kitos/Aegis
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
Files
084ea4c0b22b5ba74ebfbb68343add20a0cb4c3c
Aegis/backend/tests/test_tests.py
Kitos 6b28934f05 test: stabilize Phase 0 API and workflow tests [FASE-0.4] 
Assert INVALID_TRANSITION JSON code on duplicate start, remove sys.modules stubs from T-106 tests, and complete boto3 stubs in integration tests.
2026-05-18 13:19:27 +02:00

120 lines
3.5 KiB
Python
Raw Blame History

"""Tests for security test endpoints (V2 API).
Covers the test CRUD and basic workflow via the REST API.
For full workflow logic tests see ``test_workflow.py`` and
``test_integration_v2.py``.
"""
import pytest
@pytest.fixture
def technique(client, auth_headers):
"""Create a technique for test association."""
response = client.post(
"/api/v1/techniques",
json={"mitre_id": "T1059", "name": "Test Technique"},
headers=auth_headers,
)
return response.json()
def test_create_test_requires_auth(client):
"""POST /tests without token returns 401 or 403."""
response = client.post(
"/api/v1/tests",
json={
"technique_id": "00000000-0000-0000-0000-000000000000",
"name": "Test Name",
},
)
assert response.status_code in (401, 403)
def test_create_test_success(client, auth_headers, technique):
"""Admin can create a test via POST /tests."""
response = client.post(
"/api/v1/tests",
json={
"technique_id": technique["id"],
"name": "My Security Test",
"description": "Test description",
"platform": "windows",
},
headers=auth_headers,
)
assert response.status_code == 201
data = response.json()
assert data["name"] == "My Security Test"
assert data["state"] == "draft"
assert data["technique_id"] == technique["id"]
def test_create_test_nonexistent_technique(client, auth_headers):
"""Creating a test with non-existent technique fails."""
response = client.post(
"/api/v1/tests",
json={
"technique_id": "00000000-0000-0000-0000-000000000000",
"name": "Test",
},
headers=auth_headers,
)
assert response.status_code == 404
def test_get_test_by_id(client, auth_headers, technique):
"""GET /tests/{id} returns the test."""
create_response = client.post(
"/api/v1/tests",
json={"technique_id": technique["id"], "name": "Test"},
headers=auth_headers,
)
test_id = create_response.json()["id"]
response = client.get(f"/api/v1/tests/{test_id}", headers=auth_headers)
assert response.status_code == 200
assert response.json()["id"] == test_id
def test_start_execution_twice_returns_invalid_transition(
client, auth_headers, technique, red_tech_user
):
"""Invalid workflow transition surfaces domain error JSON (FASE 0.4).
HttpOnly login cookies take precedence over the Authorization header.
Clear cookies before each phase so Bearer tokens match the intended user.
"""
client.cookies.clear()
create_response = client.post(
"/api/v1/tests",
json={"technique_id": technique["id"], "name": "Workflow dup start"},
headers=auth_headers,
)
assert create_response.status_code == 201
test_id = create_response.json()["id"]
rl = client.post(
"/api/v1/auth/login",
data={"username": "redtech", "password": "redtech123"},
)
assert rl.status_code == 200
red_headers = {"Authorization": f"Bearer {rl.json()['access_token']}"}
client.cookies.clear()
first = client.post(
f"/api/v1/tests/{test_id}/start-execution",
headers=red_headers,
)
assert first.status_code == 200
client.cookies.clear()
second = client.post(
f"/api/v1/tests/{test_id}/start-execution",
headers=red_headers,
)
assert second.status_code == 400
body = second.json()
assert body.get("code") == "INVALID_TRANSITION"
assert "detail" in body
Reference in New Issue View Git Blame Copy Permalink