breakpilot-compliance/backend-compliance/tests/test_norm_sources.py

"""License/provenance classification of norm references — encodes the line between
freely-usable sources and paid standards we may only reference (not reproduce)."""
from compliance.data.norm_sources import (
    LAW, OPEN, PAID_REFERENCE, PUBLIC_DOMAIN, classify_norm_ref,
)
from compliance.api.cra_annex_i_data import MEASURE_DETAILS


def test_eu_law_is_reproducible_class():
    assert classify_norm_ref("Verordnung (EU) 2024/2847 (CRA), Anhang I") == LAW
    assert classify_norm_ref("MaschinenVO Anhang III") == LAW
    assert classify_norm_ref("NIS2 Art. 21") == LAW


def test_nist_is_public_domain():
    assert classify_norm_ref("NIST SP 800-53: IA-5") == PUBLIC_DOMAIN
    assert classify_norm_ref("NIST SP 800-218") == PUBLIC_DOMAIN


def test_open_licensed():
    assert classify_norm_ref("OWASP ASVS V3") == OPEN
    assert classify_norm_ref("ETSI EN 303 645") == OPEN


def test_paid_standards_reference_only():
    assert classify_norm_ref("IEC 62443-4-1") == PAID_REFERENCE
    assert classify_norm_ref("ISO/IEC 27002") == PAID_REFERENCE
    assert classify_norm_ref("EN ISO 13849-1") == PAID_REFERENCE


def test_unknown_defaults_conservative():
    assert classify_norm_ref("Irgendein Hausstandard XY") == PAID_REFERENCE


def test_curated_measures_carry_provenance():
    m = MEASURE_DETAILS["M540"]
    assert m.get("tier") == "core"
    assert m.get("norm_sources") and all("license_class" in s for s in m["norm_sources"])