breakpilot-compliance/backend-compliance/tests/test_cra_component_findings.py

"""Tests for the hardware path: components -> cyber findings -> assessment."""
from compliance.services.cra_component_findings import findings_from_components
from compliance.services.cra_finding_mapper import ScannerFinding, assess_findings


def test_networked_controller_yields_cwe_findings():
    fs = findings_from_components([{"name": "SPS-1", "component_class": "controller", "networked": True}])
    assert len(fs) >= 1
    assert all(f["cwe"] for f in fs)
    assert all("SPS-1" in f["location"] for f in fs)
    assert all("CISA-ICS" in f["source"] for f in fs)  # honest framing, no fabricated CVE


def test_non_networked_component_yields_nothing():
    assert findings_from_components([{"name": "X", "component_class": "controller", "networked": False}]) == []


def test_unknown_class_yields_nothing():
    assert findings_from_components([{"name": "Y", "component_class": "unknown", "networked": True}]) == []


def test_component_findings_flow_through_assessment_with_echoed_title():
    fs = findings_from_components([{"name": "HMI", "component_class": "hmi", "networked": True}])
    a = assess_findings([ScannerFinding.from_dict(f) for f in fs])
    assert a.findings_total == len(fs)
    assert all(m.title for m in a.mapped)               # title echoed -> self-contained response
    assert all(m.location == "HMI" for m in a.mapped)
    assert any(m.primary_requirement == "CRA-AI-8" for m in a.mapped)  # default creds -> auth