def test_load_test_file_bad_value(): """CLI - Helpers - Load Rule Test File - Bad Value""" mock = mock_open(read_data='bad json string') with patch('__builtin__.open', mock): event, error = helpers.load_test_file('no/path') assert_equal(event, []) assert_equal(error, 'Improperly formatted file (no/path): No JSON object could be decoded')
def test_load_test_file_map(): """CLI - Helpers - Load Rule Test File - Good File (map)""" test_data = {'records': [{'field': 'value'}]} mock = mock_open(read_data=json.dumps(test_data)) with patch('__builtin__.open', mock): event, error = helpers.load_test_file('no/path') assert_equal(event, test_data['records']) assert_is_none(error)
def test_load_test_file_list(): """CLI - Helpers - Load Rule Test File - Good File (list)""" test_data = [{'data': {'field': 'value'}}] mock = mock_open(read_data=json.dumps(test_data)) with patch('__builtin__.open', mock): event, error = helpers.load_test_file('no/path') assert_equal(event, test_data) assert_is_none(error)
def test_load_test_file(): """Load Rule Test File - Good File""" test_data = {'records': []} mock = mock_open(read_data=json.dumps(test_data)) with patch('__builtin__.open', mock): event, error = helpers.load_test_file('no/path') assert_equal(event, test_data) assert_is_none(error)
def test_load_test_file_bad_format(): """Load Rule Test File - Bad Format""" mock = mock_open(read_data=json.dumps({'record': []})) with patch('__builtin__.open', mock): event, error = helpers.load_test_file('no/path') assert_false(event) assert_equal( error, 'Improperly formatted file (no/path): File must be a dict (JSON ' 'object) with top level key \'records\'')
def test_load_test_file_bad_format(): """CLI - Helpers - Load Rule Test File - Bad Format""" test_data = {'records': {'field': 'value'}} mock = mock_open(read_data=json.dumps(test_data)) with patch('__builtin__.open', mock): event, error = helpers.load_test_file('no/path') assert_false(event) assert_equal( error, 'Improperly formatted file (no/path): Test file must contain either ' 'a list of maps, or a list of ' 'maps preceeded with a `records` key')
def test_processor(self, rules_filter, files_filter, validate_only): """Perform integration tests for the 'rule' Lambda function Args: rules_filter (set): A collection of rules to filter on, passed in by the user via the CLI using the --test-rules option. files_filter (set): A collection of files to filter on, passed in by the user via the CLI using the --test-files option. validate_only (bool): If true, validation of test records will occur without the rules engine being applied to events. Yields: tuple (bool, list) or None: If testing rules, this yields a tuple containig a boolean of test status and a list of alerts to run through the alert processor. If validating test records only, this does not yield. """ test_file_info = self._filter_files( helpers.get_rule_test_files(TEST_EVENTS_DIR), files_filter) for name in sorted(test_file_info): path = test_file_info[name] events, error = helpers.load_test_file(path) if error is not None: self.all_tests_passed = False self.status_messages.append( StatusMessage(StatusMessage.WARNING, error)) continue print_header = True for test_event in events: self.total_tests += 1 if self._detect_old_test_event(test_event): self.all_tests_passed = False message = ( 'Detected old format for test event in file \'{}.json\'. ' 'Please visit https://streamalert.io/rule-testing.html ' 'for information on the new format and update your ' 'test events accordingly.'.format(name)) self.status_messages.append( StatusMessage(StatusMessage.FAILURE, message)) continue if not self.check_keys(test_event): self.all_tests_passed = False continue # Check if there are any rule filters in place, and if the current test event # should be exeecuted per the filter if rules_filter and set( test_event['trigger_rules']).isdisjoint(rules_filter): self.total_tests -= 1 continue self.apply_helpers(test_event) if 'override_record' in test_event: self.apply_template(test_event) formatted_record = helpers.format_lambda_test_record( test_event) # If this test is to validate the schema only, continue the loop and # do not yield results on the rule tests below if validate_only or (not validate_only and test_event.get('validate_schema_only')): if self._validate_test_record(name, test_event, formatted_record, print_header) is False: self.all_tests_passed = False else: yield self._run_rule_tests(name, test_event, formatted_record, print_header) print_header = False # Report on the final test results self.report_output_summary()