Set GitHub Actions with test cases #46
Conversation
Add sudo to apt in the workflow
Add GitHub token to the workflow
Add gzipped alerts
Add extracting alerts to workflow
|
|
||
| on: | ||
| pull_request: | ||
| branches-ignore: |
There was a problem hiding this comment.
Should ignore PR to the docker branch
| FF_REPO: "https://github.com/tudelft-cda-lab/FlexFringe" | ||
| shell: bash | ||
| run: | | ||
| gh release download latest -R $FF_REPO -p "flexfringe-x64-linux" # Might have to be updated if FlexFringe decides to change the binary name |
There was a problem hiding this comment.
I have added comments like this to indicate the dependency on FlexFringe (also present in other parts of this file)
| - name: Run regression tests on CPTC-2017 | ||
| env: | ||
| CHANGES_IDS: ${{ contains(github.event.pull_request.labels.*.name, 'changes-ids') }} # With 'changes-ids' label state IDs will be removed from the AGs | ||
| if: '!contains(github.event.pull_request.labels.*.name, ''changes-ags'')' # With 'changes-ags' label no regression tests will be run |
There was a problem hiding this comment.
So there are three cases:
- Label
changes-agsis present ⇒ don't run the regression tests - Label
changes-idsis present ⇒ run with-i(removes IDs and skipsstats-sinks-ags.sh, since the states cannot be matched due to different IDs) - Else, run normally
Something like this (tested on my fork):
|
|
||
| Follow the same procedure as above, however **do add a label `changes-ags`**. This will skip the regression tests and only run the sink tests and the Python tests. Since there is no ground truth for the attack graphs, make sure that the changes to the attack graphs make sense. Please carefully describe them in the Pull Request description. | ||
|
|
||
| ### Changes to the IDs |
There was a problem hiding this comment.
The part related to the label changes-ids
|
|
||
| If you want to add new test cases, feel free to do so. For Python tests, you can add them to the `tests.py` file. In addition, you can add the new tests to the GitHub Actions by modifying the `.github/workflows/test.yml` file. The tests, however, need first be approved, see the procedure above. | ||
|
|
||
| ### Updating the docker branch |
There was a problem hiding this comment.
Reminded about the existence of the docker branch
| - Clone [FlexFringe repository](https://github.com/tudelft-cda-lab/FlexFringe). | ||
| - Move `spdfa-config.ini` file to `FlexFringe/ini/` directory. Alternatively, you can set the `path_to_ini` variable in `sage.py` to `"./spdfa-config.ini"`. | ||
| - In case you move the `FlexFringe/` directory to another location, update the function `flexfringe` in `model_learning.py` accordingly. | ||
| - You can find the compressed alerts for the [Collegiate Penetration Testing Competition (CPTC)](https://cp.tc/research) and [Collegiate Cyber Defense Competition (CCDC)](https://github.com/FrankHassanabad/suricata-sample-data) datasets (taken from the linked sources) in the `alerts/` directory. To uncompress the alerts, run: |
There was a problem hiding this comment.
Referencing the alerts + command that uncompresses them. Does it look fine to you?
| echo "------------" | ||
|
|
||
|
|
||
| echo "Test 6: Checking sinks stats" |
There was a problem hiding this comment.
I have decided to skip this test when running with a -i option (i.e. removing state IDs). It is not possible to join the states in two attack graphs if the IDs are different (the script will behave as if they have been merged, as was the case when merging sinks)
| total_tests += 1 | ||
|
|
||
|
|
||
| # TODO: has to be written |
There was a problem hiding this comment.
As you have once mentioned, I have left TODOs for the future
| from signatures.attack_stages import MicroAttackStage | ||
|
|
||
|
|
||
| def run_episode_test(frequencies, expected, test_name="test"): |
There was a problem hiding this comment.
MicroAttackStage.DATA_EXFILTRATION and 'alert' are just placeholders. They are not used, but are needed for the code to run
| passed_tests = 0 | ||
| total_tests = 0 | ||
|
|
||
| # Test case 1: normal sequence |
There was a problem hiding this comment.
Do these test cases make sense to you?
jzelenjak
added
the
changes-ags
Closes #38