From 5325861d3568c3513406aa0fa79862fbafc6b091 Mon Sep 17 00:00:00 2001
From: Max Maass <max.maass@iteratec.com>
Date: Tue, 1 Oct 2024 12:22:57 +0200
Subject: [PATCH] Add regression tests

---
 ...er_with_mappers_without_force_sync_mode.py | 19 ++++++++++++++++++
 ...st_identity_provider_with_one_time_sync.py | 19 ++++++++++++++++++
 ...est_oidc_identity_provider_without_pkce.py | 20 +++++++++++++++++++
 3 files changed, 58 insertions(+)

diff --git a/tests/auditors/idp/test_identity_provider_with_mappers_without_force_sync_mode.py b/tests/auditors/idp/test_identity_provider_with_mappers_without_force_sync_mode.py
index fb663f1..ce17c40 100644
--- a/tests/auditors/idp/test_identity_provider_with_mappers_without_force_sync_mode.py
+++ b/tests/auditors/idp/test_identity_provider_with_mappers_without_force_sync_mode.py
@@ -4,6 +4,7 @@
 from kcwarden.auditors.idp.identity_provider_with_mappers_without_force_sync_mode import (
     IdentityProviderWithMappersWithoutForceSyncMode,
 )
+from kcwarden.custom_types import config_keys
 
 
 class TestIdentityProviderWithMappersWithoutForceSyncMode:
@@ -76,3 +77,21 @@ def test_audit_function_multiple_idps(self, auditor):
         auditor._DB.get_all_identity_providers.return_value = [idp1, idp2, idp3]
         results = list(auditor.audit())
         assert len(results) == 1  # Expect findings from idp1 only
+
+    def test_ignore_list_functionality(self, auditor, mock_idp):
+        # Setup IDP without force sync mode and with mappers
+        mock_idp.get_sync_mode.return_value = "INHERIT"
+        mock_idp.get_identity_provider_mappers.return_value = [{"name": "mapper1"}]
+        mock_idp.get_alias.return_value = "ignored_idp"
+        mock_idp.get_name.return_value = mock_idp.get_alias.return_value
+        auditor._DB.get_all_identity_providers.return_value = [mock_idp]
+
+        # Add the IDP to the ignore list
+        auditor._CONFIG = {
+            config_keys.AUDITOR_CONFIG: {
+                auditor.get_classname(): ["ignored_idp"]
+            }
+        }
+
+        results = list(auditor.audit())
+        assert len(results) == 0  # No findings due to ignore list
diff --git a/tests/auditors/idp/test_identity_provider_with_one_time_sync.py b/tests/auditors/idp/test_identity_provider_with_one_time_sync.py
index d6f6a0a..3bba150 100644
--- a/tests/auditors/idp/test_identity_provider_with_one_time_sync.py
+++ b/tests/auditors/idp/test_identity_provider_with_one_time_sync.py
@@ -2,6 +2,7 @@
 from unittest.mock import Mock
 
 from kcwarden.auditors.idp.identity_provider_with_one_time_sync import IdentityProviderWithOneTimeSync
+from kcwarden.custom_types import config_keys
 
 
 class TestIdentityProviderWithOneTimeSync:
@@ -59,3 +60,21 @@ def test_audit_function_multiple_idps(self, auditor):
         auditor._DB.get_all_identity_providers.return_value = [idp1, idp2, idp3]
         results = list(auditor.audit())
         assert len(results) == 2  # Expect findings from idp1 and idp3, but not from idp2
+
+    def test_ignore_list_functionality(self, auditor, mock_idp):
+        # Setup IDP without force sync mode and with mappers
+        # Setup IDP without correct PKCE configuration
+        mock_idp.get_sync_mode.return_value = "INHERIT"
+        mock_idp.get_alias.return_value = "ignored_idp"
+        mock_idp.get_name.return_value = mock_idp.get_alias.return_value
+        auditor._DB.get_all_identity_providers.return_value = [mock_idp]
+
+        # Add the IDP to the ignore list
+        auditor._CONFIG = {
+            config_keys.AUDITOR_CONFIG: {
+                auditor.get_classname(): ["ignored_idp"]
+            }
+        }
+
+        results = list(auditor.audit())
+        assert len(results) == 0  # No findings due to ignore list
diff --git a/tests/auditors/idp/test_oidc_identity_provider_without_pkce.py b/tests/auditors/idp/test_oidc_identity_provider_without_pkce.py
index f6d0bbb..288734c 100644
--- a/tests/auditors/idp/test_oidc_identity_provider_without_pkce.py
+++ b/tests/auditors/idp/test_oidc_identity_provider_without_pkce.py
@@ -2,6 +2,7 @@
 from unittest.mock import Mock
 
 from kcwarden.auditors.idp.oidc_identity_provider_without_pkce import OIDCIdentityProviderWithoutPKCE
+from kcwarden.custom_types import config_keys
 
 
 class TestOIDCIdentityProviderWithoutPKCE:
@@ -75,3 +76,22 @@ def test_audit_function_multiple_idps(self, auditor):
         auditor._DB.get_all_identity_providers.return_value = [idp1, idp2, idp3]
         results = list(auditor.audit())
         assert len(results) == 2  # Expect findings from idp2 and idp3
+
+    def test_ignore_list_functionality(self, auditor, mock_idp):
+        # Setup IDP without force sync mode and with mappers
+        # Setup IDP without correct PKCE configuration
+        mock_idp.get_provider_id.return_value = "oidc"
+        mock_idp.get_config.return_value = {"pkceEnabled": "false"}
+        mock_idp.get_alias.return_value = "ignored_idp"
+        mock_idp.get_name.return_value = mock_idp.get_alias.return_value
+        auditor._DB.get_all_identity_providers.return_value = [mock_idp]
+
+        # Add the IDP to the ignore list
+        auditor._CONFIG = {
+            config_keys.AUDITOR_CONFIG: {
+                auditor.get_classname(): ["ignored_idp"]
+            }
+        }
+
+        results = list(auditor.audit())
+        assert len(results) == 0  # No findings due to ignore list