Manual testing - Fix permission error in JSON alert

[FrancoRivero]

Target version	Related issue	Related PR
4.5.0	wazuh/wazuh#12073	wazuh/wazuh#14019

Description

The goal of this issue is to manually test the change in analysisd to fix a bug which discards events when these events have a bad format in their permission. This bug was found in a stress test and this was tested in unit tests and it could not be reproduced manually.

Proposed checks

• Create a stress tests for 24 hours and check that the error won't show in the logs.

Steps to reproduce

We could not reproduce this error manually because this error is generated in the Windows system when Wazuh has a lot of stress applied to it.
However we could detect a format inside a Windows permission which generates a error to reproduce it. this would be:

USER (allowed or denied): permission_1|permission_2|permission_3,USER2 (allowed or denied): permission_1|permission_2|permission_3

If the permission does not have this format then this permission is skipped and the next one is searched in this case if USER fails to have the format then this permission is skipped and USER2 is searched.

Expected results

The error wazuh-analysisd: ERROR: The new permissions could not be added to the JSON alert.
should not be seen in the log but, depending on the error, we should see a message in debug1 such as :

Uncontrolled condition when parsing the username from 'USERNAME'. Skipping permission. or
Uncontrolled condition when parsing the permission type from 'PERM_TYPE'. Skipping permission.

Configuration and considerations

This bug can be reproduced with this configuration

[chemamartinez]

Hi @wazuh/qa, this issue cannot be started until PR wazuh/wazuh#14019 is ready. We still have to reach 100% green in Jenkins and complete the review.

Sorry for the inconvenience.

[chemamartinez]

@wazuh/qa the pull request is now completed.

[Deblintrake09]

Review data

Tester	PR commit
@Deblintrake09	850faee

Testing environment

OS	OS version	Deployment	Image/AMI	Notes
Windows		<JENKINS | Stress Pipeline

Tested packages

wazuh-manager	wazuh-agent
.rpm Manager	msi Agent

Status

• In progress
• Pending Review
• Team leader approved
• Manager approved

[Deblintrake09]

Update 2022/08/10

• Research Issue
• Generate packages
• Launch Stress test instances 🔴

[Deblintrake09]

Task Results

Integration Tests

System	path	Results	Notes
Windows	test_fim/	🟢 🟢 🟢

Stress Tests

Test run	duration	results	Debug Level
R1	2.5 days	🟢	Debug 2
R2	2.5 days	🟢	Debug1
R3	2.5 days	🟢	Debug1
R4	2.5 days	🟢	Debug1
R5	1 day	🟢	Debug 2
R6	1 day	🟢	Debug 2
R7	1 day	🟢	Debug 2
R8	1 day	🟢	Debug 2

[jmv74211]

The QA team has not been able to reproduce the bug as such. The development team has created unit tests that test similar cases and it is tested in this way. QA has manually tested that the bug does not occur, and FIM regression tests have been launched.