Merge branch 'master' into 1796-migrate-doc-logc-macos

CHANGELOG.md

@@ -1,13 +1,123 @@
 # Change Log
 All notable changes to this project will be documented in this file.
 
-## [v1.0.0]
+## Rev 440001
+
+Wazuh version: 4.4.0 \
+Wazuh commit: TBD \
+Release report: TBD
+
+### Added
+
+### Changed
+
+### Deleted
+
+
+## Rev 430031
+
+Wazuh version: 4.3.0 \
+Wazuh commit: https:/wazuh/wazuh/commit/3a833c142983b83081d8208a6cbbab0620178f1d \
+Release report: https:/wazuh/wazuh-qa/issues/2500
+
 ### Added
+- Added specific version of libcst to install in python lower than 3.7. ([#2459](https:/wazuh/wazuh-qa/pull/2459))
+- Make `simulate-api-load` CLI run tasks simultaneously. ([#2392](https:/wazuh/wazuh-qa/pull/2392))
+- Add `qa-ctl` `v0.3`. ([#2307](https:/wazuh/wazuh-qa/pull/2307))
+- Add `qa-ctl` `v0.2`. ([#2299](https:/wazuh/wazuh-qa/pull/2299))
+- Improve the `agent_files_deletion` test . ([#2296](https:/wazuh/wazuh-qa/pull/2296))
+- Add scripts to add agents to client.keys, create agent-groups and unsynchronize agents. ([#2295](https:/wazuh/wazuh-qa/pull/2295))
+- Add cluster performance test. ([#2130](https:/wazuh/wazuh-qa/pull/2130))
+- IT Wazuh-logtest: Ruleset reloading at runtime. ([#2077](https:/wazuh/wazuh-qa/pull/2077))
+- Add script to parse and obtain stats from cluster CSVs. ([#2032](https:/wazuh/wazuh-qa/pull/2032))
+- Add `qa-ctl` tool v0.1. ([#1895](https:/wazuh/wazuh-qa/pull/1895))
+- Enable WPK tests for macOS agents. ([#1853](https:/wazuh/wazuh-qa/pull/1853))
+- Create local_internal_options configuration handler fixture. ([#1835](https:/wazuh/wazuh-qa/pull/1835))
+- Create file monitoring fixture handler. ([#1833](https:/wazuh/wazuh-qa/pull/1833))
+- Create daemon handler fixture for integration test. ([#1826](https:/wazuh/wazuh-qa/pull/1826))
+- Add test to check new possible flaws in wodles, framework and API code. ([#1659](https:/wazuh/wazuh-qa/pull/1659))
+- Add test to scan all python packages. ([#1652](https:/wazuh/wazuh-qa/pull/1652))
+- ITs for logtest verbose mode added. ([#1587](https:/wazuh/wazuh-qa/pull/1587))
+- Integration and system tests to ensure removed agent files are deleted. ([#1527](https:/wazuh/wazuh-qa/pull/1527))
+- Add wdb checksum range test case. ([#1502](https:/wazuh/wazuh-qa/pull/1502))
+- Add integration tests for max_upload_size API option. ([#1494](https:/wazuh/wazuh-qa/pull/1494))
+- Add support for Amazon Linux in vulnerability detector. ([#1473](https:/wazuh/wazuh-qa/pull/1473))
+- Add tests for invalid config of github and office365 modules. ([#1460](https:/wazuh/wazuh-qa/pull/1460))
+- Add test to check the behavior of test_max_fd_win_rt option.. ([#1387](https:/wazuh/wazuh-qa/pull/1387))
+- Add FIM Windows 4659 events tests. ([#648](https:/wazuh/wazuh-qa/pull/648))
 
 ### Changed
-- Refactor: FIM `test_synchronization` according to new standard. Phase 1. ([#2358](https:/wazuh/wazuh-qa/pull/2358))
+- Migrate `test_rids` documentation to `qa-docs`. ([#2422](https:/wazuh/wazuh-qa/pull/2422))
+- Google Cloud. IT Tests: Fixing and rework for 4.3.0-RC2. ([#2420](https:/wazuh/wazuh-qa/pull/2420))
+- Fix `wazuh-metrics` CLI bug when child processes restart. ([#2416](https:/wazuh/wazuh-qa/pull/2416))
+- IT Solaris Jenkins: Fix requirements. ([#2415](https:/wazuh/wazuh-qa/pull/2415))
+- Fix the `agent_info_sync` test according to new changes. ([#2411](https:/wazuh/wazuh-qa/pull/2411))
+- Migrate test_cpe_indexing documentation to qa-docs. ([#2407](https:/wazuh/wazuh-qa/pull/2407))
+- WazuhDB IT: Fix for 4.3. ([#2400](https:/wazuh/wazuh-qa/pull/2400))
+- Migrate test_scan_results documentation to qa-docs. ([#2398](https:/wazuh/wazuh-qa/pull/2398))
+- Migrate test_general_setting documentation to qa-docs. ([#2387](https:/wazuh/wazuh-qa/pull/2387))
+- Migrate test_providers documentation to qa-docs. ([#2377](https:/wazuh/wazuh-qa/pull/2377))
+- Update API configuration integration tests. ([#2370](https:/wazuh/wazuh-qa/pull/2370))
+- Refactor FIM `test_synchronization` according to new standard (1). ([#2358](https:/wazuh/wazuh-qa/pull/2358))
+- Migrate test_feeds documentation to qa-docs. ([#2357](https:/wazuh/wazuh-qa/pull/2357))
+- Fix autoconfigure `test_add_old_resource`. ([#2356](https:/wazuh/wazuh-qa/pull/2356))
+- Migrate test_wazuh_db documentation to qa-docs. ([#2346](https:/wazuh/wazuh-qa/pull/2346))
+- Adapt `wazuh-metrics` and `data-visualizer` CLIs to handle multiprocessing. ([#2278](https:/wazuh/wazuh-qa/pull/2278))
+- Change `time_to_sync` variable. ([#2275](https:/wazuh/wazuh-qa/pull/2275))
+- Bump pytest-html dependency. ([#2205](https:/wazuh/wazuh-qa/pull/2205))
+- Update remoted CSV headers in visualization tool. ([#2202](https:/wazuh/wazuh-qa/pull/2202))
+- Migrate `test_rootcheck` documentation to qa-docs. ([#2194](https:/wazuh/wazuh-qa/pull/2194))
+- Migrate `test_logtest` documentation to `qa-docs`. ([#2191](https:/wazuh/wazuh-qa/pull/2191))
+- Migrate test_office365 documentation to `qa-docs`. ([#2181](https:/wazuh/wazuh-qa/pull/2181))
+- fix: Change logtest custom rules ids. ([#2177](https:/wazuh/wazuh-qa/pull/2177))
+- Authd replacement configurations QA. ([#2171](https:/wazuh/wazuh-qa/pull/2171))
+- Migrate `test_github` documentation to `qa-docs`. ([#2144](https:/wazuh/wazuh-qa/pull/2144))
+- Migrate `test_glcoud` documentation to `qa-docs`. ([#2141](https:/wazuh/wazuh-qa/pull/2141))
+- Merge 4.2 into master branch . ([#2132](https:/wazuh/wazuh-qa/pull/2132))
+- Migrate `test_auth` documentation to `qa-docs`. ([#2129](https:/wazuh/wazuh-qa/pull/2129))
+- Migrate `test_registry_restrict` and `test_registry_tags` of `test_fim/test_registry`, and `test_fim/test_synchronization` documentation to `qa-docs`. ([#2128](https:/wazuh/wazuh-qa/pull/2128))
+- Migrate `test_registry_report_changes` of `test_fim/test_registry` documentation to `qa-docs`. ([#2127](https:/wazuh/wazuh-qa/pull/2127))
+- Migrate `test_registry_file_limit`, `test_registry_multiple_registries`, and `test_registry_recursion_level` of `test_fim/test_registry` documentation to `qa-docs`. ([#2126](https:/wazuh/wazuh-qa/pull/2126))
+- Migrate `test_registry_checks`, `test_registry_ignore`, and `test_registry_nodiff` of `test_fim/test_registry` documentation to `qa-docs`. ([#2125](https:/wazuh/wazuh-qa/pull/2125))
+- Migrate `test_registry_basic_usage` of `test_fim/test_registry` documentation to `qa-docs`. ([#2124](https:/wazuh/wazuh-qa/pull/2124))
+- Migrate `test_registry_ambiguous_confs` of `test_fim/test_registry` documentation to `qa-docs`. ([#2123](https:/wazuh/wazuh-qa/pull/2123))
+- Migrate `test_tags`, `test_timezone_changes`, `test_wildcards_complex`, and `test_windows_audit_interval` of `test_fim/test_files` documentation to `qa-docs`. ([#2122](https:/wazuh/wazuh-qa/pull/2122))
+- Migrate `test_scan`, `test_skip`, and `test_stats_integrity_sync` of `test_fim/test_files` documentation to `qa-docs`. ([#2121](https:/wazuh/wazuh-qa/pull/2121))
+- Migrate `test_fim/test_files/test_report_changes` documentation to `qa-docs`. ([#2120](https:/wazuh/wazuh-qa/pull/2120))
+- Migrate `test_process_priority`, `test_recursion_level`, and `test_restrict` of `test_fim/test_files` documentation to `qa-docs`. ([#2118](https:/wazuh/wazuh-qa/pull/2118))
+- Migrate `test_multiple_dirs`, `test_nodiff`, and `test_prefilter_cmd` of `test_fim/test_files` documentation to `qa-docs`. ([#2117](https:/wazuh/wazuh-qa/pull/2117))
+- Migrate `test_max_eps`, `test_max_files_per_second`, and `test_moving_files` of `test_fim/test_files` documentation to `qa-docs`. ([#2115](https:/wazuh/wazuh-qa/pull/2115))
+- Migrate `test_ignore`, `test_inotify`, and `test_invalid` of `test_fim/test_files` documentation to `qa-docs`. ([#2114](https:/wazuh/wazuh-qa/pull/2114))
+- Migrate `test_fim/test_files/test_follow_symbolic_link` documentation to `qa-docs`. ([#2112](https:/wazuh/wazuh-qa/pull/2112))
+- Migrate `test_env_variables` and `test_file_limit` of `test_fim/test_files` documentation to `qa-docs`. ([#2111](https:/wazuh/wazuh-qa/pull/2111))
+- Migrate `test_benchmark` and `test_checks` of `test_fim/test_files` documentation to `qa-docs`. ([#2110](https:/wazuh/wazuh-qa/pull/2110))
+- Migrate `test_basic_usage` of `test_fim/test_files` documentation to `qa-docs`. ([#2109](https:/wazuh/wazuh-qa/pull/2109))
+- Migrate `test_ambiguous_confs` and `test_audit` of `test_fim/test_files` documentation to qa-docs. ([#2108](https:/wazuh/wazuh-qa/pull/2108))
+- Migrate `test_api` documentation to `qa-docs`. ([#2107](https:/wazuh/wazuh-qa/pull/2107))
+- Migrate `test_analysisd` documentation to `qa-docs`. ([#2047](https:/wazuh/wazuh-qa/pull/2047))
+- Migrate `test_agentd` documentation to `qa-docs`. ([#2006](https:/wazuh/wazuh-qa/pull/2006))
+- Migrate `test_active_response` documentation to `qa-docs`. ([#1960](https:/wazuh/wazuh-qa/pull/1960))
+- Fix requirements in master. ([#2063](https:/wazuh/wazuh-qa/pull/2063))
+- Update system tests for agent key polling. ([#2119](https:/wazuh/wazuh-qa/pull/2119))
+- macOS logcollector - Fixes and new tests. ([#2043](https:/wazuh/wazuh-qa/pull/2043))
+- Update API performance tests. ([#1881](https:/wazuh/wazuh-qa/pull/1881))
+- Integrate qa-docs into wazuh-qa framework. ([#1854](https:/wazuh/wazuh-qa/pull/1854))
+- Update user used by `Kibana` in the cluster performance tests. ([#1822](https:/wazuh/wazuh-qa/pull/1822))
+- Fix cached dependencies, typos and debian repos. ([#1732](https:/wazuh/wazuh-qa/pull/1732))
+- Adapt the JSON event schema to parse WIN perms in JSON. ([#1541](https:/wazuh/wazuh-qa/pull/1541))
+- Update API performance tests. ([#1519](https:/wazuh/wazuh-qa/pull/1519))
+- Rework of simulate agents script. Add new balance mode to distribute EPS between agents. ([#1491](https:/wazuh/wazuh-qa/pull/1491))
+- Fix missing argument in test_macos_format_basic IT. ([#1478](https:/wazuh/wazuh-qa/pull/1478))
+- Check if scheduled mode is set when realtime is not available. ([#1474](https:/wazuh/wazuh-qa/pull/1474))
 
 ### Deleted
+- Delete unnecessary `CLIENT_KEYS_PATH`. ([#2419](https:/wazuh/wazuh-qa/pull/2419))
+- Remove deprecated configurations. ([#2380](https:/wazuh/wazuh-qa/pull/2380))
+- Remove deprecated test_use_only_authd. ([#2294](https:/wazuh/wazuh-qa/pull/2294))
+- Remove expected `force` option from the received request in the `agent_enrollment` system tests. ([#2289](https:/wazuh/wazuh-qa/pull/2289))
+- Remove old check. ([#2281](https:/wazuh/wazuh-qa/pull/2281))
+- Remove the disk i/o % usage calculation from the performance tools. ([#1897](https:/wazuh/wazuh-qa/pull/1897))
+- Remove FIM hard link tests. ([#1485](https:/wazuh/wazuh-qa/pull/1485))
 
 
 ## [v4.2.0]

deps/wazuh_testing/wazuh_testing/__init__.py

@@ -6,8 +6,21 @@
 import sys
 import os
 import yaml
+import platform
 from collections import defaultdict
 
+
+if sys.platform == 'win32':
+ WAZUH_PATH = os.path.join("C:", os.sep, "Program Files (x86)", "ossec-agent")
+else:
+ if sys.platform == 'darwin':
+ WAZUH_PATH = os.path.join("/", "Library", "Ossec")
+ else:
+ WAZUH_PATH = os.path.join("/var", "ossec")
+
+CLIENT_KEYS_PATH = os.path.join(WAZUH_PATH, 'etc' if platform.system() == 'Linux' else '', 'client.keys')
+DB_PATH = os.path.join(WAZUH_PATH, 'queue', 'db')
+
 UDP = 'UDP'
 TCP = 'TCP'
 TCP_UDP = 'TCP,UDP'

deps/wazuh_testing/wazuh_testing/analysis.py

@@ -217,3 +217,65 @@ def validate_analysis_integrity_state(event):
  event (dict): Candidate event to be validated against the state integrity schema
  """
  validate(schema=state_integrity_analysis_schema, instance=event)
+
+
+class CallbackWithContext(object):
+ """Class to handle file_monitoring callbacks with variable arguments.
+
+ Args:
+ function (function): callback function.
+ ctxt (*args): callback function non-keyword variable arguments.
+
+ Attributes:
+ function (function): callback function.
+ ctxt (*args): callback function non-keyword variable arguments.
+ """
+ def __init__(self, function, *ctxt):
+ self.ctxt = ctxt
+ self.function = function
+
+ def __call__(self, param):
+ return self.function(param, *self.ctxt)
+
+
+def callback_check_syscollector_alert(alert, expected_alert):
+ """Check if an alert meet certain criteria and values.
+ Args:
+ line (str): alert (json) to check.
+ expected_alert (dict): values to check.
+ Returns:
+ True if line match the criteria. None otherwise
+ """
+ try:
+ alert = json.loads(alert)
+ except Exception:
+ return None
+
+ def dotget(dotdict, k):
+ """Get value from dict using dot notation keys
+
+ Args:
+ dotdict (dict): dict to get value from
+ k (str): dot-separated key.
+
+ Returns:
+ value of specified key. None otherwise
+ """
+ if '.' in k:
+ key = k.split('.', 1)
+ return dotget(dotdict[key[0]], key[1])
+ else:
+ return dotdict.get(k)
+
+ for field in expected_alert.keys():
+ current_value = dotget(alert, field)
+ try:
+ expected_value = json.loads(expected_alert[field])
+ expected_value = expected_value if type(expected_value) is dict else str(expected_value)
+ except ValueError as e:
+ expected_value = str(expected_alert[field])
+
+ if current_value != expected_value:
+ return None
+
+ return True

deps/wazuh_testing/wazuh_testing/db_interface/__init__.py

@@ -0,0 +1,105 @@
+import json
+import socket
+import os
+import sqlite3
+
+from wazuh_testing.tools.monitoring import wazuh_pack, wazuh_unpack
+import wazuh_testing
+
+
+QUEUE_DB_PATH = os.path.join(wazuh_testing.WAZUH_PATH, 'queue', 'db')
+WAZUH_DB_SOCKET_PATH = os.path.join(QUEUE_DB_PATH, 'wdb')
+
+CVE_DB_PATH = os.path.join(wazuh_testing.WAZUH_PATH, 'queue', 'vulnerabilities', 'cve.db')
+
+
+def query_wdb(command):
+ """Make queries to wazuh-db using the wdb socket.
+
+ Args:
+ command (str): wazuh-db command alias. For example `global get-agent-info 000`.
+
+ Returns:
+ list: Query response data.
+ """
+ sock = socket.socket(socket.AF_UNIX, socket.SOCK_STREAM)
+ sock.connect(WAZUH_DB_SOCKET_PATH)
+
+ data = []
+
+ try:
+ sock.send(wazuh_pack(len(command)) + command.encode())
+
+ rcv = sock.recv(4)
+
+ if len(rcv) == 4:
+ data_len = wazuh_unpack(rcv)
+
+ data = sock.recv(data_len).decode()
+
+ # Remove response header and cast str to list of dictionaries
+ # From --> 'ok [ {data1}, {data2}...]' To--> [ {data1}, data2}...]
+ if len(data.split()) > 1 and data.split()[0] == 'ok':
+ data = json.loads(' '.join(data.split(' ')[1:]))
+ finally:
+ sock.close()
+
+ return data
+
+
+def load_sqlite_db(db_path):
+ """Load a sqlite database.
+
+ Args:
+ db_path (str): Path where is located the DB.
+
+ Returns:
+ Connection: connection to the database.
+ Cursor: cursor to the database.
+ """
+ conn = sqlite3.connect(db_path)
+ cursor = conn.cursor()
+ return conn, cursor
+
+
+def make_sqlite_query(db_path, query_list):
+ """Make a query to the database for each passed query.
+
+ Args:
+ db_path (string): Path where is located the DB.
+ query_list (list): List with queries to run.
+ """
+ connect = sqlite3.connect(db_path)
+
+ try:
+ with connect:
+ for item in query_list:
+ connect.execute(item)
+ finally:
+ connect.close()
+
+
+def get_sqlite_query_result(db_path, query):
+ """Get a query result.
+
+ Args:
+ db_path (str): Path where is located the DB.
+ query (str): SQL query. e.g(SELECT * ..).
+
+ Returns:
+ result (List[list]): Each row is the query result row and each column is the query field value.
+ """
+ try:
+ db, cursor = load_sqlite_db(db_path)
+ cursor.execute(query)
+ records = cursor.fetchall()
+ result = []
+
+ for row in records:
+ result.append(', '.join([f"{item}" for item in row]))
+
+ return result
+
+ finally:
+ cursor.close()
+ db.close()