Unit testing - Developer Guide - Cortex XSIAM - Cortex - Security Operations

Cortex XSIAM Developer Guide

Product
Cortex XSIAM
Creation date
2023-05-01
Last date published
2024-06-04
Category
Developer Guide
Abstract

Write and run unit tests with VS Code to test small units of code in an isolated and deterministic fashion.

Unit testing should be used to test small units of code in an isolated and deterministic fashion. Unit tests should avoid performing communication with external APIs and should instead use mocking. Testing actual interaction with external APIs should be performed via test playbooks. Unit testing is currently supported for Python and PowerShell. This topic outlines the Python setup. For PowerShell see here.

Before unit testing, you need to set up the development environment and set up the integration and script environment for VS Code.

To work with unit testing, the integration or automation script needs to be developed in package (directory) structure, where the YAML file is separated from the python file and resides in its own directory.

Note

To verify the content runs with all the required dependencies, we recommend using VS Code with the Cortex XSOAR extension to write, run, and debug the unit tests locally with the corresponding image. You can alternatively use other IDEs such as PyCharm to run and debug the unit tests locally with the corresponding image. If you are using PyCharm, choose the poetry environment interpreter and enable pytest.

Use main in the integration/script

When writing unit tests, you need to import the integration/script file in order to test specific files. Therefore, the file must be written in a way that prevents it from executing when it is imported. This can be done with a simple main function which is called depending on how the file was executed. When the integration/script is called by Cortex XSIAM it has the property __name__ set to builtins. Adding the following code ensures the script is not run when imported by the unit tests:

if __name__ == "builtins":
    main()

Write unit tests

Unit tests should be written in a separate Python file named INTEGRATION_NAME_test.py. Within the unit test file, each unit test function should be named: test_$FUNCTION_TESTED_NAME. More information on writing unit tests and their formats is available at the pytest documentation. For an example of unit tests, see the Proofpoint TAP v2 integration.

Docker network

By default, unit tests are not run with access to the network; the network is disabled within the container that runs the unit-tests. If the integration/script requires access to the network during a unit test run, see .pack-ignore documentation.

Mocking

We use pytest-mock for mocking. pytest-mock is enabled by default and installed in the base environment mentioned above. To use a mocker object, pass it as a parameter to your test function. The mocker can then be used to mock both the demisto object and also external APIs. See an example of using a mocker object.

Run unit tests

Common unit testing use cases

Troubleshooting tips

  • The demisto-sdk lint by default prints out minimal output. If it fails and the reason is not clear, run the script with -v for verbose output.

  • The script creates a container image which is used to run pytest and pylint. The container image is named: devtest<origin-image>-[deps hash]. For example: devtestdemisto/python:1.3-alpine-1b9f5bee16a24c3f5463e324c1bb075. You can examine the image if needed by using docker run. For example:

    docker run --rm -it devtestdemisto/python:1.3-alpine-1b9f5bee16a24c3f5463e324c1bb075e sh