Added test for check-pack command

panther_analysis_tool/main.py

@@ -1281,6 +1281,9 @@ def check_packs(args: argparse.Namespace) -> Tuple[int, str]:
         pack_name = pack.file_name.replace(".yml", "").split("/")[-1]
         included_rules = []
         detections = [detection for detection in specs.detections if not detection.is_deprecated()]
+        detections.extend(
+            [detection for detection in specs.simple_detections if not detection.is_deprecated()]
+        )
         for detection in detections:
             # remove leading ./
             # ./some-dir -> some-dir

tests/fixtures/check-packs/packs/test.yml

@@ -0,0 +1,7 @@
+AnalysisType: pack
+PackID: PantherManaged.Test
+Description: Group of all Test detections
+PackDefinition:
+  IDs:
+    - Test.Included
+DisplayName: "Panther Test Pack"

tests/fixtures/check-packs/rules/test_rules/test_deprecated.yml

@@ -0,0 +1,17 @@
+AnalysisType: rule
+Description: test description
+DisplayName: "Test"
+Enabled: true
+Severity: Medium
+DedupPeriodMinutes: 60
+Detection:
+  - All:
+    - Condition: Equals
+      KeyPath: IntegrityLevel
+      Value: System
+LogTypes:
+    - Asana.Audit
+RuleID: "Test.Deprecated"
+Threshold: 1
+Tags:
+  - Deprecated

tests/fixtures/check-packs/rules/test_rules/test_included.yml

@@ -0,0 +1,15 @@
+AnalysisType: rule
+Description: test description
+DisplayName: "Test"
+Enabled: true
+Severity: Medium
+DedupPeriodMinutes: 60
+Detection:
+  - All:
+    - Condition: Equals
+      KeyPath: IntegrityLevel
+      Value: System
+LogTypes:
+    - Asana.Audit
+RuleID: "Test.Included"
+Threshold: 1

tests/fixtures/check-packs/rules/test_rules/test_missing.yml

@@ -0,0 +1,15 @@
+AnalysisType: rule
+Description: test description
+DisplayName: "Test"
+Enabled: true
+Severity: Medium
+DedupPeriodMinutes: 60
+Detection:
+  - All:
+    - Condition: Equals
+      KeyPath: IntegrityLevel
+      Value: System
+LogTypes:
+    - Asana.Audit
+RuleID: "Test.Missing"
+Threshold: 1

tests/unit/panther_analysis_tool/test_check_packs.py

@@ -0,0 +1,50 @@
+"""
+Panther Analysis Tool is a command line interface for writing,
+testing, and packaging policies/rules.
+Copyright (C) 2023 Panther Labs Inc
+
+This program is free software: you can redistribute it and/or modify
+it under the terms of the GNU Affero General Public License as
+published by the Free Software Foundation, either version 3 of the
+License, or (at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+GNU Affero General Public License for more details.
+
+You should have received a copy of the GNU Affero General Public License
+along with this program.  If not, see <http://www.gnu.org/licenses/>.
+"""
+import os
+import unittest
+from argparse import Namespace
+
+from panther_core.detection import DetectionResult
+from panther_core.policy import TYPE_POLICY
+from panther_core.rule import TYPE_RULE, Rule
+
+from panther_analysis_tool.main import check_packs
+from panther_analysis_tool.testing import (
+    FunctionTestResult,
+    TestCaseEvaluator,
+    TestError,
+    TestExpectations,
+    TestResult,
+    TestResultsPerFunction,
+    TestSpecification,
+)
+
+FIXTURES_PATH = os.path.abspath(
+    os.path.join(os.path.dirname(__file__), "../../", "fixtures", "check-packs")
+)
+
+
+class TestCheckPacks(unittest.TestCase):
+    def test_fixtures(self) -> None:
+        args = Namespace(path=FIXTURES_PATH)
+        exit_code, res = check_packs(args)
+
+        assert exit_code == 1
+        expected = "There are packs that are potentially missing detections:\ntest.yml: Test.Missing\n\n"
+        assert res == expected