diff --git a/tests/detection_finding_test.py b/tests/detection_finding_test.py index 5e3c759..e9cc74b 100644 --- a/tests/detection_finding_test.py +++ b/tests/detection_finding_test.py @@ -1,8 +1,13 @@ import uuid from datetime import datetime +from py_ocsf_models.events.base_event import SeverityID from py_ocsf_models.events.findings.detection_finding import DetectionFinding -from py_ocsf_models.events.findings.finding import FindingInformation +from py_ocsf_models.events.findings.finding import ( + ActivityID, + ConfidenceID, + FindingInformation, +) from py_ocsf_models.objects.api import ( API, Group, @@ -14,8 +19,9 @@ from py_ocsf_models.objects.container import Container, FingerPrint, Image from py_ocsf_models.objects.dns_query import DNSOpcodeID, DNSQuery from py_ocsf_models.objects.evidence_artifacts import EvidenceArtifacts +from py_ocsf_models.objects.fingerprint import AlgorithmID from py_ocsf_models.objects.metadata import Metadata -from py_ocsf_models.objects.operating_system import OperatingSystem +from py_ocsf_models.objects.operating_system import OperatingSystem, TypeID from py_ocsf_models.objects.product import Feature, Product from py_ocsf_models.objects.remediation import KBArticle, Remediation from py_ocsf_models.objects.resource_details import ResourceDetails @@ -26,6 +32,7 @@ class TestDetectionFinding: def test_detection_finding(self): + pod_uuid = str(uuid.uuid4()) detection_finding = DetectionFinding( metadata=Metadata( version="1.0", @@ -87,7 +94,7 @@ def test_detection_finding(self): name="Container 1", network_driver="Network Driver 1", orchestrator="Orchestrator 1", - pod_uuid=str(uuid.uuid4()), + pod_uuid=pod_uuid, runtime="Runtime 1", size=123, uid="123", @@ -116,7 +123,7 @@ def test_detection_finding(self): name="Container 1", network_driver="Network Driver 1", orchestrator="Orchestrator 1", - pod_uuid=str(uuid.uuid4()), + pod_uuid=pod_uuid, runtime="Runtime 1", size=123, uid="123", @@ -158,31 +165,31 @@ def test_detection_finding(self): provider="Provider 1", region="Region 1", ), - container=ContainerProfile( - container=Container( - hash=FingerPrint( - algorithm="SHA256", - algorithm_id=3, - value="123", - ), - image=Image( - tag="Tag 1", - name="Image 1", - labels=["Label 1"], - path="Path 1", - uid="123", - ), + ), + container=ContainerProfile( + container=Container( + hash=FingerPrint( + algorithm="SHA256", + algorithm_id=3, + value="123", + ), + image=Image( tag="Tag 1", - name="Container 1", - network_driver="Network Driver 1", - orchestrator="Orchestrator 1", - pod_uuid=str(uuid.uuid4()), - runtime="Runtime 1", - size=123, + name="Image 1", + labels=["Label 1"], + path="Path 1", uid="123", ), - namespace_pid=123, + tag="Tag 1", + name="Container 1", + network_driver="Network Driver 1", + orchestrator="Orchestrator 1", + pod_uuid=pod_uuid, + runtime="Runtime 1", + size=123, + uid="123", ), + namespace_pid=123, ), count=123, duration=123, @@ -209,7 +216,7 @@ def test_detection_finding(self): name="Container 1", network_driver="Network Driver 1", orchestrator="Orchestrator 1", - pod_uuid=str(uuid.uuid4()), + pod_uuid=pod_uuid, runtime="Runtime 1", size=123, uid="123", @@ -238,7 +245,7 @@ def test_detection_finding(self): name="Container 1", network_driver="Network Driver 1", orchestrator="Orchestrator 1", - pod_uuid=str(uuid.uuid4()), + pod_uuid=pod_uuid, runtime="Runtime 1", size=123, uid="123", @@ -428,4 +435,122 @@ def test_detection_finding(self): ) ], ) - # TODO: assert with the expected object + # Assert Metadata and Product + assert detection_finding.metadata.version == "1.0" + product = detection_finding.metadata.product + assert product.feature.name == "Name" + assert product.feature.uid == "123" + assert product.feature.version == "Version" + assert product.lang == "en" + assert product.name == "Name" + assert product.path == "Path" + assert product.cpe_name == "CPE Name" + assert product.url_string == "https://www.example.com" + assert product.uid == "123" + assert product.vendor_name == "Vendor Name" + assert product.version == "Version" + + # Assert FindingInformation + assert detection_finding.finding_info.title == "Title" + assert detection_finding.finding_info.uid == "123" + + # Assert simple attributes + assert detection_finding.severity_id == SeverityID.Informational + assert detection_finding.activity_name == "Activity Name" + assert detection_finding.activity_id == ActivityID.Create + assert detection_finding.comment == "Comment" + assert detection_finding.confidence == "Confidence" + assert detection_finding.confidence_id == ConfidenceID.Low + assert detection_finding.confidence_score == 123 + + # Assert ResourceDetails + resource = detection_finding.resources[0] + assert resource.name == "Resource 1" + assert resource.type == "Resource" + + # Assert CloudProfile and nested objects + cloud_profile = detection_finding.cloud + assert cloud_profile.api.operation == "GET" + assert cloud_profile.api.version == "1.0" + assert cloud_profile.api.service.name == "Service 1" + assert cloud_profile.cloud.account.name == "Account 1" + assert cloud_profile.cloud.zone == "Zone 1" + assert cloud_profile.cloud.org.name == "Organization 1" + assert cloud_profile.cloud.provider == "Provider 1" + assert cloud_profile.cloud.region == "Region 1" + + # Assert ContainerProfile and nested objects + container_profile = detection_finding.container + container = container_profile.container + assert str(container.pod_uuid) == pod_uuid + assert container.network_driver == "Network Driver 1" + assert container.orchestrator == "Orchestrator 1" + assert container.size == 123 + + # Assert Image and FingerPrint + image = container.image + assert image.tag == "Tag 1" + assert image.name == "Image 1" + assert "Label 1" in image.labels + assert image.path == "Path 1" + assert image.uid == "123" + + fingerprint = container.hash + assert fingerprint.algorithm == "SHA256" + assert fingerprint.algorithm_id == AlgorithmID.SHA_256 + assert fingerprint.value == "123" + + # Assert DNSQuery + dns_query = detection_finding.evidences[0].query + assert dns_query.opcode == "Query" + assert dns_query.opcode_id == DNSOpcodeID.Query + assert dns_query.hostname == "www.example.com" + assert dns_query.packet_uid == 123 + assert dns_query.type == "A" + + # Assert Remediation and KBArticle + remediation = detection_finding.remediation + assert remediation.desc == "Description" + assert len(remediation.references) == 1 + assert "https://www.example.com" in remediation.references + + kb_article = remediation.kb_article_list[0] + assert kb_article.classification == "Classification" + assert kb_article.bulletin == "Bulletin" + assert kb_article.severity == "Severity" + assert kb_article.size == 123 + assert kb_article.src_url == "https://www.example.com" + assert kb_article.is_superseded is True + assert kb_article.title == "Title" + assert kb_article.uid == "123" + + # Assert VulnerabilityDetails + vulnerability = detection_finding.vulnerabilities[0] + assert vulnerability.desc == "Description" + assert vulnerability.is_exploit_available is True + assert "https://www.example.com" in vulnerability.references + assert vulnerability.severity == "Severity" + assert vulnerability.title == "Title" + assert vulnerability.vendor_name == "Vendor Name" + + # Assert OperatingSystem in KBArticle + os = kb_article.os + assert os.cpu_bits == 64 + assert os.country == "US" + assert os.lang == "en" + assert os.name == "Name" + assert os.build == "Build" + assert os.edition == "Edition" + assert os.sp_name == "SP Name" + assert os.sp_ver == 123 + assert os.cpe_name == "CPE Name" + assert os.type == "Type" + assert os.type_id == TypeID.Windows + assert os.version == "Version" + + # Assert EvidenceArtifacts + evidence_artifact = detection_finding.evidences[0] + assert evidence_artifact.api.operation == "GET" + assert evidence_artifact.api.version == "1.0" + assert evidence_artifact.data == {"key": "value"} +