Added test Case to check if Rule Type: BBR tag is present for all BBR rules
Added a separate test case in class TestRuleTags
How To Test
Local Testing identified few rules with missing tags
Unit Test Failure
=================================== FAILURES ===================================
__________________________ TestRuleTags.test_bbr_tags __________________________
self = <tests.test_all_rules.TestRuleTags testMethod=test_bbr_tags>
def test_bbr_tags(self):
"""Test that "Rule Type: BBR" tag is present for all BBR rules."""
invalid_bbr_rules = []
for rule in self.bbr:
if 'Rule Type: BBR' not in rule.contents.data.tags:
invalid_bbr_rules.append(self.rule_str(rule))
if invalid_bbr_rules:
error_rules = '\n'.join(invalid_bbr_rules)
> self.fail(f'The following building block rule(s) have missing tag: Rule Type: BBR:\n{error_rules}')
E AssertionError: The following building block rule(s) have missing tag: Rule Type: BBR:
E 3838e0e3-1850-4850-a411-2e8c5ba40ba8 - Network Connection via Certutil ->
E e28b8093-833b-4eda-b877-0873d134cf3c - Network Traffic Capture via CAP_NET_RAW ->
E cf575427-0839-4c69-a9e6-99fde02606f3 - Unusual Discovery Activity by User ->
E 1251b98a-ff45-11ee-89a1-f661ea17fbce - AWS Lambda Function Created or Updated ->
E 4aa58ac6-4dc0-4d18-b713-f58bf8bd015c - Potential Cross Site Scripting (XSS) ->
E 8e39f54e-910b-4adb-a87e-494fbba5fb65 - Potential Outgoing RDP Connection by Unusual Process ->
tests/test_all_rules.py:397: AssertionError
=========================== short test summary info ============================
FAILED tests/test_all_rules.py::TestRuleTags::test_bbr_tags - AssertionError:...
============================== 1 failed in 56.27s ==============================
Finished running tests!
Fixed Failing Rules with Tags, Test case passes
Unit Test Pass
Received JSON data in run script
Running pytest with args: ['-p', 'vscode_pytest', '--rootdir=/Users/shashankks/elastic_workspace/detection-rules', '/Users/shashankks/elastic_workspace/detection-rules/tests/test_all_rules.py::TestRuleTags::test_bbr_tags']
============================= test session starts ==============================
platform darwin -- Python 3.12.5, pytest-8.1.1, pluggy-1.4.0
rootdir: /Users/shashankks/elastic_workspace/detection-rules
configfile: pyproject.toml
plugins: typeguard-3.0.2
collected 1 item
tests/test_all_rules.py . [100%]
============================== 1 passed in 55.91s ==============================
Finished running tests!
[x] Added a label for the type of pr: bug, enhancement, schema, Rule: New, Rule: Deprecation, Rule: Tuning, Hunt: New, or Hunt: Tuning so guidelines can be generated
[x] Added the meta:rapid-merge label if planning to merge within 24 hours
[ ] Secret and sensitive material has been managed correctly
[ ] Automated testing was updated or added to match the most common scenarios
[ ] Documentation and comments were added for features that require explanation
Pull Request
Issue link(s): https://github.com/elastic/detection-rules/pull/new/issue-4045
Summary - What I changed
How To Test
Unit Test Failure
Unit Test Pass
Checklist
bug
,enhancement
,schema
,Rule: New
,Rule: Deprecation
,Rule: Tuning
,Hunt: New
, orHunt: Tuning
so guidelines can be generatedmeta:rapid-merge
label if planning to merge within 24 hoursContributor checklist