-
Notifications
You must be signed in to change notification settings - Fork 32
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
The following tests have been documented: - test_invalid_decoder_syntax.py - test_invalid_rules_syntax.py - test_invalid_socket_input.py - test_invalid_session_token.py - test_rules_verbose.py - test_remove_old_session_for_inactivity.py - test_remove_old_sessions.py - test_remove_session.py - test_load_rules_decoders.py - test_altert_labels.py - test_cdb_labels.py - test_decoder_labels.py - test_rule_labels.py All of them pass the PEP8 check. The current schema of the issue #1694 has been used.
- Loading branch information
Luis Gonzalez
committed
Nov 8, 2021
1 parent
e485e11
commit 0a2aeaa
Showing
16 changed files
with
1,315 additions
and
130 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,20 +1,72 @@ | ||
# Copyright (C) 2015-2021, Wazuh Inc. | ||
# Created by Wazuh, Inc. <[email protected]>. | ||
# This program is free software; you can redistribute it and/or modify it under the terms of GPLv2 | ||
|
||
''' | ||
copyright: Copyright (C) 2015-2021, Wazuh Inc. | ||
Created by Wazuh, Inc. <[email protected]>. | ||
This program is free software; you can redistribute it and/or modify it under the terms of GPLv2 | ||
type: integration | ||
brief: The 'wazuh-logtest' tool allows the testing and verification of rules and decoders against provided log examples | ||
remotely inside a sandbox in 'wazuh-analysisd'. This functionality is provided by the manager, whose work | ||
parameters are configured in the ossec.conf file in the XML rule_test section. Test logs can be evaluated through | ||
the 'wazuh-logtest' tool or by making requests via RESTful API. These tests will check if the logtest | ||
configuration is valid. Also checks rules, decoders, decoders, alerts matching logs correctly. | ||
tier: 0 | ||
modules: | ||
- logtest | ||
components: | ||
- manager | ||
daemons: | ||
- wazuh-analysisd | ||
os_platform: | ||
- linux | ||
os_version: | ||
- Arch Linux | ||
- Amazon Linux 2 | ||
- Amazon Linux 1 | ||
- CentOS 8 | ||
- CentOS 7 | ||
- CentOS 6 | ||
- Ubuntu Focal | ||
- Ubuntu Bionic | ||
- Ubuntu Xenial | ||
- Ubuntu Trusty | ||
- Debian Buster | ||
- Debian Stretch | ||
- Debian Jessie | ||
- Debian Wheezy | ||
- Red Hat 8 | ||
- Red Hat 7 | ||
- Red Hat 6 | ||
references: | ||
- https://documentation.wazuh.com/current/user-manual/reference/tools/wazuh-logtest.html | ||
- https://documentation.wazuh.com/current/user-manual/capabilities/wazuh-logtest/index.html | ||
- https://documentation.wazuh.com/current/user-manual/reference/daemons/wazuh-analysisd.html | ||
tags: | ||
- logtest_configuration | ||
''' | ||
import pytest | ||
import os | ||
|
||
from wazuh_testing.tools import WAZUH_PATH | ||
from yaml import safe_load | ||
from shutil import copy | ||
from json import loads | ||
|
||
from wazuh_testing.tools import WAZUH_PATH | ||
|
||
# Marks | ||
|
||
pytestmark = [pytest.mark.linux, pytest.mark.tier(level=0), pytest.mark.server] | ||
|
||
# Configurations | ||
# Configurationsa | ||
|
||
test_data_path = os.path.join(os.path.dirname(os.path.realpath(__file__)), 'data') | ||
messages_path = os.path.join(test_data_path, 'invalid_decoder_syntax.yaml') | ||
|
@@ -56,8 +108,43 @@ def test_invalid_decoder_syntax(get_configuration, configure_local_decoders, | |
restart_required_logtest_daemons, | ||
wait_for_logtest_startup, | ||
connect_to_sockets_function): | ||
"""Check that every input message in logtest socket generates the adequate output.""" | ||
|
||
''' | ||
description: Check if `wazuh-logtest` correctly detects and handles errors when processing a decoders file. | ||
To do this, it send a logtest request using the input configurations and parse the logtest reply | ||
received looking for errors. | ||
wazuh_min_version: 4.2.0 | ||
parameters: | ||
- get_configuration: | ||
type: fixture | ||
brief: Get configuration from the module. | ||
- configure_local_decoders: | ||
type: fixture | ||
brief: Configure a custom decoder for testing. | ||
- restart_required_logtest_daemons: | ||
type: fixture | ||
brief: Wazuh logtests daemons handler. | ||
- wait_for_logtest_startup: | ||
type: fixture | ||
brief: Wait until logtest has begun. | ||
- connect_to_sockets_function: | ||
type: fixture | ||
brief: Function scope version of 'connect_to_sockets' which connects to the specified sockets for the test. | ||
assertions: | ||
- Verify that `wazuh-logtest` retrieves errors when the loaded decoders are invalid. | ||
input_description: Some test cases are defined in the module. These include some input configurations stored in | ||
the 'invalid_decoder_syntax.yaml'. | ||
expected_output: | ||
- r'Failed stage(s) : .*' (When an error occurs, it is appended) | ||
- 'Error when executing {action} in daemon {daemon}. Exit status: {result}' | ||
tags: | ||
- logtest_invalid_rule_decoder_syntax | ||
''' | ||
# send the logtest request | ||
receiver_sockets[0].send(get_configuration['input'], size=True) | ||
|
||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,15 +1,67 @@ | ||
# Copyright (C) 2015-2021, Wazuh Inc. | ||
# Created by Wazuh, Inc. <[email protected]>. | ||
# This program is free software; you can redistribute it and/or modify it under the terms of GPLv2 | ||
|
||
''' | ||
copyright: Copyright (C) 2015-2021, Wazuh Inc. | ||
Created by Wazuh, Inc. <[email protected]>. | ||
This program is free software; you can redistribute it and/or modify it under the terms of GPLv2 | ||
type: integration | ||
brief: The 'wazuh-logtest' tool allows the testing and verification of rules and decoders against provided log examples | ||
remotely inside a sandbox in 'wazuh-analysisd'. This functionality is provided by the manager, whose work | ||
parameters are configured in the ossec.conf file in the XML rule_test section. Test logs can be evaluated through | ||
the 'wazuh-logtest' tool or by making requests via RESTful API. These tests will check if the logtest | ||
configuration is valid. Also checks rules, decoders, decoders, alerts matching logs correctly. | ||
tier: 0 | ||
modules: | ||
- logtest | ||
components: | ||
- manager | ||
daemons: | ||
- wazuh-analysisd | ||
os_platform: | ||
- linux | ||
os_version: | ||
- Arch Linux | ||
- Amazon Linux 2 | ||
- Amazon Linux 1 | ||
- CentOS 8 | ||
- CentOS 7 | ||
- CentOS 6 | ||
- Ubuntu Focal | ||
- Ubuntu Bionic | ||
- Ubuntu Xenial | ||
- Ubuntu Trusty | ||
- Debian Buster | ||
- Debian Stretch | ||
- Debian Jessie | ||
- Debian Wheezy | ||
- Red Hat 8 | ||
- Red Hat 7 | ||
- Red Hat 6 | ||
references: | ||
- https://documentation.wazuh.com/current/user-manual/reference/tools/wazuh-logtest.html | ||
- https://documentation.wazuh.com/current/user-manual/capabilities/wazuh-logtest/index.html | ||
- https://documentation.wazuh.com/current/user-manual/reference/daemons/wazuh-analysisd.html | ||
tags: | ||
- logtest_configuration | ||
''' | ||
import pytest | ||
import os | ||
|
||
from wazuh_testing.tools import WAZUH_PATH | ||
from yaml import safe_load | ||
from shutil import copy | ||
from json import loads | ||
|
||
from wazuh_testing.tools import WAZUH_PATH | ||
|
||
# Marks | ||
|
||
pytestmark = [pytest.mark.linux, pytest.mark.tier(level=0), pytest.mark.server] | ||
|
@@ -56,8 +108,44 @@ def test_invalid_rule_syntax(get_configuration, configure_local_rules, | |
restart_required_logtest_daemons, | ||
wait_for_logtest_startup, | ||
connect_to_sockets_function): | ||
"""Check that every input message in logtest socket generates the adequate output """ | ||
|
||
''' | ||
description: Check if `wazuh-logtest` correctly detects and handles errors when processing a rules file. | ||
To do this, it send a logtest request(via AF_UNIX socket) using the input configurations and parse | ||
the logtest reply received looking for errors. | ||
wazuh_min_version: 4.2.0 | ||
parameters: | ||
- get_configuration: | ||
type: fixture | ||
brief: Get configuration from the module. | ||
- configure_local_rules: | ||
type: fixture | ||
brief: Configure a custom rule in local_rules.xml for testing. Restart Wazuh is needed for applying the | ||
configuration. | ||
- restart_required_logtest_daemons: | ||
type: fixture | ||
brief: Wazuh logtests daemons handler. | ||
- wait_for_logtest_startup: | ||
type: fixture | ||
brief: Wait until logtest has begun. | ||
- connect_to_sockets_function: | ||
type: fixture | ||
brief: Function scope version of 'connect_to_sockets' which connects to the specified sockets for the test. | ||
assertions: | ||
- Verify that `wazuh-logtest` retrieves errors when the loaded rules are invalid. | ||
input_description: Some test cases are defined in the module. These include some input configurations stored in | ||
the 'invalid_rules_syntax.yaml'. | ||
expected_output: | ||
- r'Failed stage(s) : .*' (When an error occurs, it is appended) | ||
- 'Error when executing {action} in daemon {daemon}. Exit status: {result}' | ||
tags: | ||
- logtest_invalid_rule_decoder_syntax | ||
''' | ||
# send the logtest request | ||
receiver_sockets[0].send(get_configuration['input'], size=True) | ||
|
||
|
Oops, something went wrong.