Sergey Polzunov
1fb60d6475
* first pass * Adding a dedicated code checking workflow * Type fixes * linting config and python version bump * Type hints * Drop incorrect config option * More fixes * Style fixes * CI adjustments * Pyproject fixes * CI & pyproject fixes * Proper version bump * Tests formatting * Resolve cirtular dependency * Test fixes * Make sure the tests are formatted correctly * Check tweaks * Bumping python version in CI images * Pin marshmallow do 3.x because 4.x is not supported * License fix * Convert path to str * Making myself a codeowner * Missing kwargs param * Adding a missing kwargs to `set_score` * Update .github/CODEOWNERS Co-authored-by: Mika Ayenson, PhD <Mikaayenson@users.noreply.github.com> * Dropping unnecessary raise * Dropping skipped test * Drop unnecessary var * Drop unused commented-out func * Disable typehinting for the whole func * Update linting command * Invalid type hist on the input param * Incorrect field type * Incorrect value used fix * Stricter values check * Simpler function call * Type condition fix * TOML formatter fix * Simpligy output conditions * Formatting * Use proper types instead of aliases * MITRE attack fixes * Using pathlib.Path for an argument * Use proper method to update a set from a dict * First round of `ruff` fixes * More fixes * More fixes * Hack against cyclic dependency * Ignore `PLC0415` * Remove unused markers * Cleanup * Fixing the incorrect condition * Update .github/CODEOWNERS Co-authored-by: Mika Ayenson, PhD <Mikaayenson@users.noreply.github.com> * Set explicit default values for optional fields * Update the guidelines * Adding None Defaults --------- Co-authored-by: Mika Ayenson, PhD <Mikaayenson@users.noreply.github.com> Co-authored-by: eric-forte-elastic <eric.forte@elastic.co>
40 lines
1.8 KiB
Python
40 lines
1.8 KiB
Python
# Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
|
|
# or more contributor license agreements. Licensed under the Elastic License
|
|
# 2.0; you may not use this file except in compliance with the Elastic License
|
|
# 2.0.
|
|
|
|
"""Test version locking of rules."""
|
|
|
|
import unittest
|
|
|
|
from semver import Version
|
|
|
|
from detection_rules.schemas import get_min_supported_stack_version
|
|
from detection_rules.version_lock import RULES_CONFIG, loaded_version_lock
|
|
|
|
|
|
class TestVersionLock(unittest.TestCase):
|
|
"""Test version locking."""
|
|
|
|
@unittest.skipIf(RULES_CONFIG.bypass_version_lock, "Version lock bypassed")
|
|
def test_previous_entries_gte_current_min_stack(self):
|
|
"""Test that all previous entries for all locks in the version lock are >= the current min_stack."""
|
|
errors = {}
|
|
min_version = get_min_supported_stack_version()
|
|
for rule_id, lock in loaded_version_lock.version_lock.to_dict().items():
|
|
if "previous" in lock:
|
|
prev_vers = [Version.parse(v, optional_minor_and_patch=True) for v in list(lock["previous"])]
|
|
outdated = [f"{v.major}.{v.minor}" for v in prev_vers if v < min_version]
|
|
if outdated:
|
|
errors[rule_id] = outdated
|
|
|
|
# This should only ever happen when bumping the backport matrix support up, which is based on the
|
|
# stack-schema-map
|
|
if errors:
|
|
err_str = "\n".join(f"{k}: {', '.join(v)}" for k, v in errors.items())
|
|
self.fail(
|
|
f"The following version.lock entries have previous locked versions which are lower than the "
|
|
f"currently supported min_stack ({min_version}). To address this, run the "
|
|
f"`dev trim-version-lock {min_version}` command.\n\n{err_str}"
|
|
)
|