def test_rule_with_invalid_format_for_security_standard_items_fails_validation(
rule_language: LanguageSpecificRule):
invalid_security_standards_items = {
'OWASP': ['B1', 'AAA123', 'A0', ' A1', 'Not covered', ''],
'OWASP Top 10 2021': ['B1', 'AAA123', 'A0', ' A1', 'Not covered', ''],
'OWASP Mobile': ['B1', 'MMM123', 'M0', ' M1', 'Not covered', ''],
'PCI DSS 3.2': ['2.1.A', '2.1.1 ', 'Not covered', ''],
'PCI DSS 4.0': ['2.1.A', '2.1.1 ', 'Not covered', ''],
'CIS': ['2.1.A', '"2.1.1 ', 'Not covered', ''],
'HIPAA': ['Not covered', ''],
'CERT': ['MSC13-C', 'MSC13-C. ', 'Not covered', ''],
'MASVS': ['MSTG-CRYPTO-A', 'MSTG-CRYPTO-6 ', 'Not covered', ''],
'ASVS 4': ['A.1.2', ' 1.1.1', 'Not covered', '']
}
for security_standard in invalid_security_standards_items:
for item in invalid_security_standards_items[security_standard]:
invalid_metadata = deepcopy(rule_language.metadata)
invalid_metadata['securityStandards'] = {security_standard: [item]}
with pytest.raises(
RuleValidationError,
match=
fr'^Rule {rule_language.id} has invalid metadata in 0: \'{item}\' does not match'
):
with patch.object(LanguageSpecificRule,
'metadata',
new_callable=PropertyMock) as mock:
mock.return_value = invalid_metadata
validate_rule_specialization_metadata(rule_language)
def test_deprecated_rule_with_replacement_passes_validation(
rule_language: LanguageSpecificRule):
metadata = deepcopy(rule_language.metadata)
metadata['extra'] = {'replacementRules': ['RSPEC-1234']}
metadata['status'] = 'deprecated'
with patch.object(LanguageSpecificRule,
'metadata',
new_callable=PropertyMock) as mock:
mock.return_value = metadata
validate_rule_specialization_metadata(rule_language)
def test_invalid_remediation_fails_validation(
rule_language: LanguageSpecificRule):
invalid_metadata = deepcopy(rule_language.metadata)
invalid_metadata['remediation']["func"] = 42
with pytest.raises(
RuleValidationError,
match=fr'^Rule {rule_language.id} has invalid metadata'):
with patch.object(LanguageSpecificRule,
'metadata',
new_callable=PropertyMock) as mock:
mock.return_value = invalid_metadata
validate_rule_specialization_metadata(rule_language)
def test_missing_required_property_fails_validation(
rule_language: LanguageSpecificRule):
invalid_metadata = deepcopy(rule_language.metadata)
del invalid_metadata['title']
with pytest.raises(
RuleValidationError,
match=fr'^Rule {rule_language.id} has invalid metadata'):
with patch.object(LanguageSpecificRule,
'metadata',
new_callable=PropertyMock) as mock:
mock.return_value = invalid_metadata
validate_rule_specialization_metadata(rule_language)
def test_adding_properties_fails_validation(
rule_language: LanguageSpecificRule):
metadata = deepcopy(rule_language.metadata)
metadata['unknown'] = 42
with pytest.raises(
RuleValidationError,
match=fr'^Rule {rule_language.id} has invalid metadata'):
with patch.object(LanguageSpecificRule,
'metadata',
new_callable=PropertyMock) as mock:
mock.return_value = metadata
validate_rule_specialization_metadata(rule_language)
def test_rule_with_complete_list_of_security_standard_passes_validation(
rule_language: LanguageSpecificRule):
metadata = deepcopy(rule_language.metadata)
metadata['securityStandards'] = {
'ASVS 4': [],
'OWASP': [],
"OWASP Top 10 2021": []
}
with patch.object(LanguageSpecificRule,
'metadata',
new_callable=PropertyMock) as mock:
mock.return_value = metadata
validate_rule_specialization_metadata(rule_language)
def test_ready_rule_with_replacement_fails_validation(
rule_language: LanguageSpecificRule):
invalid_metadata = deepcopy(rule_language.metadata)
invalid_metadata['extra'] = {
'replacementRules': ['RSPEC-1234', 'RSPEC-5678']
}
with pytest.raises(
RuleValidationError,
match=fr'^Rule {rule_language.id} has invalid metadata: status'):
with patch.object(LanguageSpecificRule,
'metadata',
new_callable=PropertyMock) as mock:
mock.return_value = invalid_metadata
validate_rule_specialization_metadata(rule_language)
def test_rule_with_incomplete_list_of_security_standard_fails_validation(
rule_language: LanguageSpecificRule):
invalid_metadata = deepcopy(rule_language.metadata)
# "OWASP Top 10 2021", defined in the generic metadata is missing
invalid_metadata['securityStandards'] = {
'ASVS 4': [],
'OWASP': [],
'CERT': []
}
with pytest.raises(
RuleValidationError,
match=
fr'^Rule {rule_language.id} has invalid metadata: securityStandard'
):
with patch.object(LanguageSpecificRule,
'metadata',
new_callable=PropertyMock) as mock:
mock.return_value = invalid_metadata
validate_rule_specialization_metadata(rule_language)
def test_valid_metadata_passes_validation(rule_language: LanguageSpecificRule):
'''Check that language metadata are correctly overridden.'''
validate_rule_specialization_metadata(rule_language)