merge: 4.4 into revert-3270-revert-3146-fix-wdb-getconfig

.github/workflows/scripts/commits_checker.py

@@ -76,8 +76,7 @@ def check_conventional_commits_regex(commit_names):
  """
  failed = [[], []] # Position 0 for convention failures, and 1 for excess character limit
  allowed_regex = [
- r'(fix|feat|docs|refactor|style|ci|build)(\(#\d+\))?!?:\s[a-z].*',
- r'^Merge branch.*'
+ r'(fix|feat|docs|refactor|style|ci|build|merge|revert)(\(#\d+\))?!?:\s.*'
  ]
 
  # Check if the commit name complies with the established convention

CHANGELOG.md

@@ -9,6 +9,10 @@ Release report: TBD
 
 ### Added
 
+- New testing suite for checking analysisd EPS limitation([#2947](https:/wazuh/wazuh-qa/pull/3181)) \- (Framework + Tests)
+- Add stress results comparator tool ([#3478](https:/wazuh/wazuh-qa/pull/3478)) \- (Tools)
+- Add E2E tests for demo cases ([#3293](https:/wazuh/wazuh-qa/pull/3293)) \- (Framework + Tests)
+- Add configuration files for Jenkins automation of system/E2E tests ([#3221](https:/wazuh/wazuh-qa/pull/3221)) \- (Framework)
 - New vulnerability Detector integration tests for Ubuntu 22.04 ([#2957](https:/wazuh/wazuh-qa/pull/2957)) \- (Framework + Tests)
 - New vulnerability Detector integration tests for Amazon Linux 2022 ([#2955](https:/wazuh/wazuh-qa/pull/2955)) \- (Framework + Tests)
 - New vulnerability detector tests for SUSE Linux Enterpise Support ([#2945](https:/wazuh/wazuh-qa/pull/2945)) \- (Framework + Tests)
@@ -30,6 +34,8 @@ Release report: TBD
 ### Changed
 
 - Update wazuhdb_getconfig integration tests ([#3146](https:/wazuh/wazuh-qa/pull/3146)) \- (Tests)
+- Change required version of urllib3 and requests dependencies ([#3315](https:/wazuh/wazuh-qa/pull/3315)) \- (Framework)
+- Skip flaky Logcollector tests ([#3218](https:/wazuh/wazuh-qa/pull/3217)) \- (Tests)
 - Change how 'service_control' collects clusterd and apid pids ([#3140](https:/wazuh/wazuh-qa/pull/3140)) \- (Framework)
 - Change scan test module fixtures to allow use commit instead of branches ([#3134](https:/wazuh/wazuh-qa/issues/3134)) \- (Tests)
 - Update syscollector deltas integration tests ([#2921](https:/wazuh/wazuh-qa/pull/2921)) \- (Tests)
@@ -54,17 +60,38 @@ Release report: TBD
 
 ### Fixed
 
+- Fix commit option of the scan module for master case ([#3157](https:/wazuh/wazuh-qa/pull/3157)) \- (Tests)
+- Fix Vulnerability Detector IT: test_validate_feed_content yaml cases had wrong extension. ([#3299](https:/wazuh/wazuh-qa/pull/3299)) \- (Tests)
 - Fix Analysisd IT: test_syscollector_events failure on wait_for_analysisd_startup. ([#3110](https:/wazuh/wazuh-qa/pull/3110)) \- (Tests)
 - Fix GCloud IT: test_max_messages error not received expected messages - ([#3083](https:/wazuh/wazuh-qa/pull/3083)) \- (Tests)
 - Fix Solaris and Macos FIM integration tests failures ([#2976](https:/wazuh/wazuh-qa/pull/2976)) \- (Framework + Tests)
 - Fix the unstable FIM tests that need refactoring ([#2458](https:/wazuh/wazuh-qa/pull/2458)) \- (Framework + Tests)
 - Fix version validation in qa-ctl config generator ([#2454](https:/wazuh/wazuh-qa/pull/2454)) \- (Framework)
+- Fix invalid reference for test_api_endpoints_performance.py xfail items ([#3378](https:/wazuh/wazuh-qa/pull/3378)) \- (Tests)
 
 ### Removed
 
 - Remove all FIM Integration skipped tests ([#2927](https:/wazuh/wazuh-qa/issues/2927)) \- (Framework + Tests)
 - VDT ITs: Remove Debian Stretch test support. ([#3172](https:/wazuh/wazuh-qa/pull/3172)) \- (Tests)
 
+## [4.3.9] - 13-10-2022
+
+Wazuh commit: https:/wazuh/wazuh-qa/commit/8af0a5083bd69765f4d7878df9d3b785bb239723 \
+Release report: https:/wazuh/wazuh/issues/15090
+
+### Added
+
+- Add a test to check the analysisd socket properties ([#3365](https:/wazuh/wazuh-qa/pull/3365))
+
+## [4.3.8] - 19-09-2022
+
+Wazuh commit: https:/wazuh/wazuh/commit/88bf15d2cbb2040e197e34a94dda0f71f607afad \
+Release report: https:/wazuh/wazuh/issues/14827
+
+### Changed
+
+- Update wazuh-logtest messages for integration tests \- (Tests)
+
 ## [4.3.7] - 24-08-2022
 
 Wazuh commit: https:/wazuh/wazuh/commit/e2b514bef3d148acd4bcae1a1c7fa8783b82ca3a \

deps/wazuh_testing/setup.py

@@ -27,7 +27,8 @@
  'qa_ctl/deployment/dockerfiles/qa_ctl/*',
  'qa_ctl/deployment/vagrantfile_template.txt',
  'qa_ctl/provisioning/wazuh_deployment/templates/preloaded_vars.conf.j2',
- 'data/qactl_conf_validator_schema.json'
+ 'data/qactl_conf_validator_schema.json',
+ 'data/all_disabled_ossec.conf'
 ]
 
 scripts_list = [
@@ -42,7 +43,8 @@
  'qa-ctl=wazuh_testing.scripts.qa_ctl:main',
  'check-files=wazuh_testing.scripts.check_files:main'
  'add-agents-client-keys=wazuh_testing.scripts.add_agents_client_keys:main',
- 'unsync-agents=wazuh_testing.scripts.unsync_agents:main'
+ 'unsync-agents=wazuh_testing.scripts.unsync_agents:main',
+ 'stress_results_comparator=wazuh_testing.scripts.stress_results_comparator:main'
 ]
 
 
@@ -56,16 +58,17 @@ def get_files_from_directory(directory):
 
 package_data_list.extend(get_files_from_directory('wazuh_testing/qa_docs/search_ui'))
 
-setup(name='wazuh_testing',
- version='4.4.0',
- description='Wazuh testing utilities to help programmers automate tests',
- url='https:/wazuh',
- author='Wazuh',
- author_email='[email protected]',
- license='GPLv2',
- packages=find_packages(),
- package_data={'wazuh_testing': package_data_list},
- entry_points={'console_scripts': scripts_list},
- include_package_data=True,
- zip_safe=False
- )
+setup(
+ name='wazuh_testing',
+ version='4.4.0',
+ description='Wazuh testing utilities to help programmers automate tests',
+ url='https:/wazuh',
+ author='Wazuh',
+ author_email='[email protected]',
+ license='GPLv2',
+ packages=find_packages(),
+ package_data={'wazuh_testing': package_data_list},
+ entry_points={'console_scripts': scripts_list},
+ include_package_data=True,
+ zip_safe=False
+)

deps/wazuh_testing/wazuh_testing/__init__.py

@@ -18,6 +18,9 @@
  else:
  WAZUH_PATH = os.path.join("/var", "ossec")
 
+
+WAZUH_CONF_PATH = os.path.join(WAZUH_PATH, 'etc', 'ossec.conf')
+WAZUH_LOGS_PATH = os.path.join(WAZUH_PATH, 'logs')
 CLIENT_KEYS_PATH = os.path.join(WAZUH_PATH, 'etc' if platform.system() == 'Linux' else '', 'client.keys')
 DB_PATH = os.path.join(WAZUH_PATH, 'queue', 'db')
 QUEUE_DB_PATH = os.path.join(WAZUH_PATH, 'queue', 'db')
@@ -26,12 +29,15 @@
 CVE_DB_PATH = os.path.join(WAZUH_PATH, 'queue', 'vulnerabilities', 'cve.db')
 LOG_FILE_PATH = os.path.join(WAZUH_PATH, 'logs', 'ossec.log')
 ALERTS_JSON_PATH = os.path.join(WAZUH_PATH, 'logs', 'alerts', 'alerts.json')
+ARCHIVES_LOG_PATH = os.path.join(WAZUH_PATH, 'logs', 'archives', 'archives.log')
+ARCHIVES_JSON_PATH = os.path.join(WAZUH_PATH, 'logs', 'archives', 'archives.json')
 CPE_HELPER_PATH = os.path.join(WAZUH_PATH, 'queue', 'vulnerabilities', 'dictionaries', 'cpe_helper.json')
 WAZUH_API_CONF = os.path.join(WAZUH_PATH, 'api', 'configuration', 'api.yaml')
 WAZUH_SECURITY_CONF = os.path.join(WAZUH_PATH, 'api', 'configuration', 'security', 'security.yaml')
 API_LOG_FILE_PATH = os.path.join(WAZUH_PATH, 'logs', 'api.log')
 API_JSON_LOG_FILE_PATH = os.path.join(WAZUH_PATH, 'logs', 'api.json')
 API_LOG_FOLDER = os.path.join(WAZUH_PATH, 'logs', 'api')
+WAZUH_TESTING_PATH = os.path.dirname(os.path.abspath(__file__))
 
 # Daemons
 LOGCOLLECTOR_DAEMON = 'wazuh-logcollector'
@@ -52,11 +58,17 @@
 
 API_DAEMONS_REQUIREMENTS = [API_DAEMON, DB_DAEMON, EXEC_DAEMON, ANALYSISD_DAEMON, REMOTE_DAEMON, MODULES_DAEMON]
 
+# Paths
+SYSLOG_SIMULATOR = os.path.join(WAZUH_TESTING_PATH, 'scripts', 'syslog_simulator.py')
+ANALYSISD_STATE = os.path.join(WAZUH_PATH, 'var', 'run', 'wazuh-analysisd.state')
+
 # Timeouts
 T_5 = 5
 T_10 = 10
 T_20 = 20
 T_30 = 30
+T_60 = 60
+
 
 # Protocols
 UDP = 'UDP'

deps/wazuh_testing/wazuh_testing/data/all_disabled_ossec.conf

@@ -0,0 +1,87 @@
+<ossec_config>
+ <global>
+ <alerts_log>yes</alerts_log>
+ </global>
+
+ <!-- Choose between "plain", "json", or "plain,json" for the format of internal logs -->
+ <logging>
+ <log_format>plain</log_format>
+ </logging>
+
+ <remote>
+ <connection>secure</connection>
+ <port>1514</port>
+ <protocol>tcp</protocol>
+ <queue_size>131072</queue_size>
+ </remote>
+
+ <!-- Policy monitoring -->
+ <rootcheck>
+ <disabled>yes</disabled>
+ </rootcheck>
+
+ <wodle name="cis-cat">
+ <disabled>yes</disabled>
+ </wodle>
+
+ <!-- Osquery integration -->
+ <wodle name="osquery">
+ <disabled>yes</disabled>
+ </wodle>
+
+ <!-- System inventory -->
+ <wodle name="syscollector">
+ <disabled>yes</disabled>
+ </wodle>
+
+ <sca>
+ <enabled>no</enabled>
+ </sca>
+
+ <vulnerability-detector>
+ <enabled>no</enabled>
+ </vulnerability-detector>
+
+ <!-- File integrity monitoring -->
+ <syscheck>
+ <disabled>yes</disabled>
+ </syscheck>
+
+ <ruleset>
+ <!-- Default ruleset -->
+ <decoder_dir>ruleset/decoders</decoder_dir>
+ <rule_dir>ruleset/rules</rule_dir>
+ <rule_exclude>0215-policy_rules.xml</rule_exclude>
+ <list>etc/lists/audit-keys</list>
+ <list>etc/lists/amazon/aws-eventnames</list>
+ <list>etc/lists/security-eventchannel</list>
+
+ <!-- User-defined ruleset -->
+ <decoder_dir>etc/decoders</decoder_dir>
+ <rule_dir>etc/rules</rule_dir>
+ </ruleset>
+
+ <rule_test>
+ <enabled>yes</enabled>
+ <threads>1</threads>
+ <max_sessions>64</max_sessions>
+ <session_timeout>15m</session_timeout>
+ </rule_test>
+
+ <!-- Configuration for wazuh-authd -->
+ <auth>
+ <disabled>no</disabled>
+ <port>1515</port>
+ <use_source_ip>no</use_source_ip>
+ <purge>yes</purge>
+ <use_password>no</use_password>
+ <ciphers>HIGH:!ADH:!EXP:!MD5:!RC4:!3DES:!CAMELLIA:@STRENGTH</ciphers>
+ <!-- <ssl_agent_ca></ssl_agent_ca> -->
+ <ssl_verify_host>no</ssl_verify_host>
+ <ssl_manager_cert>etc/sslmanager.cert</ssl_manager_cert>
+ <ssl_manager_key>etc/sslmanager.key</ssl_manager_key>
+ <ssl_auto_negotiate>no</ssl_auto_negotiate>
+ </auth>
+
+</ossec_config>
+

deps/wazuh_testing/wazuh_testing/end_to_end/__init__.py

@@ -0,0 +1,94 @@
+# Copyright (C) 2015-2022, Wazuh Inc.
+# Created by Wazuh, Inc. <[email protected]>.
+# This program is free software; you can redistribute it and/or modify it under the terms of GPLv2
+import os
+import requests
+from http import HTTPStatus
+from tempfile import gettempdir
+
+from wazuh_testing.tools.utils import retry
+
+
+fetched_alerts_json_path = os.path.join(gettempdir(), 'alerts.json')
+
+
+@retry(Exception, attempts=3, delay=5)
+def get_alert_indexer_api(query, credentials, ip_address, index='wazuh-alerts-4.x-*'):
+ """Get an alert from the wazuh-indexer API
+
+ Make a request to the wazuh-indexer API to get the last indexed alert that matches the values passed in
+ must_match.
+
+ Args:
+ ip_address (str): wazuh-indexer IP address.
+ index (str): Index in which to search for the alert.
+ query (dict): Query to send to the API.
+ credentials(dict): wazuh-indexer credentials.
+
+ Returns:
+ `obj`(map): Search results
+ """
+ url = f"https://{ip_address}:9200/{index}/_search?"
+
+ response = requests.get(url=url, params={'pretty': 'true'}, json=query, verify=False,
+ auth=requests.auth.HTTPBasicAuth(credentials['user'], credentials['password']))
+
+ if '"hits" : [ ]' in response.text:
+ raise Exception('Alert not indexed')
+ elif response.status_code != HTTPStatus.OK:
+ raise Exception(f"The request wasn't successful.\nActual response: {response.text}")
+
+ return response
+
+
+def delete_index_api(credentials, ip_address, index='wazuh-alerts-4.x-*'):
+ """Delete indices from wazuh-indexer using its API.
+
+ Make a request to the wazuh-indexer API to delete indices that match a given name.
+
+ Args:
+ ip_address (str): wazuh-indexer IP address.
+ index (str): Name of the index to be deleted.
+ credentials(dict): wazuh-indexer credentials.
+
+ Returns:
+ obj(class): `Response <Response>` object
+ obj(class): `NoneType` object
+ """
+ url = f"https://{ip_address}:9200/"
+ authorization = requests.auth.HTTPBasicAuth(credentials['user'], credentials['password'])
+
+ response = requests.delete(url=url+index, params={'pretty': 'true'}, verify=False, auth=authorization)
+
+ if response.status_code != HTTPStatus.OK:
+ raise Exception(f"The index(es) have not been deleted successfully. Actual response {response.text}")
+
+ return response
+
+
+def make_query(must_match):
+ """Create a query according to the values passed in must_match.
+
+ Args:
+ must_match (list): Values to be matched with the indexed alert.
+
+ Returns:
+ dict: Fully formed query.
+ """
+ query = {
+ "query": {
+ "bool": {
+ "must": must_match
+ }
+ },
+ "size": 1,
+ "sort": [
+ {
+ "timestamp": {
+ "order": "desc"
+ }
+ }
+ ]
+ }
+
+ return query

deps/wazuh_testing/wazuh_testing/event_monitor.py

@@ -0,0 +1,39 @@
+import re
+
+from wazuh_testing.tools.monitoring import FileMonitor
+
+
+def make_callback(pattern, prefix=''):
+ """Create a callback function from a text pattern.
+ Args:
+ pattern (str): String to match on the log.
+ prefix (str): regular expression used as prefix before the pattern.
+ Returns:
+ lambda: function that returns if there's a match in the file
+ """
+ pattern = r'\s+'.join(pattern.split())
+ regex = re.compile(r'{}{}'.format(prefix, pattern))
+
+ return lambda line: regex.match(line)
+
+
+def check_event(file_monitor=None, callback='', error_message=None, update_position=True, timeout=20,
+ accum_results=1, file_to_monitor=None):
+ """Check if an API event occurs
+ Args:
+ file_monitor (FileMonitor): FileMonitor object to monitor the file content.
+ callback (str): log regex to check in the file
+ error_message (str): error message to show in case of expected event does not occur
+ update_position (boolean): filter configuration parameter to search in the file
+ timeout (str): timeout to check the event in the file
+ prefix (str): log pattern regex
+ accum_results (int): Accumulation of matches.
+ """
+ file_monitor = FileMonitor(file_to_monitor) if file_monitor is None else file_monitor
+ error_message = f"Could not find this event in {file_to_monitor}: {callback}" if error_message is None else \
+ error_message
+
+ result = file_monitor.start(timeout=timeout, update_position=update_position, accum_results=accum_results,
+ callback=make_callback(callback), error_message=error_message)
+
+ return result