Skip to main content
Panther Knowledge Base

How to test with mocks when a Panther detection sorts cached values

  1. Last updated
  2. Save as PDF

QUESTION

One of my detections fetches values from Panther's cache, and sorts these values in its runtime logic. Given the way mocks work, and the way caching works in Panther, how should I set up my mocks in the unit tests for this detection?

ANSWER

Mocks are designed to pretend to be an API response, or cached DB value. If the live detection will deal with unsorted data, then at least one unit test should have a mock with unsorted data.

Generally, mocked values match the nature of the values in the DB or API response they are "mocking". One common practice is to copy data straight from a real world result into a test or mock, redacting if necessary. The primary exception, i.e. the time you want a mock or test to not match the DB, is when you know how the DB data will look later, so you can test your detection against that future state.

Put another way, if the rule code described above is sorting the cached dictionary itself, then you don't need to sort the mocked data. However, if the rule relies on the cache returning an already-sorted set, then the mocked cache would also need to return a sorted set.

  1. Back to top
  • Was this article helpful?

Recommended articles

  1. Page type
    Topic
  2. Tags
    This page has no tags.