File size: 1,732 Bytes
0355450 |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 |
"""Tests for security analysis logic."""
import pytest
from src.analyzer import IncidentAnalyzer, RiskLevel, SecurityAnalysis
from src.llm import MockLLMProvider
@pytest.fixture
def analyzer():
"""Create analyzer with mock provider for tests."""
provider = MockLLMProvider()
return IncidentAnalyzer(provider)
@pytest.mark.asyncio
async def test_analyze_basic(analyzer):
"""Test basic analysis flow."""
log = "Failed authentication attempts from 192.168.1.100"
result = await analyzer.analyze(log)
assert isinstance(result, SecurityAnalysis)
assert result.summary
assert result.risk_level in RiskLevel
assert result.remediation
assert result.raw_response
def test_parse_response_critical(analyzer):
"""Test parsing of critical risk level."""
response = """
What Happened: Ransomware detected
Risk Level: CRITICAL
Suggested Actions:
- Isolate affected systems
"""
result = analyzer._parse_response(response)
assert result.risk_level == RiskLevel.CRITICAL
def test_parse_response_fallback_risk(analyzer):
"""Test risk level defaults to MEDIUM if not found."""
response = "This is a generic response with no risk level specified"
result = analyzer._parse_response(response)
assert result.risk_level == RiskLevel.MEDIUM
def test_parse_response_indicators(analyzer):
"""Test extraction of indicators."""
response = """What Happened: Suspicious activity
Risk Level: HIGH
Suggested Actions: Review logs
Indicators:
- Multiple failed logins
- Unusual IP address"""
result = analyzer._parse_response(response)
assert len(result.indicators) >= 2
assert any("failed" in ind.lower() for ind in result.indicators)
|