test(intel): verify OSINT enrichment and stale coverage detection [FASE-4]

2026-05-18 14:50:31 +02:00
parent bdeeed54e1
commit 2ee59d4e18
3 changed files with 218 additions and 6 deletions
--- a/backend/tests/test_stale_detection_service.py
+++ b/backend/tests/test_stale_detection_service.py
@@ -0,0 +1,78 @@
+"""Tests for stale coverage detection."""
+
+from datetime import datetime, timedelta, timezone
+
+from app.models.enums import TechniqueStatus, TestState
+from app.models.technique import Technique
+from app.models.test import Test
+from app.services.stale_detection_service import STALE_THRESHOLD_DAYS, detect_stale_coverage
+
+
+def _technique(db, *, mitre_id="T1059", status=TechniqueStatus.validated):
+    tech = Technique(
+        mitre_id=mitre_id,
+        name="Command and Scripting Interpreter",
+        tactic="execution",
+        status_global=status,
+        review_required=False,
+    )
+    db.add(tech)
+    db.commit()
+    db.refresh(tech)
+    return tech
+
+
+def _validated_test(db, technique, *, days_ago: int):
+    validated_at = datetime.now(timezone.utc) - timedelta(days=days_ago)
+    test = Test(
+        technique_id=technique.id,
+        name="Coverage test",
+        state=TestState.validated,
+        red_validated_at=validated_at,
+        blue_validated_at=validated_at,
+        created_at=validated_at,
+    )
+    db.add(test)
+    db.commit()
+    return test
+
+
+def test_stale_technique_flagged_after_threshold(db):
+    tech = _technique(db)
+    _validated_test(db, tech, days_ago=STALE_THRESHOLD_DAYS + 30)
+
+    count = detect_stale_coverage(db)
+
+    db.refresh(tech)
+    assert count == 1
+    assert tech.review_required is True
+
+
+def test_recent_validated_technique_not_flagged(db):
+    tech = _technique(db)
+    _validated_test(db, tech, days_ago=30)
+
+    count = detect_stale_coverage(db)
+
+    db.refresh(tech)
+    assert count == 0
+    assert tech.review_required is False
+
+
+def test_not_evaluated_never_tested_not_flagged(db):
+    tech = _technique(db, status=TechniqueStatus.not_evaluated)
+
+    count = detect_stale_coverage(db)
+
+    db.refresh(tech)
+    assert count == 0
+    assert tech.review_required is False
+
+
+def test_stale_detection_idempotent(db):
+    tech = _technique(db, mitre_id="T1204")
+    _validated_test(db, tech, days_ago=STALE_THRESHOLD_DAYS + 60)
+    tech.review_required = True
+    db.commit()
+
+    assert detect_stale_coverage(db) == 0