82 lines
2.8 KiB
JavaScript
82 lines
2.8 KiB
JavaScript
// knowledge-atlas.test.mjs — Tests for MITRE ATLAS IDs in knowledge files + Norwegian context
|
|
// Verifies: each knowledge file contains AML.T references; norwegian-context.md exists and has content
|
|
|
|
import { describe, it } from 'node:test';
|
|
import assert from 'node:assert/strict';
|
|
import { readFileSync } from 'node:fs';
|
|
import { resolve } from 'node:path';
|
|
import { fileURLToPath } from 'node:url';
|
|
|
|
const __dirname = fileURLToPath(new URL('.', import.meta.url));
|
|
const ROOT = resolve(__dirname, '../..');
|
|
const KNOWLEDGE = resolve(ROOT, 'knowledge');
|
|
|
|
function readKnowledge(filename) {
|
|
try { return readFileSync(resolve(KNOWLEDGE, filename), 'utf-8'); }
|
|
catch { return null; }
|
|
}
|
|
|
|
// ---------------------------------------------------------------------------
|
|
// ATLAS IDs in OWASP and threat pattern files
|
|
// ---------------------------------------------------------------------------
|
|
|
|
const atlasFiles = [
|
|
{ file: 'owasp-llm-top10.md', minRefs: 10 },
|
|
{ file: 'owasp-agentic-top10.md', minRefs: 10 },
|
|
{ file: 'owasp-skills-top10.md', minRefs: 10 },
|
|
{ file: 'mcp-threat-patterns.md', minRefs: 5 },
|
|
{ file: 'deepmind-agent-traps.md', minRefs: 5 },
|
|
{ file: 'mitigation-matrix.md', minRefs: 5 },
|
|
];
|
|
|
|
describe('MITRE ATLAS IDs in knowledge files', () => {
|
|
for (const { file, minRefs } of atlasFiles) {
|
|
describe(file, () => {
|
|
const content = readKnowledge(file);
|
|
|
|
it('file exists', () => {
|
|
assert.ok(content !== null, `${file} should exist`);
|
|
});
|
|
|
|
it(`contains at least ${minRefs} AML.T references`, () => {
|
|
const matches = content.match(/AML\.T\d{4}/g) || [];
|
|
assert.ok(
|
|
matches.length >= minRefs,
|
|
`Expected >= ${minRefs} AML.T refs, found ${matches.length}`
|
|
);
|
|
});
|
|
|
|
it('contains AML.T0051 (LLM Prompt Injection)', () => {
|
|
assert.ok(content.includes('AML.T0051'), `${file} should reference AML.T0051`);
|
|
});
|
|
});
|
|
}
|
|
});
|
|
|
|
// ---------------------------------------------------------------------------
|
|
// Norwegian regulatory context
|
|
// ---------------------------------------------------------------------------
|
|
|
|
describe('knowledge/norwegian-context.md', () => {
|
|
const content = readKnowledge('norwegian-context.md');
|
|
|
|
it('file exists', () => {
|
|
assert.ok(content !== null, 'norwegian-context.md should exist');
|
|
});
|
|
|
|
it('references Datatilsynet', () => {
|
|
assert.ok(content.includes('Datatilsynet'), 'Should reference Datatilsynet');
|
|
});
|
|
|
|
it('references NSM', () => {
|
|
assert.ok(content.includes('NSM'), 'Should reference NSM');
|
|
});
|
|
|
|
it('references Digdir', () => {
|
|
assert.ok(content.includes('Digdir'), 'Should reference Digdir');
|
|
});
|
|
|
|
it('contains verification URLs', () => {
|
|
assert.ok(/https?:\/\//.test(content), 'Should contain verification URLs');
|
|
});
|
|
});
|