anti
f2b3393669
Replaces LICENSE (GPLv3 -> AGPLv3) and prepends `SPDX-License-Identifier: AGPL-3.0-or-later` to every source file across decnet/, decnet_web/, tests/, scripts/, and tools/. Rationale: closes the GPLv3 ASP loophole so any party operating a modified DECNET as a network service must offer their modified source. Personal copyright (Samuel Paschuan) + inbound=outbound contributions make a future unilateral relicense infeasible. - LICENSE: full AGPL-3.0 text (gnu.org/licenses/agpl-3.0.txt) - COPYRIGHT: project copyright notice - tools/add_spdx_headers.py: idempotent header injector (shebang- and PEP 263-aware) Touches 1565 source files (.py, .ts, .tsx, .js, .jsx, .css, .sh). No behavior change; comments only.
109 lines
3.6 KiB
Python
109 lines
3.6 KiB
Python
# SPDX-License-Identifier: AGPL-3.0-or-later
|
|
"""Router-level coverage for GET /api/v1/ttp/techniques/{tid}/groups.
|
|
|
|
Calls the handler directly (no TestClient) — the auth dependency is
|
|
satisfied by passing a fake user dict. The handler delegates almost
|
|
everything to ``attack_stix.groups_using_technique``, which has its
|
|
own coverage in ``test_attack_url.py``; the focus here is the 404
|
|
path and the empty-list-on-zero-groups behavior.
|
|
"""
|
|
from __future__ import annotations
|
|
|
|
from pathlib import Path
|
|
|
|
import pytest
|
|
from fastapi import HTTPException
|
|
|
|
from decnet.ttp import attack_stix
|
|
from decnet.web.router.ttp.api_get_groups_for_technique import (
|
|
api_groups_for_technique,
|
|
)
|
|
|
|
_REPO_BUNDLE = Path(__file__).resolve().parents[2] / "enterprise-attack-19.0.json"
|
|
|
|
|
|
@pytest.fixture(autouse=True)
|
|
def _pin_bundle(monkeypatch: pytest.MonkeyPatch, tmp_path: Path) -> None:
|
|
license_path = tmp_path / "LICENSE.txt"
|
|
license_path.write_text("placeholder", encoding="utf-8")
|
|
monkeypatch.setenv("DECNET_ATTACK_BUNDLE", str(_REPO_BUNDLE))
|
|
monkeypatch.setenv("DECNET_ATTACK_LICENSE", str(license_path))
|
|
attack_stix._data = None
|
|
attack_stix._loaded_path = None
|
|
attack_stix._attack_pattern_by_id.cache_clear()
|
|
attack_stix._tactic_by_id.cache_clear()
|
|
attack_stix._tactic_by_short_name.cache_clear()
|
|
attack_stix.groups_using_technique.cache_clear()
|
|
|
|
|
|
_FAKE_USER: dict = {"uuid": "test-user", "role": "viewer"}
|
|
|
|
|
|
@pytest.mark.asyncio
|
|
async def test_returns_grouprefs_for_known_technique() -> None:
|
|
result = await api_groups_for_technique(
|
|
technique_id="T1059", user=_FAKE_USER,
|
|
)
|
|
assert isinstance(result, list)
|
|
assert len(result) >= 5
|
|
assert all(isinstance(g, attack_stix.GroupRef) for g in result)
|
|
# Sorted ordering preserved.
|
|
ids = [g.group_id for g in result]
|
|
assert ids == sorted(ids)
|
|
|
|
|
|
@pytest.mark.asyncio
|
|
async def test_returns_404_for_unknown_technique() -> None:
|
|
with pytest.raises(HTTPException) as exc:
|
|
await api_groups_for_technique(
|
|
technique_id="T9999", user=_FAKE_USER,
|
|
)
|
|
assert exc.value.status_code == 404
|
|
assert "T9999" in str(exc.value.detail)
|
|
|
|
|
|
@pytest.mark.asyncio
|
|
async def test_subtechnique_returns_distinct_group_set() -> None:
|
|
parent = await api_groups_for_technique(
|
|
technique_id="T1059", user=_FAKE_USER,
|
|
)
|
|
sub = await api_groups_for_technique(
|
|
technique_id="T1059.004", user=_FAKE_USER,
|
|
)
|
|
assert len(sub) >= 1
|
|
# Sub-technique attribution is independent of parent (see
|
|
# ATT&CK Navigator semantics) — sub may have groups not in parent.
|
|
# Just assert both are populated.
|
|
assert len(parent) >= len(sub)
|
|
|
|
|
|
@pytest.mark.asyncio
|
|
async def test_empty_list_for_known_technique_with_no_documented_groups(
|
|
monkeypatch: pytest.MonkeyPatch,
|
|
) -> None:
|
|
"""A real-bundle technique with zero documented groups returns []."""
|
|
# Force the cache to return () for a real technique.
|
|
attack_stix.groups_using_technique.cache_clear()
|
|
monkeypatch.setattr(
|
|
attack_stix,
|
|
"groups_using_technique",
|
|
lambda tid: () if tid == "T1110" else attack_stix.groups_using_technique(tid),
|
|
)
|
|
result = await api_groups_for_technique(
|
|
technique_id="T1110", user=_FAKE_USER,
|
|
)
|
|
assert result == []
|
|
|
|
|
|
@pytest.mark.asyncio
|
|
async def test_response_includes_mitre_url_and_aliases() -> None:
|
|
result = await api_groups_for_technique(
|
|
technique_id="T1059", user=_FAKE_USER,
|
|
)
|
|
assert all(
|
|
g.mitre_url and g.mitre_url.startswith("https://attack.mitre.org/groups/G")
|
|
for g in result
|
|
)
|
|
# At least one group has multiple aliases.
|
|
assert any(len(g.aliases) >= 2 for g in result)
|