Benjamin_Boenisch/breakpilot-core
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
5aaa62dca7440384804e6ff2efa8ff92fb6534db
breakpilot-core/control-pipeline/tests/test_control_ontology.py
Benjamin Admin d660a45bb5 feat(pipeline): implement golden test suite + fix ontology patterns 
- Add test_golden_controls.py: 37 tests covering all 8 YAML categories
  (container, framework, evidence, negative, title, split, scope, merge_key)
- Fix evidence detection: handle German feminine articles (eine/einer/etc.)
- Fix framework detection: use verb stems for conjugated German verbs
- Add framework patterns: OWASP API6, CCM without CSA prefix, generic category
- Fix negative patterns: use "nicht übertragen/gespeichert/erscheinen" before
  generic "dürfen nicht" to correctly route prevent vs exclude

All 73 tests passing (36 ontology + 37 golden).

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-26 09:48:12 +02:00

151 lines
5.4 KiB
Python
Raw Blame History

"""Tests for Control Ontology — action classification, evidence/container detection."""
import pytest
from services.control_ontology import (
classify_action, classify_obligation, is_container, is_evidence,
is_framework_reference, build_canonical_key, get_phase,
)
class TestClassifyAction:
def test_implement(self):
assert classify_action("implementieren") == "implement"
assert classify_action("umsetzen") == "implement"
assert classify_action("einführen") == "implement"
assert classify_action("etablieren") == "implement"
def test_monitor(self):
assert classify_action("überwachen") == "monitor"
def test_test(self):
assert classify_action("testen") == "test"
def test_prevent(self):
assert classify_action("verhindern") == "prevent"
def test_exclude(self):
assert classify_action("nicht zulassen") == "exclude"
def test_negative_pattern(self):
assert classify_action("dürfen nicht verwendet werden") == "exclude"
assert classify_action("darf nicht wiederverwendet werden") == "prevent"
def test_compound_picks_first(self):
# Compound text — should pick the dominant action
result = classify_action("identifizieren und bewerten")
assert result in ("identify", "assess")
def test_schulen(self):
assert classify_action("schulen") == "train"
def test_melden(self):
assert classify_action("melden") == "report"
class TestIsContainer:
def test_session_management(self):
assert is_container("Sichere Sitzungsverwaltung muss umgesetzt werden")
def test_token_protection(self):
assert is_container("Token-Schutz muss umgesetzt werden")
def test_risk_management(self):
assert is_container("Umfassendes Risikomanagement einrichten")
def test_not_container(self):
assert not is_container("Rate-Limiting für API-Endpunkte konfigurieren")
assert not is_container("MFA für privilegierte Accounts aktivieren")
class TestIsEvidence:
def test_sbom_nachweis(self):
assert is_evidence("Ein SBOM-Nachweis muss vorliegen")
def test_screenshot(self):
assert is_evidence("Ein Screenshot der MFA-Konfiguration ist vorzulegen")
def test_auditbericht(self):
assert is_evidence("Ein Auditbericht zur Zugriffskontrolle muss vorhanden sein")
def test_tests_dokumentieren(self):
assert is_evidence("Tests dokumentieren")
assert is_evidence("Tests des Verfahrens dokumentiert")
def test_massnahmen_dokumentieren(self):
assert is_evidence("Ergriffene Maßnahmen dokumentieren")
def test_not_evidence_standalone_doc_duty(self):
# VVT führen is a standalone documentation duty, not evidence
assert not is_evidence("Verarbeitungsverzeichnis führen")
def test_not_evidence_implement(self):
assert not is_evidence("Rate-Limiting implementieren")
assert not is_evidence("MFA für privilegierte Accounts aktivieren")
class TestIsFrameworkReference:
def test_owasp_asvs(self):
assert is_framework_reference("OWASP ASVS V3 Session Management umsetzen")
def test_nist(self):
assert is_framework_reference("NIST SP 800-53 IA-Anforderungen implementieren")
def test_not_framework_specific(self):
assert not is_framework_reference("Rate-Limiting konfigurieren")
assert not is_framework_reference("MFA aktivieren")
class TestClassifyObligation:
def test_atomic(self):
result = classify_obligation("Rate-Limiting für API-Endpunkte konfigurieren", "konfigurieren")
assert result["routing"] == "atomic"
assert result["action_type"] == "configure"
def test_evidence_routed(self):
result = classify_obligation("Ein SBOM-Nachweis muss vorliegen")
assert result["routing"] == "evidence"
def test_container_routed(self):
result = classify_obligation("Sichere Sitzungsverwaltung muss umgesetzt werden")
assert result["routing"] == "composite"
def test_framework_routed(self):
result = classify_obligation("OWASP ASVS V3 umsetzen", "umsetzen")
assert result["routing"] == "framework_container"
def test_negative_obligation(self):
result = classify_obligation("Sensible Daten dürfen nicht in URLs übertragen werden")
assert result["routing"] == "atomic"
assert result["action_type"] == "prevent"
class TestBuildCanonicalKey:
def test_minimal(self):
key = build_canonical_key("implement", "api_rate_limiting")
assert key == "implement:api_rate_limiting"
def test_with_phase(self):
key = build_canonical_key("implement", "api_rate_limiting", phase="implementation")
assert key == "implement:api_rate_limiting:implementation"
def test_full(self):
key = build_canonical_key("implement", "api_rate_limiting", "implementation", "api_endpoints")
assert key == "implement:api_rate_limiting:implementation:api_endpoints"
class TestGetPhase:
def test_implement(self):
assert get_phase("implement") == "implementation"
def test_monitor(self):
assert get_phase("monitor") == "monitoring"
def test_test(self):
assert get_phase("test") == "testing"
def test_document(self):
assert get_phase("document") == "evidence"
def test_unknown(self):
assert get_phase("unknown_action") == "implementation"
Reference in New Issue View Git Blame Copy Permalink