"""Tests for technique endpoints.""" import pytest def test_list_techniques_requires_auth(client): """Test that listing techniques requires authentication.""" response = client.get("/api/v1/techniques") assert response.status_code == 401 def test_list_techniques_empty(client, auth_headers): """Test listing techniques when none exist.""" response = client.get("/api/v1/techniques", headers=auth_headers) assert response.status_code == 200 assert response.json() == [] def test_create_technique_requires_admin(client, red_tech_headers): """Test that creating techniques requires admin role.""" response = client.post( "/api/v1/techniques", json={"mitre_id": "T1001", "name": "Test Technique"}, headers=red_tech_headers, ) assert response.status_code == 403 def test_create_technique_success(client, auth_headers): """Test successful technique creation.""" response = client.post( "/api/v1/techniques", json={ "mitre_id": "T1059", "name": "Command and Scripting Interpreter", "description": "Test description", "tactic": "execution", }, headers=auth_headers, ) assert response.status_code == 201 data = response.json() assert data["mitre_id"] == "T1059" assert data["name"] == "Command and Scripting Interpreter" assert data["status_global"] == "not_evaluated" def test_create_duplicate_technique(client, auth_headers): """Test creating a technique with duplicate mitre_id fails.""" # Create first technique client.post( "/api/v1/techniques", json={"mitre_id": "T1001", "name": "First"}, headers=auth_headers, ) # Try to create duplicate response = client.post( "/api/v1/techniques", json={"mitre_id": "T1001", "name": "Second"}, headers=auth_headers, ) assert response.status_code == 409 def test_get_technique_by_mitre_id(client, auth_headers): """Test getting a single technique by mitre_id.""" # Create a technique first client.post( "/api/v1/techniques", json={"mitre_id": "T1059", "name": "Test Technique"}, headers=auth_headers, ) # Get it by mitre_id response = client.get("/api/v1/techniques/T1059", headers=auth_headers) assert response.status_code == 200 assert response.json()["mitre_id"] == "T1059" def test_get_nonexistent_technique(client, auth_headers): """Test getting a non-existent technique returns 404.""" response = client.get("/api/v1/techniques/T9999", headers=auth_headers) assert response.status_code == 404 def test_update_technique(client, auth_headers): """Test updating a technique.""" # Create technique client.post( "/api/v1/techniques", json={"mitre_id": "T1059", "name": "Original Name"}, headers=auth_headers, ) # Update it response = client.patch( "/api/v1/techniques/T1059", json={"name": "Updated Name", "description": "New description"}, headers=auth_headers, ) assert response.status_code == 200 assert response.json()["name"] == "Updated Name" def test_filter_techniques_by_tactic(client, auth_headers): """Test filtering techniques by tactic.""" # Create techniques in different tactics client.post( "/api/v1/techniques", json={"mitre_id": "T1001", "name": "Exec", "tactic": "execution"}, headers=auth_headers, ) client.post( "/api/v1/techniques", json={"mitre_id": "T1002", "name": "Persist", "tactic": "persistence"}, headers=auth_headers, ) # Filter by execution response = client.get( "/api/v1/techniques?tactic=execution", headers=auth_headers, ) assert response.status_code == 200 techniques = response.json() assert len(techniques) == 1 assert techniques[0]["mitre_id"] == "T1001"