def test_invalid_log_type(self):
args = pat.setup_parser().parse_args(
f'test --path {DETECTIONS_FIXTURES_PATH} --filter RuleID=Example.Bad.Log.Type'.split())
args.filter, args.filter_inverted = pat.parse_filter(args.filter)
return_code, invalid_specs = pat.test_analysis(args)
assert_equal(return_code, 1)
self.equal = assert_equal(len(invalid_specs), 7)
def test_with_invalid_mocks(self):
args = pat.setup_parser().parse_args(
f'test --path {DETECTIONS_FIXTURES_PATH} --filter Severity=Critical RuleID=Example.Rule.Invalid.Mock'.split())
args.filter, args.filter_inverted = pat.parse_filter(args.filter)
return_code, invalid_specs = pat.test_analysis(args)
assert_equal(return_code, 1)
assert_equal(len(invalid_specs), 7)
def test_with_tag_filters(self):
args = pat.setup_parser().parse_args(
f'test --path {DETECTIONS_FIXTURES_PATH}/valid_analysis --filter Tags=AWS,CIS'.split())
args.filter, args.filter_inverted = pat.parse_filter(args.filter)
return_code, invalid_specs = pat.test_analysis(args)
assert_equal(return_code, 0)
assert_equal(len(invalid_specs), 0)
def test_invalid_characters(self):
args = pat.setup_parser().parse_args(
f'test --path {DETECTIONS_FIXTURES_PATH} --filter Severity=High ResourceTypes=AWS.IAM.User'.split())
args.filter, args.filter_inverted = pat.parse_filter(args.filter)
return_code, invalid_specs = pat.test_analysis(args)
assert_equal(return_code, 1)
assert_equal(len(invalid_specs), 8)
def test_unknown_exception(self):
args = pat.setup_parser().parse_args(
f'test --path {DETECTIONS_FIXTURES_PATH} --filter RuleID=Example.Rule.Unknown.Exception'.split())
args.filter, args.filter_inverted = pat.parse_filter(args.filter)
return_code, invalid_specs = pat.test_analysis(args)
assert_equal(return_code, 1)
assert_equal(len(invalid_specs), 7)
def test_invalid_rule_definition(self):
args = pat.setup_parser().parse_args(
f'test --path {DETECTIONS_FIXTURES_PATH} --filter RuleID=AWS.CloudTrail.MFAEnabled'.split())
args.filter, args.filter_inverted = pat.parse_filter(args.filter)
return_code, invalid_specs = pat.test_analysis(args)
assert_equal(return_code, 1)
assert_equal(len(invalid_specs), 7)
def test_invalid_characters(self):
args = pat.setup_parser().parse_args(
'test --path tests/fixtures --filter Severity=High ResourceTypes=AWS.IAM.User'
.split())
args.filter = pat.parse_filter(args.filter)
return_code, invalid_specs = pat.test_analysis(args)
assert_equal(return_code, 1)
assert_equal(len(invalid_specs), 4)
def test_parse_filters(self):
args = pat.setup_parser().parse_args(f'test --path {DETECTIONS_FIXTURES_PATH}/valid_analysis --filter AnalysisType=policy,global Severity=Critical'.split())
args.filter, args.filter_inverted = pat.parse_filter(args.filter)
assert_true('AnalysisType' in args.filter.keys())
assert_true('policy' in args.filter['AnalysisType'])
assert_true('global' in args.filter['AnalysisType'])
assert_true('Severity' in args.filter.keys())
assert_true('Critical' in args.filter['Severity'])
def test_with_tag_filters(self):
args = pat.setup_parser().parse_args(
'test --path tests/fixtures/valid_analysis --filter Tags=AWS,CIS'.
split())
args.filter = pat.parse_filter(args.filter)
return_code, invalid_specs = pat.test_analysis(args)
assert_equal(return_code, 0)
assert_equal(len(invalid_specs), 0)
def test_with_invalid_mocks(self):
args = pat.setup_parser().parse_args(
'test --path tests/fixtures --filter Severity=Critical RuleID=Example.Rule.Invalid.Mock'
.split())
args.filter = pat.parse_filter(args.filter)
return_code, invalid_specs = pat.test_analysis(args)
assert_equal(return_code, 1)
assert_equal(len(invalid_specs), 4)
def test_unknown_exception(self):
args = pat.setup_parser().parse_args(
'test --path tests/fixtures --filter RuleID=Example.Rule.Unknown.Exception'
.split())
args.filter = pat.parse_filter(args.filter)
return_code, invalid_specs = pat.test_analysis(args)
assert_equal(return_code, 1)
assert_equal(len(invalid_specs), 4)
def test_with_minimum_tests_no_passing(self):
args = pat.setup_parser().parse_args(
f'test --path {DETECTIONS_FIXTURES_PATH} --filter PolicyID=IAM.MFAEnabled.Required.Tests --minimum-tests 2'.split())
args.filter, args.filter_inverted = pat.parse_filter(args.filter)
return_code, invalid_specs = pat.test_analysis(args)
# Failing, because while there are two unit tests they both have expected result False
assert_equal(return_code, 1)
assert_equal(len(invalid_specs), 7)
def test_invalid_rule_test(self):
args = pat.setup_parser().parse_args(
f'test --path {FIXTURES_PATH} --filter RuleID=Example.Rule.Invalid.Test'
.split())
args.filter = pat.parse_filter(args.filter)
return_code, invalid_specs = pat.test_analysis(args)
assert_equal(return_code, 1)
assert_equal(len(invalid_specs), 4)
def test_invalid_rule_definition(self):
args = pat.setup_parser().parse_args(
'test --path tests/fixtures --filter RuleID=AWS.CloudTrail.MFAEnabled'
.split())
args.filter = pat.parse_filter(args.filter)
return_code, invalid_specs = pat.test_analysis(args)
assert_equal(return_code, 1)
assert_equal(len(invalid_specs), 4)
def test_with_filters(self):
args = pat.setup_parser().parse_args(
f'test --path {FIXTURES_PATH}/valid_analysis --filter AnalysisType=policy,global'
.split())
args.filter = pat.parse_filter(args.filter)
return_code, invalid_specs = pat.test_analysis(args)
assert_equal(return_code, 0)
assert_equal(len(invalid_specs), 0)
def test_with_tag_filters_inverted(self):
# Note: a comparison of the tests passed is required to make this test robust
# (8 passing vs 1 passing)
args = pat.setup_parser().parse_args(
f'test --path {DETECTIONS_FIXTURES_PATH}/valid_analysis --filter Tags=AWS,CIS Tags!=SOC2'.split())
args.filter, args.filter_inverted = pat.parse_filter(args.filter)
return_code, invalid_specs = pat.test_analysis(args)
assert_equal(return_code, 0)
assert_equal(len(invalid_specs), 0)
def test_parse_filters(self):
args = pat.setup_parser().parse_args(
'test --path tests/fixtures/valid_analysis --filter AnalysisType=policy,global Severity=Critical'
.split())
args.filter = pat.parse_filter(args.filter)
assert_true('AnalysisType' in args.filter.keys())
assert_true('policy' in args.filter['AnalysisType'])
assert_true('global' in args.filter['AnalysisType'])
assert_true('Severity' in args.filter.keys())
assert_true('Critical' in args.filter['Severity'])
