#884 trustworthy

Author: jpomfret

checks/Databasev5.Tests.ps1

@@ -163,10 +163,20 @@ Describe "Auto Update Statistics" -Tag AutoUpdateStatistics, Low, Database -ForE
 
 Describe "Auto Update Statistics Asynchronously" -Tag AutoUpdateStatisticsAsynchronously, Low, Database -ForEach $InstancesToTest {
     $skip = Get-DbcConfigValue skip.database.autoupdatestatisticsasynchronously
-
+    
     Context "Testing Auto Update Statistics Asynchronously on <_.Name>" {
         It "Database <_.Name> should have Auto Update Statistics Asynchronously set to <_.ConfigValues.autoupdatestatsasync> on <_.SqlInstance>" -Skip:$skip -ForEach $psitem.Databases.Where{ if ($Database) { $_.Name -in $Database } else { $psitem.ConfigValues.autoupdatestatsasyncexclude -notcontains $PsItem.Name } } {
             $psitem.AutoUpdateStatisticsAsync | Should -Be $psitem.ConfigValues.autoupdatestatsasync  -Because "This value is expected for autoupdate statistics asynchronously"
         }
     }
+}
+
+Describe "Trustworthy Option" -Tag Trustworthy, DISA, Varied, CIS, Database -ForEach $InstancesToTest {
+    $skip = Get-DbcConfigValue skip.database.trustworthy
+
+    Context "Testing database trustworthy option on <_.Name>" {
+        It "Database <_.Name> should have Trustworthy set to false on <_.SqlInstance>" -Skip:$skip -ForEach $psitem.Databases.Where{ if ($Database) { $_.Name -in $Database } else { $psitem.ConfigValues.trustworthyexclude -notcontains $PsItem.Name } } {
+            $psitem.Trustworthy | Should -BeFalse -Because "Trustworthy has security implications and may expose your SQL Server to additional risk"
+        }
+    }
 }

internal/functions/Get-AllDatabaseInfo.ps1

@@ -112,6 +112,10 @@ function Get-AllDatabaseInfo {
             $ConfigValues | Add-Member -MemberType NoteProperty -Name 'autoupdatestatsasync' -Value (Get-DbcConfigValue policy.database.autoupdatestatisticsasynchronously)
             $ConfigValues | Add-Member -MemberType NoteProperty -Name 'autoupdatestatsasyncexclude' -Value (Get-DbcConfigValue policy.autoupdatestatisticsasynchronously.excludedb)
         }
+        'Trustworthy' {
+            $trustworthy = $true
+            $ConfigValues | Add-Member -MemberType NoteProperty -Name 'trustworthyexclude' -Value (Get-DbcConfigValue  policy.database.trustworthyexcludedb)
+        }
         Default { }
     }
 
@@ -139,6 +143,7 @@ function Get-AllDatabaseInfo {
                 AutoShrink                  = if ($autoshrink) { $psitem.AutoShrink}
                 VLF                         = if ($vlf) { ($psitem.Query("DBCC LOGINFO") | Measure-Object).Count }
                 LogFileCount                = if ($logfilecount) { ($psitem.LogFiles | Measure-Object).Count }
+                Trustworthy                 = if ($trustworthy) { $psitem.Trustworthy }
             }
         }
     }