chore(tests): add ocsf tests (#7)

Co-authored-by: Pepe Fagoaga <[email protected]>

tests/detection_finding_test.py

@@ -1,8 +1,13 @@
 import uuid
 from datetime import datetime
 
+from py_ocsf_models.events.base_event import SeverityID
 from py_ocsf_models.events.findings.detection_finding import DetectionFinding
-from py_ocsf_models.events.findings.finding import FindingInformation
+from py_ocsf_models.events.findings.finding import (
+    ActivityID,
+    ConfidenceID,
+    FindingInformation,
+)
 from py_ocsf_models.objects.api import (
     API,
     Group,
@@ -14,8 +19,9 @@
 from py_ocsf_models.objects.container import Container, FingerPrint, Image
 from py_ocsf_models.objects.dns_query import DNSOpcodeID, DNSQuery
 from py_ocsf_models.objects.evidence_artifacts import EvidenceArtifacts
+from py_ocsf_models.objects.fingerprint import AlgorithmID
 from py_ocsf_models.objects.metadata import Metadata
-from py_ocsf_models.objects.operating_system import OperatingSystem
+from py_ocsf_models.objects.operating_system import OperatingSystem, TypeID
 from py_ocsf_models.objects.product import Feature, Product
 from py_ocsf_models.objects.remediation import KBArticle, Remediation
 from py_ocsf_models.objects.resource_details import ResourceDetails
@@ -26,6 +32,7 @@
 
 class TestDetectionFinding:
     def test_detection_finding(self):
+        pod_uuid = str(uuid.uuid4())
         detection_finding = DetectionFinding(
             metadata=Metadata(
                 version="1.0",
@@ -87,7 +94,7 @@ def test_detection_finding(self):
                                 name="Container 1",
                                 network_driver="Network Driver 1",
                                 orchestrator="Orchestrator 1",
-                                pod_uuid=str(uuid.uuid4()),
+                                pod_uuid=pod_uuid,
                                 runtime="Runtime 1",
                                 size=123,
                                 uid="123",
@@ -116,7 +123,7 @@ def test_detection_finding(self):
                                 name="Container 1",
                                 network_driver="Network Driver 1",
                                 orchestrator="Orchestrator 1",
-                                pod_uuid=str(uuid.uuid4()),
+                                pod_uuid=pod_uuid,
                                 runtime="Runtime 1",
                                 size=123,
                                 uid="123",
@@ -158,31 +165,31 @@ def test_detection_finding(self):
                     provider="Provider 1",
                     region="Region 1",
                 ),
-                container=ContainerProfile(
-                    container=Container(
-                        hash=FingerPrint(
-                            algorithm="SHA256",
-                            algorithm_id=3,
-                            value="123",
-                        ),
-                        image=Image(
-                            tag="Tag 1",
-                            name="Image 1",
-                            labels=["Label 1"],
-                            path="Path 1",
-                            uid="123",
-                        ),
+            ),
+            container=ContainerProfile(
+                container=Container(
+                    hash=FingerPrint(
+                        algorithm="SHA256",
+                        algorithm_id=3,
+                        value="123",
+                    ),
+                    image=Image(
                         tag="Tag 1",
-                        name="Container 1",
-                        network_driver="Network Driver 1",
-                        orchestrator="Orchestrator 1",
-                        pod_uuid=str(uuid.uuid4()),
-                        runtime="Runtime 1",
-                        size=123,
+                        name="Image 1",
+                        labels=["Label 1"],
+                        path="Path 1",
                         uid="123",
                     ),
-                    namespace_pid=123,
+                    tag="Tag 1",
+                    name="Container 1",
+                    network_driver="Network Driver 1",
+                    orchestrator="Orchestrator 1",
+                    pod_uuid=pod_uuid,
+                    runtime="Runtime 1",
+                    size=123,
+                    uid="123",
                 ),
+                namespace_pid=123,
             ),
             count=123,
             duration=123,
@@ -209,7 +216,7 @@ def test_detection_finding(self):
                                     name="Container 1",
                                     network_driver="Network Driver 1",
                                     orchestrator="Orchestrator 1",
-                                    pod_uuid=str(uuid.uuid4()),
+                                    pod_uuid=pod_uuid,
                                     runtime="Runtime 1",
                                     size=123,
                                     uid="123",
@@ -238,7 +245,7 @@ def test_detection_finding(self):
                                     name="Container 1",
                                     network_driver="Network Driver 1",
                                     orchestrator="Orchestrator 1",
-                                    pod_uuid=str(uuid.uuid4()),
+                                    pod_uuid=pod_uuid,
                                     runtime="Runtime 1",
                                     size=123,
                                     uid="123",
@@ -428,4 +435,122 @@ def test_detection_finding(self):
                 )
             ],
         )
-        # TODO: assert with the expected object
+        # Assert Metadata and Product
+        assert detection_finding.metadata.version == "1.0"
+        product = detection_finding.metadata.product
+        assert product.feature.name == "Name"
+        assert product.feature.uid == "123"
+        assert product.feature.version == "Version"
+        assert product.lang == "en"
+        assert product.name == "Name"
+        assert product.path == "Path"
+        assert product.cpe_name == "CPE Name"
+        assert product.url_string == "https://www.example.com"
+        assert product.uid == "123"
+        assert product.vendor_name == "Vendor Name"
+        assert product.version == "Version"
+
+        # Assert FindingInformation
+        assert detection_finding.finding_info.title == "Title"
+        assert detection_finding.finding_info.uid == "123"
+
+        # Assert simple attributes
+        assert detection_finding.severity_id == SeverityID.Informational
+        assert detection_finding.activity_name == "Activity Name"
+        assert detection_finding.activity_id == ActivityID.Create
+        assert detection_finding.comment == "Comment"
+        assert detection_finding.confidence == "Confidence"
+        assert detection_finding.confidence_id == ConfidenceID.Low
+        assert detection_finding.confidence_score == 123
+
+        # Assert ResourceDetails
+        resource = detection_finding.resources[0]
+        assert resource.name == "Resource 1"
+        assert resource.type == "Resource"
+
+        # Assert CloudProfile and nested objects
+        cloud_profile = detection_finding.cloud
+        assert cloud_profile.api.operation == "GET"
+        assert cloud_profile.api.version == "1.0"
+        assert cloud_profile.api.service.name == "Service 1"
+        assert cloud_profile.cloud.account.name == "Account 1"
+        assert cloud_profile.cloud.zone == "Zone 1"
+        assert cloud_profile.cloud.org.name == "Organization 1"
+        assert cloud_profile.cloud.provider == "Provider 1"
+        assert cloud_profile.cloud.region == "Region 1"
+
+        # Assert ContainerProfile and nested objects
+        container_profile = detection_finding.container
+        container = container_profile.container
+        assert str(container.pod_uuid) == pod_uuid
+        assert container.network_driver == "Network Driver 1"
+        assert container.orchestrator == "Orchestrator 1"
+        assert container.size == 123
+
+        # Assert Image and FingerPrint
+        image = container.image
+        assert image.tag == "Tag 1"
+        assert image.name == "Image 1"
+        assert "Label 1" in image.labels
+        assert image.path == "Path 1"
+        assert image.uid == "123"
+
+        fingerprint = container.hash
+        assert fingerprint.algorithm == "SHA256"
+        assert fingerprint.algorithm_id == AlgorithmID.SHA_256
+        assert fingerprint.value == "123"
+
+        # Assert DNSQuery
+        dns_query = detection_finding.evidences[0].query
+        assert dns_query.opcode == "Query"
+        assert dns_query.opcode_id == DNSOpcodeID.Query
+        assert dns_query.hostname == "www.example.com"
+        assert dns_query.packet_uid == 123
+        assert dns_query.type == "A"
+
+        # Assert Remediation and KBArticle
+        remediation = detection_finding.remediation
+        assert remediation.desc == "Description"
+        assert len(remediation.references) == 1
+        assert "https://www.example.com" in remediation.references
+
+        kb_article = remediation.kb_article_list[0]
+        assert kb_article.classification == "Classification"
+        assert kb_article.bulletin == "Bulletin"
+        assert kb_article.severity == "Severity"
+        assert kb_article.size == 123
+        assert kb_article.src_url == "https://www.example.com"
+        assert kb_article.is_superseded is True
+        assert kb_article.title == "Title"
+        assert kb_article.uid == "123"
+
+        # Assert VulnerabilityDetails
+        vulnerability = detection_finding.vulnerabilities[0]
+        assert vulnerability.desc == "Description"
+        assert vulnerability.is_exploit_available is True
+        assert "https://www.example.com" in vulnerability.references
+        assert vulnerability.severity == "Severity"
+        assert vulnerability.title == "Title"
+        assert vulnerability.vendor_name == "Vendor Name"
+
+        # Assert OperatingSystem in KBArticle
+        os = kb_article.os
+        assert os.cpu_bits == 64
+        assert os.country == "US"
+        assert os.lang == "en"
+        assert os.name == "Name"
+        assert os.build == "Build"
+        assert os.edition == "Edition"
+        assert os.sp_name == "SP Name"
+        assert os.sp_ver == 123
+        assert os.cpe_name == "CPE Name"
+        assert os.type == "Type"
+        assert os.type_id == TypeID.Windows
+        assert os.version == "Version"
+
+        # Assert EvidenceArtifacts
+        evidence_artifact = detection_finding.evidences[0]
+        assert evidence_artifact.api.operation == "GET"
+        assert evidence_artifact.api.version == "1.0"
+        assert evidence_artifact.data == {"key": "value"}
+