Add a re-usable function for asserting that the outputs defined in a SOAR app.json are present in the results.data key returned by a SOAR action

[edthedev]

Context

We currently manually assert that data outputs declared in app.json are populated correctly after running a test. Since the expected fields are encoded in the JSON data, it should be possible to write a helper method that, given the name of the function being tested, reads app.json and verifies that the resulting data dictionary contains the expected 'data' keys.

Changes such as https://github.com/techservicesillinois/secops-soar-tdx/pull/101 would benefit from this helper.

Tasks

• [ ] add a function that, given a handle_X function name, and the path to app.json, parses app.json and returns a list of expected output keys in the 'data' dictionary
• [ ] add unit test(s) for this new function here
• [ ] add a test somewhere that uses this new helper ( one of our SOAR apps, or our template repository )
• [ ] add example code or links to examples to README or CONTRIBUTING in this repository, that show how to use this helper

[edthedev]

Here's an AI-assisted first pass. Looks like not a terrible place to start:

import json

def verify_data_keys_with_data_path(app_json_path, function_name):
    """
    Verifies that the resulting data dictionary for a given function contains
    the expected 'data' keys based on the specified 'data_path' in the 'output'
    section of app.json.

    Args:
        app_json_path (str): Path to the app.json file.
        function_name (str): Name of the function being tested.

    Returns:
        bool: True if the data keys match the expected keys, False otherwise.
    """
    try:
        with open(app_json_path, 'r') as app_json_file:
            app_data = json.load(app_json_file)

        # Assuming each function has an entry in the 'actions' section of app.json
        if 'actions' in app_data:
            function_data = app_data['actions'].get(function_name)
            if function_data:
                expected_data_path = function_data.get('output', [{}])[0].get('data_path')
                actual_data_keys = set(function_data.get('data', {}).keys())

                # Check if the expected data path exists in the actual output
                if expected_data_path and expected_data_path in actual_data_keys:
                    return True
                else:
                    print(f"Expected data path '{expected_data_path}' not found in actual output.")
                    return False
            else:
                print(f"Function '{function_name}' not found in app.json.")
                return False
        else:
            print("No 'actions' section found in app.json.")
            return False
    except FileNotFoundError:
        print(f"File '{app_json_path}' not found.")
        return False

# Example usage
app_json_path = 'path/to/app.json'
function_name_to_test = 'create_ticket'
result = verify_data_keys_with_data_path(app_json_path, function_name_to_test)

if result:
    print(f"Data path for '{function_name_to_test}' exists in the actual output.")
else:
    print(f"Data path for '{function_name_to_test}' does not exist in the actual output.")

[edthedev]

JSON content turned out to be completely unrelated to our issue. We could revisit this, if needed, later.