Skip to content

test(exposure): cover shipped threat intel catalogs #14

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
vincent-peng wants to merge 1 commit into
base: main
Choose a base branch
from
Open

test(exposure): cover shipped threat intel catalogs #14

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -87,7 +87,7 @@ fixtures:

```sh
bumblebee selftest
# selftest OK (2 findings in 1ms)
# selftest OK (3 findings in 1ms)
```

The fixtures live inside the binary, use deliberately fake package
Expand Down
92 changes: 92 additions & 0 deletions internal/exposure/threat_intel_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,92 @@
package exposure

import (
"os"
"path/filepath"
"runtime"
"strings"
"testing"

"github.com/perplexityai/bumblebee/internal/model"
)

func TestShippedThreatIntelCatalogsLoad(t *testing.T) {
dir := shippedThreatIntelDir(t)
paths := shippedThreatIntelCatalogs(t, dir)

combined, err := Load(dir, 0)
if err != nil {
t.Fatalf("Load(threat_intel): %v", err)
}

totalEntries := 0
for _, path := range paths {
t.Run(filepath.Base(path), func(t *testing.T) {
cat, err := LoadFile(path, 0)
if err != nil {
t.Fatalf("LoadFile: %v", err)
}
if cat.SchemaVersion != model.SchemaVersion {
t.Fatalf("schema_version=%q, want %q", cat.SchemaVersion, model.SchemaVersion)
}
if cat.Len() == 0 {
t.Fatal("catalog has no entries")
}
for _, entry := range cat.Entries {
if !model.IsSupportedEcosystem(entry.Ecosystem) {
t.Fatalf("entry %s uses unsupported ecosystem %q", entry.ID, entry.Ecosystem)
}
}
totalEntries += cat.Len()
})
}

if combined.Len() != totalEntries {
t.Fatalf("combined catalog len=%d, want sum of shipped catalogs %d", combined.Len(), totalEntries)
}
}

func TestThreatIntelReadmeMentionsShippedCatalogs(t *testing.T) {
dir := shippedThreatIntelDir(t)
paths := shippedThreatIntelCatalogs(t, dir)

readmeBytes, err := os.ReadFile(filepath.Join(dir, "README.md"))
if err != nil {
t.Fatal(err)
}
readme := string(readmeBytes)

for _, path := range paths {
name := filepath.Base(path)
if !strings.Contains(readme, name) {
t.Fatalf("threat_intel/README.md does not mention %s", name)
}
}
}

func shippedThreatIntelCatalogs(t *testing.T, dir string) []string {
t.Helper()
paths, err := filepath.Glob(filepath.Join(dir, "*.json"))
if err != nil {
t.Fatal(err)
}
if len(paths) == 0 {
t.Fatal("no shipped threat_intel catalogs found")
}
return paths
}

func shippedThreatIntelDir(t *testing.T) string {
t.Helper()
_, file, _, ok := runtime.Caller(0)
if !ok {
t.Fatal("runtime.Caller failed")
}
dir := filepath.Clean(filepath.Join(filepath.Dir(file), "..", "..", "threat_intel"))
if info, err := os.Stat(dir); err != nil {
t.Fatalf("stat threat_intel dir: %v", err)
} else if !info.IsDir() {
t.Fatalf("threat_intel path is not a directory: %s", dir)
}
return dir
}