def test_package_summary(self):
"""Test the generation of the package summary."""
rules = self.production_rules
package = Package(rules, 'test-package')
package.generate_summary_and_changelog(package.changed_ids,
package.new_ids,
package.removed_ids)
def test_package_summary(self):
"""Test the generation of the package summary."""
rules = rule_loader.get_production_rules()
package = Package(rules, 'test-package')
changed_rule_ids, new_rule_ids, deprecated_rule_ids = package.bump_versions(
save_changes=False)
package.generate_summary_and_changelog(changed_rule_ids, new_rule_ids,
deprecated_rule_ids)
def test_rule_versioning(self):
"""Test that all rules are properly versioned and tracked"""
self.maxDiff = None
rules = rule_loader.load_rules().values()
original_hashes = []
post_bump_hashes = []
# test that no rules have versions defined
for rule in rules:
self.assertGreaterEqual(
rule.contents.autobumped_version, 1,
'{} - {}: version is not being set in package')
original_hashes.append(rule.contents.sha256())
package = Package(rules, 'test-package')
# test that all rules have versions defined
# package.bump_versions(save_changes=False)
for rule in package.rules:
self.assertGreaterEqual(
rule.contents.autobumped_version, 1,
'{} - {}: version is not being set in package')
# test that rules validate with version
for rule in package.rules:
post_bump_hashes.append(rule.contents.sha256())
# test that no hashes changed as a result of the version bumps
self.assertListEqual(original_hashes, post_bump_hashes,
'Version bumping modified the hash of a rule')
def test_versioning_diffs(self):
"""Test that versioning is detecting diffs as expected."""
rules, version_info = self.get_test_rule()
package = Package(rules, 'test', current_versions=version_info)
# test versioning doesn't falsely detect changes
changed_rules, new_rules = package.changed_rule_ids, package.new_rules_ids
self.assertEqual(
0, len(changed_rules),
'Package version bumping is improperly detecting changed rules')
self.assertEqual(
0, len(new_rules),
'Package version bumping is improperly detecting new rules')
self.assertEqual(1, package.rules[0].contents['version'],
'Package version bumping unexpectedly')
# test versioning detects a new rule
package.rules[0].contents.pop('version')
changed_rules, new_rules, _ = package.bump_versions(
current_versions={})
self.assertEqual(
0, len(changed_rules),
'Package version bumping is improperly detecting changed rules')
self.assertEqual(1, len(new_rules),
'Package version bumping is not detecting new rules')
self.assertEqual(
1, package.rules[0].contents['version'],
'Package version bumping not setting version to 1 for new rules')
# test versioning detects a hash changes
package.rules[0].contents.pop('version')
package.rules[0].contents['query'] = 'process.name:changed.test.query'
changed_rules, new_rules, _ = package.bump_versions(
current_versions=version_info)
self.assertEqual(
1, len(changed_rules),
'Package version bumping is not detecting changed rules')
self.assertEqual(
0, len(new_rules),
'Package version bumping is improperly detecting new rules')
self.assertEqual(2, package.rules[0].contents['version'],
'Package version not bumping on changes')
def test_package_loader_default_configs(self):
"""Test configs in etc/packages.yml."""
with open(PACKAGE_FILE) as f:
configs = yaml.safe_load(f)['package']
package = Package.from_config(configs)
for rule in package.rules:
rule.contents.pop('version')
rule.validate(as_rule=True)
def test_version_filter(self):
"""Test that version filtering is working as expected."""
msg = 'Package version filter failing'
rules, version_info = self.get_test_rule(version=1, count=3)
package = Package(rules,
'test',
current_versions=version_info,
min_version=2)
self.assertEqual(0, len(package.rules), msg)
rules, version_info = self.get_test_rule(version=5, count=3)
package = Package(rules,
'test',
current_versions=version_info,
max_version=2)
self.assertEqual(0, len(package.rules), msg)
rules, version_info = self.get_test_rule(version=2, count=3)
package = Package(rules,
'test',
current_versions=version_info,
min_version=1,
max_version=3)
self.assertEqual(3, len(package.rules), msg)
rules, version_info = self.get_test_rule(version=1, count=3)
version = 1
for rule_id, vinfo in version_info.items():
vinfo['version'] = version
version += 1
package = Package(rules,
'test',
current_versions=version_info,
min_version=2,
max_version=2)
self.assertEqual(1, len(package.rules), msg)
def test_package_loader_default_configs(self):
"""Test configs in etc/packages.yml."""
Package.from_config(package_configs)
# Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
# or more contributor license agreements. Licensed under the Elastic License
# 2.0; you may not use this file except in compliance with the Elastic License
# 2.0.
"""Test that the packages are built correctly."""
import unittest
import uuid
from detection_rules import rule_loader
from detection_rules.packaging import PACKAGE_FILE, Package
package_configs = Package.load_configs()
class TestPackages(unittest.TestCase):
"""Test package building and saving."""
@staticmethod
def get_test_rule(version=1, count=1):
def get_rule_contents():
contents = {
"author": ["Elastic"],
"description": "test description",
"language": "kuery",
"license": "Elastic License v2",
"name": "test rule",
"query": "process.name:test.query",
"risk_score": 21,
"rule_id": str(uuid.uuid4()),
"severity": "low",
"type": "query"
}
def test_package_summary(self):
"""Test the generation of the package summary."""
rules = list(rule_loader.load_rules().values())
package = Package(rules, 'test-package')
changed_rules, new_rules = package.bump_versions(save_changes=False)
package.generate_summary(changed_rules, new_rules)
