zones_email_obfuscation_enabled import (
zones_email_obfuscation_enabled,
)
check = zones_email_obfuscation_enabled()
result = check.execute()
assert len(result) == 0
def test_zone_email_obfuscation_enabled(self):
zones_client = mock.MagicMock
zones_client.zones = {
ZONE_ID: CloudflareZone(
id=ZONE_ID,
name=ZONE_NAME,
status="active",
paused=False,
settings=CloudflareZoneSettings(
email_obfuscation="on",
),
)
}
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=set_mocked_cloudflare_provider(),
),
mock.patch(
"prowler.providers.cloudflare.services.zones.zones_email_obfuscation_enabled.zones_email_obfuscation_enabled.zones_client",
new=zones_client,
),
):
from prowler.providers.cloudflare.services.zones.zones_email_obfuscation_enabled.zones_email_obfuscation_enabled import (
zones_email_obfuscation_enabled,
)
check = zones_email_obfuscation_enabled()
result = check.execute()
assert len(result) == 1
assert result[0].resource_id == ZONE_ID
assert result[0].resource_name == ZONE_NAME
assert result[0].status == "PASS"
assert "Email Obfuscation is enabled" in result[0].status_extended
def test_zone_email_obfuscation_disabled(self):
zones_client = mock.MagicMock
zones_client.zones = {
ZONE_ID: CloudflareZone(
id=ZONE_ID,
name=ZONE_NAME,
status="active",
paused=False,
settings=CloudflareZoneSettings(
email_obfuscation="off",
),
)
}
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=set_mocked_cloudflare_provider(),
),
mock.patch(
"prowler.providers.cloudflare.services.zones.zones_email_obfuscation_enabled.zones_email_obfuscation_enabled.zones_client",
new=zones_client,
),
):
from prowler.providers.cloudflare.services.zones.zones_email_obfuscation_enabled.zones_email_obfuscation_enabled import (
zones_email_obfuscation_enabled,
)
check = zones_email_obfuscation_enabled()
result = check.execute()
assert len(result) == 1
assert result[0].status == "FAIL"
assert "Email Obfuscation is not enabled" in result[0].status_extended
def test_zone_email_obfuscation_none(self):
zones_client = mock.MagicMock
zones_client.zones = {
ZONE_ID: CloudflareZone(
id=ZONE_ID,
name=ZONE_NAME,
status="active",
paused=False,
settings=CloudflareZoneSettings(
email_obfuscation=None,
),
)
}
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=set_mocked_cloudflare_provider(),
),
mock.patch(
"prowler.providers.cloudflare.services.zones.zones_email_obfuscation_enabled.zones_email_obfuscation_enabled.zones_client",
new=zones_client,
),
):
from prowler.providers.cloudflare.services.zones.zones_email_obfuscation_enabled.zones_email_obfuscation_enabled import (
zones_email_obfuscation_enabled,
)
check = zones_email_obfuscation_enabled()
result = check.execute()
assert len(result) == 1
assert result[0].status == "FAIL"
assert "Email Obfuscation is not enabled" in result[0].status_extended

150
tests/providers/cloudflare/services/zones/zones_hsts_include_subdomains/zones_hsts_include_subdomains_test.py Normal file
View File

@@ -0,0 +1,150 @@
from unittest import mock
from prowler.providers.cloudflare.services.zones.zones_service import (
CloudflareZone,
CloudflareZoneSettings,
StrictTransportSecurity,
)
from tests.providers.cloudflare.cloudflare_fixtures import (
ZONE_ID,
ZONE_NAME,
set_mocked_cloudflare_provider,
)
class Test_zones_hsts_include_subdomains:
def test_no_zones(self):
zones_client = mock.MagicMock
zones_client.zones = {}
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=set_mocked_cloudflare_provider(),
),
mock.patch(
"prowler.providers.cloudflare.services.zones.zones_hsts_include_subdomains.zones_hsts_include_subdomains.zones_client",
new=zones_client,
),
):
from prowler.providers.cloudflare.services.zones.zones_hsts_include_subdomains.zones_hsts_include_subdomains import (
zones_hsts_include_subdomains,
)
check = zones_hsts_include_subdomains()
result = check.execute()
assert len(result) == 0
def test_zone_hsts_enabled_with_subdomains(self):
zones_client = mock.MagicMock
zones_client.zones = {
ZONE_ID: CloudflareZone(
id=ZONE_ID,
name=ZONE_NAME,
status="active",
paused=False,
settings=CloudflareZoneSettings(
strict_transport_security=StrictTransportSecurity(
enabled=True,
max_age=31536000,
include_subdomains=True,
)
),
)
}
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=set_mocked_cloudflare_provider(),
),
mock.patch(
"prowler.providers.cloudflare.services.zones.zones_hsts_include_subdomains.zones_hsts_include_subdomains.zones_client",
new=zones_client,
),
):
from prowler.providers.cloudflare.services.zones.zones_hsts_include_subdomains.zones_hsts_include_subdomains import (
zones_hsts_include_subdomains,
)
check = zones_hsts_include_subdomains()
result = check.execute()
assert len(result) == 1
assert result[0].resource_id == ZONE_ID
assert result[0].resource_name == ZONE_NAME
assert result[0].status == "PASS"
assert "includeSubDomains" in result[0].status_extended
def test_zone_hsts_enabled_without_subdomains(self):
zones_client = mock.MagicMock
zones_client.zones = {
ZONE_ID: CloudflareZone(
id=ZONE_ID,
name=ZONE_NAME,
status="active",
paused=False,
settings=CloudflareZoneSettings(
strict_transport_security=StrictTransportSecurity(
enabled=True,
max_age=31536000,
include_subdomains=False,
)
),
)
}
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=set_mocked_cloudflare_provider(),
),
mock.patch(
"prowler.providers.cloudflare.services.zones.zones_hsts_include_subdomains.zones_hsts_include_subdomains.zones_client",
new=zones_client,
),
):
from prowler.providers.cloudflare.services.zones.zones_hsts_include_subdomains.zones_hsts_include_subdomains import (
zones_hsts_include_subdomains,
)
check = zones_hsts_include_subdomains()
result = check.execute()
assert len(result) == 1
assert result[0].status == "FAIL"
assert "does not include subdomains" in result[0].status_extended
def test_zone_hsts_disabled(self):
zones_client = mock.MagicMock
zones_client.zones = {
ZONE_ID: CloudflareZone(
id=ZONE_ID,
name=ZONE_NAME,
status="active",
paused=False,
settings=CloudflareZoneSettings(
strict_transport_security=StrictTransportSecurity(
enabled=False,
)
),
)
}
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=set_mocked_cloudflare_provider(),
),
mock.patch(
"prowler.providers.cloudflare.services.zones.zones_hsts_include_subdomains.zones_hsts_include_subdomains.zones_client",
new=zones_client,
),
):
from prowler.providers.cloudflare.services.zones.zones_hsts_include_subdomains.zones_hsts_include_subdomains import (
zones_hsts_include_subdomains,
)
check = zones_hsts_include_subdomains()
result = check.execute()
assert len(result) == 1
assert result[0].status == "FAIL"
assert "HSTS is not enabled" in result[0].status_extended

240
tests/providers/cloudflare/services/zones/zones_security_level/zones_security_level_test.py Normal file
View File

@@ -0,0 +1,240 @@
from unittest import mock
from prowler.providers.cloudflare.services.zones.zones_service import (
CloudflareZone,
CloudflareZoneSettings,
)
from tests.providers.cloudflare.cloudflare_fixtures import (
ZONE_ID,
ZONE_NAME,
set_mocked_cloudflare_provider,
)
class Test_zones_security_level:
def test_no_zones(self):
zones_client = mock.MagicMock
zones_client.zones = {}
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=set_mocked_cloudflare_provider(),
),
mock.patch(
"prowler.providers.cloudflare.services.zones.zones_security_level.zones_security_level.zones_client",
new=zones_client,
),
):
from prowler.providers.cloudflare.services.zones.zones_security_level.zones_security_level import (
zones_security_level,
)
check = zones_security_level()
result = check.execute()
assert len(result) == 0
def test_zone_security_level_high(self):
zones_client = mock.MagicMock
zones_client.zones = {
ZONE_ID: CloudflareZone(
id=ZONE_ID,
name=ZONE_NAME,
status="active",
paused=False,
settings=CloudflareZoneSettings(
security_level="high",
),
)
}
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=set_mocked_cloudflare_provider(),
),
mock.patch(
"prowler.providers.cloudflare.services.zones.zones_security_level.zones_security_level.zones_client",
new=zones_client,
),
):
from prowler.providers.cloudflare.services.zones.zones_security_level.zones_security_level import (
zones_security_level,
)
check = zones_security_level()
result = check.execute()
assert len(result) == 1
assert result[0].resource_id == ZONE_ID
assert result[0].resource_name == ZONE_NAME
assert result[0].status == "PASS"
assert "high" in result[0].status_extended
def test_zone_security_level_medium(self):
zones_client = mock.MagicMock
zones_client.zones = {
ZONE_ID: CloudflareZone(
id=ZONE_ID,
name=ZONE_NAME,
status="active",
paused=False,
settings=CloudflareZoneSettings(
security_level="medium",
),
)
}
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=set_mocked_cloudflare_provider(),
),
mock.patch(
"prowler.providers.cloudflare.services.zones.zones_security_level.zones_security_level.zones_client",
new=zones_client,
),
):
from prowler.providers.cloudflare.services.zones.zones_security_level.zones_security_level import (
zones_security_level,
)
check = zones_security_level()
result = check.execute()
assert len(result) == 1
assert result[0].status == "PASS"
assert "medium" in result[0].status_extended
def test_zone_security_level_under_attack(self):
zones_client = mock.MagicMock
zones_client.zones = {
ZONE_ID: CloudflareZone(
id=ZONE_ID,
name=ZONE_NAME,
status="active",
paused=False,
settings=CloudflareZoneSettings(
security_level="under_attack",
),
)
}
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=set_mocked_cloudflare_provider(),
),
mock.patch(
"prowler.providers.cloudflare.services.zones.zones_security_level.zones_security_level.zones_client",
new=zones_client,
),
):
from prowler.providers.cloudflare.services.zones.zones_security_level.zones_security_level import (
zones_security_level,
)
check = zones_security_level()
result = check.execute()
assert len(result) == 1
assert result[0].status == "PASS"
assert "under_attack" in result[0].status_extended
def test_zone_security_level_low(self):
zones_client = mock.MagicMock
zones_client.zones = {
ZONE_ID: CloudflareZone(
id=ZONE_ID,
name=ZONE_NAME,
status="active",
paused=False,
settings=CloudflareZoneSettings(
security_level="low",
),
)
}
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=set_mocked_cloudflare_provider(),
),
mock.patch(
"prowler.providers.cloudflare.services.zones.zones_security_level.zones_security_level.zones_client",
new=zones_client,
),
):
from prowler.providers.cloudflare.services.zones.zones_security_level.zones_security_level import (
zones_security_level,
)
check = zones_security_level()
result = check.execute()
assert len(result) == 1
assert result[0].status == "FAIL"
assert "low" in result[0].status_extended
def test_zone_security_level_essentially_off(self):
zones_client = mock.MagicMock
zones_client.zones = {
ZONE_ID: CloudflareZone(
id=ZONE_ID,
name=ZONE_NAME,
status="active",
paused=False,
settings=CloudflareZoneSettings(
security_level="essentially_off",
),
)
}
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=set_mocked_cloudflare_provider(),
),
mock.patch(
"prowler.providers.cloudflare.services.zones.zones_security_level.zones_security_level.zones_client",
new=zones_client,
),
):
from prowler.providers.cloudflare.services.zones.zones_security_level.zones_security_level import (
zones_security_level,
)
check = zones_security_level()
result = check.execute()
assert len(result) == 1
assert result[0].status == "FAIL"
assert "essentially_off" in result[0].status_extended
def test_zone_security_level_none(self):
zones_client = mock.MagicMock
zones_client.zones = {
ZONE_ID: CloudflareZone(
id=ZONE_ID,
name=ZONE_NAME,
status="active",
paused=False,
settings=CloudflareZoneSettings(
security_level=None,
),
)
}
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=set_mocked_cloudflare_provider(),
),
mock.patch(
"prowler.providers.cloudflare.services.zones.zones_security_level.zones_security_level.zones_client",
new=zones_client,
),
):
from prowler.providers.cloudflare.services.zones.zones_security_level.zones_security_level import (
zones_security_level,
)
check = zones_security_level()
result = check.execute()
assert len(result) == 1
assert result[0].status == "FAIL"

252
tests/providers/cloudflare/services/zones/zones_spf_record_exists/zones_spf_record_exists_test.py Normal file
View File

@@ -0,0 +1,252 @@
from typing import Optional
from unittest import mock
from pydantic import BaseModel
from prowler.providers.cloudflare.services.zones.zones_service import (
CloudflareZone,
CloudflareZoneSettings,
)
from tests.providers.cloudflare.cloudflare_fixtures import (
ZONE_ID,
ZONE_NAME,
set_mocked_cloudflare_provider,
)
class CloudflareDNSRecord(BaseModel):
"""Cloudflare DNS record representation for testing."""
id: str
zone_id: str
zone_name: str
name: Optional[str] = None
type: Optional[str] = None
content: str = ""
ttl: Optional[int] = None
proxied: bool = False
class Test_zones_spf_record_exists:
def test_no_zones(self):
zones_client = mock.MagicMock
zones_client.zones = {}
dns_client = mock.MagicMock
dns_client.records = []
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=set_mocked_cloudflare_provider(),
),
mock.patch(
"prowler.providers.cloudflare.services.zones.zones_spf_record_exists.zones_spf_record_exists.zones_client",
new=zones_client,
),
mock.patch(
"prowler.providers.cloudflare.services.zones.zones_spf_record_exists.zones_spf_record_exists.dns_client",
new=dns_client,
),
):
from prowler.providers.cloudflare.services.zones.zones_spf_record_exists.zones_spf_record_exists import (
zones_spf_record_exists,
)
check = zones_spf_record_exists()
result = check.execute()
assert len(result) == 0
def test_zone_with_spf_record(self):
zones_client = mock.MagicMock
zones_client.zones = {
ZONE_ID: CloudflareZone(
id=ZONE_ID,
name=ZONE_NAME,
status="active",
paused=False,
settings=CloudflareZoneSettings(),
)
}
dns_client = mock.MagicMock
dns_client.records = [
CloudflareDNSRecord(
id="record-1",
zone_id=ZONE_ID,
zone_name=ZONE_NAME,
name=ZONE_NAME,
type="TXT",
content="v=spf1 include:_spf.google.com ~all",
)
]
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=set_mocked_cloudflare_provider(),
),
mock.patch(
"prowler.providers.cloudflare.services.zones.zones_spf_record_exists.zones_spf_record_exists.zones_client",
new=zones_client,
),
mock.patch(
"prowler.providers.cloudflare.services.zones.zones_spf_record_exists.zones_spf_record_exists.dns_client",
new=dns_client,
),
):
from prowler.providers.cloudflare.services.zones.zones_spf_record_exists.zones_spf_record_exists import (
zones_spf_record_exists,
)
check = zones_spf_record_exists()
result = check.execute()
assert len(result) == 1
assert result[0].resource_id == ZONE_ID
assert result[0].resource_name == ZONE_NAME
assert result[0].status == "PASS"
assert "SPF record exists" in result[0].status_extended
def test_zone_without_spf_record(self):
zones_client = mock.MagicMock
zones_client.zones = {
ZONE_ID: CloudflareZone(
id=ZONE_ID,
name=ZONE_NAME,
status="active",
paused=False,
settings=CloudflareZoneSettings(),
)
}
dns_client = mock.MagicMock
dns_client.records = [
CloudflareDNSRecord(
id="record-1",
zone_id=ZONE_ID,
zone_name=ZONE_NAME,
name=ZONE_NAME,
type="A",
content="192.0.2.1",
)
]
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=set_mocked_cloudflare_provider(),
),
mock.patch(
"prowler.providers.cloudflare.services.zones.zones_spf_record_exists.zones_spf_record_exists.zones_client",
new=zones_client,
),
mock.patch(
"prowler.providers.cloudflare.services.zones.zones_spf_record_exists.zones_spf_record_exists.dns_client",
new=dns_client,
),
):
from prowler.providers.cloudflare.services.zones.zones_spf_record_exists.zones_spf_record_exists import (
zones_spf_record_exists,
)
check = zones_spf_record_exists()
result = check.execute()
assert len(result) == 1
assert result[0].status == "FAIL"
assert "No SPF record found" in result[0].status_extended
def test_zone_with_txt_record_but_not_spf(self):
zones_client = mock.MagicMock
zones_client.zones = {
ZONE_ID: CloudflareZone(
id=ZONE_ID,
name=ZONE_NAME,
status="active",
paused=False,
settings=CloudflareZoneSettings(),
)
}
dns_client = mock.MagicMock
dns_client.records = [
CloudflareDNSRecord(
id="record-1",
zone_id=ZONE_ID,
zone_name=ZONE_NAME,
name=ZONE_NAME,
type="TXT",
content="google-site-verification=abc123",
)
]
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=set_mocked_cloudflare_provider(),
),
mock.patch(
"prowler.providers.cloudflare.services.zones.zones_spf_record_exists.zones_spf_record_exists.zones_client",
new=zones_client,
),
mock.patch(
"prowler.providers.cloudflare.services.zones.zones_spf_record_exists.zones_spf_record_exists.dns_client",
new=dns_client,
),
):
from prowler.providers.cloudflare.services.zones.zones_spf_record_exists.zones_spf_record_exists import (
zones_spf_record_exists,
)
check = zones_spf_record_exists()
result = check.execute()
assert len(result) == 1
assert result[0].status == "FAIL"
assert "No SPF record found" in result[0].status_extended
def test_zone_with_spf_record_different_zone(self):
zones_client = mock.MagicMock
zones_client.zones = {
ZONE_ID: CloudflareZone(
id=ZONE_ID,
name=ZONE_NAME,
status="active",
paused=False,
settings=CloudflareZoneSettings(),
)
}
dns_client = mock.MagicMock
dns_client.records = [
CloudflareDNSRecord(
id="record-1",
zone_id="other-zone-id",
zone_name="other.com",
name="other.com",
type="TXT",
content="v=spf1 include:_spf.google.com ~all",
)
]
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=set_mocked_cloudflare_provider(),
),
mock.patch(
"prowler.providers.cloudflare.services.zones.zones_spf_record_exists.zones_spf_record_exists.zones_client",
new=zones_client,
),
mock.patch(
"prowler.providers.cloudflare.services.zones.zones_spf_record_exists.zones_spf_record_exists.dns_client",
new=dns_client,
),
):
from prowler.providers.cloudflare.services.zones.zones_spf_record_exists.zones_spf_record_exists import (
zones_spf_record_exists,
)
check = zones_spf_record_exists()
result = check.execute()
assert len(result) == 1
assert result[0].status == "FAIL"
assert "No SPF record found" in result[0].status_extended

173
tests/providers/cloudflare/services/zones/zones_tls_1_3_enabled/zones_tls_1_3_enabled_test.py Normal file
View File

@@ -0,0 +1,173 @@
from unittest import mock
from prowler.providers.cloudflare.services.zones.zones_service import (
CloudflareZone,
CloudflareZoneSettings,
)
from tests.providers.cloudflare.cloudflare_fixtures import (
ZONE_ID,
ZONE_NAME,
set_mocked_cloudflare_provider,
)
class Test_zones_tls_1_3_enabled:
def test_no_zones(self):
zones_client = mock.MagicMock
zones_client.zones = {}
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=set_mocked_cloudflare_provider(),
),
mock.patch(
"prowler.providers.cloudflare.services.zones.zones_tls_1_3_enabled.zones_tls_1_3_enabled.zones_client",
new=zones_client,
),
):
from prowler.providers.cloudflare.services.zones.zones_tls_1_3_enabled.zones_tls_1_3_enabled import (
zones_tls_1_3_enabled,
)
check = zones_tls_1_3_enabled()
result = check.execute()
assert len(result) == 0
def test_zone_tls_1_3_enabled_on(self):
zones_client = mock.MagicMock
zones_client.zones = {
ZONE_ID: CloudflareZone(
id=ZONE_ID,
name=ZONE_NAME,
status="active",
paused=False,
settings=CloudflareZoneSettings(
tls_1_3="on",
),
)
}
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=set_mocked_cloudflare_provider(),
),
mock.patch(
"prowler.providers.cloudflare.services.zones.zones_tls_1_3_enabled.zones_tls_1_3_enabled.zones_client",
new=zones_client,
),
):
from prowler.providers.cloudflare.services.zones.zones_tls_1_3_enabled.zones_tls_1_3_enabled import (
zones_tls_1_3_enabled,
)
check = zones_tls_1_3_enabled()
result = check.execute()
assert len(result) == 1
assert result[0].resource_id == ZONE_ID
assert result[0].resource_name == ZONE_NAME
assert result[0].status == "PASS"
assert "TLS 1.3 is enabled" in result[0].status_extended
def test_zone_tls_1_3_enabled_zrt(self):
zones_client = mock.MagicMock
zones_client.zones = {
ZONE_ID: CloudflareZone(
id=ZONE_ID,
name=ZONE_NAME,
status="active",
paused=False,
settings=CloudflareZoneSettings(
tls_1_3="zrt",
),
)
}
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=set_mocked_cloudflare_provider(),
),
mock.patch(
"prowler.providers.cloudflare.services.zones.zones_tls_1_3_enabled.zones_tls_1_3_enabled.zones_client",
new=zones_client,
),
):
from prowler.providers.cloudflare.services.zones.zones_tls_1_3_enabled.zones_tls_1_3_enabled import (
zones_tls_1_3_enabled,
)
check = zones_tls_1_3_enabled()
result = check.execute()
assert len(result) == 1
assert result[0].status == "PASS"
assert "TLS 1.3 is enabled" in result[0].status_extended
def test_zone_tls_1_3_disabled(self):
zones_client = mock.MagicMock
zones_client.zones = {
ZONE_ID: CloudflareZone(
id=ZONE_ID,
name=ZONE_NAME,
status="active",
paused=False,
settings=CloudflareZoneSettings(
tls_1_3="off",
),
)
}
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=set_mocked_cloudflare_provider(),
),
mock.patch(
"prowler.providers.cloudflare.services.zones.zones_tls_1_3_enabled.zones_tls_1_3_enabled.zones_client",
new=zones_client,
),
):
from prowler.providers.cloudflare.services.zones.zones_tls_1_3_enabled.zones_tls_1_3_enabled import (
zones_tls_1_3_enabled,
)
check = zones_tls_1_3_enabled()
result = check.execute()
assert len(result) == 1
assert result[0].status == "FAIL"
assert "TLS 1.3 is not enabled" in result[0].status_extended
def test_zone_tls_1_3_none(self):
zones_client = mock.MagicMock
zones_client.zones = {
ZONE_ID: CloudflareZone(
id=ZONE_ID,
name=ZONE_NAME,
status="active",
paused=False,
settings=CloudflareZoneSettings(
tls_1_3=None,
),
)
}
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=set_mocked_cloudflare_provider(),
),
mock.patch(
"prowler.providers.cloudflare.services.zones.zones_tls_1_3_enabled.zones_tls_1_3_enabled.zones_client",
new=zones_client,
),
):
from prowler.providers.cloudflare.services.zones.zones_tls_1_3_enabled.zones_tls_1_3_enabled import (
zones_tls_1_3_enabled,
)
check = zones_tls_1_3_enabled()
result = check.execute()
assert len(result) == 1
assert result[0].status == "FAIL"
assert "TLS 1.3 is not enabled" in result[0].status_extended

139
tests/providers/cloudflare/services/zones/zones_universal_ssl_enabled/zones_universal_ssl_enabled_test.py Normal file
View File

@@ -0,0 +1,139 @@
from unittest import mock
from prowler.providers.cloudflare.services.zones.zones_service import (
CloudflareZone,
CloudflareZoneSettings,
)
from tests.providers.cloudflare.cloudflare_fixtures import (
ZONE_ID,
ZONE_NAME,
set_mocked_cloudflare_provider,
)
class Test_zones_universal_ssl_enabled:
def test_no_zones(self):
zones_client = mock.MagicMock
zones_client.zones = {}
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=set_mocked_cloudflare_provider(),
),
mock.patch(
"prowler.providers.cloudflare.services.zones.zones_universal_ssl_enabled.zones_universal_ssl_enabled.zones_client",
new=zones_client,
),
):
from prowler.providers.cloudflare.services.zones.zones_universal_ssl_enabled.zones_universal_ssl_enabled import (
zones_universal_ssl_enabled,
)
check = zones_universal_ssl_enabled()
result = check.execute()
assert len(result) == 0
def test_zone_universal_ssl_enabled(self):
zones_client = mock.MagicMock
zones_client.zones = {
ZONE_ID: CloudflareZone(
id=ZONE_ID,
name=ZONE_NAME,
status="active",
paused=False,
settings=CloudflareZoneSettings(
universal_ssl="on",
),
)
}
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=set_mocked_cloudflare_provider(),
),
mock.patch(
"prowler.providers.cloudflare.services.zones.zones_universal_ssl_enabled.zones_universal_ssl_enabled.zones_client",
new=zones_client,
),
):
from prowler.providers.cloudflare.services.zones.zones_universal_ssl_enabled.zones_universal_ssl_enabled import (
zones_universal_ssl_enabled,
)
check = zones_universal_ssl_enabled()
result = check.execute()
assert len(result) == 1
assert result[0].resource_id == ZONE_ID
assert result[0].resource_name == ZONE_NAME
assert result[0].status == "PASS"
assert "Universal SSL is enabled" in result[0].status_extended
def test_zone_universal_ssl_disabled(self):
zones_client = mock.MagicMock
zones_client.zones = {
ZONE_ID: CloudflareZone(
id=ZONE_ID,
name=ZONE_NAME,
status="active",
paused=False,
settings=CloudflareZoneSettings(
universal_ssl="off",
),
)
}
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=set_mocked_cloudflare_provider(),
),
mock.patch(
"prowler.providers.cloudflare.services.zones.zones_universal_ssl_enabled.zones_universal_ssl_enabled.zones_client",
new=zones_client,
),
):
from prowler.providers.cloudflare.services.zones.zones_universal_ssl_enabled.zones_universal_ssl_enabled import (
zones_universal_ssl_enabled,
)
check = zones_universal_ssl_enabled()
result = check.execute()
assert len(result) == 1
assert result[0].status == "FAIL"
assert "Universal SSL is not enabled" in result[0].status_extended
def test_zone_universal_ssl_none(self):
zones_client = mock.MagicMock
zones_client.zones = {
ZONE_ID: CloudflareZone(
id=ZONE_ID,
name=ZONE_NAME,
status="active",
paused=False,
settings=CloudflareZoneSettings(
universal_ssl=None,
),
)
}
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=set_mocked_cloudflare_provider(),
),
mock.patch(
"prowler.providers.cloudflare.services.zones.zones_universal_ssl_enabled.zones_universal_ssl_enabled.zones_client",
new=zones_client,
),
):
from prowler.providers.cloudflare.services.zones.zones_universal_ssl_enabled.zones_universal_ssl_enabled import (
zones_universal_ssl_enabled,
)
check = zones_universal_ssl_enabled()
result = check.execute()
assert len(result) == 1
assert result[0].status == "FAIL"
assert "Universal SSL is not enabled" in result[0].status_extended