def test_rule_with_invalid_format_for_security_standard_items_fails_validation( rule_language: LanguageSpecificRule): invalid_security_standards_items = { 'OWASP': ['B1', 'AAA123', 'A0', ' A1', 'Not covered', ''], 'OWASP Top 10 2021': ['B1', 'AAA123', 'A0', ' A1', 'Not covered', ''], 'OWASP Mobile': ['B1', 'MMM123', 'M0', ' M1', 'Not covered', ''], 'PCI DSS 3.2': ['2.1.A', '2.1.1 ', 'Not covered', ''], 'PCI DSS 4.0': ['2.1.A', '2.1.1 ', 'Not covered', ''], 'CIS': ['2.1.A', '"2.1.1 ', 'Not covered', ''], 'HIPAA': ['Not covered', ''], 'CERT': ['MSC13-C', 'MSC13-C. ', 'Not covered', ''], 'MASVS': ['MSTG-CRYPTO-A', 'MSTG-CRYPTO-6 ', 'Not covered', ''], 'ASVS 4': ['A.1.2', ' 1.1.1', 'Not covered', ''] } for security_standard in invalid_security_standards_items: for item in invalid_security_standards_items[security_standard]: invalid_metadata = deepcopy(rule_language.metadata) invalid_metadata['securityStandards'] = {security_standard: [item]} with pytest.raises( RuleValidationError, match= fr'^Rule {rule_language.id} has invalid metadata in 0: \'{item}\' does not match' ): with patch.object(LanguageSpecificRule, 'metadata', new_callable=PropertyMock) as mock: mock.return_value = invalid_metadata validate_rule_specialization_metadata(rule_language)
def test_deprecated_rule_with_replacement_passes_validation( rule_language: LanguageSpecificRule): metadata = deepcopy(rule_language.metadata) metadata['extra'] = {'replacementRules': ['RSPEC-1234']} metadata['status'] = 'deprecated' with patch.object(LanguageSpecificRule, 'metadata', new_callable=PropertyMock) as mock: mock.return_value = metadata validate_rule_specialization_metadata(rule_language)
def test_invalid_remediation_fails_validation( rule_language: LanguageSpecificRule): invalid_metadata = deepcopy(rule_language.metadata) invalid_metadata['remediation']["func"] = 42 with pytest.raises( RuleValidationError, match=fr'^Rule {rule_language.id} has invalid metadata'): with patch.object(LanguageSpecificRule, 'metadata', new_callable=PropertyMock) as mock: mock.return_value = invalid_metadata validate_rule_specialization_metadata(rule_language)
def test_missing_required_property_fails_validation( rule_language: LanguageSpecificRule): invalid_metadata = deepcopy(rule_language.metadata) del invalid_metadata['title'] with pytest.raises( RuleValidationError, match=fr'^Rule {rule_language.id} has invalid metadata'): with patch.object(LanguageSpecificRule, 'metadata', new_callable=PropertyMock) as mock: mock.return_value = invalid_metadata validate_rule_specialization_metadata(rule_language)
def test_adding_properties_fails_validation( rule_language: LanguageSpecificRule): metadata = deepcopy(rule_language.metadata) metadata['unknown'] = 42 with pytest.raises( RuleValidationError, match=fr'^Rule {rule_language.id} has invalid metadata'): with patch.object(LanguageSpecificRule, 'metadata', new_callable=PropertyMock) as mock: mock.return_value = metadata validate_rule_specialization_metadata(rule_language)
def test_rule_with_complete_list_of_security_standard_passes_validation( rule_language: LanguageSpecificRule): metadata = deepcopy(rule_language.metadata) metadata['securityStandards'] = { 'ASVS 4': [], 'OWASP': [], "OWASP Top 10 2021": [] } with patch.object(LanguageSpecificRule, 'metadata', new_callable=PropertyMock) as mock: mock.return_value = metadata validate_rule_specialization_metadata(rule_language)
def test_ready_rule_with_replacement_fails_validation( rule_language: LanguageSpecificRule): invalid_metadata = deepcopy(rule_language.metadata) invalid_metadata['extra'] = { 'replacementRules': ['RSPEC-1234', 'RSPEC-5678'] } with pytest.raises( RuleValidationError, match=fr'^Rule {rule_language.id} has invalid metadata: status'): with patch.object(LanguageSpecificRule, 'metadata', new_callable=PropertyMock) as mock: mock.return_value = invalid_metadata validate_rule_specialization_metadata(rule_language)
def test_rule_with_incomplete_list_of_security_standard_fails_validation( rule_language: LanguageSpecificRule): invalid_metadata = deepcopy(rule_language.metadata) # "OWASP Top 10 2021", defined in the generic metadata is missing invalid_metadata['securityStandards'] = { 'ASVS 4': [], 'OWASP': [], 'CERT': [] } with pytest.raises( RuleValidationError, match= fr'^Rule {rule_language.id} has invalid metadata: securityStandard' ): with patch.object(LanguageSpecificRule, 'metadata', new_callable=PropertyMock) as mock: mock.return_value = invalid_metadata validate_rule_specialization_metadata(rule_language)
def test_valid_metadata_passes_validation(rule_language: LanguageSpecificRule): '''Check that language metadata are correctly overridden.''' validate_rule_specialization_metadata(rule_language)