Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Test deprecated rule modification #3727

Merged
merged 42 commits into from
Jun 7, 2024
Merged

Test deprecated rule modification #3727

merged 42 commits into from
Jun 7, 2024

Conversation

shashank-elastic
Copy link
Contributor

@shashank-elastic shashank-elastic commented May 31, 2024
edited
Loading

Issues

Summary

  • Added a test case based on ideated solutions in the above issues
  • To handle usecase when a new rule is deprecated , these are ignored by '--diff-filter=M' where only modified files are considered

Code Changes

  • Checkout actions is pointed to latest V4, [code sanity to move to the latest version]
  • The fetch-depth:0 is added for the code to be able to point origin/main in diff check. This was a crucial change without which even if we were able to fetch the commit hash of origin/main with method, we received errors like fatal: bad object 856c6c5a1f40916d30be65af5def6e17b1c1a188 when trying to perform diff.

Testing

Testing Complete : Modified deprecated rules are being identified sample_run

@shashank-elastic shashank-elastic self-assigned this May 31, 2024
@botelastic botelastic bot added the Rule: Deprecation removal of a rule label May 31, 2024
@shashank-elastic shashank-elastic marked this pull request as draft May 31, 2024 13:18
@shashank-elastic shashank-elastic changed the title Testing Test deprecated rule modification May 31, 2024
@shashank-elastic
Copy link
Contributor Author

The local testing is failing approproatley

self = <tests.test_all_rules.TestDeprecatedRule testMethod=test_deprecated_rule_modified>

    def test_deprecated_rule_modified(self):
        """Test to ensure deprecated rules are not modified."""
    
        # Iterate over all the files in the deprecated rules directory
        for rule in self.deprecated_rules:
            # Use git diff to check if the file has changed
            result = subprocess.run(['git', 'diff', 'main', '--name-only', rule.path], stdout=subprocess.PIPE)
    
            # If the output is not empty, the file has changed
            if result.stdout:
>               self.fail(f"Deprecated rule {rule.path} has been modified.")
E               AssertionError: Deprecated rule /Users/shashankks/elastic_workspace/detection-rules/rules/_deprecated/command_and_control_connection_attempt_by_non_ssh_root_session.toml has been modified.

tests/test_all_rules.py:1302: AssertionError

Unsure why the Unit Test in workflow is passing, this is being checked.

@shashank-elastic
Copy link
Contributor Author

shashank-elastic commented May 31, 2024
edited
Loading

The Workflow of Unit Test checkout on this commits

  HEAD is now at 8264255 Merge 157c8b5c8b311f8a96d6b32d1d12363d0e143c33 into 418a95205e551fb77dffcb5216b4d69048ba75c6
/usr/bin/git log -1 --format='%H'
'826425530a7f36261afd928399c56d3d65eceefd'

This has the latest changes for the test and the modified deprecated rules.

The unit test picks up the new test case test_deprecated_rules_modified

But it does not pick up the modified files changes, the argument and rule path is completely as expected. and this that path there should be this changed files as expected.

FAILED tests/test_all_rules.py::TestRuleMetadata::test_deprecated_rules_modified - AssertionError: No deprecated rules have been modified  with command args: ['/usr/bin/git', 'diff', '--diff-filter=M', 'origin/main', '--name-only', PosixPath('/home/runner/work/detection-rules/detection-rules/rules/_deprecated')]```

But locally the test asserts failures as expected.


>           self.fail(f"Deprecated rules {result.stdout} has been modified with command args: {result.args}")
E           AssertionError: Deprecated rules rules/_deprecated/apm_null_user_agent.toml
E           rules/_deprecated/command_and_control_connection_attempt_by_non_ssh_root_session.toml
E            has been modified with command args: ['/usr/bin/git', 'diff', '--diff-filter=M', 'origin/main', '--name-only', PosixPath('/Users/shashankks/elastic_workspace/detection-rules/rules/_deprecated')]

tests/test_all_rules.py:641: AssertionError

The PR will be for review since tests are passing locally, but the failures in the Github workflow is like wierd!

@shashank-elastic shashank-elastic marked this pull request as ready for review May 31, 2024 18:33
eric-forte-elastic
eric-forte-elastic approved these changes Jun 5, 2024
View reviewed changes
Copy link
Contributor

@eric-forte-elastic eric-forte-elastic left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🟢 Manual review, looks good to me! 👍

@Mikaayenson Mikaayenson added enhancement New feature or request python Internal python for the repository and removed Rule: Deprecation removal of a rule labels Jun 7, 2024
@shashank-elastic shashank-elastic requested a review from traut June 7, 2024 12:00
@shashank-elastic shashank-elastic mentioned this pull request Jun 7, 2024
Merged
@shashank-elastic shashank-elastic requested a review from traut June 7, 2024 12:27
traut
traut approved these changes Jun 7, 2024
View reviewed changes
Copy link
Contributor

@traut traut left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🔥

@shashank-elastic shashank-elastic linked an issue Jun 7, 2024 that may be closed by this pull request
[FR] Unit Test for Backporting Deprecated Rule Changes #2532
Closed
@shashank-elastic shashank-elastic merged commit f9b3534 into main Jun 7, 2024
9 checks passed
@shashank-elastic shashank-elastic deleted the issue-2532 branch June 7, 2024 13:54
protectionsmachine pushed a commit that referenced this pull request Jun 7, 2024
@shashank-elastic @github-actions
Test deprecated rule modification (#3727)
090623e 
(cherry picked from commit f9b3534)
protectionsmachine pushed a commit that referenced this pull request Jun 7, 2024
@shashank-elastic @github-actions
Test deprecated rule modification (#3727)
9b3c61c 
(cherry picked from commit f9b3534)
protectionsmachine pushed a commit that referenced this pull request Jun 7, 2024
@shashank-elastic @github-actions
Test deprecated rule modification (#3727)
dbfdb7f 
(cherry picked from commit f9b3534)
protectionsmachine pushed a commit that referenced this pull request Jun 7, 2024
@shashank-elastic @github-actions
Test deprecated rule modification (#3727)
fe7bca4 
(cherry picked from commit f9b3534)
protectionsmachine pushed a commit that referenced this pull request Jun 7, 2024
@shashank-elastic @github-actions
Test deprecated rule modification (#3727)
0ec6942 
(cherry picked from commit f9b3534)
protectionsmachine pushed a commit that referenced this pull request Jun 7, 2024
@shashank-elastic @github-actions
Test deprecated rule modification (#3727)
fb42559 
(cherry picked from commit f9b3534)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@traut traut traut approved these changes

@eric-forte-elastic eric-forte-elastic eric-forte-elastic approved these changes

@brokensound77 brokensound77 Awaiting requested review from brokensound77

@Mikaayenson Mikaayenson Awaiting requested review from Mikaayenson Mikaayenson is a code owner

@terrancedejesus terrancedejesus Awaiting requested review from terrancedejesus terrancedejesus is a code owner

Assignees

@shashank-elastic shashank-elastic

Labels
backport: auto enhancement New feature or request python Internal python for the repository
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[FR] Unit Test for Backporting Deprecated Rule Changes
4 participants
@shashank-elastic @traut @eric-forte-elastic @Mikaayenson