tests/test_packages.py

# Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
# or more contributor license agreements. Licensed under the Elastic License
# 2.0; you may not use this file except in compliance with the Elastic License
# 2.0.

"""Test that the packages are built correctly."""

import unittest
import uuid

from marshmallow import ValidationError
from semver import Version

from detection_rules import rule_loader
from detection_rules.packaging import PACKAGE_FILE, Package
from detection_rules.schemas.registry_package import RegistryPackageManifestV1, RegistryPackageManifestV3
from tests.base import BaseRuleTest

package_configs = Package.load_configs()


class TestPackages(BaseRuleTest):
    """Test package building and saving."""

    @staticmethod
    def get_test_rule(version=1, count=1):
        def get_rule_contents():
            return {
                "author": ["Elastic"],
                "description": "test description",
                "language": "kuery",
                "license": "Elastic License v2",
                "name": "test rule",
                "query": "process.name:test.query",
                "risk_score": 21,
                "rule_id": str(uuid.uuid4()),
                "severity": "low",
                "type": "query",
            }

        rules = [rule_loader.TOMLRule("test.toml", get_rule_contents()) for i in range(count)]
        version_info = {
            rule.id: {"rule_name": rule.name, "sha256": rule.contents.get_hash(), "version": version} for rule in rules
        }

        return rules, version_info

    def test_package_loader_production_config(self):
        """Test that packages are loading correctly."""

    @unittest.skipIf(rule_loader.RULES_CONFIG.bypass_version_lock, "Version lock bypassed")
    def test_package_loader_default_configs(self):
        """Test configs in detection_rules/etc/packages.yaml."""
        Package.from_config(rule_collection=self.rc, config=package_configs)

    @unittest.skipIf(rule_loader.RULES_CONFIG.bypass_version_lock, "Version lock bypassed")
    def test_package_summary(self):
        """Test the generation of the package summary."""
        rules = self.rc
        package = Package(rules, "test-package")
        package.generate_summary_and_changelog(package.changed_ids, package.new_ids, package.removed_ids)

    @unittest.skipIf(rule_loader.RULES_CONFIG.bypass_version_lock, "Version lock bypassed")
    def test_rule_versioning(self):
        """Test that all rules are properly versioned and tracked"""
        self.maxDiff = None
        rules = self.rc
        original_hashes = []

        # test that no rules have versions defined
        for rule in rules:
            self.assertGreaterEqual(rule.contents.autobumped_version, 1, "{} - {}: version is not being set in package")
            original_hashes.append(rule.contents.get_hash())

        package = Package(rules, "test-package")

        # test that all rules have versions defined
        for rule in package.rules:
            self.assertGreaterEqual(rule.contents.autobumped_version, 1, "{} - {}: version is not being set in package")

        # test that rules validate with version

        post_bump_hashes = [rule.contents.get_hash() for rule in package.rules]

        # test that no hashes changed as a result of the version bumps
        self.assertListEqual(original_hashes, post_bump_hashes, "Version bumping modified the hash of a rule")


class TestRegistryPackage(unittest.TestCase):
    """Test the OOB registry package."""

    @classmethod
    def setUpClass(cls) -> None:
        assert "registry_data" in package_configs, f"Missing registry_data in {PACKAGE_FILE}"
        cls.registry_config = package_configs["registry_data"]
        stack_version = Version.parse(
            cls.registry_config["conditions"]["kibana.version"].strip("^"), optional_minor_and_patch=True
        )
        if stack_version >= Version.parse("8.12.0"):
            RegistryPackageManifestV3.from_dict(cls.registry_config)
        else:
            RegistryPackageManifestV1.from_dict(cls.registry_config)

    def test_registry_package_config(self):
        """Test that the registry package is validating properly."""
        registry_config = self.registry_config.copy()
        registry_config["version"] += "7.1.1."

        with self.assertRaises(ValidationError):
            RegistryPackageManifestV1.from_dict(registry_config)
Add unit tests 2020-06-29 23:19:23 -06:00			`# Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one`
Update License to Elastic v2 (#944 ) 2021-03-03 22:12:11 -09:00			`# or more contributor license agreements. Licensed under the Elastic License`
			`# 2.0; you may not use this file except in compliance with the Elastic License`
			`# 2.0.`
Add unit tests 2020-06-29 23:19:23 -06:00
			`"""Test that the packages are built correctly."""`
fix: type hinting fixes and additional code checks (#4790 ) 2025-07-01 15:20:55 +02:00
Add unit tests 2020-06-29 23:19:23 -06:00			`import unittest`
			`import uuid`
fix: type hinting fixes and additional code checks (#4790 ) 2025-07-01 15:20:55 +02:00
[FR] Adjust Prebuilt Rules Packaging to Use Elastic Package v3 (#3252 ) 2023-11-01 12:47:40 -04:00			`from marshmallow import ValidationError`
fix: type hinting fixes and additional code checks (#4790 ) 2025-07-01 15:20:55 +02:00			`from semver import Version`
Add unit tests 2020-06-29 23:19:23 -06:00
			`from detection_rules import rule_loader`
Update package summary extras produced during package generation (#341 ) 2020-09-30 17:43:45 -05:00			`from detection_rules.packaging import PACKAGE_FILE, Package`
fix: type hinting fixes and additional code checks (#4790 ) 2025-07-01 15:20:55 +02:00			`from detection_rules.schemas.registry_package import RegistryPackageManifestV1, RegistryPackageManifestV3`
Add a RuleCollection object instead of a "loader" module (#1063 ) 2021-04-05 14:23:37 -06:00			`from tests.base import BaseRuleTest`
Add unit tests 2020-06-29 23:19:23 -06:00
Generate an integrations package from a release (#983 ) 2021-03-09 13:30:12 -09:00			`package_configs = Package.load_configs()`


Add a RuleCollection object instead of a "loader" module (#1063 ) 2021-04-05 14:23:37 -06:00			`class TestPackages(BaseRuleTest):`
Add unit tests 2020-06-29 23:19:23 -06:00			`"""Test package building and saving."""`

			`@staticmethod`
			`def get_test_rule(version=1, count=1):`
			`def get_rule_contents():`
fix: type hinting fixes and additional code checks (#4790 ) 2025-07-01 15:20:55 +02:00			`return {`
Add unit tests 2020-06-29 23:19:23 -06:00			`"author": ["Elastic"],`
			`"description": "test description",`
			`"language": "kuery",`
Update License to Elastic v2 (#944 ) 2021-03-03 22:12:11 -09:00			`"license": "Elastic License v2",`
Add unit tests 2020-06-29 23:19:23 -06:00			`"name": "test rule",`
			`"query": "process.name:test.query",`
			`"risk_score": 21,`
			`"rule_id": str(uuid.uuid4()),`
			`"severity": "low",`
fix: type hinting fixes and additional code checks (#4790 ) 2025-07-01 15:20:55 +02:00			`"type": "query",`
Add unit tests 2020-06-29 23:19:23 -06:00			`}`

fix: type hinting fixes and additional code checks (#4790 ) 2025-07-01 15:20:55 +02:00			`rules = [rule_loader.TOMLRule("test.toml", get_rule_contents()) for i in range(count)]`
Add unit tests 2020-06-29 23:19:23 -06:00			`version_info = {`
fix: type hinting fixes and additional code checks (#4790 ) 2025-07-01 15:20:55 +02:00			`rule.id: {"rule_name": rule.name, "sha256": rule.contents.get_hash(), "version": version} for rule in rules`
Add unit tests 2020-06-29 23:19:23 -06:00			`}`

			`return rules, version_info`

			`def test_package_loader_production_config(self):`
			`"""Test that packages are loading correctly."""`

fix: type hinting fixes and additional code checks (#4790 ) 2025-07-01 15:20:55 +02:00			`@unittest.skipIf(rule_loader.RULES_CONFIG.bypass_version_lock, "Version lock bypassed")`
Add unit tests 2020-06-29 23:19:23 -06:00			`def test_package_loader_default_configs(self):`
[FR] Normalize yml ext to yaml (#3675 ) 2024-05-15 15:18:39 -05:00			`"""Test configs in detection_rules/etc/packages.yaml."""`
[DaC] Beta Release (#3889 ) 2024-08-06 18:07:12 -04:00			`Package.from_config(rule_collection=self.rc, config=package_configs)`
Add unit tests 2020-06-29 23:19:23 -06:00
fix: type hinting fixes and additional code checks (#4790 ) 2025-07-01 15:20:55 +02:00			`@unittest.skipIf(rule_loader.RULES_CONFIG.bypass_version_lock, "Version lock bypassed")`
Add unit tests 2020-06-29 23:19:23 -06:00			`def test_package_summary(self):`
			`"""Test the generation of the package summary."""`
[DaC] Beta Release (#3889 ) 2024-08-06 18:07:12 -04:00			`rules = self.rc`
fix: type hinting fixes and additional code checks (#4790 ) 2025-07-01 15:20:55 +02:00			`package = Package(rules, "test-package")`
Track multiple stacks in lock (#1434 ) 2021-08-24 16:56:11 -06:00			`package.generate_summary_and_changelog(package.changed_ids, package.new_ids, package.removed_ids)`
Add unit tests 2020-06-29 23:19:23 -06:00
fix: type hinting fixes and additional code checks (#4790 ) 2025-07-01 15:20:55 +02:00			`@unittest.skipIf(rule_loader.RULES_CONFIG.bypass_version_lock, "Version lock bypassed")`
Add unit tests 2020-06-29 23:19:23 -06:00			`def test_rule_versioning(self):`
			`"""Test that all rules are properly versioned and tracked"""`
			`self.maxDiff = None`
[DaC] Beta Release (#3889 ) 2024-08-06 18:07:12 -04:00			`rules = self.rc`
Add unit tests 2020-06-29 23:19:23 -06:00			`original_hashes = []`

			`# test that no rules have versions defined`
			`for rule in rules:`
fix: type hinting fixes and additional code checks (#4790 ) 2025-07-01 15:20:55 +02:00			`self.assertGreaterEqual(rule.contents.autobumped_version, 1, "{} - {}: version is not being set in package")`
Bringing back "fix: Cleaning up the hashable content for the rule" (#4621 ) (#4668 ) 2025-04-28 18:29:55 +02:00			`original_hashes.append(rule.contents.get_hash())`
Add unit tests 2020-06-29 23:19:23 -06:00
fix: type hinting fixes and additional code checks (#4790 ) 2025-07-01 15:20:55 +02:00			`package = Package(rules, "test-package")`
Add unit tests 2020-06-29 23:19:23 -06:00
			`# test that all rules have versions defined`
			`for rule in package.rules:`
fix: type hinting fixes and additional code checks (#4790 ) 2025-07-01 15:20:55 +02:00			`self.assertGreaterEqual(rule.contents.autobumped_version, 1, "{} - {}: version is not being set in package")`
Add unit tests 2020-06-29 23:19:23 -06:00
			`# test that rules validate with version`
fix: type hinting fixes and additional code checks (#4790 ) 2025-07-01 15:20:55 +02:00
			`post_bump_hashes = [rule.contents.get_hash() for rule in package.rules]`
Add unit tests 2020-06-29 23:19:23 -06:00
			`# test that no hashes changed as a result of the version bumps`
fix: type hinting fixes and additional code checks (#4790 ) 2025-07-01 15:20:55 +02:00			`self.assertListEqual(original_hashes, post_bump_hashes, "Version bumping modified the hash of a rule")`
Add unit tests 2020-06-29 23:19:23 -06:00
Generate an integrations package from a release (#983 ) 2021-03-09 13:30:12 -09:00
			`class TestRegistryPackage(unittest.TestCase):`
			`"""Test the OOB registry package."""`

			`@classmethod`
			`def setUpClass(cls) -> None:`
fix: type hinting fixes and additional code checks (#4790 ) 2025-07-01 15:20:55 +02:00			`assert "registry_data" in package_configs, f"Missing registry_data in {PACKAGE_FILE}"`
			`cls.registry_config = package_configs["registry_data"]`
			`stack_version = Version.parse(`
			`cls.registry_config["conditions"]["kibana.version"].strip("^"), optional_minor_and_patch=True`
			`)`
[FR] Adjust Prebuilt Rules Packaging to Use Elastic Package v3 (#3252 ) 2023-11-01 12:47:40 -04:00			`if stack_version >= Version.parse("8.12.0"):`
			`RegistryPackageManifestV3.from_dict(cls.registry_config)`
			`else:`
			`RegistryPackageManifestV1.from_dict(cls.registry_config)`
Generate an integrations package from a release (#983 ) 2021-03-09 13:30:12 -09:00
			`def test_registry_package_config(self):`
			`"""Test that the registry package is validating properly."""`
			`registry_config = self.registry_config.copy()`
fix: type hinting fixes and additional code checks (#4790 ) 2025-07-01 15:20:55 +02:00			`registry_config["version"] += "7.1.1."`
Generate an integrations package from a release (#983 ) 2021-03-09 13:30:12 -09:00
			`with self.assertRaises(ValidationError):`
[FR] Adjust Prebuilt Rules Packaging to Use Elastic Package v3 (#3252 ) 2023-11-01 12:47:40 -04:00			`RegistryPackageManifestV1.from_dict(registry_config)`