public void Validate_DetectionTemplates_AllFilesAreYamls() { string detectionPath = DetectionsYamlFilesTestData.GetDetectionPath(); var yamlFiles = Directory.GetFiles(detectionPath, "*.yaml", SearchOption.AllDirectories).ToList(); var AllFiles = Directory.GetFiles(detectionPath, "*", SearchOption.AllDirectories).ToList(); var numberOfNotYamlFiles = 1; //This is the readme.md file in the directory Assert.True(AllFiles.Count == yamlFiles.Count + numberOfNotYamlFiles, "All the files in detections folder are supposed to end with .yaml"); }
static TemplatesToSkipValidationReader() { var jsonFilePath = Path.Combine(DetectionsYamlFilesTestData.GetSkipTemplatesPath(), SKipJsonFileName); using (StreamReader r = new StreamReader(jsonFilePath)) { string json = r.ReadToEnd(); WhiteListTemplates = JsonConvert.DeserializeObject <IEnumerable <SkipTemplate> >(json); } }
private static IEnumerable <string> GetTemplatesSchemaValidationsData(string fileName) { var jsonFilePath = Path.Combine(DetectionsYamlFilesTestData.GetSkipTemplatesPath(), fileName); using (StreamReader r = new StreamReader(jsonFilePath)) { string json = r.ReadToEnd(); return(JsonConvert.DeserializeObject <IEnumerable <string> >(json)); } }
public void Validate_DetectionTemplates_AllFilesAreYamls() { List <string> detectionPath = DetectionsYamlFilesTestData.GetDetectionPaths(); var yamlFiles = Directory.GetFiles(detectionPath[0], "*.yaml", SearchOption.AllDirectories).ToList(); // Detection folder yamlFiles.AddRange(Directory.GetFiles(detectionPath[1], "*.yaml", SearchOption.AllDirectories).ToList().Where(s => s.Contains("Analytic Rules"))); // Extending detection validation to solution folder var AllFiles = Directory.GetFiles(detectionPath[0], "*", SearchOption.AllDirectories).ToList(); AllFiles.AddRange(Directory.GetFiles(detectionPath[1], "*", SearchOption.AllDirectories).ToList().Where(s => s.Contains("Analytic Rules"))); var numberOfNotYamlFiles = 1; //This is the readme.md file in the directory Assert.True(AllFiles.Count == yamlFiles.Count + numberOfNotYamlFiles, $"All the files in detections and solution (Analytics rules) folder are supposed to end with .yaml"); }
public CustomTablesSchemasLoader() { _tableSchemas = new List <TableSchema>(); var jsonFiles = Directory.GetFiles(DetectionsYamlFilesTestData.GetCustomTablesPath(), "*.json"); foreach (var jsonFile in jsonFiles) { var tableSchema = ReadTableSchema(jsonFile); if (tableSchema != null) { _tableSchemas.Add(tableSchema); } } }
public void Validate_DetectionTemplates_NoSameTemplateIdTwice() { string detectionPath = DetectionsYamlFilesTestData.GetDetectionPath(); var yamlFiles = Directory.GetFiles(detectionPath, "*.yaml", SearchOption.AllDirectories); var templatesAsStrings = yamlFiles.Select(yaml => GetYamlFileAsString(Path.GetFileName(yaml))); var templatesAsObjects = templatesAsStrings.Select(yaml => JObject.Parse(ConvertYamlToJson(yaml))); var duplicationsById = templatesAsObjects.GroupBy(a => a["id"]).Where(group => group.Count() > 1); //Finds duplications -> ids that there are more than 1 template from var duplicatedId = ""; if (duplicationsById.Count() > 0) { duplicatedId = duplicationsById.Last().Select(x => x["id"]).First().ToString(); } Assert.True(duplicationsById.Count() == 0, $"There should not be 2 templates with the same ID, but the id {duplicatedId} is duplicated."); }
public void Validate_DetectionTemplates_NoSameTemplateIdTwice() { List <string> detectionPath = DetectionsYamlFilesTestData.GetDetectionPaths(); var yamlFiles = Directory.GetFiles(detectionPath[0], "*.yaml", SearchOption.AllDirectories).Where(s => !s.Contains("CiscoUmbrella")).ToList(); // Removing duplicate CiscoUmbrella detections. already present in solution folder yamlFiles.AddRange(Directory.GetFiles(detectionPath[1], "*.yaml", SearchOption.AllDirectories).ToList().Where(s => s.Contains("Analytic Rules"))); // Extending it to solution folder for detection validation var templatesAsStrings = yamlFiles.Select(yaml => GetYamlFileAsString(Path.GetFileName(yaml))); var templatesAsObjects = templatesAsStrings.Select(yaml => JObject.Parse(ConvertYamlToJson(yaml))); var duplicationsById = templatesAsObjects.GroupBy(a => a["id"]).Where(group => group.Count() > 1); //Finds duplications -> ids that there are more than 1 template from var duplicatedId = ""; if (duplicationsById.Count() > 0) { duplicatedId = duplicationsById.Last().Select(x => x["id"]).First().ToString(); } Assert.True(duplicationsById.Count() == 0, $"There should not be 2 templates with the same ID, but the id {duplicatedId} is duplicated."); }