|
14 | 14 |
|
15 | 15 | import eql |
16 | 16 | import kql |
17 | | -import yaml |
18 | 17 | from marshmallow import ValidationError |
19 | 18 | from semver import Version |
20 | 19 |
|
|
37 | 36 | from detection_rules.rule_loader import FILE_PATTERN, RULES_CONFIG |
38 | 37 | from detection_rules.rule_validators import EQLValidator, KQLValidator |
39 | 38 | from detection_rules.schemas import definitions, get_min_supported_stack_version, get_stack_schemas |
40 | | -from detection_rules.utils import ETC_DIR, INTEGRATION_RULE_DIR, PatchedTemplate, get_path, make_git |
| 39 | +from detection_rules.utils import load_etc_dump, INTEGRATION_RULE_DIR, PatchedTemplate, get_path, make_git |
41 | 40 | from detection_rules.version_lock import loaded_version_lock |
42 | 41 |
|
43 | 42 | from .base import BaseRuleTest |
@@ -1044,19 +1043,17 @@ def test_event_dataset(self): |
1044 | 1043 | def test_min_stack_version_supported(self): |
1045 | 1044 | failures = [] |
1046 | 1045 | # Load supported stack versions from stack-schema-map.yaml |
1047 | | - stack_map_path = Path(f"{ETC_DIR}/stack-schema-map.yaml") |
1048 | | - with Path.open(stack_map_path) as f: |
1049 | | - stack_map = yaml.safe_load(f) |
| 1046 | + stack_map = load_etc_dump(["stack-schema-map.yaml"]) |
1050 | 1047 |
|
1051 | | - # Get the minimum supported stack version (as string) |
1052 | | - min_supported = min([v for v in stack_map if not v.startswith("#") and isinstance(v, str)]) |
| 1048 | + # Get the minimum supported stack version as version object |
| 1049 | + min_supported = min(stack_map.keys(), key=lambda v: Version.parse(v)) |
1053 | 1050 | # Load all production rules |
1054 | 1051 | for rule in self.all_rules: |
1055 | 1052 | min_stack_version = rule.contents.metadata.get("min_stack_version") |
1056 | 1053 | if not min_stack_version: |
1057 | 1054 | continue # skip rules without min_stack_version |
1058 | 1055 | # Compare versions using semantic versioning |
1059 | | - if Version.parse(min_stack_version) < Version.parse(min_supported): |
| 1056 | + if Version.parse(min_stack_version) < min_supported: |
1060 | 1057 | failures.append( |
1061 | 1058 | f"{self.rule_str(rule)} min_stack_version={min_stack_version} < supported={min_supported}" |
1062 | 1059 | ) |
|
0 commit comments