in cortado/rules.py [0:0]
def get_coverage(rules: list[Rule], rtas: list[Rta] | None = None) -> list[tuple[Rule, list[Rta], list[CoverageIssue]]]:
rtas = rtas or list(get_registry().values())
rule_to_rtas: dict[str, list[Rta]] = defaultdict(list)
for rta in rtas:
for siem_rule in rta.siem_rules:
rule_to_rtas[siem_rule.id].append(rta)
for endpoint_rule in rta.endpoint_rules:
rule_to_rtas[endpoint_rule.id].append(rta)
if not rta.siem_rules and not rta.endpoint_rules:
log.debug("RTA without any rules found, skipping", id=rta.id, name=rta.name)
continue
rules_rtas_issues: list[tuple[Rule, list[Rta], list[CoverageIssue]]] = []
for rule in sorted(rules, key=lambda r: r.id):
issues: list[CoverageIssue] = []
if rule.id not in rule_to_rtas:
issues.append(CoverageIssue.NO_RTA)
if rule_to_rtas.get(rule.id) and rule.maturity == "deprecated":
issues.append(CoverageIssue.DEPRECATED_WITH_RTA)
rtas = rule_to_rtas[rule.id]
rules_rtas_issues.append((rule, rtas, issues))
return rules_rtas_issues