def test_rules_from_current_dir(self): # This is a work around to test running tool against current directory return_code = -1 invalid_specs = None valid_rule_path = os.path.join(FIXTURES_PATH, 'valid_analysis/policies') # test default path, '.' with Pause(self.fs): original_path = os.getcwd() try: os.chdir(valid_rule_path) args = pat.setup_parser().parse_args('test'.split()) return_code, invalid_specs = pat.test_analysis(args) finally: os.chdir(original_path) # asserts are outside of the pause to ensure the fakefs gets resumed assert_equal(return_code, 0) assert_equal(len(invalid_specs), 0) return_code = -1 invalid_specs = None # test explicitly setting current dir with Pause(self.fs): original_path = os.getcwd() os.chdir(valid_rule_path) args = pat.setup_parser().parse_args('test --path ./'.split()) return_code, invalid_specs = pat.test_analysis(args) os.chdir(original_path) # asserts are outside of the pause to ensure the fakefs gets resumed assert_equal(return_code, 0) assert_equal(len(invalid_specs), 0)
def test_with_tag_filters(self): args = pat.setup_parser().parse_args( f'test --path {DETECTIONS_FIXTURES_PATH}/valid_analysis --filter Tags=AWS,CIS'.split()) args.filter, args.filter_inverted = pat.parse_filter(args.filter) return_code, invalid_specs = pat.test_analysis(args) assert_equal(return_code, 0) assert_equal(len(invalid_specs), 0)
def test_scheduled_rules_from_folder(self): args = pat.setup_parser().parse_args( f'test --path {FIXTURES_PATH}/valid_analysis/scheduled_rules'. split()) return_code, invalid_specs = pat.test_analysis(args) assert_equal(return_code, 0) assert_equal(len(invalid_specs), 0)
def test_load_policy_specs_from_folder(self): args = pat.setup_parser().parse_args( 'test --path tests/fixtures'.split()) return_code, invalid_specs = pat.test_analysis(args) assert_equal(return_code, 1) assert_equal(invalid_specs[0][0], 'tests/fixtures/example_malformed_policy.yml')
def test_with_invalid_mocks(self): args = pat.setup_parser().parse_args( f'test --path {DETECTIONS_FIXTURES_PATH} --filter Severity=Critical RuleID=Example.Rule.Invalid.Mock'.split()) args.filter, args.filter_inverted = pat.parse_filter(args.filter) return_code, invalid_specs = pat.test_analysis(args) assert_equal(return_code, 1) assert_equal(len(invalid_specs), 7)
def test_invalid_characters(self): args = pat.setup_parser().parse_args( f'test --path {DETECTIONS_FIXTURES_PATH} --filter Severity=High ResourceTypes=AWS.IAM.User'.split()) args.filter, args.filter_inverted = pat.parse_filter(args.filter) return_code, invalid_specs = pat.test_analysis(args) assert_equal(return_code, 1) assert_equal(len(invalid_specs), 8)
def test_unknown_exception(self): args = pat.setup_parser().parse_args( f'test --path {DETECTIONS_FIXTURES_PATH} --filter RuleID=Example.Rule.Unknown.Exception'.split()) args.filter, args.filter_inverted = pat.parse_filter(args.filter) return_code, invalid_specs = pat.test_analysis(args) assert_equal(return_code, 1) assert_equal(len(invalid_specs), 7)
def test_invalid_rule_definition(self): args = pat.setup_parser().parse_args( f'test --path {DETECTIONS_FIXTURES_PATH} --filter RuleID=AWS.CloudTrail.MFAEnabled'.split()) args.filter, args.filter_inverted = pat.parse_filter(args.filter) return_code, invalid_specs = pat.test_analysis(args) assert_equal(return_code, 1) assert_equal(len(invalid_specs), 7)
def test_with_minimum_tests(self): args = pat.setup_parser().parse_args( f'test --path {FIXTURES_PATH}/valid_analysis --minimum-tests 1'. split()) return_code, invalid_specs = pat.test_analysis(args) assert_equal(return_code, 0) assert_equal(len(invalid_specs), 0)
def test_invalid_log_type(self): args = pat.setup_parser().parse_args( f'test --path {DETECTIONS_FIXTURES_PATH} --filter RuleID=Example.Bad.Log.Type'.split()) args.filter, args.filter_inverted = pat.parse_filter(args.filter) return_code, invalid_specs = pat.test_analysis(args) assert_equal(return_code, 1) self.equal = assert_equal(len(invalid_specs), 7)
def test_invalid_characters(self): args = pat.setup_parser().parse_args( 'test --path tests/fixtures --filter Severity=High ResourceTypes=AWS.IAM.User' .split()) args.filter = pat.parse_filter(args.filter) return_code, invalid_specs = pat.test_analysis(args) assert_equal(return_code, 1) assert_equal(len(invalid_specs), 4)
def test_with_tag_filters(self): args = pat.setup_parser().parse_args( 'test --path tests/fixtures/valid_analysis --filter Tags=AWS,CIS'. split()) args.filter = pat.parse_filter(args.filter) return_code, invalid_specs = pat.test_analysis(args) assert_equal(return_code, 0) assert_equal(len(invalid_specs), 0)
def test_with_minimum_tests_no_passing(self): args = pat.setup_parser().parse_args( f'test --path {DETECTIONS_FIXTURES_PATH} --filter PolicyID=IAM.MFAEnabled.Required.Tests --minimum-tests 2'.split()) args.filter, args.filter_inverted = pat.parse_filter(args.filter) return_code, invalid_specs = pat.test_analysis(args) # Failing, because while there are two unit tests they both have expected result False assert_equal(return_code, 1) assert_equal(len(invalid_specs), 7)
def test_invalid_rule_definition(self): args = pat.setup_parser().parse_args( 'test --path tests/fixtures --filter RuleID=AWS.CloudTrail.MFAEnabled' .split()) args.filter = pat.parse_filter(args.filter) return_code, invalid_specs = pat.test_analysis(args) assert_equal(return_code, 1) assert_equal(len(invalid_specs), 4)
def test_load_policy_specs_from_folder(self): args = pat.setup_parser().parse_args( f'test --path {FIXTURES_PATH}'.split()) return_code, invalid_specs = pat.test_analysis(args) assert_equal(return_code, 1) assert_equal(invalid_specs[0][0], f'{FIXTURES_PATH}/example_malformed_policy.yml') assert_equal(len(invalid_specs), 7)
def test_with_invalid_mocks(self): args = pat.setup_parser().parse_args( 'test --path tests/fixtures --filter Severity=Critical RuleID=Example.Rule.Invalid.Mock' .split()) args.filter = pat.parse_filter(args.filter) return_code, invalid_specs = pat.test_analysis(args) assert_equal(return_code, 1) assert_equal(len(invalid_specs), 4)
def test_invalid_rule_test(self): args = pat.setup_parser().parse_args( f'test --path {FIXTURES_PATH} --filter RuleID=Example.Rule.Invalid.Test' .split()) args.filter = pat.parse_filter(args.filter) return_code, invalid_specs = pat.test_analysis(args) assert_equal(return_code, 1) assert_equal(len(invalid_specs), 4)
def test_with_minimum_tests_failing(self): args = pat.setup_parser().parse_args( f'test --path {FIXTURES_PATH}/valid_analysis --minimum-tests 2'. split()) return_code, invalid_specs = pat.test_analysis(args) # Failing, because some of the fixtures only have one test case assert_equal(return_code, 1) assert_equal(len(invalid_specs), 0)
def test_with_filters(self): args = pat.setup_parser().parse_args( f'test --path {FIXTURES_PATH}/valid_analysis --filter AnalysisType=policy,global' .split()) args.filter = pat.parse_filter(args.filter) return_code, invalid_specs = pat.test_analysis(args) assert_equal(return_code, 0) assert_equal(len(invalid_specs), 0)
def test_unknown_exception(self): args = pat.setup_parser().parse_args( 'test --path tests/fixtures --filter RuleID=Example.Rule.Unknown.Exception' .split()) args.filter = pat.parse_filter(args.filter) return_code, invalid_specs = pat.test_analysis(args) assert_equal(return_code, 1) assert_equal(len(invalid_specs), 4)
def test_with_tag_filters_inverted(self): # Note: a comparison of the tests passed is required to make this test robust # (8 passing vs 1 passing) args = pat.setup_parser().parse_args( f'test --path {DETECTIONS_FIXTURES_PATH}/valid_analysis --filter Tags=AWS,CIS Tags!=SOC2'.split()) args.filter, args.filter_inverted = pat.parse_filter(args.filter) return_code, invalid_specs = pat.test_analysis(args) assert_equal(return_code, 0) assert_equal(len(invalid_specs), 0)
def test_queries_from_folder(self): args = pat.setup_parser().parse_args(f'test --path {DETECTIONS_FIXTURES_PATH}/valid_analysis/queries'.split()) args.filter_inverted = {} return_code, invalid_specs = pat.test_analysis(args) assert_equal(return_code, 0) assert_equal(len(invalid_specs), 0)
def test_rules_from_folder(self): args = pat.setup_parser().parse_args( 'test --path tests/fixtures/valid_analysis/rules'.split()) return_code, invalid_specs = pat.test_analysis(args) assert_equal(return_code, 0) assert_equal(len(invalid_specs), 0)