@auth0/auth0-checkmate 1.4.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.github/CODEOWNERS +1 -0
- package/.github/workflows/npm-release.yml +77 -0
- package/.github/workflows/sca_scan.yml +10 -0
- package/.github/workflows/test.yml +48 -0
- package/AUTHORS +5 -0
- package/LICENSE +203 -0
- package/README.md +166 -0
- package/THIRD-PARTY-NOTICES +226 -0
- package/analyzer/lib/actions/checkActionsHardCodedValues.js +151 -0
- package/analyzer/lib/actions/checkActionsRuntime.js +105 -0
- package/analyzer/lib/actions/checkDependencies.js +111 -0
- package/analyzer/lib/attack_protection/checkBotDetectionSetting.js +76 -0
- package/analyzer/lib/attack_protection/checkBreachedPassword.js +140 -0
- package/analyzer/lib/attack_protection/checkBruteForce.js +89 -0
- package/analyzer/lib/attack_protection/checkSuspiciousIPThrottling.js +89 -0
- package/analyzer/lib/canonical_domain/checkCanonicalDomain.js +63 -0
- package/analyzer/lib/clients/checkAllowedCallbacks.js +122 -0
- package/analyzer/lib/clients/checkAllowedLogoutUrl.js +124 -0
- package/analyzer/lib/clients/checkApplicationLoginUri.js +125 -0
- package/analyzer/lib/clients/checkCrossOriginAuthentication.js +91 -0
- package/analyzer/lib/clients/checkGrantTypes.js +138 -0
- package/analyzer/lib/clients/checkJWTSignAlg.js +118 -0
- package/analyzer/lib/clients/checkRefreshToken.js +108 -0
- package/analyzer/lib/clients/checkWebOrigins.js +55 -0
- package/analyzer/lib/constants.js +63 -0
- package/analyzer/lib/custom_domain/checkCustomDomain.js +53 -0
- package/analyzer/lib/databases/checkAuthenticationMethods.js +98 -0
- package/analyzer/lib/databases/checkDASHardCodedValues.js +163 -0
- package/analyzer/lib/databases/checkEmailAttributeVerification.js +114 -0
- package/analyzer/lib/databases/checkEnabledDatabaseCustomization.js +83 -0
- package/analyzer/lib/databases/checkPasswordComplexity.js +100 -0
- package/analyzer/lib/databases/checkPasswordHistory.js +92 -0
- package/analyzer/lib/databases/checkPasswordNoPersonalInfo.js +91 -0
- package/analyzer/lib/databases/checkPasswordPolicy.js +95 -0
- package/analyzer/lib/databases/checkPromotedDBConnection.js +96 -0
- package/analyzer/lib/email_provider/checkEmailProvider.js +37 -0
- package/analyzer/lib/email_templates/checkEmailTemplates.js +71 -0
- package/analyzer/lib/error_page_template/checkErrorPageTemplate.js +153 -0
- package/analyzer/lib/event_streams/checkEventStreams.js +71 -0
- package/analyzer/lib/executeCheck.js +12 -0
- package/analyzer/lib/hooks/checkHooks.js +43 -0
- package/analyzer/lib/listOfAnalyser.js +24 -0
- package/analyzer/lib/log_streams/checkLogStream.js +60 -0
- package/analyzer/lib/logger.js +16 -0
- package/analyzer/lib/multifactor/checkGuardianFactors.js +72 -0
- package/analyzer/lib/multifactor/checkGuardianPolicy.js +40 -0
- package/analyzer/lib/network_acl/checkNetworkACL.js +35 -0
- package/analyzer/lib/rules/checkRules.js +102 -0
- package/analyzer/lib/tenant_settings/checkDefaultAudience.js +53 -0
- package/analyzer/lib/tenant_settings/checkDefaultDirectory.js +48 -0
- package/analyzer/lib/tenant_settings/checkEnabledDynamicClientRegistration.js +60 -0
- package/analyzer/lib/tenant_settings/checkSandboxVersion.js +37 -0
- package/analyzer/lib/tenant_settings/checkSessionLifetime.js +95 -0
- package/analyzer/lib/tenant_settings/checkSupportEmail.js +61 -0
- package/analyzer/lib/tenant_settings/checkSupportUrl.js +61 -0
- package/analyzer/lib/tenant_settings/checkTenantLoginUrl.js +71 -0
- package/analyzer/lib/tenant_settings/checkTenantLogoutUrl.js +60 -0
- package/analyzer/report.js +404 -0
- package/analyzer/tools/auth0.js +443 -0
- package/analyzer/tools/helpers.js +71 -0
- package/analyzer/tools/summary.js +84 -0
- package/analyzer/tools/utils.js +72 -0
- package/bin/index.js +393 -0
- package/eslint.config.mjs +16 -0
- package/images/auth0.png +0 -0
- package/images/okta.png +0 -0
- package/locales/en.json +1417 -0
- package/package.json +66 -0
- package/tests/actions/checkActionsHardCodedValues.test.js +106 -0
- package/tests/actions/checkActionsRuntime.test.js +102 -0
- package/tests/actions/checkDependencies.test.js +131 -0
- package/tests/attack_protection/checkBreachedPassword.test.js +253 -0
- package/tests/attack_protection/checkBruteForce.test.js +181 -0
- package/tests/attack_protection/checkSuspiciousIPThrottling.test.js +222 -0
- package/tests/canonical_domain/checkCanonicalDomain.test.js +94 -0
- package/tests/clients/checkAllowedCallbacks.test.js +149 -0
- package/tests/clients/checkAllowedLogoutUrl.test.js +149 -0
- package/tests/clients/checkApplicationLoginUri.test.js +180 -0
- package/tests/clients/checkCrossOriginAuthentication.test.js +99 -0
- package/tests/clients/checkGrantTypes.test.js +154 -0
- package/tests/clients/checkJWTSignAlg.test.js +121 -0
- package/tests/clients/checkRefreshToken.test.js +63 -0
- package/tests/clients/checkWebOrigins.test.js +140 -0
- package/tests/custom_domain/checkCustomDomain.test.js +73 -0
- package/tests/databases/checkAuthenticationMethods.test.js +124 -0
- package/tests/databases/checkDASHardCodedValues.test.js +77 -0
- package/tests/databases/checkEmailAttributeVerification.test.js +79 -0
- package/tests/databases/checkEnabledDatabaseCustomization.test.js +68 -0
- package/tests/databases/checkPasswordComplexity.test.js +127 -0
- package/tests/databases/checkPasswordHistory.test.js +100 -0
- package/tests/databases/checkPasswordNoPersonalInfo.test.js +94 -0
- package/tests/databases/checkPasswordPolicy.test.js +161 -0
- package/tests/databases/checkPromotedDBConnection.test.js +62 -0
- package/tests/email_provider/checkEmailProvider.test.js +58 -0
- package/tests/email_templates/checkEmailTemplates.test.js +120 -0
- package/tests/error_page_template/checkErrorPageTemplate.test.js +315 -0
- package/tests/event_streams/checkEventStreams.test.js +118 -0
- package/tests/hooks/checkHooks.test.js +112 -0
- package/tests/log_streams/checkLogStream.test.js +140 -0
- package/tests/multifactor/checkGuardianFactors.test.js +94 -0
- package/tests/multifactor/checkGuardianPolicy.test.js +49 -0
- package/tests/rules/checkRules.test.js +102 -0
- package/tests/tenant_settings/checkDefaultAudience.test.js +62 -0
- package/tests/tenant_settings/checkDefaultDirectory.test.js +62 -0
- package/tests/tenant_settings/checkEnabledDynamicClientRegistration.test.js +97 -0
- package/tests/tenant_settings/checkSandboxVersion.test.js +50 -0
- package/tests/tenant_settings/checkSessionLifetime.test.js +108 -0
- package/tests/tenant_settings/checkSupportEmail.test.js +77 -0
- package/tests/tenant_settings/checkSupportUrl.test.js +77 -0
- package/tests/tenant_settings/checkTenantLoginUri.test.js +82 -0
- package/tests/tenant_settings/checkTenantLogoutUrl.test.js +108 -0
- package/tests/tools/auth0.test.js +833 -0
- package/tests/tools/helpers.test.js +692 -0
- package/views/pdf_cli_report.handlebars +571 -0
|
@@ -0,0 +1,127 @@
|
|
|
1
|
+
const { expect } = require("chai");
|
|
2
|
+
const checkPasswordComplexity = require("../../analyzer/lib/databases/checkPasswordComplexity");
|
|
3
|
+
const CONSTANTS = require("../../analyzer/lib/constants");
|
|
4
|
+
|
|
5
|
+
describe("checkPasswordComplexity", function () {
|
|
6
|
+
it("should return failure if no databases are provided", function () {
|
|
7
|
+
const options = {
|
|
8
|
+
databases: [], // Empty databases array
|
|
9
|
+
};
|
|
10
|
+
|
|
11
|
+
checkPasswordComplexity(options, (report) => {
|
|
12
|
+
expect(report).to.have.lengthOf(1);
|
|
13
|
+
expect(report[0].field).to.equal("no_database_connections_found");
|
|
14
|
+
expect(report[0].status).to.equal(CONSTANTS.FAIL);
|
|
15
|
+
});
|
|
16
|
+
});
|
|
17
|
+
|
|
18
|
+
it("should return failure if password complexity is not configured", function () {
|
|
19
|
+
const options = {
|
|
20
|
+
databases: [
|
|
21
|
+
{
|
|
22
|
+
name: "Default DB",
|
|
23
|
+
options: {
|
|
24
|
+
password_complexity_options: {}, // Empty password_complexity_options
|
|
25
|
+
},
|
|
26
|
+
},
|
|
27
|
+
],
|
|
28
|
+
};
|
|
29
|
+
|
|
30
|
+
checkPasswordComplexity(options, (report) => {
|
|
31
|
+
expect(report).to.have.lengthOf(1);
|
|
32
|
+
expect(report[0].field).to.equal("password_complexity_not_configured");
|
|
33
|
+
expect(report[0].status).to.equal(CONSTANTS.FAIL);
|
|
34
|
+
});
|
|
35
|
+
});
|
|
36
|
+
|
|
37
|
+
it("should return failure if password minimum length is less than 12", function () {
|
|
38
|
+
const options = {
|
|
39
|
+
databases: [
|
|
40
|
+
{
|
|
41
|
+
name: "Default DB",
|
|
42
|
+
options: {
|
|
43
|
+
password_complexity_options: {
|
|
44
|
+
min_length: 8, // Password min length is 8 (which is less than 12)
|
|
45
|
+
},
|
|
46
|
+
},
|
|
47
|
+
},
|
|
48
|
+
],
|
|
49
|
+
};
|
|
50
|
+
|
|
51
|
+
checkPasswordComplexity(options, (report) => {
|
|
52
|
+
expect(report).to.have.lengthOf(1);
|
|
53
|
+
expect(report[0].field).to.equal("password_min_length_fail");
|
|
54
|
+
expect(report[0].status).to.equal(CONSTANTS.FAIL);
|
|
55
|
+
expect(report[0].value).to.equal(8);
|
|
56
|
+
});
|
|
57
|
+
});
|
|
58
|
+
|
|
59
|
+
it("should return success if password minimum length is 12 or greater", function () {
|
|
60
|
+
const options = {
|
|
61
|
+
databases: [
|
|
62
|
+
{
|
|
63
|
+
name: "Default DB",
|
|
64
|
+
options: {
|
|
65
|
+
password_complexity_options: {
|
|
66
|
+
min_length: 12, // Password min length is 12 (which meets the minimum requirement)
|
|
67
|
+
},
|
|
68
|
+
},
|
|
69
|
+
},
|
|
70
|
+
],
|
|
71
|
+
};
|
|
72
|
+
|
|
73
|
+
checkPasswordComplexity(options, (report) => {
|
|
74
|
+
expect(report).to.have.lengthOf(1);
|
|
75
|
+
expect(report[0].field).to.equal("password_min_length_success");
|
|
76
|
+
expect(report[0].status).to.equal(CONSTANTS.SUCCESS);
|
|
77
|
+
expect(report[0].value).to.equal(12);
|
|
78
|
+
});
|
|
79
|
+
});
|
|
80
|
+
|
|
81
|
+
it("should handle multiple databases with different password complexity configurations", function () {
|
|
82
|
+
const options = {
|
|
83
|
+
databases: [
|
|
84
|
+
{
|
|
85
|
+
name: "DB 1",
|
|
86
|
+
options: {
|
|
87
|
+
password_complexity_options: {
|
|
88
|
+
min_length: 8, // Password min length is 8 (failure case)
|
|
89
|
+
},
|
|
90
|
+
},
|
|
91
|
+
},
|
|
92
|
+
{
|
|
93
|
+
name: "DB 2",
|
|
94
|
+
options: {
|
|
95
|
+
password_complexity_options: {
|
|
96
|
+
min_length: 14, // Password min length is 14 (success case)
|
|
97
|
+
},
|
|
98
|
+
},
|
|
99
|
+
},
|
|
100
|
+
{
|
|
101
|
+
name: "DB 3",
|
|
102
|
+
options: {
|
|
103
|
+
password_complexity_options: {}, // No password complexity configured (failure case)
|
|
104
|
+
},
|
|
105
|
+
},
|
|
106
|
+
],
|
|
107
|
+
};
|
|
108
|
+
|
|
109
|
+
checkPasswordComplexity(options, (report) => {
|
|
110
|
+
expect(report).to.have.lengthOf(3);
|
|
111
|
+
|
|
112
|
+
// DB 1: Password min length is less than 12, should fail
|
|
113
|
+
expect(report[0].field).to.equal("password_min_length_fail");
|
|
114
|
+
expect(report[0].status).to.equal(CONSTANTS.FAIL);
|
|
115
|
+
expect(report[0].value).to.equal(8);
|
|
116
|
+
|
|
117
|
+
// DB 2: Password min length is 14, should succeed
|
|
118
|
+
expect(report[1].field).to.equal("password_min_length_success");
|
|
119
|
+
expect(report[1].status).to.equal(CONSTANTS.SUCCESS);
|
|
120
|
+
expect(report[1].value).to.equal(14);
|
|
121
|
+
|
|
122
|
+
// DB 3: Password complexity not configured, should fail
|
|
123
|
+
expect(report[2].field).to.equal("password_complexity_not_configured");
|
|
124
|
+
expect(report[2].status).to.equal(CONSTANTS.FAIL);
|
|
125
|
+
});
|
|
126
|
+
});
|
|
127
|
+
});
|
|
@@ -0,0 +1,100 @@
|
|
|
1
|
+
const { expect } = require("chai");
|
|
2
|
+
const checkPasswordHistory = require("../../analyzer/lib/databases/checkPasswordHistory");
|
|
3
|
+
const CONSTANTS = require("../../analyzer/lib/constants");
|
|
4
|
+
|
|
5
|
+
describe("checkPasswordHistory", function () {
|
|
6
|
+
it("should return failure if no databases are provided", function () {
|
|
7
|
+
const options = {
|
|
8
|
+
databases: [], // Empty databases array
|
|
9
|
+
};
|
|
10
|
+
|
|
11
|
+
checkPasswordHistory(options, (report) => {
|
|
12
|
+
expect(report).to.have.lengthOf(1);
|
|
13
|
+
expect(report[0].field).to.equal("no_database_connections_found");
|
|
14
|
+
expect(report[0].status).to.equal(CONSTANTS.FAIL);
|
|
15
|
+
});
|
|
16
|
+
});
|
|
17
|
+
|
|
18
|
+
it("should return failure if password history is disabled", function () {
|
|
19
|
+
const options = {
|
|
20
|
+
databases: [
|
|
21
|
+
{
|
|
22
|
+
name: "Default DB",
|
|
23
|
+
options: {
|
|
24
|
+
password_history: {
|
|
25
|
+
enable: false, // Password history is disabled
|
|
26
|
+
size: 5,
|
|
27
|
+
},
|
|
28
|
+
},
|
|
29
|
+
},
|
|
30
|
+
],
|
|
31
|
+
};
|
|
32
|
+
|
|
33
|
+
checkPasswordHistory(options, (report) => {
|
|
34
|
+
expect(report).to.have.lengthOf(1);
|
|
35
|
+
expect(report[0].field).to.equal("password_history_disabled");
|
|
36
|
+
expect(report[0].status).to.equal(CONSTANTS.FAIL);
|
|
37
|
+
});
|
|
38
|
+
});
|
|
39
|
+
|
|
40
|
+
it("should return success if password history is enabled", function () {
|
|
41
|
+
const options = {
|
|
42
|
+
databases: [
|
|
43
|
+
{
|
|
44
|
+
name: "Default DB",
|
|
45
|
+
options: {
|
|
46
|
+
password_history: {
|
|
47
|
+
enable: true, // Password history is enabled
|
|
48
|
+
size: 5,
|
|
49
|
+
},
|
|
50
|
+
},
|
|
51
|
+
},
|
|
52
|
+
],
|
|
53
|
+
};
|
|
54
|
+
|
|
55
|
+
checkPasswordHistory(options, (report) => {
|
|
56
|
+
expect(report).to.have.lengthOf(1);
|
|
57
|
+
expect(report[0].field).to.equal("password_history_enabled");
|
|
58
|
+
expect(report[0].status).to.equal(CONSTANTS.SUCCESS);
|
|
59
|
+
expect(report[0].value).to.equal(5);
|
|
60
|
+
});
|
|
61
|
+
});
|
|
62
|
+
|
|
63
|
+
it("should handle multiple databases with different password history configurations", function () {
|
|
64
|
+
const options = {
|
|
65
|
+
databases: [
|
|
66
|
+
{
|
|
67
|
+
name: "DB 1",
|
|
68
|
+
options: {
|
|
69
|
+
password_history: {
|
|
70
|
+
enable: false, // Password history is disabled (failure case)
|
|
71
|
+
size: 5,
|
|
72
|
+
},
|
|
73
|
+
},
|
|
74
|
+
},
|
|
75
|
+
{
|
|
76
|
+
name: "DB 2",
|
|
77
|
+
options: {
|
|
78
|
+
password_history: {
|
|
79
|
+
enable: true, // Password history is enabled (success case)
|
|
80
|
+
size: 10,
|
|
81
|
+
},
|
|
82
|
+
},
|
|
83
|
+
},
|
|
84
|
+
],
|
|
85
|
+
};
|
|
86
|
+
|
|
87
|
+
checkPasswordHistory(options, (report) => {
|
|
88
|
+
expect(report).to.have.lengthOf(2);
|
|
89
|
+
|
|
90
|
+
// DB 1: Password history disabled, should fail
|
|
91
|
+
expect(report[0].field).to.equal("password_history_disabled");
|
|
92
|
+
expect(report[0].status).to.equal(CONSTANTS.FAIL);
|
|
93
|
+
|
|
94
|
+
// DB 2: Password history enabled, should succeed
|
|
95
|
+
expect(report[1].field).to.equal("password_history_enabled");
|
|
96
|
+
expect(report[1].status).to.equal(CONSTANTS.SUCCESS);
|
|
97
|
+
expect(report[1].value).to.equal(10);
|
|
98
|
+
});
|
|
99
|
+
});
|
|
100
|
+
});
|
|
@@ -0,0 +1,94 @@
|
|
|
1
|
+
const { expect } = require("chai");
|
|
2
|
+
const checkPasswordNoPersonalInfo = require("../../analyzer/lib/databases/checkPasswordNoPersonalInfo");
|
|
3
|
+
const CONSTANTS = require("../../analyzer/lib/constants");
|
|
4
|
+
|
|
5
|
+
describe("checkPasswordNoPersonalInfo", function () {
|
|
6
|
+
it("should return failure if no databases are provided", function () {
|
|
7
|
+
const options = {
|
|
8
|
+
databases: [], // Empty databases array
|
|
9
|
+
};
|
|
10
|
+
|
|
11
|
+
checkPasswordNoPersonalInfo(options, (report) => {
|
|
12
|
+
expect(report).to.have.lengthOf(1);
|
|
13
|
+
expect(report[0].field).to.equal("no_database_connections_found");
|
|
14
|
+
expect(report[0].status).to.equal(CONSTANTS.FAIL);
|
|
15
|
+
});
|
|
16
|
+
});
|
|
17
|
+
|
|
18
|
+
it("should return failure if password_no_personal_info is disabled", function () {
|
|
19
|
+
const options = {
|
|
20
|
+
databases: [
|
|
21
|
+
{
|
|
22
|
+
name: "Default DB",
|
|
23
|
+
options: {
|
|
24
|
+
password_no_personal_info: {
|
|
25
|
+
enable: false, // Personal info disallowed is disabled
|
|
26
|
+
},
|
|
27
|
+
},
|
|
28
|
+
},
|
|
29
|
+
],
|
|
30
|
+
};
|
|
31
|
+
|
|
32
|
+
checkPasswordNoPersonalInfo(options, (report) => {
|
|
33
|
+
expect(report).to.have.lengthOf(1);
|
|
34
|
+
expect(report[0].field).to.equal("password_no_personal_info_disabled");
|
|
35
|
+
expect(report[0].status).to.equal(CONSTANTS.FAIL);
|
|
36
|
+
});
|
|
37
|
+
});
|
|
38
|
+
|
|
39
|
+
it("should return success if password_no_personal_info is enabled", function () {
|
|
40
|
+
const options = {
|
|
41
|
+
databases: [
|
|
42
|
+
{
|
|
43
|
+
name: "Default DB",
|
|
44
|
+
options: {
|
|
45
|
+
password_no_personal_info: {
|
|
46
|
+
enable: true, // Personal info disallowed is enabled
|
|
47
|
+
},
|
|
48
|
+
},
|
|
49
|
+
},
|
|
50
|
+
],
|
|
51
|
+
};
|
|
52
|
+
|
|
53
|
+
checkPasswordNoPersonalInfo(options, (report) => {
|
|
54
|
+
expect(report).to.have.lengthOf(1);
|
|
55
|
+
expect(report[0].field).to.equal("password_no_personal_info_enable");
|
|
56
|
+
expect(report[0].status).to.equal(CONSTANTS.SUCCESS);
|
|
57
|
+
});
|
|
58
|
+
});
|
|
59
|
+
|
|
60
|
+
it("should handle multiple databases with different personal info configurations", function () {
|
|
61
|
+
const options = {
|
|
62
|
+
databases: [
|
|
63
|
+
{
|
|
64
|
+
name: "DB 1",
|
|
65
|
+
options: {
|
|
66
|
+
password_no_personal_info: {
|
|
67
|
+
enable: false, // Personal info disallowed is disabled (failure case)
|
|
68
|
+
},
|
|
69
|
+
},
|
|
70
|
+
},
|
|
71
|
+
{
|
|
72
|
+
name: "DB 2",
|
|
73
|
+
options: {
|
|
74
|
+
password_no_personal_info: {
|
|
75
|
+
enable: true, // Personal info disallowed is enabled (success case)
|
|
76
|
+
},
|
|
77
|
+
},
|
|
78
|
+
},
|
|
79
|
+
],
|
|
80
|
+
};
|
|
81
|
+
|
|
82
|
+
checkPasswordNoPersonalInfo(options, (report) => {
|
|
83
|
+
expect(report).to.have.lengthOf(2);
|
|
84
|
+
|
|
85
|
+
// DB 1: Personal info disallowed is disabled, should fail
|
|
86
|
+
expect(report[0].field).to.equal("password_no_personal_info_disabled");
|
|
87
|
+
expect(report[0].status).to.equal(CONSTANTS.FAIL);
|
|
88
|
+
|
|
89
|
+
// DB 2: Personal info disallowed is enabled, should succeed
|
|
90
|
+
expect(report[1].field).to.equal("password_no_personal_info_enable");
|
|
91
|
+
expect(report[1].status).to.equal(CONSTANTS.SUCCESS);
|
|
92
|
+
});
|
|
93
|
+
});
|
|
94
|
+
});
|
|
@@ -0,0 +1,161 @@
|
|
|
1
|
+
const { expect } = require("chai");
|
|
2
|
+
const checkPasswordPolicy = require("../../analyzer/lib/databases/checkPasswordPolicy");
|
|
3
|
+
const CONSTANTS = require("../../analyzer/lib/constants");
|
|
4
|
+
|
|
5
|
+
describe("checkPasswordPolicy", function () {
|
|
6
|
+
it("should return failure if no databases are provided", function () {
|
|
7
|
+
const options = {
|
|
8
|
+
databases: [], // Empty databases array
|
|
9
|
+
};
|
|
10
|
+
|
|
11
|
+
checkPasswordPolicy(options, (report) => {
|
|
12
|
+
expect(report).to.have.lengthOf(1);
|
|
13
|
+
expect(report[0].field).to.equal("no_database_connections_found");
|
|
14
|
+
expect(report[0].status).to.equal(CONSTANTS.FAIL);
|
|
15
|
+
});
|
|
16
|
+
});
|
|
17
|
+
|
|
18
|
+
it('should return failure if passwordPolicy is "none"', function () {
|
|
19
|
+
const options = {
|
|
20
|
+
databases: [
|
|
21
|
+
{
|
|
22
|
+
name: "DB 1",
|
|
23
|
+
options: {
|
|
24
|
+
passwordPolicy: "none", // Password policy is "none"
|
|
25
|
+
},
|
|
26
|
+
},
|
|
27
|
+
],
|
|
28
|
+
};
|
|
29
|
+
|
|
30
|
+
checkPasswordPolicy(options, (report) => {
|
|
31
|
+
expect(report).to.have.lengthOf(1);
|
|
32
|
+
expect(report[0].field).to.equal("password_policy");
|
|
33
|
+
expect(report[0].status).to.equal(CONSTANTS.FAIL);
|
|
34
|
+
expect(report[0].value).to.equal("none");
|
|
35
|
+
});
|
|
36
|
+
});
|
|
37
|
+
|
|
38
|
+
it('should return failure if passwordPolicy is "low"', function () {
|
|
39
|
+
const options = {
|
|
40
|
+
databases: [
|
|
41
|
+
{
|
|
42
|
+
name: "DB 2",
|
|
43
|
+
options: {
|
|
44
|
+
passwordPolicy: "low", // Password policy is "low"
|
|
45
|
+
},
|
|
46
|
+
},
|
|
47
|
+
],
|
|
48
|
+
};
|
|
49
|
+
|
|
50
|
+
checkPasswordPolicy(options, (report) => {
|
|
51
|
+
expect(report).to.have.lengthOf(1);
|
|
52
|
+
expect(report[0].field).to.equal("password_policy");
|
|
53
|
+
expect(report[0].status).to.equal(CONSTANTS.FAIL);
|
|
54
|
+
expect(report[0].value).to.equal("low");
|
|
55
|
+
});
|
|
56
|
+
});
|
|
57
|
+
|
|
58
|
+
it('should return failure if passwordPolicy is "fair"', function () {
|
|
59
|
+
const options = {
|
|
60
|
+
databases: [
|
|
61
|
+
{
|
|
62
|
+
name: "DB 3",
|
|
63
|
+
options: {
|
|
64
|
+
passwordPolicy: "fair", // Password policy is "fair"
|
|
65
|
+
},
|
|
66
|
+
},
|
|
67
|
+
],
|
|
68
|
+
};
|
|
69
|
+
|
|
70
|
+
checkPasswordPolicy(options, (report) => {
|
|
71
|
+
expect(report).to.have.lengthOf(1);
|
|
72
|
+
expect(report[0].field).to.equal("password_policy");
|
|
73
|
+
expect(report[0].status).to.equal(CONSTANTS.FAIL);
|
|
74
|
+
expect(report[0].value).to.equal("fair");
|
|
75
|
+
});
|
|
76
|
+
});
|
|
77
|
+
|
|
78
|
+
it('should return success if passwordPolicy is "good"', function () {
|
|
79
|
+
const options = {
|
|
80
|
+
databases: [
|
|
81
|
+
{
|
|
82
|
+
name: "DB 4",
|
|
83
|
+
options: {
|
|
84
|
+
passwordPolicy: "good", // Password policy is "good"
|
|
85
|
+
},
|
|
86
|
+
},
|
|
87
|
+
],
|
|
88
|
+
};
|
|
89
|
+
|
|
90
|
+
checkPasswordPolicy(options, (report) => {
|
|
91
|
+
expect(report).to.have.lengthOf(1);
|
|
92
|
+
expect(report[0].field).to.equal("password_policy");
|
|
93
|
+
expect(report[0].status).to.equal(CONSTANTS.SUCCESS);
|
|
94
|
+
expect(report[0].value).to.equal("good");
|
|
95
|
+
});
|
|
96
|
+
});
|
|
97
|
+
|
|
98
|
+
it('should return success if passwordPolicy is "excellent"', function () {
|
|
99
|
+
const options = {
|
|
100
|
+
databases: [
|
|
101
|
+
{
|
|
102
|
+
name: "DB 5",
|
|
103
|
+
options: {
|
|
104
|
+
passwordPolicy: "excellent", // Password policy is "excellent"
|
|
105
|
+
},
|
|
106
|
+
},
|
|
107
|
+
],
|
|
108
|
+
};
|
|
109
|
+
|
|
110
|
+
checkPasswordPolicy(options, (report) => {
|
|
111
|
+
expect(report).to.have.lengthOf(1);
|
|
112
|
+
expect(report[0].field).to.equal("password_policy");
|
|
113
|
+
expect(report[0].status).to.equal(CONSTANTS.SUCCESS);
|
|
114
|
+
expect(report[0].value).to.equal("excellent");
|
|
115
|
+
});
|
|
116
|
+
});
|
|
117
|
+
|
|
118
|
+
it("should handle multiple databases with different password policies", function () {
|
|
119
|
+
const options = {
|
|
120
|
+
databases: [
|
|
121
|
+
{
|
|
122
|
+
name: "DB 1",
|
|
123
|
+
options: {
|
|
124
|
+
passwordPolicy: "none", // Password policy is "none"
|
|
125
|
+
},
|
|
126
|
+
},
|
|
127
|
+
{
|
|
128
|
+
name: "DB 2",
|
|
129
|
+
options: {
|
|
130
|
+
passwordPolicy: "low", // Password policy is "low"
|
|
131
|
+
},
|
|
132
|
+
},
|
|
133
|
+
{
|
|
134
|
+
name: "DB 3",
|
|
135
|
+
options: {
|
|
136
|
+
passwordPolicy: "good", // Password policy is "good"
|
|
137
|
+
},
|
|
138
|
+
},
|
|
139
|
+
],
|
|
140
|
+
};
|
|
141
|
+
|
|
142
|
+
checkPasswordPolicy(options, (report) => {
|
|
143
|
+
expect(report).to.have.lengthOf(3);
|
|
144
|
+
|
|
145
|
+
// DB 1: Password policy "none", should fail
|
|
146
|
+
expect(report[0].field).to.equal("password_policy");
|
|
147
|
+
expect(report[0].status).to.equal(CONSTANTS.FAIL);
|
|
148
|
+
expect(report[0].value).to.equal("none");
|
|
149
|
+
|
|
150
|
+
// DB 2: Password policy "low", should fail
|
|
151
|
+
expect(report[1].field).to.equal("password_policy");
|
|
152
|
+
expect(report[1].status).to.equal(CONSTANTS.FAIL);
|
|
153
|
+
expect(report[1].value).to.equal("low");
|
|
154
|
+
|
|
155
|
+
// DB 3: Password policy "good", should succeed
|
|
156
|
+
expect(report[2].field).to.equal("password_policy");
|
|
157
|
+
expect(report[2].status).to.equal(CONSTANTS.SUCCESS);
|
|
158
|
+
expect(report[2].value).to.equal("good");
|
|
159
|
+
});
|
|
160
|
+
});
|
|
161
|
+
});
|
|
@@ -0,0 +1,62 @@
|
|
|
1
|
+
const { expect } = require("chai");
|
|
2
|
+
const checkPromotedDBConnection = require("../../analyzer/lib/databases/checkPromotedDBConnection");
|
|
3
|
+
const CONSTANTS = require("../../analyzer/lib/constants");
|
|
4
|
+
|
|
5
|
+
describe("checkPromotedDBConnection", function () {
|
|
6
|
+
it("should return failure if no databases are provided", function () {
|
|
7
|
+
const options = {
|
|
8
|
+
databases: [], // Empty databases array
|
|
9
|
+
};
|
|
10
|
+
|
|
11
|
+
checkPromotedDBConnection(options, (report) => {
|
|
12
|
+
expect(report).to.have.lengthOf(1);
|
|
13
|
+
expect(report[0].field).to.equal("no_database_connections_found");
|
|
14
|
+
expect(report[0].status).to.equal(CONSTANTS.FAIL);
|
|
15
|
+
});
|
|
16
|
+
});
|
|
17
|
+
|
|
18
|
+
it('should return no_connection if no any prmoted domain connection', function () {
|
|
19
|
+
const options = {
|
|
20
|
+
databases: [
|
|
21
|
+
{
|
|
22
|
+
name: "DB 1",
|
|
23
|
+
is_domain_connection: false,
|
|
24
|
+
},
|
|
25
|
+
{
|
|
26
|
+
name: "DB 2",
|
|
27
|
+
is_domain_connection: false,
|
|
28
|
+
}
|
|
29
|
+
],
|
|
30
|
+
};
|
|
31
|
+
|
|
32
|
+
checkPromotedDBConnection(options, (report) => {
|
|
33
|
+
expect(report).to.have.lengthOf(1);
|
|
34
|
+
expect(report[0].field).to.equal("NO_PRMOTED_DOMAIN_CONNECTION");
|
|
35
|
+
expect(report[0].status).to.equal(CONSTANTS.FAIL);
|
|
36
|
+
expect(report[0].value).to.equal("no_database_connections_found");
|
|
37
|
+
});
|
|
38
|
+
});
|
|
39
|
+
|
|
40
|
+
it('should return promoted_domain_connection name if is_domain_connection is true', function () {
|
|
41
|
+
const options = {
|
|
42
|
+
databases: [
|
|
43
|
+
{
|
|
44
|
+
name: "DB 1",
|
|
45
|
+
is_domain_connection: false,
|
|
46
|
+
},
|
|
47
|
+
{
|
|
48
|
+
name: "DB 2",
|
|
49
|
+
is_domain_connection: true,
|
|
50
|
+
}
|
|
51
|
+
],
|
|
52
|
+
};
|
|
53
|
+
|
|
54
|
+
checkPromotedDBConnection(options, (report) => {
|
|
55
|
+
expect(report).to.have.lengthOf(1);
|
|
56
|
+
expect(report[0].field).to.equal("DB 2");
|
|
57
|
+
expect(report[0].status).to.equal(CONSTANTS.FAIL);
|
|
58
|
+
expect(report[0].value).to.equal("with_promoted_database_connections");
|
|
59
|
+
});
|
|
60
|
+
});
|
|
61
|
+
|
|
62
|
+
});
|
|
@@ -0,0 +1,58 @@
|
|
|
1
|
+
const chai = require("chai");
|
|
2
|
+
const expect = chai.expect;
|
|
3
|
+
|
|
4
|
+
const checkEmailProvider = require("../../analyzer/lib/email_provider/checkEmailProvider");
|
|
5
|
+
const CONSTANTS = require("../../analyzer/lib/constants");
|
|
6
|
+
|
|
7
|
+
describe("checkEmailProvider", function () {
|
|
8
|
+
it("should return fail when no email provider is provided", function () {
|
|
9
|
+
const options = {};
|
|
10
|
+
|
|
11
|
+
checkEmailProvider(options, (report) => {
|
|
12
|
+
expect(report).to.deep.equal([
|
|
13
|
+
{
|
|
14
|
+
field: "email_provider_not_configured",
|
|
15
|
+
status: CONSTANTS.FAIL,
|
|
16
|
+
},
|
|
17
|
+
]);
|
|
18
|
+
});
|
|
19
|
+
});
|
|
20
|
+
|
|
21
|
+
it("should return success for an enabled email provider", function () {
|
|
22
|
+
const options = {
|
|
23
|
+
emailProvider: {
|
|
24
|
+
name: "sendgrid",
|
|
25
|
+
enabled: true,
|
|
26
|
+
},
|
|
27
|
+
};
|
|
28
|
+
|
|
29
|
+
checkEmailProvider(options, (report) => {
|
|
30
|
+
expect(report).to.deep.equal([
|
|
31
|
+
{
|
|
32
|
+
field: "email_provider_enabled",
|
|
33
|
+
status: CONSTANTS.SUCCESS,
|
|
34
|
+
value: "sendgrid",
|
|
35
|
+
},
|
|
36
|
+
]);
|
|
37
|
+
});
|
|
38
|
+
});
|
|
39
|
+
|
|
40
|
+
it("should return fail for a disabled email provider", function () {
|
|
41
|
+
const options = {
|
|
42
|
+
emailProvider: {
|
|
43
|
+
name: "sendgrid",
|
|
44
|
+
enabled: false,
|
|
45
|
+
},
|
|
46
|
+
};
|
|
47
|
+
|
|
48
|
+
checkEmailProvider(options, (report) => {
|
|
49
|
+
expect(report).to.deep.equal([
|
|
50
|
+
{
|
|
51
|
+
field: "email_provider_disabled",
|
|
52
|
+
status: CONSTANTS.FAIL,
|
|
53
|
+
value: "sendgrid",
|
|
54
|
+
},
|
|
55
|
+
]);
|
|
56
|
+
});
|
|
57
|
+
});
|
|
58
|
+
});
|