Aegis/backend/tests/test_techniques.py

"""Tests for technique endpoints."""

import pytest


def test_list_techniques_requires_auth(client):
    """Test that listing techniques requires authentication."""
    response = client.get("/api/v1/techniques")
    assert response.status_code == 401


def test_list_techniques_empty(client, auth_headers):
    """Test listing techniques when none exist."""
    response = client.get("/api/v1/techniques", headers=auth_headers)
    assert response.status_code == 200
    assert response.json() == []


def test_create_technique_requires_admin(client, red_tech_headers):
    """Test that creating techniques requires admin role."""
    response = client.post(
        "/api/v1/techniques",
        json={"mitre_id": "T1001", "name": "Test Technique"},
        headers=red_tech_headers,
    )
    assert response.status_code == 403


def test_create_technique_success(client, auth_headers):
    """Test successful technique creation."""
    response = client.post(
        "/api/v1/techniques",
        json={
            "mitre_id": "T1059",
            "name": "Command and Scripting Interpreter",
            "description": "Test description",
            "tactic": "execution",
        },
        headers=auth_headers,
    )
    assert response.status_code == 201
    data = response.json()
    assert data["mitre_id"] == "T1059"
    assert data["name"] == "Command and Scripting Interpreter"
    assert data["status_global"] == "not_evaluated"


def test_create_duplicate_technique(client, auth_headers):
    """Test creating a technique with duplicate mitre_id fails."""
    # Create first technique
    client.post(
        "/api/v1/techniques",
        json={"mitre_id": "T1001", "name": "First"},
        headers=auth_headers,
    )
    
    # Try to create duplicate
    response = client.post(
        "/api/v1/techniques",
        json={"mitre_id": "T1001", "name": "Second"},
        headers=auth_headers,
    )
    assert response.status_code == 409


def test_get_technique_by_mitre_id(client, auth_headers):
    """Test getting a single technique by mitre_id."""
    # Create a technique first
    client.post(
        "/api/v1/techniques",
        json={"mitre_id": "T1059", "name": "Test Technique"},
        headers=auth_headers,
    )
    
    # Get it by mitre_id
    response = client.get("/api/v1/techniques/T1059", headers=auth_headers)
    assert response.status_code == 200
    assert response.json()["mitre_id"] == "T1059"


def test_get_nonexistent_technique(client, auth_headers):
    """Test getting a non-existent technique returns 404."""
    response = client.get("/api/v1/techniques/T9999", headers=auth_headers)
    assert response.status_code == 404


def test_update_technique(client, auth_headers):
    """Test updating a technique."""
    # Create technique
    client.post(
        "/api/v1/techniques",
        json={"mitre_id": "T1059", "name": "Original Name"},
        headers=auth_headers,
    )
    
    # Update it
    response = client.patch(
        "/api/v1/techniques/T1059",
        json={"name": "Updated Name", "description": "New description"},
        headers=auth_headers,
    )
    assert response.status_code == 200
    assert response.json()["name"] == "Updated Name"


def test_filter_techniques_by_tactic(client, auth_headers):
    """Test filtering techniques by tactic."""
    # Create techniques in different tactics
    client.post(
        "/api/v1/techniques",
        json={"mitre_id": "T1001", "name": "Exec", "tactic": "execution"},
        headers=auth_headers,
    )
    client.post(
        "/api/v1/techniques",
        json={"mitre_id": "T1002", "name": "Persist", "tactic": "persistence"},
        headers=auth_headers,
    )
    
    # Filter by execution
    response = client.get(
        "/api/v1/techniques?tactic=execution",
        headers=auth_headers,
    )
    assert response.status_code == 200
    techniques = response.json()
    assert len(techniques) == 1
    assert techniques[0]["mitre_id"] == "T1001"