anti/DECNET
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(ttp): enable 6 xfail tests — evidence shape + tracing spans

Browse Source 
- test_evidence_shape.py: replace broken (command, BehavioralLifter)
  pairing with correct (http_fingerprint, HttpFingerprintLifter) case;
  expand _LIFTER_CASES to 5-tuples with per-lifter payloads and rule
  factories; wire StubRuleStore + _index.install() per lifter; remove
  xfail marker — all 4 parametrized cases now pass

- factory.py: add _span() helper gated on _telemetry._ENABLED; wrap
  each per-lifter dispatch in _tag_one() that opens a
  ttp.lifter.{name} child span per call

- http_fingerprint_lifter.py: add missing name = "http_fingerprint"

- test_tracing.py: replace pytest.fail() stubs in
  test_lifter_child_spans_emitted and test_no_pii_canary_in_span_attributes
  with real test bodies; remove xfail markers
This commit is contained in:
anti
2026-05-10 08:51:07 -04:00
parent c39b63a431
commit de3634d739
4 changed files with 196 additions and 52 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
decnet/ttp/impl/http_fingerprint_lifter.py
View File

@@ -106,6 +106,7 @@ _PREDICATES: Final[dict[str, Predicate]] = {
class HttpFingerprintLifter(TolerantTagger):
"""Tags HTTP-layer fingerprint events with MITRE ATT&CK techniques."""
name = "http_fingerprint"
HANDLES: frozenset[str] = frozenset({"http_fingerprint"})
def __init__(self, store: RuleStore) -> None: