def test_rules_from_current_dir(self):
# This is a work around to test running tool against current directory
return_code = -1
invalid_specs = None
valid_rule_path = os.path.join(FIXTURES_PATH,
'valid_analysis/policies')
# test default path, '.'
with Pause(self.fs):
original_path = os.getcwd()
try:
os.chdir(valid_rule_path)
args = pat.setup_parser().parse_args('test'.split())
return_code, invalid_specs = pat.test_analysis(args)
finally:
os.chdir(original_path)
# asserts are outside of the pause to ensure the fakefs gets resumed
assert_equal(return_code, 0)
assert_equal(len(invalid_specs), 0)
return_code = -1
invalid_specs = None
# test explicitly setting current dir
with Pause(self.fs):
original_path = os.getcwd()
os.chdir(valid_rule_path)
args = pat.setup_parser().parse_args('test --path ./'.split())
return_code, invalid_specs = pat.test_analysis(args)
os.chdir(original_path)
# asserts are outside of the pause to ensure the fakefs gets resumed
assert_equal(return_code, 0)
assert_equal(len(invalid_specs), 0)
def test_with_tag_filters(self):
args = pat.setup_parser().parse_args(
f'test --path {DETECTIONS_FIXTURES_PATH}/valid_analysis --filter Tags=AWS,CIS'.split())
args.filter, args.filter_inverted = pat.parse_filter(args.filter)
return_code, invalid_specs = pat.test_analysis(args)
assert_equal(return_code, 0)
assert_equal(len(invalid_specs), 0)
def test_scheduled_rules_from_folder(self):
args = pat.setup_parser().parse_args(
f'test --path {FIXTURES_PATH}/valid_analysis/scheduled_rules'.
split())
return_code, invalid_specs = pat.test_analysis(args)
assert_equal(return_code, 0)
assert_equal(len(invalid_specs), 0)
def test_load_policy_specs_from_folder(self):
args = pat.setup_parser().parse_args(
'test --path tests/fixtures'.split())
return_code, invalid_specs = pat.test_analysis(args)
assert_equal(return_code, 1)
assert_equal(invalid_specs[0][0],
'tests/fixtures/example_malformed_policy.yml')
def test_with_invalid_mocks(self):
args = pat.setup_parser().parse_args(
f'test --path {DETECTIONS_FIXTURES_PATH} --filter Severity=Critical RuleID=Example.Rule.Invalid.Mock'.split())
args.filter, args.filter_inverted = pat.parse_filter(args.filter)
return_code, invalid_specs = pat.test_analysis(args)
assert_equal(return_code, 1)
assert_equal(len(invalid_specs), 7)
def test_invalid_characters(self):
args = pat.setup_parser().parse_args(
f'test --path {DETECTIONS_FIXTURES_PATH} --filter Severity=High ResourceTypes=AWS.IAM.User'.split())
args.filter, args.filter_inverted = pat.parse_filter(args.filter)
return_code, invalid_specs = pat.test_analysis(args)
assert_equal(return_code, 1)
assert_equal(len(invalid_specs), 8)
def test_unknown_exception(self):
args = pat.setup_parser().parse_args(
f'test --path {DETECTIONS_FIXTURES_PATH} --filter RuleID=Example.Rule.Unknown.Exception'.split())
args.filter, args.filter_inverted = pat.parse_filter(args.filter)
return_code, invalid_specs = pat.test_analysis(args)
assert_equal(return_code, 1)
assert_equal(len(invalid_specs), 7)
def test_invalid_rule_definition(self):
args = pat.setup_parser().parse_args(
f'test --path {DETECTIONS_FIXTURES_PATH} --filter RuleID=AWS.CloudTrail.MFAEnabled'.split())
args.filter, args.filter_inverted = pat.parse_filter(args.filter)
return_code, invalid_specs = pat.test_analysis(args)
assert_equal(return_code, 1)
assert_equal(len(invalid_specs), 7)
def test_with_minimum_tests(self):
args = pat.setup_parser().parse_args(
f'test --path {FIXTURES_PATH}/valid_analysis --minimum-tests 1'.
split())
return_code, invalid_specs = pat.test_analysis(args)
assert_equal(return_code, 0)
assert_equal(len(invalid_specs), 0)
def test_invalid_log_type(self):
args = pat.setup_parser().parse_args(
f'test --path {DETECTIONS_FIXTURES_PATH} --filter RuleID=Example.Bad.Log.Type'.split())
args.filter, args.filter_inverted = pat.parse_filter(args.filter)
return_code, invalid_specs = pat.test_analysis(args)
assert_equal(return_code, 1)
self.equal = assert_equal(len(invalid_specs), 7)
def test_invalid_characters(self):
args = pat.setup_parser().parse_args(
'test --path tests/fixtures --filter Severity=High ResourceTypes=AWS.IAM.User'
.split())
args.filter = pat.parse_filter(args.filter)
return_code, invalid_specs = pat.test_analysis(args)
assert_equal(return_code, 1)
assert_equal(len(invalid_specs), 4)
def test_with_tag_filters(self):
args = pat.setup_parser().parse_args(
'test --path tests/fixtures/valid_analysis --filter Tags=AWS,CIS'.
split())
args.filter = pat.parse_filter(args.filter)
return_code, invalid_specs = pat.test_analysis(args)
assert_equal(return_code, 0)
assert_equal(len(invalid_specs), 0)
def test_with_minimum_tests_no_passing(self):
args = pat.setup_parser().parse_args(
f'test --path {DETECTIONS_FIXTURES_PATH} --filter PolicyID=IAM.MFAEnabled.Required.Tests --minimum-tests 2'.split())
args.filter, args.filter_inverted = pat.parse_filter(args.filter)
return_code, invalid_specs = pat.test_analysis(args)
# Failing, because while there are two unit tests they both have expected result False
assert_equal(return_code, 1)
assert_equal(len(invalid_specs), 7)
def test_invalid_rule_definition(self):
args = pat.setup_parser().parse_args(
'test --path tests/fixtures --filter RuleID=AWS.CloudTrail.MFAEnabled'
.split())
args.filter = pat.parse_filter(args.filter)
return_code, invalid_specs = pat.test_analysis(args)
assert_equal(return_code, 1)
assert_equal(len(invalid_specs), 4)
def test_load_policy_specs_from_folder(self):
args = pat.setup_parser().parse_args(
f'test --path {FIXTURES_PATH}'.split())
return_code, invalid_specs = pat.test_analysis(args)
assert_equal(return_code, 1)
assert_equal(invalid_specs[0][0],
f'{FIXTURES_PATH}/example_malformed_policy.yml')
assert_equal(len(invalid_specs), 7)
def test_with_invalid_mocks(self):
args = pat.setup_parser().parse_args(
'test --path tests/fixtures --filter Severity=Critical RuleID=Example.Rule.Invalid.Mock'
.split())
args.filter = pat.parse_filter(args.filter)
return_code, invalid_specs = pat.test_analysis(args)
assert_equal(return_code, 1)
assert_equal(len(invalid_specs), 4)
def test_invalid_rule_test(self):
args = pat.setup_parser().parse_args(
f'test --path {FIXTURES_PATH} --filter RuleID=Example.Rule.Invalid.Test'
.split())
args.filter = pat.parse_filter(args.filter)
return_code, invalid_specs = pat.test_analysis(args)
assert_equal(return_code, 1)
assert_equal(len(invalid_specs), 4)
def test_with_minimum_tests_failing(self):
args = pat.setup_parser().parse_args(
f'test --path {FIXTURES_PATH}/valid_analysis --minimum-tests 2'.
split())
return_code, invalid_specs = pat.test_analysis(args)
# Failing, because some of the fixtures only have one test case
assert_equal(return_code, 1)
assert_equal(len(invalid_specs), 0)
def test_with_filters(self):
args = pat.setup_parser().parse_args(
f'test --path {FIXTURES_PATH}/valid_analysis --filter AnalysisType=policy,global'
.split())
args.filter = pat.parse_filter(args.filter)
return_code, invalid_specs = pat.test_analysis(args)
assert_equal(return_code, 0)
assert_equal(len(invalid_specs), 0)
def test_unknown_exception(self):
args = pat.setup_parser().parse_args(
'test --path tests/fixtures --filter RuleID=Example.Rule.Unknown.Exception'
.split())
args.filter = pat.parse_filter(args.filter)
return_code, invalid_specs = pat.test_analysis(args)
assert_equal(return_code, 1)
assert_equal(len(invalid_specs), 4)
def test_with_tag_filters_inverted(self):
# Note: a comparison of the tests passed is required to make this test robust
# (8 passing vs 1 passing)
args = pat.setup_parser().parse_args(
f'test --path {DETECTIONS_FIXTURES_PATH}/valid_analysis --filter Tags=AWS,CIS Tags!=SOC2'.split())
args.filter, args.filter_inverted = pat.parse_filter(args.filter)
return_code, invalid_specs = pat.test_analysis(args)
assert_equal(return_code, 0)
assert_equal(len(invalid_specs), 0)
def test_queries_from_folder(self):
args = pat.setup_parser().parse_args(f'test --path {DETECTIONS_FIXTURES_PATH}/valid_analysis/queries'.split())
args.filter_inverted = {}
return_code, invalid_specs = pat.test_analysis(args)
assert_equal(return_code, 0)
assert_equal(len(invalid_specs), 0)
def test_rules_from_folder(self):
args = pat.setup_parser().parse_args(
'test --path tests/fixtures/valid_analysis/rules'.split())
return_code, invalid_specs = pat.test_analysis(args)
assert_equal(return_code, 0)
assert_equal(len(invalid_specs), 0)
