Added unit test (#3038)

* Added unit test * removed print from unit test * fixed linting * Updated to put validation in init * Updated for cleanliness * removed Literal import
2023-09-05 15:27:04 -04:00
parent 4233fef238
commit 34ebcec679
1 changed files with 16 additions and 6 deletions
@@ -11,8 +11,9 @@ from typing import Dict, List, Optional

 from . import common

+# Definitions
 CURRENT_DIR = Path(__file__).resolve().parent
-
+RULE_META_KEYS = ["rule_id", "rule_name"]

@dataclass
 class RtaMetadata:
@@ -20,27 +21,36 @@ class RtaMetadata:

    uuid: str
    platforms: List[str]
-
    path: Path = field(init=False)
    name: str = field(init=False)
-    endpoint: Optional[List[dict]] = None
-    siem: Optional[List[dict]] = None
+    endpoint: Optional[List[Dict[str, str]]] = None
+    siem: Optional[List[Dict[str, str]]] = None
    techniques: Optional[List[str]] = None

    def __post_init__(self):
        """Set the path and name based on the callee and check for platforms."""

-        # set the path of the callee
+        # Set the path of the callee
        for frame in inspect.stack():
            self.path = Path(frame.filename)
            self.name = self.path.name
            if frame.function == "<module>" and valid_rta_file(self.path):
                break

-        # check for valid platforms
+        # Check for valid platforms
        if not self.platforms and (self.endpoint or self.siem):
            raise ValueError(f"RTA {self.name} has no platforms specified but has rule info provided.")

+        # Check for valid rule metadata
+        self._validate_rule_metadata(self.endpoint, "endpoint")
+        self._validate_rule_metadata(self.siem, "siem")
+
+    def _validate_rule_metadata(self, rules: Optional[List[Dict[str, str]]], field_name: str):
+        """Check for valid rule metadata"""
+        if rules:
+            for rule in rules:
+                if sorted(rule.keys()) != RULE_META_KEYS:
+                    raise ValueError(f"RTA {self.name} has invalid {field_name} field in metadata.")

 def valid_rta_file(file_path: str) -> bool:
    return file_path.stem not in ["init", "common", "main"] and not file_path.name.startswith("_")