security-tools/sigma-rules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Test deprecated rule modification (#3727)

Browse Source 
(cherry picked from commit f9b3534cdd)
This commit is contained in:
shashank-elastic
2024-06-07 19:24:36 +05:30
committed by github-actions[bot]
parent 4077572a3b
commit dbfdb7f804
2 changed files with 22 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.github/workflows/pythonpackage.yml
+8 -2
View File
@@ -12,8 +12,14 @@ jobs:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- uses: actions/checkout@v4
with:
fetch-depth: 1
- name: Fetch main branch
run: |
git fetch origin main:refs/remotes/origin/main
- name: Set up Python 3.12
uses: actions/setup-python@v5
with:
tests/test_all_rules.py
+14 -1
View File
@@ -29,7 +29,7 @@ from detection_rules.rule import (AlertSuppressionMapping, QueryRuleData, QueryV
from detection_rules.rule_loader import FILE_PATTERN
from detection_rules.rule_validators import EQLValidator, KQLValidator
from detection_rules.schemas import definitions, get_min_supported_stack_version, get_stack_schemas
from detection_rules.utils import INTEGRATION_RULE_DIR, PatchedTemplate, get_path, load_etc_dump
from detection_rules.utils import INTEGRATION_RULE_DIR, PatchedTemplate, get_path, load_etc_dump, make_git
from detection_rules.version_lock import default_version_lock
from rta import get_available_tests
@@ -626,6 +626,19 @@ class TestRuleMetadata(BaseRuleTest):
rule_str = f'{rule_id} - {entry["rule_name"]} ->'
self.assertIn(rule_id, deprecated_rules, f'{rule_str} is logged in "deprecated_rules.json" but is missing')
def test_deprecated_rules_modified(self):
"""Test to ensure deprecated rules are not modified."""
rules_path = get_path("rules", "_deprecated")
# Use git diff to check if the file(s) has been modified in rules/_deprecated directory
detection_rules_git = make_git()
result = detection_rules_git("diff", "--diff-filter=M", "origin/main", "--name-only", rules_path)
# If the output is not empty, then file(s) have changed in the directory
if result:
self.fail(f"Deprecated rules {result} has been modified")
@unittest.skipIf(PACKAGE_STACK_VERSION < Version.parse("8.3.0"),
"Test only applicable to 8.3+ stacks regarding related integrations build time field.")
def test_integration_tag(self):