doc: Add logtest documentation following qa-docs schema. #1814

The following tests have been documented: - test_invalid_decoder_syntax.py - test_invalid_rules_syntax.py - test_invalid_socket_input.py - test_invalid_session_token.py - test_rules_verbose.py - test_remove_old_session_for_inactivity.py - test_remove_old_sessions.py - test_remove_session.py - test_load_rules_decoders.py - test_altert_labels.py - test_cdb_labels.py - test_decoder_labels.py - test_rule_labels.py All of them pass the PEP8 check. The current schema of the issue #1694 has been used.
wazuh · Nov 8, 2021 · 0a2aeaa · 0a2aeaa
1 parent e485e11
commit 0a2aeaa
Show file tree

Hide file tree

Showing 16 changed files with 1,315 additions and 130 deletions.
diff --git a/tests/integration/test_agentd/test_agentd_state.py b/tests/integration/test_agentd/test_agentd_state.py
@@ -149,7 +149,7 @@ def test_agentd_state(configure_environment, test_case: list):
  brief: Configure a custom environment for testing.
  - test_case:
  type: list
- brief: List of tests to be performed.
+ brief: List of test_case stages.
 
  assertions:
  - Verify that the 'wazuh-agentd.state' statistics file has been created.

diff --git a/tests/integration/test_logtest/test_configuration/test_configuration_file.py b/tests/integration/test_logtest/test_configuration/test_configuration_file.py
@@ -8,9 +8,10 @@
 type: integration
 
 brief: The 'wazuh-logtest' tool allows the testing and verification of rules and decoders against provided log examples
- remotely inside a sandbox in 'wazuh-analysisd'. This functionality is provided by the manager, whose work
- parameters are configured in the ossec.conf file in the XML rule_test section. Test logs can be evaluate through
- 'wazuh-logtest' tool or making requests via RESTful API.
+ remotely inside a sandbox in 'wazuh-analysisd'. This functionality is provided by the manager, whose work
+ parameters are configured in the ossec.conf file in the XML rule_test section. Test logs can be evaluated through
+ the 'wazuh-logtest' tool or by making requests via RESTful API. These tests will check if the logtest
+ configuration is valid. Also checks rules, decoders, decoders, alerts matching logs correctly.
 
 tier: 0
 
@@ -115,7 +116,7 @@ def test_configuration_file(get_configuration, configure_environment, restart_wa
  - 'Event not found'
 
  tags:
- - logtest_configuration_file
+ - logtest_configuration
  '''
  callback = None
  if 'valid_conf' in get_configuration['tags']:

diff --git a/tests/integration/test_logtest/test_configuration/test_get_configuration_sock.py b/tests/integration/test_logtest/test_configuration/test_get_configuration_sock.py
@@ -8,9 +8,10 @@
 type: integration
 
 brief: The 'wazuh-logtest' tool allows the testing and verification of rules and decoders against provided log examples
- remotely inside a sandbox in 'wazuh-analysisd'. This functionality is provided by the manager, whose work
- parameters are configured in the ossec.conf file in the XML rule_test section. Test logs can be evaluate through
- 'wazuh-logtest' tool or making requests via RESTful API.
+ remotely inside a sandbox in 'wazuh-analysisd'. This functionality is provided by the manager, whose work
+ parameters are configured in the ossec.conf file in the XML rule_test section. Test logs can be evaluated through
+ the 'wazuh-logtest' tool or by making requests via RESTful API. These tests will check if the logtest
+ configuration is valid. Also checks rules, decoders, decoders, alerts matching logs correctly.
 
 tier: 0
 
@@ -123,7 +124,7 @@ def test_get_configuration_sock(get_configuration, configure_environment, restar
  - 'Expected value in session_timeout tag: .*. Value received: .*'
 
  tags:
- - logtest_configuration_sock
+ - logtest_configuration
  '''
  configuration = get_configuration['sections'][0]['elements']
 

diff --git a/...integration/test_logtest/test_invalid_rule_decoders_syntax/test_invalid_decoder_syntax.py b/...integration/test_logtest/test_invalid_rule_decoders_syntax/test_invalid_decoder_syntax.py
@@ -1,20 +1,72 @@
-# Copyright (C) 2015-2021, Wazuh Inc.
-# Created by Wazuh, Inc. <[email protected]>.
-# This program is free software; you can redistribute it and/or modify it under the terms of GPLv2
-
+'''
+copyright: Copyright (C) 2015-2021, Wazuh Inc.
+
+ Created by Wazuh, Inc. <[email protected]>.
+
+ This program is free software; you can redistribute it and/or modify it under the terms of GPLv2
+
+type: integration
+
+brief: The 'wazuh-logtest' tool allows the testing and verification of rules and decoders against provided log examples
+ remotely inside a sandbox in 'wazuh-analysisd'. This functionality is provided by the manager, whose work
+ parameters are configured in the ossec.conf file in the XML rule_test section. Test logs can be evaluated through
+ the 'wazuh-logtest' tool or by making requests via RESTful API. These tests will check if the logtest
+ configuration is valid. Also checks rules, decoders, decoders, alerts matching logs correctly.
+
+tier: 0
+
+modules:
+ - logtest
+
+components:
+ - manager
+
+daemons:
+ - wazuh-analysisd
+
+os_platform:
+ - linux
+
+os_version:
+ - Arch Linux
+ - Amazon Linux 2
+ - Amazon Linux 1
+ - CentOS 8
+ - CentOS 7
+ - CentOS 6
+ - Ubuntu Focal
+ - Ubuntu Bionic
+ - Ubuntu Xenial
+ - Ubuntu Trusty
+ - Debian Buster
+ - Debian Stretch
+ - Debian Jessie
+ - Debian Wheezy
+ - Red Hat 8
+ - Red Hat 7
+ - Red Hat 6
+
+references:
+ - https://documentation.wazuh.com/current/user-manual/reference/tools/wazuh-logtest.html
+ - https://documentation.wazuh.com/current/user-manual/capabilities/wazuh-logtest/index.html
+ - https://documentation.wazuh.com/current/user-manual/reference/daemons/wazuh-analysisd.html
+
+tags:
+ - logtest_configuration
+'''
 import pytest
 import os
-
-from wazuh_testing.tools import WAZUH_PATH
 from yaml import safe_load
 from shutil import copy
 from json import loads
 
+from wazuh_testing.tools import WAZUH_PATH
+
 # Marks
 
 pytestmark = [pytest.mark.linux, pytest.mark.tier(level=0), pytest.mark.server]
 
-# Configurations
+# Configurationsa
 
 test_data_path = os.path.join(os.path.dirname(os.path.realpath(__file__)), 'data')
 messages_path = os.path.join(test_data_path, 'invalid_decoder_syntax.yaml')
@@ -56,8 +108,43 @@ def test_invalid_decoder_syntax(get_configuration, configure_local_decoders,
  restart_required_logtest_daemons,
  wait_for_logtest_startup,
  connect_to_sockets_function):
- """Check that every input message in logtest socket generates the adequate output."""
-
+ '''
+ description: Check if `wazuh-logtest` correctly detects and handles errors when processing a decoders file.
+ To do this, it send a logtest request using the input configurations and parse the logtest reply
+ received looking for errors.
+
+ wazuh_min_version: 4.2.0
+
+ parameters:
+ - get_configuration:
+ type: fixture
+ brief: Get configuration from the module.
+ - configure_local_decoders:
+ type: fixture
+ brief: Configure a custom decoder for testing.
+ - restart_required_logtest_daemons:
+ type: fixture
+ brief: Wazuh logtests daemons handler.
+ - wait_for_logtest_startup:
+ type: fixture
+ brief: Wait until logtest has begun.
+ - connect_to_sockets_function:
+ type: fixture
+ brief: Function scope version of 'connect_to_sockets' which connects to the specified sockets for the test.
+
+ assertions:
+ - Verify that `wazuh-logtest` retrieves errors when the loaded decoders are invalid.
+
+ input_description: Some test cases are defined in the module. These include some input configurations stored in
+ the 'invalid_decoder_syntax.yaml'.
+
+ expected_output:
+ - r'Failed stage(s) : .*' (When an error occurs, it is appended)
+ - 'Error when executing {action} in daemon {daemon}. Exit status: {result}'
+
+ tags:
+ - logtest_invalid_rule_decoder_syntax
+ '''
  # send the logtest request
  receiver_sockets[0].send(get_configuration['input'], size=True)
 

diff --git a/...s/integration/test_logtest/test_invalid_rule_decoders_syntax/test_invalid_rules_syntax.py b/...s/integration/test_logtest/test_invalid_rule_decoders_syntax/test_invalid_rules_syntax.py
@@ -1,15 +1,67 @@
-# Copyright (C) 2015-2021, Wazuh Inc.
-# Created by Wazuh, Inc. <[email protected]>.
-# This program is free software; you can redistribute it and/or modify it under the terms of GPLv2
-
+'''
+copyright: Copyright (C) 2015-2021, Wazuh Inc.
+
+ Created by Wazuh, Inc. <[email protected]>.
+
+ This program is free software; you can redistribute it and/or modify it under the terms of GPLv2
+
+type: integration
+
+brief: The 'wazuh-logtest' tool allows the testing and verification of rules and decoders against provided log examples
+ remotely inside a sandbox in 'wazuh-analysisd'. This functionality is provided by the manager, whose work
+ parameters are configured in the ossec.conf file in the XML rule_test section. Test logs can be evaluated through
+ the 'wazuh-logtest' tool or by making requests via RESTful API. These tests will check if the logtest
+ configuration is valid. Also checks rules, decoders, decoders, alerts matching logs correctly.
+
+tier: 0
+
+modules:
+ - logtest
+
+components:
+ - manager
+
+daemons:
+ - wazuh-analysisd
+
+os_platform:
+ - linux
+
+os_version:
+ - Arch Linux
+ - Amazon Linux 2
+ - Amazon Linux 1
+ - CentOS 8
+ - CentOS 7
+ - CentOS 6
+ - Ubuntu Focal
+ - Ubuntu Bionic
+ - Ubuntu Xenial
+ - Ubuntu Trusty
+ - Debian Buster
+ - Debian Stretch
+ - Debian Jessie
+ - Debian Wheezy
+ - Red Hat 8
+ - Red Hat 7
+ - Red Hat 6
+
+references:
+ - https://documentation.wazuh.com/current/user-manual/reference/tools/wazuh-logtest.html
+ - https://documentation.wazuh.com/current/user-manual/capabilities/wazuh-logtest/index.html
+ - https://documentation.wazuh.com/current/user-manual/reference/daemons/wazuh-analysisd.html
+
+tags:
+ - logtest_configuration
+'''
 import pytest
 import os
-
-from wazuh_testing.tools import WAZUH_PATH
 from yaml import safe_load
 from shutil import copy
 from json import loads
 
+from wazuh_testing.tools import WAZUH_PATH
+
 # Marks
 
 pytestmark = [pytest.mark.linux, pytest.mark.tier(level=0), pytest.mark.server]
@@ -56,8 +108,44 @@ def test_invalid_rule_syntax(get_configuration, configure_local_rules,
  restart_required_logtest_daemons,
  wait_for_logtest_startup,
  connect_to_sockets_function):
- """Check that every input message in logtest socket generates the adequate output """
-
+ '''
+ description: Check if `wazuh-logtest` correctly detects and handles errors when processing a rules file.
+ To do this, it send a logtest request(via AF_UNIX socket) using the input configurations and parse
+ the logtest reply received looking for errors.
+
+ wazuh_min_version: 4.2.0
+
+ parameters:
+ - get_configuration:
+ type: fixture
+ brief: Get configuration from the module.
+ - configure_local_rules:
+ type: fixture
+ brief: Configure a custom rule in local_rules.xml for testing. Restart Wazuh is needed for applying the
+ configuration.
+ - restart_required_logtest_daemons:
+ type: fixture
+ brief: Wazuh logtests daemons handler.
+ - wait_for_logtest_startup:
+ type: fixture
+ brief: Wait until logtest has begun.
+ - connect_to_sockets_function:
+ type: fixture
+ brief: Function scope version of 'connect_to_sockets' which connects to the specified sockets for the test.
+
+ assertions:
+ - Verify that `wazuh-logtest` retrieves errors when the loaded rules are invalid.
+
+ input_description: Some test cases are defined in the module. These include some input configurations stored in
+ the 'invalid_rules_syntax.yaml'.
+
+ expected_output:
+ - r'Failed stage(s) : .*' (When an error occurs, it is appended)
+ - 'Error when executing {action} in daemon {daemon}. Exit status: {result}'
+
+ tags:
+ - logtest_invalid_rule_decoder_syntax
+ '''
  # send the logtest request
  receiver_sockets[0].send(get_configuration['input'], size=True)