Update test_prowler_parser.py to use official example files

cosmel-dojo · cosmel-dojo · commit 5dcc040f233d · 2025-06-08T18:15:38.000-06:00
Update tests to use the official Prowler example files and fix assertions.
diff --git a/unittests/tools/test_prowler_parser.py b/unittests/tools/test_prowler_parser.py
@@ -6,7 +6,7 @@
 class TestProwlerParser(DojoTestCase):
     def test_aws_csv_parser(self):
         """Test parsing AWS CSV report with at least one finding"""
-        with (get_unit_tests_scans_path("prowler") / "aws.csv").open(encoding="utf-8") as test_file:
+        with (get_unit_tests_scans_path("prowler") / "examples/output/example_output_aws.csv").open(encoding="utf-8") as test_file:
             parser = ProwlerParser()
             findings = parser.get_findings(test_file, Test())
 
@@ -38,8 +38,8 @@ def test_aws_csv_parser(self):
             self.assertTrue("Remediation:" in finding.mitigation)
 
     def test_aws_json_parser(self):
-        """Test parsing AWS JSON report with findings"""
-        with (get_unit_tests_scans_path("prowler") / "aws.json").open(encoding="utf-8") as test_file:
+        """Test parsing AWS OCSF JSON report with findings"""
+        with (get_unit_tests_scans_path("prowler") / "examples/output/example_output_aws.ocsf.json").open(encoding="utf-8") as test_file:
             parser = ProwlerParser()
             findings = parser.get_findings(test_file, Test())
 
@@ -60,30 +60,32 @@ def test_aws_json_parser(self):
             # These fields might not always be present in the test data
 
     def test_azure_csv_parser(self):
-        """Test parsing Azure CSV report with 1 finding"""
-        with (get_unit_tests_scans_path("prowler") / "azure.csv").open(encoding="utf-8") as test_file:
+        """Test parsing Azure CSV report with findings"""
+        with (get_unit_tests_scans_path("prowler") / "examples/output/example_output_azure.csv").open(encoding="utf-8") as test_file:
             parser = ProwlerParser()
             findings = parser.get_findings(test_file, Test())
 
-            self.assertEqual(1, len(findings))
+            # Check that we have at least one finding
+            self.assertTrue(len(findings) > 0)
 
+            # Take the first finding for validation
             finding = findings[0]
-            self.assertEqual(
-                "aks_network_policy_enabled: Ensure Network Policy is Enabled and set as appropriate",
-                finding.title,
-            )
-            self.assertEqual("aks_network_policy_enabled", finding.vuln_id_from_tool)
-            self.assertEqual("Medium", finding.severity)
-            self.assertFalse(finding.active)  # PASS status
+
+            # Verify basic properties that should be present in any finding
+            self.assertIsNotNone(finding.title)
+            self.assertIsNotNone(finding.severity)
+            self.assertIsNotNone(finding.description)
+            self.assertIsNotNone(finding.unsaved_tags)
 
             # Verify cloud provider data
-            self.assertIn("AZURE", finding.unsaved_tags)
-            self.assertIn("aks", finding.unsaved_tags)            # Resource data and remediation information might not be available in all test files
-            # Skip strict verification
+            self.assertTrue(
+                any("azure" in tag.lower() for tag in finding.unsaved_tags),
+                "No Azure-related tag found in finding",
+            )
 
     def test_azure_json_parser(self):
-        """Test parsing Azure JSON report with findings"""
-        with (get_unit_tests_scans_path("prowler") / "azure.json").open(encoding="utf-8") as test_file:
+        """Test parsing Azure OCSF JSON report with findings"""
+        with (get_unit_tests_scans_path("prowler") / "examples/output/example_output_azure.ocsf.json").open(encoding="utf-8") as test_file:
             parser = ProwlerParser()
             findings = parser.get_findings(test_file, Test())
 
@@ -93,14 +95,60 @@ def test_azure_json_parser(self):
             # Take the first finding for validation
             finding = findings[0]
 
+            # Verify basic properties that should be present in any finding
+            self.assertIsNotNone(finding.title)
+            self.assertIsNotNone(finding.severity)
+
+            # Verify cloud provider data
+            self.assertTrue(
+                any("azure" in tag.lower() for tag in finding.unsaved_tags),
+                "No Azure-related tag found in finding",
+            )
+            finding = findings[0]
+
             # Verify basic properties that should be present in any finding
             self.assertIsNotNone(finding.title)
             self.assertIsNotNone(finding.severity)
             self.assertIn("azure", [tag.lower() for tag in finding.unsaved_tags])
 
     def test_gcp_csv_parser(self):
         """Test parsing GCP CSV report with findings"""
-        with (get_unit_tests_scans_path("prowler") / "gcp.csv").open(encoding="utf-8") as test_file:
+        with (get_unit_tests_scans_path("prowler") / "examples/output/example_output_gcp.csv").open(encoding="utf-8") as test_file:
+            parser = ProwlerParser()
+            findings = parser.get_findings(test_file, Test())
+
+            # Check that we have at least one finding
+            self.assertTrue(len(findings) > 0)
+
+            # Take the first finding for validation
+            finding = findings[0]
+
+            # Verify basic properties that should be present in any finding
+            self.assertIsNotNone(finding.title)
+            self.assertIsNotNone(finding.severity)
+            self.assertIsNotNone(finding.description)
+
+            # Verify GCP tag in some form (cloud provider data)
+            tag_found = False
+            for tag in finding.unsaved_tags:
+                if "gcp" in tag.lower():
+                    tag_found = True
+                    break
+            self.assertTrue(tag_found, "No GCP-related tag found in finding")
+
+            # Verify resource data exists in mitigation
+            if finding.mitigation:
+                self.assertTrue(
+                    any("Resource" in line for line in finding.mitigation.split("\n")),
+                    "Resource data not found in mitigation",
+                )
+
+            # Verify remediation data exists in mitigation
+            if finding.mitigation:
+                self.assertTrue(
+                    "Remediation:" in finding.mitigation,
+                    "No remediation information found in mitigation",
+                )
             parser = ProwlerParser()
             findings = parser.get_findings(test_file, Test())
 
@@ -137,8 +185,33 @@ def test_gcp_csv_parser(self):
                 )
 
     def test_gcp_json_parser(self):
-        """Test parsing GCP JSON report with findings"""
-        with (get_unit_tests_scans_path("prowler") / "gcp.json").open(encoding="utf-8") as test_file:
+        """Test parsing GCP OCSF JSON report with findings"""
+        with (get_unit_tests_scans_path("prowler") / "examples/output/example_output_gcp.ocsf.json").open(encoding="utf-8") as test_file:
+            parser = ProwlerParser()
+            findings = parser.get_findings(test_file, Test())
+
+            # Check that we have at least one finding
+            self.assertTrue(len(findings) > 0)
+
+            # Take the first finding for validation
+            finding = findings[0]
+
+            # Verify basic properties that should be present in any finding
+            self.assertIsNotNone(finding.title)
+            self.assertIsNotNone(finding.severity)
+
+            # Verify cloud provider data
+            self.assertTrue(
+                any("gcp" in tag.lower() for tag in finding.unsaved_tags),
+                "No GCP-related tag found in finding",
+            )
+
+            # Verify remediation data when available
+            if finding.mitigation:
+                self.assertTrue(
+                    "Remediation:" in finding.mitigation,
+                    "No remediation information found in mitigation",
+                )
             parser = ProwlerParser()
             findings = parser.get_findings(test_file, Test())
 
@@ -164,7 +237,7 @@ def test_gcp_json_parser(self):
 
     def test_kubernetes_csv_parser(self):
         """Test parsing Kubernetes CSV report with findings"""
-        with (get_unit_tests_scans_path("prowler") / "kubernetes.csv").open(encoding="utf-8") as test_file:
+        with (get_unit_tests_scans_path("prowler") / "examples/output/example_output_kubernetes.csv").open(encoding="utf-8") as test_file:
             parser = ProwlerParser()
             findings = parser.get_findings(test_file, Test())
 
@@ -177,6 +250,7 @@ def test_kubernetes_csv_parser(self):
             # Verify basic properties that should be present in any finding
             self.assertIsNotNone(finding.title)
             self.assertIsNotNone(finding.severity)
+            self.assertIsNotNone(finding.description)
 
             # Verify cloud provider data (Kubernetes tag)
             tag_found = False
@@ -199,62 +273,96 @@ def test_kubernetes_csv_parser(self):
                     "Remediation:" in finding.mitigation,
                     "No remediation information found in mitigation",
                 )
-
-    def test_kubernetes_json_parser(self):
-        """Test parsing Kubernetes JSON report with findings"""
-        with (get_unit_tests_scans_path("prowler") / "kubernetes.json").open(encoding="utf-8") as test_file:
             parser = ProwlerParser()
             findings = parser.get_findings(test_file, Test())
 
-            # Check that we have exactly 2 findings for kubernetes.json
-            self.assertEqual(2, len(findings))
+            # Check that we have at least one finding
+            self.assertTrue(len(findings) > 0)
 
-            # Verify first finding (should be AlwaysPullImages)
-            always_pull_findings = [f for f in findings if "AlwaysPullImages" in f.title]
-            self.assertTrue(len(always_pull_findings) > 0, "No AlwaysPullImages finding detected")
+            # Take the first finding for validation
+            finding = findings[0]
 
-            always_pull_finding = always_pull_findings[0]
-            # Skip check_id assertion as it's not provided in the test data
-            self.assertEqual("Medium", always_pull_finding.severity)
-            # Verify cloud provider data
-            self.assertIn("kubernetes", [tag.lower() for tag in always_pull_finding.unsaved_tags])
+            # Verify basic properties that should be present in any finding
+            self.assertIsNotNone(finding.title)
+            self.assertIsNotNone(finding.severity)
+
+            # Verify cloud provider data (Kubernetes tag)
+            tag_found = False
+            for tag in finding.unsaved_tags:
+                if "kubernetes" in tag.lower():
+                    tag_found = True
+                    break
+            self.assertTrue(tag_found, "No Kubernetes-related tag found in finding")
 
-            # Check for resource and remediation data
-            if always_pull_finding.mitigation:
-                # Verify resource data
+            # Verify resource data exists in mitigation
+            if finding.mitigation:
                 self.assertTrue(
-                    any("Resource" in line for line in always_pull_finding.mitigation.split("\n")),
-                    "Resource data not found in mitigation for AlwaysPullImages finding",
+                    any("Resource" in line for line in finding.mitigation.split("\n")),
+                    "Resource data not found in mitigation",
                 )
 
-                # Verify remediation data
+            # Verify remediation data exists in mitigation
+            if finding.mitigation:
                 self.assertTrue(
-                    "Remediation:" in always_pull_finding.mitigation,
-                    "Remediation information not found in AlwaysPullImages finding",
+                    "Remediation:" in finding.mitigation,
+                    "No remediation information found in mitigation",
                 )
 
-            # Verify second finding
-            other_findings = [f for f in findings if "AlwaysPullImages" not in f.title]
-            self.assertTrue(len(other_findings) > 0, "Only AlwaysPullImages finding detected")
+    def test_kubernetes_json_parser(self):
+        """Test parsing Kubernetes OCSF JSON report with findings"""
+        with (get_unit_tests_scans_path("prowler") / "examples/output/example_output_kubernetes.ocsf.json").open(encoding="utf-8") as test_file:
+            parser = ProwlerParser()
+            findings = parser.get_findings(test_file, Test())
 
-            other_finding = other_findings[0]
-            self.assertIsNotNone(other_finding.title)
-            self.assertIsNotNone(other_finding.severity)
-            self.assertEqual("High", other_finding.severity)
+            # Check that we have at least one finding
+            self.assertTrue(len(findings) > 0)
 
-            # Verify cloud provider data in second finding
-            self.assertIn("kubernetes", [tag.lower() for tag in other_finding.unsaved_tags])
+            # Take the first finding for validation
+            finding = findings[0]
 
-            # Check for resource and remediation data in second finding
-            if other_finding.mitigation:
-                # Verify resource data
+            # Verify basic properties that should be present in any finding
+            self.assertIsNotNone(finding.title)
+            self.assertIsNotNone(finding.severity)
+
+            # Verify cloud provider data
+            self.assertTrue(
+                any("kubernetes" in tag.lower() for tag in finding.unsaved_tags),
+                "No Kubernetes-related tag found in finding",
+            )
+
+            # Verify remediation data when available
+            if finding.mitigation:
                 self.assertTrue(
-                    any("Resource" in line for line in other_finding.mitigation.split("\n")),
-                    "Resource data not found in mitigation for second finding",
+                    "Remediation:" in finding.mitigation,
+                    "No remediation information found in mitigation",
                 )
 
-                # Verify remediation data
+            # Check that we have 6 findings for kubernetes.ocsf.json
+            self.assertEqual(6, len(findings))
+
+            # Look for specific findings in the result set
+            always_pull_findings = [f for f in findings if "AlwaysPullImages" in f.title]
+            self.assertTrue(len(always_pull_findings) > 0, "No AlwaysPullImages finding detected")
+
+            # Verify at least one finding has Medium severity
+            medium_findings = [f for f in findings if f.severity == "Medium"]
+            self.assertTrue(len(medium_findings) > 0, "No medium severity findings detected")
+
+            # Verify at least one finding has High severity
+            high_findings = [f for f in findings if f.severity == "High"]
+            self.assertTrue(len(high_findings) > 0, "No high severity findings detected")
+
+            # Check that all findings have the kubernetes tag
+            for finding in findings:
                 self.assertTrue(
-                    "Remediation:" in other_finding.mitigation,
-                    "Remediation information not found in second finding",
+                    any("kubernetes" in tag.lower() for tag in finding.unsaved_tags),
+                    f"Finding {finding.title} missing Kubernetes tag",
                 )
+
+            # Check for remediation data in each finding with mitigation
+            for finding in findings:
+                if finding.mitigation:
+                    self.assertTrue(
+                        "Remediation:" in finding.mitigation,
+                        f"Remediation information not found in {finding.title}",
+                    )
