rspec/rspec-tools/tests/validation/test_metadata_validation.py

from pathlib import Path

from unittest.mock import patch, PropertyMock
import pytest
from rspec_tools.errors import RuleValidationError
from copy import deepcopy

from rspec_tools.rules import LanguageSpecificRule, RulesRepository
from rspec_tools.validation.metadata import validate_rule_specialization_metadata, validate_rule_metadata

@pytest.fixture
def rule_language(mockrules: Path):
  rule = RulesRepository(rules_path=mockrules).get_rule('S100')
  return rule.get_language('kotlin')


@pytest.fixture
def invalid_rules():
  invalid_rules_path = Path(__file__).parent.parent.joinpath('resources', 'invalid-rules')
  return RulesRepository(rules_path=invalid_rules_path)


def test_valid_metadata_passes_validation(rule_language: LanguageSpecificRule):
  '''Check that language metadata are correctly overridden.'''
  validate_rule_specialization_metadata(rule_language)


@patch('rspec_tools.validation.metadata.RULES_WITH_NO_LANGUAGES', [])
def test_rule_with_no_language(invalid_rules: RulesRepository):
  s501 = invalid_rules.get_rule('S501')
  with pytest.raises(RuleValidationError, match=fr'^Rule S501 has no language-specific data'):
    validate_rule_metadata(s501)


@patch('rspec_tools.validation.metadata.RULES_WITH_NO_LANGUAGES', ['S501'])
def test_rule_with_no_language_in_exception_list(invalid_rules: RulesRepository):
  s501 = invalid_rules.get_rule('S501')
  validate_rule_metadata(s501)
  with patch.dict(s501.generic_metadata, [('status', 'deprecated')]):
    validate_rule_metadata(s501)


@patch('rspec_tools.validation.metadata.RULES_WITH_NO_LANGUAGES', ['S501'])
def test_open_rule_with_no_language_in_exception_list(invalid_rules: RulesRepository):
  s501 = invalid_rules.get_rule('S501')
  with pytest.raises(RuleValidationError, match=fr'^Rule S501 should be closed or deprecated'):
    with patch.dict(s501.generic_metadata, [('status', 'ready')]):
      validate_rule_metadata(s501)


@patch('rspec_tools.validation.metadata.RULES_WITH_NO_LANGUAGES', ['S120'])
def test_rule_expected_to_have_no_language(mockrules: Path):
  valid_rule = RulesRepository(rules_path=mockrules).get_rule('S120')
  with pytest.raises(RuleValidationError, match=fr'^Rule S120 should have no specializations'):
    validate_rule_metadata(valid_rule)


@patch('rspec_tools.validation.metadata.RULES_WITH_NO_LANGUAGES', [])
def test_rule_with_invalid_language(invalid_rules: RulesRepository):
  s502 = invalid_rules.get_rule('S502')
  with pytest.raises(RuleValidationError, match=fr'^Rule S502 failed validation for these reasons:\n - Rule scala:S502 has invalid metadata'):
    validate_rule_metadata(s502)


def test_rule_that_is_fully_valid(mockrules: Path):
  valid_rule = RulesRepository(rules_path=mockrules).get_rule('S120')
  validate_rule_metadata(valid_rule)


def test_missing_required_property_fails_validation(rule_language: LanguageSpecificRule):
  invalid_metadata = deepcopy(rule_language.metadata)
  del invalid_metadata['title']
  with pytest.raises(RuleValidationError, match=fr'^Rule {rule_language.id} has invalid metadata'):
    with patch.object(LanguageSpecificRule, 'metadata', new_callable=PropertyMock) as mock:
      mock.return_value = invalid_metadata
      validate_rule_specialization_metadata(rule_language)


def test_invalid_remediation_fails_validation(rule_language: LanguageSpecificRule):
  invalid_metadata = deepcopy(rule_language.metadata)
  invalid_metadata['remediation']["func"] = 42
  with pytest.raises(RuleValidationError, match=fr'^Rule {rule_language.id} has invalid metadata'):
    with patch.object(LanguageSpecificRule, 'metadata', new_callable=PropertyMock) as mock:
      mock.return_value = invalid_metadata
      validate_rule_specialization_metadata(rule_language)


def test_adding_properties_fails_validation(rule_language: LanguageSpecificRule):
  metadata = deepcopy(rule_language.metadata)
  metadata['unknown'] = 42
  with pytest.raises(RuleValidationError, match=fr'^Rule {rule_language.id} has invalid metadata'):
    with patch.object(LanguageSpecificRule, 'metadata', new_callable=PropertyMock) as mock:
      mock.return_value = metadata
      validate_rule_specialization_metadata(rule_language)


def test_ready_rule_with_replacement_fails_validation(rule_language: LanguageSpecificRule):
  invalid_metadata = deepcopy(rule_language.metadata)
  invalid_metadata['extra'] = { 'replacementRules': [ 'RSPEC-1234', 'RSPEC-5678' ]}
  with pytest.raises(RuleValidationError, match=fr'^Rule {rule_language.id} has invalid metadata: status'):
    with patch.object(LanguageSpecificRule, 'metadata', new_callable=PropertyMock) as mock:
      mock.return_value = invalid_metadata
      validate_rule_specialization_metadata(rule_language)


def test_deprecated_rule_with_replacement_passes_validation(rule_language: LanguageSpecificRule):
  metadata = deepcopy(rule_language.metadata)
  metadata['extra'] = { 'replacementRules': [ 'RSPEC-1234' ]}
  metadata['status'] = 'deprecated'
  with patch.object(LanguageSpecificRule, 'metadata', new_callable=PropertyMock) as mock:
    mock.return_value = metadata
    validate_rule_specialization_metadata(rule_language)


def test_rule_with_incomplete_list_of_security_standard_fails_validation(rule_language: LanguageSpecificRule):
  invalid_metadata = deepcopy(rule_language.metadata)
  # "OWASP Top 10 2021", defined in the generic metadata is missing
  invalid_metadata['securityStandards'] = {'ASVS 4': [], 'OWASP': [], 'CERT': []}
  with pytest.raises(RuleValidationError, match=fr'^Rule {rule_language.id} has invalid metadata: securityStandard'):
    with patch.object(LanguageSpecificRule, 'metadata', new_callable=PropertyMock) as mock:
      mock.return_value = invalid_metadata
      validate_rule_specialization_metadata(rule_language)


def test_rule_with_complete_list_of_security_standard_passes_validation(rule_language: LanguageSpecificRule):
  metadata = deepcopy(rule_language.metadata)
  metadata['securityStandards'] = {'ASVS 4': [], 'OWASP': [], "OWASP Top 10 2021": []}
  with patch.object(LanguageSpecificRule, 'metadata', new_callable=PropertyMock) as mock:
    mock.return_value = metadata
    validate_rule_specialization_metadata(rule_language)
Improve rules' metadata.json validation 2021-02-23 20:41:11 +01:00			`from pathlib import Path`

			`from unittest.mock import patch, PropertyMock`
			`import pytest`
			`from rspec_tools.errors import RuleValidationError`
			`from copy import deepcopy`

			`from rspec_tools.rules import LanguageSpecificRule, RulesRepository`
RULEAPI-682: Index multiple types and rules with no languages * Generate description and metadata for rules with no language, so that they get indexed. * Index rules with different types in language specializations. * Improve validation to reject new rules with no language specialization (i.e. only a predefined set of such rules is allowed because they were imported from Jira and kept for historical purposes). * Write smaller JSON files, reduce their size by 30%. * Improve test coverage of CLI application. 2022-01-28 09:51:13 +01:00			`from rspec_tools.validation.metadata import validate_rule_specialization_metadata, validate_rule_metadata`
Improve rules' metadata.json validation 2021-02-23 20:41:11 +01:00
			`@pytest.fixture`
			`def rule_language(mockrules: Path):`
RULEAPI-682: Index multiple types and rules with no languages * Generate description and metadata for rules with no language, so that they get indexed. * Index rules with different types in language specializations. * Improve validation to reject new rules with no language specialization (i.e. only a predefined set of such rules is allowed because they were imported from Jira and kept for historical purposes). * Write smaller JSON files, reduce their size by 30%. * Improve test coverage of CLI application. 2022-01-28 09:51:13 +01:00			`rule = RulesRepository(rules_path=mockrules).get_rule('S100')`
			`return rule.get_language('kotlin')`


			`@pytest.fixture`
			`def invalid_rules():`
			`invalid_rules_path = Path(__file__).parent.parent.joinpath('resources', 'invalid-rules')`
			`return RulesRepository(rules_path=invalid_rules_path)`

Improve rules' metadata.json validation 2021-02-23 20:41:11 +01:00
			`def test_valid_metadata_passes_validation(rule_language: LanguageSpecificRule):`
RULEAPI-682: Index multiple types and rules with no languages * Generate description and metadata for rules with no language, so that they get indexed. * Index rules with different types in language specializations. * Improve validation to reject new rules with no language specialization (i.e. only a predefined set of such rules is allowed because they were imported from Jira and kept for historical purposes). * Write smaller JSON files, reduce their size by 30%. * Improve test coverage of CLI application. 2022-01-28 09:51:13 +01:00			`'''Check that language metadata are correctly overridden.'''`
			`validate_rule_specialization_metadata(rule_language)`


			`@patch('rspec_tools.validation.metadata.RULES_WITH_NO_LANGUAGES', [])`
			`def test_rule_with_no_language(invalid_rules: RulesRepository):`
			`s501 = invalid_rules.get_rule('S501')`
			`with pytest.raises(RuleValidationError, match=fr'^Rule S501 has no language-specific data'):`
			`validate_rule_metadata(s501)`


			`@patch('rspec_tools.validation.metadata.RULES_WITH_NO_LANGUAGES', ['S501'])`
			`def test_rule_with_no_language_in_exception_list(invalid_rules: RulesRepository):`
			`s501 = invalid_rules.get_rule('S501')`
			`validate_rule_metadata(s501)`
			`with patch.dict(s501.generic_metadata, [('status', 'deprecated')]):`
			`validate_rule_metadata(s501)`


			`@patch('rspec_tools.validation.metadata.RULES_WITH_NO_LANGUAGES', ['S501'])`
			`def test_open_rule_with_no_language_in_exception_list(invalid_rules: RulesRepository):`
			`s501 = invalid_rules.get_rule('S501')`
			`with pytest.raises(RuleValidationError, match=fr'^Rule S501 should be closed or deprecated'):`
			`with patch.dict(s501.generic_metadata, [('status', 'ready')]):`
			`validate_rule_metadata(s501)`


			`@patch('rspec_tools.validation.metadata.RULES_WITH_NO_LANGUAGES', ['S120'])`
			`def test_rule_expected_to_have_no_language(mockrules: Path):`
			`valid_rule = RulesRepository(rules_path=mockrules).get_rule('S120')`
			`with pytest.raises(RuleValidationError, match=fr'^Rule S120 should have no specializations'):`
			`validate_rule_metadata(valid_rule)`


			`@patch('rspec_tools.validation.metadata.RULES_WITH_NO_LANGUAGES', [])`
			`def test_rule_with_invalid_language(invalid_rules: RulesRepository):`
			`s502 = invalid_rules.get_rule('S502')`
			`with pytest.raises(RuleValidationError, match=fr'^Rule S502 failed validation for these reasons:\n - Rule scala:S502 has invalid metadata'):`
			`validate_rule_metadata(s502)`


			`def test_rule_that_is_fully_valid(mockrules: Path):`
			`valid_rule = RulesRepository(rules_path=mockrules).get_rule('S120')`
			`validate_rule_metadata(valid_rule)`
Improve rules' metadata.json validation 2021-02-23 20:41:11 +01:00

			`def test_missing_required_property_fails_validation(rule_language: LanguageSpecificRule):`
			`invalid_metadata = deepcopy(rule_language.metadata)`
			`del invalid_metadata['title']`
			`with pytest.raises(RuleValidationError, match=fr'^Rule {rule_language.id} has invalid metadata'):`
			`with patch.object(LanguageSpecificRule, 'metadata', new_callable=PropertyMock) as mock:`
			`mock.return_value = invalid_metadata`
RULEAPI-682: Index multiple types and rules with no languages * Generate description and metadata for rules with no language, so that they get indexed. * Index rules with different types in language specializations. * Improve validation to reject new rules with no language specialization (i.e. only a predefined set of such rules is allowed because they were imported from Jira and kept for historical purposes). * Write smaller JSON files, reduce their size by 30%. * Improve test coverage of CLI application. 2022-01-28 09:51:13 +01:00			`validate_rule_specialization_metadata(rule_language)`
Improve rules' metadata.json validation 2021-02-23 20:41:11 +01:00

			`def test_invalid_remediation_fails_validation(rule_language: LanguageSpecificRule):`
			`invalid_metadata = deepcopy(rule_language.metadata)`
			`invalid_metadata['remediation']["func"] = 42`
			`with pytest.raises(RuleValidationError, match=fr'^Rule {rule_language.id} has invalid metadata'):`
			`with patch.object(LanguageSpecificRule, 'metadata', new_callable=PropertyMock) as mock:`
			`mock.return_value = invalid_metadata`
RULEAPI-682: Index multiple types and rules with no languages * Generate description and metadata for rules with no language, so that they get indexed. * Index rules with different types in language specializations. * Improve validation to reject new rules with no language specialization (i.e. only a predefined set of such rules is allowed because they were imported from Jira and kept for historical purposes). * Write smaller JSON files, reduce their size by 30%. * Improve test coverage of CLI application. 2022-01-28 09:51:13 +01:00			`validate_rule_specialization_metadata(rule_language)`
Improve rules' metadata.json validation 2021-02-23 20:41:11 +01:00

RULEAPI-654: Clarify the rule creation process (#115) 2021-06-11 07:58:58 +02:00			`def test_adding_properties_fails_validation(rule_language: LanguageSpecificRule):`
Improve rules' metadata.json validation 2021-02-23 20:41:11 +01:00			`metadata = deepcopy(rule_language.metadata)`
			`metadata['unknown'] = 42`
RULEAPI-654: Clarify the rule creation process (#115) 2021-06-11 07:58:58 +02:00			`with pytest.raises(RuleValidationError, match=fr'^Rule {rule_language.id} has invalid metadata'):`
			`with patch.object(LanguageSpecificRule, 'metadata', new_callable=PropertyMock) as mock:`
			`mock.return_value = metadata`
RULEAPI-682: Index multiple types and rules with no languages * Generate description and metadata for rules with no language, so that they get indexed. * Index rules with different types in language specializations. * Improve validation to reject new rules with no language specialization (i.e. only a predefined set of such rules is allowed because they were imported from Jira and kept for historical purposes). * Write smaller JSON files, reduce their size by 30%. * Improve test coverage of CLI application. 2022-01-28 09:51:13 +01:00			`validate_rule_specialization_metadata(rule_language)`
RULEAPI-603 Fail ci metadata check if rule with replacement has 'ready' status (#398) 2021-09-30 11:45:09 +02:00

			`def test_ready_rule_with_replacement_fails_validation(rule_language: LanguageSpecificRule):`
			`invalid_metadata = deepcopy(rule_language.metadata)`
			`invalid_metadata['extra'] = { 'replacementRules': [ 'RSPEC-1234', 'RSPEC-5678' ]}`
			`with pytest.raises(RuleValidationError, match=fr'^Rule {rule_language.id} has invalid metadata: status'):`
			`with patch.object(LanguageSpecificRule, 'metadata', new_callable=PropertyMock) as mock:`
			`mock.return_value = invalid_metadata`
RULEAPI-682: Index multiple types and rules with no languages * Generate description and metadata for rules with no language, so that they get indexed. * Index rules with different types in language specializations. * Improve validation to reject new rules with no language specialization (i.e. only a predefined set of such rules is allowed because they were imported from Jira and kept for historical purposes). * Write smaller JSON files, reduce their size by 30%. * Improve test coverage of CLI application. 2022-01-28 09:51:13 +01:00			`validate_rule_specialization_metadata(rule_language)`
RULEAPI-603 Fail ci metadata check if rule with replacement has 'ready' status (#398) 2021-09-30 11:45:09 +02:00

			`def test_deprecated_rule_with_replacement_passes_validation(rule_language: LanguageSpecificRule):`
			`metadata = deepcopy(rule_language.metadata)`
			`metadata['extra'] = { 'replacementRules': [ 'RSPEC-1234' ]}`
			`metadata['status'] = 'deprecated'`
			`with patch.object(LanguageSpecificRule, 'metadata', new_callable=PropertyMock) as mock:`
			`mock.return_value = metadata`
RULEAPI-682: Index multiple types and rules with no languages * Generate description and metadata for rules with no language, so that they get indexed. * Index rules with different types in language specializations. * Improve validation to reject new rules with no language specialization (i.e. only a predefined set of such rules is allowed because they were imported from Jira and kept for historical purposes). * Write smaller JSON files, reduce their size by 30%. * Improve test coverage of CLI application. 2022-01-28 09:51:13 +01:00			`validate_rule_specialization_metadata(rule_language)`
RULEAPI-710: Validate that security-standards are not shadowed 2021-10-29 18:55:50 +02:00

			`def test_rule_with_incomplete_list_of_security_standard_fails_validation(rule_language: LanguageSpecificRule):`
			`invalid_metadata = deepcopy(rule_language.metadata)`
			`# "OWASP Top 10 2021", defined in the generic metadata is missing`
			`invalid_metadata['securityStandards'] = {'ASVS 4': [], 'OWASP': [], 'CERT': []}`
			`with pytest.raises(RuleValidationError, match=fr'^Rule {rule_language.id} has invalid metadata: securityStandard'):`
			`with patch.object(LanguageSpecificRule, 'metadata', new_callable=PropertyMock) as mock:`
			`mock.return_value = invalid_metadata`
RULEAPI-682: Index multiple types and rules with no languages * Generate description and metadata for rules with no language, so that they get indexed. * Index rules with different types in language specializations. * Improve validation to reject new rules with no language specialization (i.e. only a predefined set of such rules is allowed because they were imported from Jira and kept for historical purposes). * Write smaller JSON files, reduce their size by 30%. * Improve test coverage of CLI application. 2022-01-28 09:51:13 +01:00			`validate_rule_specialization_metadata(rule_language)`
RULEAPI-710: Validate that security-standards are not shadowed 2021-10-29 18:55:50 +02:00

			`def test_rule_with_complete_list_of_security_standard_passes_validation(rule_language: LanguageSpecificRule):`
			`metadata = deepcopy(rule_language.metadata)`
			`metadata['securityStandards'] = {'ASVS 4': [], 'OWASP': [], "OWASP Top 10 2021": []}`
			`with patch.object(LanguageSpecificRule, 'metadata', new_callable=PropertyMock) as mock:`
			`mock.return_value = metadata`
Enable rules removal: do not validate deleted rules 2022-03-08 04:26:53 -08:00			`validate_rule_specialization_metadata(rule_language)`