chore: Updated unit tests for RulesEngine and Evaluators

Author: Marco Franceschi

src/rules-engine/evaluators/js-evaluator.ts

@@ -43,7 +43,7 @@ export default class JsEvaluator implements RuleEvaluator<JsRule> {
       typename: data.resource?.__typename, // eslint-disable-line no-underscore-dangle
       rule: ruleMetadata,
     } as RuleFinding
-
+    this.findings.push(finding)
     return finding
   }
 

src/rules-engine/evaluators/json-evaluator.ts

@@ -48,7 +48,6 @@ export default class JsonEvaluator implements RuleEvaluator<JsonRule> {
       rule: ruleMetadata,
     } as RuleFinding
     this.findings.push(finding)
-
     return finding
   }
 

src/rules-engine/types.ts

@@ -90,17 +90,9 @@ export interface Engine {
    */
   processRule: (rule: Rule, data: any) => Promise<RuleFinding[]>
 
-  /**
-   * Process findings before convert them in mutations
-   * @param findings resulted findings during rules execution
-   * @returns {ProcessedFindings} processed findings object
-   */
-  // processFindings: (findings: RuleFinding[]) => ProcessedFindings
-
   /**
    * Transforms RuleFinding array into a mutation array for GraphQL
-   * @param processedFindings resulted findings for automated rules
-   * @param manualFindings resulted findings for manual rules
+   * @param findings resulted findings during rules execution
    * @returns {Entity[]} Array of generated mutations
    */
   prepareMutations: (findings: RuleFinding[]) => Entity[]

tests/evaluators/js-evaluator.test.ts

@@ -0,0 +1,92 @@
+import cuid from 'cuid'
+import { Result } from '../../src'
+import JsEvaluator from '../../src/rules-engine/evaluators/js-evaluator'
+import { Severity } from '../../src/rules-engine/types'
+
+const providerName = 'azure'
+const entityName = 'CIS'
+const jsRule = {
+  id: cuid(),
+  description: 'none',
+  title: 'Mocked Automated Rule',
+  rationale: "raison d'être",
+  audit: 'evaluate schemaA',
+  remediation: 'fix the schemaA',
+  references: [],
+  gql: `{
+    querySchemaA {
+      id
+      __typename
+      value
+    }
+  }`,
+  resource: 'querySchemaA[*]',
+  check: jest.fn(),
+  severity: Severity.HIGH,
+}
+
+export default {
+  jsRule,
+}
+
+describe('JsEvaluator', () => {
+  let evaluator
+  beforeEach(() => {
+    evaluator = new JsEvaluator(providerName, entityName)
+  })
+
+  it('should accept all rules that have a check field', () => {
+    expect(evaluator.canEvaluate({} as never)).toBe(false)
+    expect(evaluator.canEvaluate({ checks: 1 } as never)).toBe(false)
+
+    // we could improve these, but following tests will pass
+    expect(evaluator.canEvaluate({ check: 1 } as never)).toBe(true)
+    expect(evaluator.canEvaluate({ check: 0 } as never)).toBe(true)
+    expect(evaluator.canEvaluate({ check: () => 1 } as never)).toBe(true)
+  })
+
+  it('should call check with data', () => {
+    const spy = jest.fn()
+    const data = 'asdf'
+    evaluator.evaluateSingleResource({ check: spy } as never, data as never)
+
+    expect(spy).toHaveBeenCalledWith(data)
+  })
+
+  it('should return fail if rule is true', async () => {
+    const spy = jest.fn()
+    spy.mockReturnValue(false)
+    const failedRule = await evaluator.evaluateSingleResource(
+      { check: spy } as never,
+      { resource: { id: cuid() } } as never
+    )
+    expect(failedRule.result).toEqual(Result.FAIL)
+    spy.mockReturnValue(true)
+    const passedRule = await evaluator.evaluateSingleResource(
+      { check: spy } as never,
+      { resource: { id: cuid() } } as never
+    )
+    expect(passedRule.result).toEqual(Result.PASS)
+  })
+
+  it('should return a processed rules mutations array', async () => {
+    const resourceId = cuid()
+    const resourceType = 'schemaA'
+    await evaluator.evaluateSingleResource(jsRule, {
+      resource: {
+        id: resourceId,
+        __typename: resourceType,
+        value: 'automated',
+      },
+    })
+    const mutations = evaluator.prepareMutations()
+    const [atuomatedMutation] = mutations
+
+    expect(mutations.length).toBe(1)
+    expect(atuomatedMutation).toBeDefined()
+    expect(atuomatedMutation.data instanceof Object).toBeTruthy()
+    expect(atuomatedMutation.data.filter.id.eq).toBe(resourceId)
+    expect(atuomatedMutation.name).toBe(`${providerName}${entityName}Findings`)
+    expect(atuomatedMutation.mutation).toContain(`update${resourceType}`)
+  })
+})

tests/json-evaluator.test.ts renamed to tests/evaluators/json-evaluator.test.ts

@@ -1,11 +1,79 @@
 import cuid from 'cuid'
-import { Result } from '../src'
-import JsonEvaluator from '../src/rules-engine/evaluators/json-evaluator'
+import { Result } from '../../src'
+import JsonEvaluator from '../../src/rules-engine/evaluators/json-evaluator'
+import { Severity } from '../../src/rules-engine/types'
+
+const providerName = 'aws'
+const entityName = 'CIS'
+const ruleMetadata = {
+  id: cuid(),
+  description: 'none',
+  title: 'Mocked Automated Rule',
+  rationale: "raison d'être",
+  audit: 'evaluate schemaA',
+  remediation: 'fix the schemaA',
+  references: [],
+  severity: Severity.HIGH,
+}
+const jsonRule = {
+  ...ruleMetadata,
+  gql: `{
+    querySchemaA {
+      id
+      __typename
+      value
+    }
+  }`,
+  resource: 'querySchemaA[*]',
+  conditions: {
+    path: '@.value',
+    equal: false,
+  },
+}
+
+const compositeRule = {
+  ...ruleMetadata,
+  queries: [
+    {
+      gql: `{
+        querySchemaA {
+          id
+          __typename
+          value
+        }
+      }`,
+      resource: 'querySchemaA[*]',
+      conditions: {
+        path: '@.value',
+        equal: false,
+      },
+    },
+    {
+      gql: `{
+        querySchemaB {
+          id
+          __typename
+          value
+        }
+      }`,
+      resource: 'querySchemaB[*]',
+      conditions: {
+        path: '@.value',
+        equal: true,
+      },
+    },
+  ],
+}
+
+export default {
+  jsonRule,
+  compositeRule,
+}
 
 describe('JsonEvaluator', () => {
   let evaluator
   beforeEach(() => {
-    evaluator = new JsonEvaluator()
+    evaluator = new JsonEvaluator(providerName, entityName)
   })
 
   test('should accept all rules that have a conditions field', () => {

tests/manual-evaluator.test.ts renamed to tests/evaluators/manual-evaluator.test.ts

@@ -1,25 +1,32 @@
 import cuid from 'cuid'
-import { Result } from '../src'
-import ManualEvaluator from '../src/rules-engine/evaluators/manual-evaluator'
+import { Result } from '../../src'
+import ManualEvaluator from '../../src/rules-engine/evaluators/manual-evaluator'
+import { Severity } from '../../src/rules-engine/types'
+
+const providerName = 'gcp'
+const entityName = 'CIS'
+const manualRule = {
+  id: cuid(),
+  description: 'none',
+  title: 'Mocked Manual Rule',
+  rationale: 'Ikigai',
+  audit: 'evaluate schemaA',
+  remediation: 'fix the schemaA',
+  references: [],
+  severity: Severity.HIGH,
+}
+export default {
+  manualRule,
+}
 
 describe('ManualEvaluator', () => {
   let evaluator
-  beforeAll(() => {
-    evaluator = new ManualEvaluator()
+  beforeEach(() => {
+    evaluator = new ManualEvaluator(providerName, entityName)
   })
 
   it('should pass when it does not contain gql, conditions, check, and resource fields', () => {
-    expect(
-      evaluator.canEvaluate({
-        id: '',
-        description: '',
-        rationale: '',
-        autid: '',
-        remediation: '',
-        references: [],
-        severity: '',
-      } as never)
-    ).toBe(true)
+    expect(evaluator.canEvaluate(manualRule)).toBe(true)
   })
 
   it('should fail when it contains gql, conditions, check, or resource fields', () => {
@@ -50,4 +57,17 @@ describe('ManualEvaluator', () => {
     )
     expect(finding.id.includes('manual')).toEqual(true)
   })
+
+  it('should return a manual mutations array', async () => {
+    await evaluator.evaluateSingleResource(manualRule)
+    const mutations = evaluator.prepareMutations()
+    const [manualMutation] = mutations
+
+    expect(mutations.length).toBe(1)
+    expect(manualMutation.name).toBe(`${providerName}${entityName}Findings`)
+    expect(manualMutation.data.length).toBe(1)
+    expect(manualMutation.mutation).toContain(
+      `add${providerName}${entityName}Findings`
+    )
+  })
 })

tests/js-evaluator.test.ts

@@ -5,7 +5,7 @@ import JsonEvaluator from '../../src/rules-engine/evaluators/json-evaluator'
 describe('Date Operators', () => {
   let evaluator
   beforeEach(() => {
-    evaluator = new JsonEvaluator()
+    evaluator = new JsonEvaluator('aws', 'CIS')
   })
 
   test('should process dates', async () => {