mirror of
https://github.com/inspec/inspec
synced 2025-01-24 19:05:27 +00:00
f9e0aaadba
* Move raise condition for host into enabled method This is related to #1205. This will fix the ssl resource for now until we redo the exceptions. Still looking around the code and need to build some unit tests for the ssl resource. My fix here is to move the raise condition till later in the flow, specifically the enabled? method. This lets the raise get caught accordingly without killing the other tests. Signed-off-by: Jared Quick <jquick@chef.io> * Remove authors from ssl resource test Signed-off-by: Jared Quick <jquick@chef.io>
55 lines
2.1 KiB
Ruby
55 lines
2.1 KiB
Ruby
# encoding: utf-8
|
|
|
|
require 'helper'
|
|
require 'inspec/resource'
|
|
|
|
describe 'Inspec::Resources::SSL' do
|
|
it 'verify cipher enabled' do
|
|
SSLShake.expects(:hello).at_least_once.returns({ 'cipher_suite'=>'TLS_RSA_WITH_AES_128_CBC_SHA', 'success' => true })
|
|
resource = load_resource('ssl', host: 'localhost').ciphers(/rsa/i)
|
|
_(resource.enabled?).must_equal true
|
|
end
|
|
|
|
it 'verify cipher disabled' do
|
|
SSLShake.expects(:hello).at_least_once.returns({ 'error'=>'SSL Alert.' })
|
|
resource = load_resource('ssl', host: 'localhost').ciphers(/rc4/i)
|
|
_(resource.enabled?).must_equal false
|
|
end
|
|
|
|
it 'verify protocol enabled' do
|
|
SSLShake.expects(:hello).at_least_once.returns({ 'version' => 'tls1.2', 'success' => true })
|
|
resource = load_resource('ssl', host: 'localhost').protocols('tls1.2')
|
|
_(resource.enabled?).must_equal true
|
|
end
|
|
|
|
it 'verify protocol disabled' do
|
|
SSLShake.expects(:hello).at_least_once.returns({ 'error'=>'Failed to parse response. Cannot handle SSLv2 responses' })
|
|
resource = load_resource('ssl', host: 'localhost').protocols('ssl2')
|
|
_(resource.enabled?).must_equal false
|
|
end
|
|
|
|
it 'verify host reachable' do
|
|
SSLShake.expects(:hello).at_least_once.returns({ 'success' => true })
|
|
resource = load_resource('ssl', host: 'localhost')
|
|
_(resource.enabled?).must_equal true
|
|
end
|
|
|
|
it 'verify host unreachable' do
|
|
SSLShake.expects(:hello).at_least_once.returns({ 'error'=>'Connection error Errno::ECONNREFUSED, can\'t connect to localhost:443.' })
|
|
resource = load_resource('ssl', host: 'localhost')
|
|
_(resource.enabled?).must_equal false
|
|
end
|
|
|
|
it 'error with nil host' do
|
|
resource = load_resource('ssl', host: nil)
|
|
err = proc { resource.enabled? }.must_raise(RuntimeError)
|
|
err.message.must_equal 'Cannot determine host for SSL test. Please specify it or use a different target.'
|
|
end
|
|
|
|
it 'verify sslshake resources' do
|
|
resource = load_resource('ssl', host: 'localhost')
|
|
_(resource.protocols.uniq).must_equal ['ssl2', 'ssl3', 'tls1.0', 'tls1.1', 'tls1.2']
|
|
_(resource.ciphers.include?('TLS_RSA_WITH_AES_128_CBC_SHA256')).must_equal true
|
|
_(resource.ciphers.count).must_equal 681
|
|
end
|
|
end
|