diff --git a/README.md b/README.md index 2f34800..2a03c4b 100644 --- a/README.md +++ b/README.md @@ -26,9 +26,9 @@ Since corporations often use [split-view DNS](https://en.wikipedia.org/wiki/Spli ## A Note on Authentication -Microsoft has extensive documentation on how to secure an HTTP endpoint in Azure Functions [here](https://docs.microsoft.com/en-us/azure/azure-functions/functions-bindings-http-webhook-trigger?tabs=csharp#secure-an-http-endpoint-in-production). There are two main ways to secure a function: Turn on App Service Authentication/Authorization for the function app, or use Azure API Management (APIM) to authentication requests. Additionally, Azure functions support API key authorization that you can supply either as a query string variable or in a HTTP header. Microsoft states that API key authorization is not intended as a way to secure an HTTP trigger in production +Microsoft has extensive documentation on how to secure an HTTP endpoint in Azure Functions [here](https://docs.microsoft.com/en-us/azure/azure-functions/functions-bindings-http-webhook-trigger?tabs=csharp#secure-an-http-endpoint-in-production). There are two main ways to secure a function: Turn on App Service Authentication/Authorization for the function app, or use Azure API Management (APIM) to authenticate requests. Additionally, Azure functions support API key authorization that you can supply either as a query string variable or in a HTTP header. Microsoft states that API key authorization is not intended as a way to secure an HTTP trigger in production -By default, I have set the authLevel in the function.json file to *anonymous. Please note, when running functions locally, authorization is disabled regardless of the specified authorization level. +By default, I have set the authLevel in the function.json file to *anonymous*. Please note, when running functions locally, authorization is disabled regardless of the specified authorization level. If you plan on running SSLChecker on the internet, please consider one of the above options for authentication. diff --git a/tests/test_SSLChecker.py b/tests/test_SSLChecker.py index d259668..1d05ea2 100644 --- a/tests/test_SSLChecker.py +++ b/tests/test_SSLChecker.py @@ -87,27 +87,6 @@ def test_external_dns_name_not_resolved(): assert results["Message"] == 'Domain exits but no A record' -def test_internal_dns_name_not_resolved(): - # Construct a mock HTTP request - req = func.HttpRequest( - method='GET', - body=None, - url='/api/', - route_params={'scan': 'policy', - 'view': 'internal', - 'name': 'joegatt.com'} - ) - - # Call the function - resp = main(req) - - # Convert resp string to dict - results = json.loads(resp) - - # Check the output to ensure the DNS name could not resolve - assert results["Message"] == 'Domain exits but no A record' - - def test_external_dns_name_not_exist(): # Construct a mock HTTP request req = func.HttpRequest( @@ -129,27 +108,6 @@ def test_external_dns_name_not_exist(): assert results["Message"] == 'The DNS name does not exist' -def test_internal_dns_name_not_exist(): - # Construct a mock HTTP request - req = func.HttpRequest( - method='GET', - body=None, - url='/api/', - route_params={'scan': 'policy', - 'view': 'internal', - 'name': 'jeogatt.com'} - ) - - # Call the function - resp = main(req) - - # Convert resp string to dict - results = json.loads(resp) - - # Check the output to ensure the DNS name could not resolve - assert results["Message"] == 'The DNS name does not exist' - - def test_external_sslyze_timeout(): # Construct a mock HTTP request req = func.HttpRequest( @@ -171,27 +129,6 @@ def test_external_sslyze_timeout(): assert results["Message"] == 'Connection to TCP 443 timed-out' -def test_internal_sslyze_timeout(): - # Construct a mock HTTP request - req = func.HttpRequest( - method='GET', - body=None, - url='/api/', - route_params={'scan': 'policy', - 'view': 'internal', - 'name': 'bbbbbbbbbbbbbbb.com'} - ) - - # Call the function - resp = main(req) - - # Convert resp string to dict - results = json.loads(resp) - - # Check the output to ensure the DNS name could not resolve - assert results["Message"] == 'Connection to TCP 443 timed-out' - - def test_external_missing_dns_name(): # Construct a mock HTTP request req = func.HttpRequest(