-
Notifications
You must be signed in to change notification settings - Fork 32
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Manual testing - Fix permission error in JSON alert #3133
Comments
Hi @wazuh/qa, this issue cannot be started until PR wazuh/wazuh#14019 is ready. We still have to reach 100% green in Jenkins and complete the review. Sorry for the inconvenience. |
@wazuh/qa the pull request is now completed. |
Review data
Testing environment
Tested packages
Status
|
Update 2022/08/10
|
The QA team has not been able to reproduce the bug as such. The development team has created unit tests that test similar cases and it is tested in this way. QA has manually tested that the bug does not occur, and FIM regression tests have been launched. |
Description
The goal of this issue is to manually test the change in
analysisd
to fix a bug which discards events when these events have a bad format in their permission. This bug was found in a stress test and this was tested in unit tests and it could not be reproduced manually.Proposed checks
Steps to reproduce
We could not reproduce this error manually because this error is generated in the Windows system when Wazuh has a lot of stress applied to it.
However we could detect a format inside a Windows permission which generates a error to reproduce it. this would be:
USER (allowed or denied): permission_1|permission_2|permission_3,USER2 (allowed or denied): permission_1|permission_2|permission_3
If the permission does not have this format then this permission is skipped and the next one is searched in this case if USER fails to have the format then this permission is skipped and USER2 is searched.
Expected results
The error
wazuh-analysisd: ERROR: The new permissions could not be added to the JSON alert.
should not be seen in the log but, depending on the error, we should see a message in debug1 such as :
Uncontrolled condition when parsing the username from 'USERNAME'. Skipping permission.
orUncontrolled condition when parsing the permission type from 'PERM_TYPE'. Skipping permission.
Configuration and considerations
This bug can be reproduced with this configuration
The text was updated successfully, but these errors were encountered: