fix(backend): PATCH technique_ids returns 503 when MITRE bundle not loaded

Added bundle-loaded guard in _resolve_technique_ids() before attempting any lookup; matches behavior of GET /api/mitre/matrix and GET /api/mitre/techniques. Added corresponding test case. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-27 03:58:30 +02:00
parent b5ea2929de
commit 673b25e0b0
2 changed files with 24 additions and 0 deletions
--- a/backend/tests/test_simulations_techniques.py
+++ b/backend/tests/test_simulations_techniques.py
@@ -305,6 +305,27 @@ def test_technique_ids_empty_does_not_trigger_auto_transition(
    assert resp.get_json()["status"] == "pending"


+# ---------------------------------------------------------------------------
+# Bundle not loaded — 503 on technique_ids PATCH
+# ---------------------------------------------------------------------------
+
+
+def test_patch_technique_ids_bundle_not_loaded_returns_503(
+    client: FlaskClient, redteam_token: str
+) -> None:
+    """When MITRE bundle is absent, PATCH with technique_ids must return 503."""
+    mitre_svc.mitre_loaded = False
+    mitre_svc._index = []
+    mitre_svc._name_by_id = {}
+
+    eng = _make_engagement(client, redteam_token)
+    sim = _make_sim(client, redteam_token, eng["id"])
+
+    resp = _patch(client, redteam_token, sim["id"], {"technique_ids": ["T1059"]})
+    assert resp.status_code == 503
+    assert resp.get_json()["error"] == "mitre bundle not loaded"
+
+
 # ---------------------------------------------------------------------------
 # SOC cannot patch technique_ids (it's a redteam field)
 # ---------------------------------------------------------------------------