Files
prowler/tests/providers/azure/services/app/app_service_test.py
T
2026-07-02 10:27:53 +01:00

525 lines
19 KiB
Python

from unittest import mock
from unittest.mock import MagicMock, patch
from azure.mgmt.web.models import ManagedServiceIdentity, SiteConfigResource
from tests.providers.azure.azure_fixtures import (
AZURE_SUBSCRIPTION_ID,
RESOURCE_GROUP,
RESOURCE_GROUP_LIST,
set_mocked_azure_provider,
)
# TODO: we have to fix this test not to use MagicMock but set the App service while mocking the import of the Monitor client
# def mock_app_get_apps(_):
# return {
# AZURE_SUBSCRIPTION_ID: {
# "/subscriptions/resource_id": WebApp(
# resource_id="/subscriptions/resource_id",
# configurations=SiteConfigResource(),
# identity=ManagedServiceIdentity(type="SystemAssigned"),
# auth_enabled=True,
# client_cert_mode="Required",
# https_only=True,
# monitor_diagnostic_settings=[
# DiagnosticSetting(
# id="id2/id2",
# logs=[
# mock.MagicMock(
# category="AppServiceHTTPLogs",
# enabled=False,
# ),
# mock.MagicMock(
# category="AppServiceConsoleLogs",
# enabled=True,
# ),
# mock.MagicMock(
# category="AppServiceAppLogs",
# enabled=True,
# ),
# mock.MagicMock(
# category="AppServiceAuditLogs",
# enabled=False,
# ),
# mock.MagicMock(
# category="AppServiceIPSecAuditLogs",
# enabled=True,
# ),
# mock.MagicMock(
# category="AppServicePlatformLogs",
# enabled=False,
# ),
# ],
# storage_account_name="storage_account_name2",
# storage_account_id="storage_account_id2",
# name="name_diagnostic_setting2",
# ),
# ],
# )
# }
# }
# @patch(
# "prowler.providers.azure.services.app.app_service.App._get_apps",
# new=mock_app_get_apps,
# )
class Test_App_Service:
def test_app_service_(self):
with (
patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=set_mocked_azure_provider(),
),
patch(
"prowler.providers.azure.services.monitor.monitor_service.Monitor",
new=MagicMock(),
),
):
from prowler.providers.azure.services.app.app_service import WebApp
from prowler.providers.azure.services.monitor.monitor_service import (
DiagnosticSetting,
)
app_service = MagicMock()
app_service.apps = {
AZURE_SUBSCRIPTION_ID: {
"/subscriptions/resource_id": WebApp(
resource_id="/subscriptions/resource_id",
name="app_id-1",
configurations=SiteConfigResource(),
identity=ManagedServiceIdentity(type="SystemAssigned"),
auth_enabled=True,
client_cert_mode="Required",
https_only=True,
location="West Europe",
monitor_diagnostic_settings=[
DiagnosticSetting(
id="id2/id2",
logs=[
mock.MagicMock(
category="AppServiceHTTPLogs",
enabled=False,
),
mock.MagicMock(
category="AppServiceConsoleLogs",
enabled=True,
),
mock.MagicMock(
category="AppServiceAppLogs",
enabled=True,
),
mock.MagicMock(
category="AppServiceAuditLogs",
enabled=False,
),
mock.MagicMock(
category="AppServiceIPSecAuditLogs",
enabled=True,
),
mock.MagicMock(
category="AppServicePlatformLogs",
enabled=False,
),
],
storage_account_name="storage_account_name2",
storage_account_id="storage_account_id2",
name="name_diagnostic_setting2",
),
],
)
}
}
# assert (
# app_service.clients[AZURE_SUBSCRIPTION_ID][0].__class__.__name__
# == "WebSiteManagementClient"
# )
assert len(app_service.apps) == 1
assert (
app_service.apps[AZURE_SUBSCRIPTION_ID][
"/subscriptions/resource_id"
].resource_id
== "/subscriptions/resource_id"
)
assert app_service.apps[AZURE_SUBSCRIPTION_ID][
"/subscriptions/resource_id"
].auth_enabled
assert (
app_service.apps[AZURE_SUBSCRIPTION_ID][
"/subscriptions/resource_id"
].client_cert_mode
== "Required"
)
assert (
app_service.apps[AZURE_SUBSCRIPTION_ID][
"/subscriptions/resource_id"
].location
== "West Europe"
)
assert app_service.apps[AZURE_SUBSCRIPTION_ID][
"/subscriptions/resource_id"
].https_only
assert (
app_service.apps[AZURE_SUBSCRIPTION_ID][
"/subscriptions/resource_id"
].identity.type
== "SystemAssigned"
)
assert (
app_service.apps[AZURE_SUBSCRIPTION_ID][
"/subscriptions/resource_id"
].configurations.__class__.__name__
== "SiteConfigResource"
)
assert (
app_service.apps[AZURE_SUBSCRIPTION_ID]["/subscriptions/resource_id"]
.monitor_diagnostic_settings[0]
.id
== "id2/id2"
)
assert (
app_service.apps[AZURE_SUBSCRIPTION_ID]["/subscriptions/resource_id"]
.monitor_diagnostic_settings[0]
.logs[0]
.category
== "AppServiceHTTPLogs"
)
assert (
app_service.apps[AZURE_SUBSCRIPTION_ID]["/subscriptions/resource_id"]
.monitor_diagnostic_settings[0]
.storage_account_name
== "storage_account_name2"
)
assert (
app_service.apps[AZURE_SUBSCRIPTION_ID]["/subscriptions/resource_id"]
.monitor_diagnostic_settings[0]
.storage_account_id
== "storage_account_id2"
)
assert (
app_service.apps[AZURE_SUBSCRIPTION_ID]["/subscriptions/resource_id"]
.monitor_diagnostic_settings[0]
.name
== "name_diagnostic_setting2"
)
def test_app_service_get_functions(self):
with (
patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=set_mocked_azure_provider(),
),
patch(
"prowler.providers.azure.services.monitor.monitor_service.Monitor",
new=MagicMock(),
),
):
from prowler.providers.azure.services.app.app_service import FunctionApp
mock_function = FunctionApp(
id="/subscriptions/resource_id",
name="functionapp-1",
location="West Europe",
kind="functionapp",
function_keys=None,
enviroment_variables=None,
identity=ManagedServiceIdentity(type="SystemAssigned"),
public_access=True,
vnet_subnet_id="",
ftps_state="FtpsOnly",
)
app_service = MagicMock()
app_service.functions = {
"mock-subscription": {"/subscriptions/resource_id": mock_function}
}
assert (
app_service.functions["mock-subscription"][
"/subscriptions/resource_id"
].ftps_state
== "FtpsOnly"
)
assert (
app_service.functions["mock-subscription"][
"/subscriptions/resource_id"
].name
== "functionapp-1"
)
class Test_App_get_apps:
def test_get_apps_no_resource_groups(self):
mock_client = MagicMock()
mock_client.web_apps.list.return_value = []
with (
patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=set_mocked_azure_provider(),
),
patch(
"prowler.providers.azure.services.monitor.monitor_service.Monitor",
new=MagicMock(),
),
):
from prowler.providers.azure.services.app.app_service import App
app = App(set_mocked_azure_provider())
app.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
app.resource_groups = None
result = app._get_apps()
mock_client.web_apps.list.assert_called_once()
mock_client.web_apps.list_by_resource_group.assert_not_called()
assert AZURE_SUBSCRIPTION_ID in result
def test_get_apps_with_resource_group(self):
mock_client = MagicMock()
mock_client.web_apps.list_by_resource_group.return_value = []
with (
patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=set_mocked_azure_provider(),
),
patch(
"prowler.providers.azure.services.monitor.monitor_service.Monitor",
new=MagicMock(),
),
):
from prowler.providers.azure.services.app.app_service import App
app = App(set_mocked_azure_provider())
app.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
app.resource_groups = {AZURE_SUBSCRIPTION_ID: [RESOURCE_GROUP]}
result = app._get_apps()
mock_client.web_apps.list_by_resource_group.assert_called_once_with(
resource_group_name=RESOURCE_GROUP
)
mock_client.web_apps.list.assert_not_called()
assert AZURE_SUBSCRIPTION_ID in result
def test_get_apps_empty_resource_group_for_subscription(self):
mock_client = MagicMock()
with (
patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=set_mocked_azure_provider(),
),
patch(
"prowler.providers.azure.services.monitor.monitor_service.Monitor",
new=MagicMock(),
),
):
from prowler.providers.azure.services.app.app_service import App
app = App(set_mocked_azure_provider())
app.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
app.resource_groups = {AZURE_SUBSCRIPTION_ID: []}
result = app._get_apps()
mock_client.web_apps.list_by_resource_group.assert_not_called()
mock_client.web_apps.list.assert_not_called()
assert result[AZURE_SUBSCRIPTION_ID] == {}
class Test_App_get_functions:
def test_get_functions_no_resource_groups(self):
mock_client = MagicMock()
mock_client.web_apps.list.return_value = []
with (
patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=set_mocked_azure_provider(),
),
patch(
"prowler.providers.azure.services.monitor.monitor_service.Monitor",
new=MagicMock(),
),
):
from prowler.providers.azure.services.app.app_service import App
app = App(set_mocked_azure_provider())
app.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
app.resource_groups = None
result = app._get_functions()
mock_client.web_apps.list.assert_called_once()
mock_client.web_apps.list_by_resource_group.assert_not_called()
assert AZURE_SUBSCRIPTION_ID in result
def test_get_functions_with_resource_group(self):
mock_client = MagicMock()
mock_client.web_apps.list_by_resource_group.return_value = []
with (
patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=set_mocked_azure_provider(),
),
patch(
"prowler.providers.azure.services.monitor.monitor_service.Monitor",
new=MagicMock(),
),
):
from prowler.providers.azure.services.app.app_service import App
app = App(set_mocked_azure_provider())
app.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
app.resource_groups = {AZURE_SUBSCRIPTION_ID: [RESOURCE_GROUP]}
result = app._get_functions()
mock_client.web_apps.list_by_resource_group.assert_called_once_with(
resource_group_name=RESOURCE_GROUP
)
mock_client.web_apps.list.assert_not_called()
assert AZURE_SUBSCRIPTION_ID in result
def test_get_functions_empty_resource_group_for_subscription(self):
mock_client = MagicMock()
with (
patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=set_mocked_azure_provider(),
),
patch(
"prowler.providers.azure.services.monitor.monitor_service.Monitor",
new=MagicMock(),
),
):
from prowler.providers.azure.services.app.app_service import App
app = App(set_mocked_azure_provider())
app.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
app.resource_groups = {AZURE_SUBSCRIPTION_ID: []}
result = app._get_functions()
mock_client.web_apps.list_by_resource_group.assert_not_called()
mock_client.web_apps.list.assert_not_called()
assert result[AZURE_SUBSCRIPTION_ID] == {}
def test_get_apps_with_multiple_resource_groups(self):
mock_client = MagicMock()
mock_client.web_apps.list_by_resource_group.return_value = []
with (
patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=set_mocked_azure_provider(),
),
patch(
"prowler.providers.azure.services.monitor.monitor_service.Monitor",
new=MagicMock(),
),
):
from prowler.providers.azure.services.app.app_service import App
app = App(set_mocked_azure_provider())
app.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
app.resource_groups = {AZURE_SUBSCRIPTION_ID: RESOURCE_GROUP_LIST}
result = app._get_apps()
assert mock_client.web_apps.list_by_resource_group.call_count == 2
assert AZURE_SUBSCRIPTION_ID in result
def test_get_apps_with_mixed_case_resource_group(self):
mock_client = MagicMock()
mock_client.web_apps.list_by_resource_group.return_value = []
with (
patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=set_mocked_azure_provider(),
),
patch(
"prowler.providers.azure.services.monitor.monitor_service.Monitor",
new=MagicMock(),
),
):
from prowler.providers.azure.services.app.app_service import App
app = App(set_mocked_azure_provider())
app.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
app.resource_groups = {AZURE_SUBSCRIPTION_ID: ["RG"]}
app._get_apps()
mock_client.web_apps.list_by_resource_group.assert_called_once_with(
resource_group_name="RG"
)
class Test_App_get_functions_extra:
def test_get_functions_with_multiple_resource_groups(self):
mock_client = MagicMock()
mock_client.web_apps.list_by_resource_group.return_value = []
with (
patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=set_mocked_azure_provider(),
),
patch(
"prowler.providers.azure.services.monitor.monitor_service.Monitor",
new=MagicMock(),
),
):
from prowler.providers.azure.services.app.app_service import App
app = App(set_mocked_azure_provider())
app.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
app.resource_groups = {AZURE_SUBSCRIPTION_ID: RESOURCE_GROUP_LIST}
result = app._get_functions()
assert mock_client.web_apps.list_by_resource_group.call_count == 2
assert AZURE_SUBSCRIPTION_ID in result
def test_get_functions_with_mixed_case_resource_group(self):
mock_client = MagicMock()
mock_client.web_apps.list_by_resource_group.return_value = []
with (
patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=set_mocked_azure_provider(),
),
patch(
"prowler.providers.azure.services.monitor.monitor_service.Monitor",
new=MagicMock(),
),
):
from prowler.providers.azure.services.app.app_service import App
app = App(set_mocked_azure_provider())
app.clients = {AZURE_SUBSCRIPTION_ID: mock_client}
app.resource_groups = {AZURE_SUBSCRIPTION_ID: ["RG"]}
app._get_functions()
mock_client.web_apps.list_by_resource_group.assert_called_once_with(
resource_group_name="RG"
)