Test case to check updated_date (elastic#3818)

shashank-elastic · Jul 3, 2024 · 50f0fb3 · 50f0fb3
1 parent 83be212
commit 50f0fb3
Show file tree

Hide file tree

Showing 2 changed files with 36 additions and 0 deletions.
diff --git a/.github/workflows/pythonpackage.yml b/.github/workflows/pythonpackage.yml
@@ -40,6 +40,9 @@ jobs:
         python -m detection_rules dev license-check
 
     - name: Unit tests
+      env:
+        # only run the test test_rule_change_has_updated_date on pull request events to main
+        GITHUB_EVENT_NAME: "${{ github.event_name}}"
       run: |
         python -m detection_rules test
 

diff --git a/tests/test_all_rules.py b/tests/test_all_rules.py
@@ -641,6 +641,39 @@ def test_deprecated_rules_modified(self):
         if result:
             self.fail(f"Deprecated rules {result} has been modified")
 
+    @unittest.skipIf(os.getenv('GITHUB_EVENT_NAME') == 'push',
+                     "Skipping this test when not running on pull requests.")
+    def test_rule_change_has_updated_date(self):
+        """Test to ensure modified rules have updated_date field updated."""
+
+        rules_path = get_path("rules")
+        rules_bbr_path = get_path("rules_building_block")
+
+        # Use git diff to check if the file(s) has been modified in rules/ rules_build_block/ directories.
+        # For now this checks even rules/_deprecated any modification there will fail
+        # the test case "test_deprecated_rules_modified", which means an ignore directory
+        # is not required as there is a specific test for deprecated rules.
+
+        detection_rules_git = make_git()
+        result = detection_rules_git("diff", "--diff-filter=M", "origin/main", "--name-only",
+                                     rules_path, rules_bbr_path)
+
+        # If the output is not empty, then file(s) have changed in the directory(s)
+        if result:
+            modified_rules = result.splitlines()
+            failed_rules = []
+            for modified_rule_path in modified_rules:
+                diff_output = detection_rules_git('diff', 'origin/main', modified_rule_path)
+                if not re.search(r'\+\s*updated_date =', diff_output):
+                    # Rule has been modified but updated_date has not been changed, add to list of failed rules
+                    failed_rules.append(f'{modified_rule_path}')
+
+            if failed_rules:
+                fail_msg = """
+                The following rules in the below path(s) have been modified but updated_date has not been changed \n
+                """
+                self.fail(fail_msg + '\n'.join(failed_rules))
+
     @unittest.skipIf(PACKAGE_STACK_VERSION < Version.parse("8.3.0"),
                      "Test only applicable to 8.3+ stacks regarding related integrations build time field.")
     def test_integration_tag(self):