diff --git a/deps/wazuh_testing/wazuh_testing/logcollector.py b/deps/wazuh_testing/wazuh_testing/logcollector.py index d4f000d22c..1c54244e9e 100644 --- a/deps/wazuh_testing/wazuh_testing/logcollector.py +++ b/deps/wazuh_testing/wazuh_testing/logcollector.py @@ -17,10 +17,11 @@ GENERIC_CALLBACK_ERROR_ANALYZING_MACOS = "The expected analyzing macos log has not been produced" GENERIC_CALLBACK_ERROR_TARGET_SOCKET = "The expected target socket log has not been produced" GENERIC_CALLBACK_ERROR_TARGET_SOCKET_NOT_FOUND = "The expected target socket not found error has not been produced" -LOG_COLLECTOR_GLOBAL_TIMEOUT = 20 GENERIC_CALLBACK_ERROR_READING_FILE = "The expected invalid content error log has not been produced" GENERIC_CALLBACK_ERROR = 'The expected error output has not been produced' +LOG_COLLECTOR_GLOBAL_TIMEOUT = 20 + DEFAULT_AUTHD_REMOTED_SIMULATOR_CONFIGURATION = { 'ip_address': 'localhost', 'client_keys': os.path.join(WAZUH_PATH, 'etc', 'client.keys'), diff --git a/docs/tests/integration/help.md b/docs/tests/integration/help.md index 8835de70a0..0c46c80fc7 100644 --- a/docs/tests/integration/help.md +++ b/docs/tests/integration/help.md @@ -12,6 +12,7 @@ Our newest integration tests are located in `wazuh-qa/tests/integration/`. They - _test_sca_ - _test_vulnerability_detector_ - _test_wazuh_db_ +- _test_logtest_ Every group will have the following structure: diff --git a/docs/tests/integration/index.md b/docs/tests/integration/index.md index 0c04197995..e6ebc73571 100644 --- a/docs/tests/integration/index.md +++ b/docs/tests/integration/index.md @@ -15,6 +15,7 @@ Our newest integration tests are located in `wazuh-qa/tests/integration/`. They - **[_test_vulnerability_detector_](test_vulnerability_detector#tests-vulnerability-detector)** - **[_test_wazuh_db_](test_wazuh_db#test_wazuh_db)** - **[_test_logcollector_](test_logcollector#test_logcollector)** +- **[_test_logtest_](test_logtest/index.md#test_logtest)** ## How to setup the test environment @@ -22,7 +23,7 @@ To run the tests you need to have `python3 >= 3.6` installed along with a set of You can see all the information about it **[here](set_up_environment.md#setting-up-a-test-environment)** -## About test structure +## About test structure See **[here](help.md#integration-tests-structure)** more information about the testing files structure or about `pytest` testing framework. diff --git a/docs/tests/integration/test_logtest/index.md b/docs/tests/integration/test_logtest/index.md index 4bba659ebc..d775b75b37 100644 --- a/docs/tests/integration/test_logtest/index.md +++ b/docs/tests/integration/test_logtest/index.md @@ -1 +1,84 @@ -# Overview \ No newline at end of file +# Test Logtest + +## Overview + +Wazuh-Logtest allows testing and verifying rules and decoders and it is based on +the use of unique sessions where each session loads its own rules and decoders. +These tests ensure that logtest works correctly under different scenarios and +that every option available work as expected. + +## Tiers + +### Tier 0 + +#### Test configuration + +- **[Test configuration file](test_configuration/test_configuration_file.md)**: +Check if `wazuh-logtest` works as expected under different pre-defined +configurations that either produce the logtest to correctly start; to be +disabled or to log an error. + +- **[Test get configuration sock](test_configuration/test_get_configuration_sock.md)**: +Check if `wazuh-analisysd` correctly retrieves the `rule_test` configuration. + +#### Test invalid socket input + +- **[Test invalid socket input](test_invalid_socket_input/test_invalid_socket_input.md)**: +Check if `wazuh-logtest` correctly detects and handles errors when sending a +message through the socket to `analysisd`. + +#### Test invalid token + +- **[Test invalid token](test_invalid_token/test_invalid_session_token.md)**: +Check if `wazuh-logtest` correctly detects and handles errors when using a token. + +#### Test remove session + +- **[Test remove session](test_remove_session/test_remove_session.md)**: +Check if `wazuh-logtest` correctly detects and removes the sessions under +pre-defined scenarios. + +#### Test remove old sessions + +- **[Test remove old sessions](test_remove_old_sessions/test_remove_old_sessions.md)**: +Check that `wazuh-logtest` correctly detects and handles the situation where trying +to use more sessions than allowed and then the oldest session is released. + +- **[Test remove old session for inactivity](test_remove_old_sessions/test_remove_old_session_for_inactivity.md)**: +Check that `wazuh-logtest` correctly detects and handles the situation where trying +to use more sessions than allowed and then old sessions are released due to +inactivity. + +#### Test rules decoders load + +- **[Test load rules decoders](test_rules_decoders_load/test_load_rules_decoders.md)**: +Check if `wazuh-logtest` produce the correct rule/decoder matching. + +#### Test ruleset refresh + +- **[Test alert labels](test_ruleset_refresh/test_alert_labels.md)**: +Check that after modifying the alert level it takes effect when opening a new +logtest sessions, without having to reset the manager. +#### Test ruleset refresh + +- **[Test cdb labels](test_ruleset_refresh/test_cdb_labels.md)**: +Check that `wazuh-logtest` works as expected with the operation of +loading new cdb list files without the need to restart the manager. + +#### Test ruleset refresh + +- **[Test rule labels](test_ruleset_refresh/test_rule_labels.md)**: +Checks if modifying the configuration of the rules, by using its labels, takes +effect when opening new logtest sessions, without having to reset the manager. +- **[Test decoder labels](test_ruleset_refresh/test_decoder_labels.md)**: +Checks if modifying the configuration of the decoder, by using its labels, takes +effect when opening new logtest sessions without having to reset the manager. +#### Test invalid rule decoders syntax + +- **[Test invalid rules syntax](test_invalid_rule_decoders_syntax/test_invalid_rules_syntax.md)**: +Check that `wazuh-logtest` correctly detects and handles errors when processing a +rules file. + +- **[Test invalid decoder syntax](test_invalid_rule_decoders_syntax/test_invalid_decoder_syntax.md)**: +Check that `wazuh-logtest` correctly detects and handles errors when processing a +decoders file. diff --git a/docs/tests/integration/test_logtest/test_configuration/test_configuration_file.md b/docs/tests/integration/test_logtest/test_configuration/test_configuration_file.md index e69de29bb2..174299166a 100644 --- a/docs/tests/integration/test_logtest/test_configuration/test_configuration_file.md +++ b/docs/tests/integration/test_logtest/test_configuration/test_configuration_file.md @@ -0,0 +1,27 @@ +# Test logtest - configuration file + +## Overview + +Check if `wazuh-logtest` works as expected under different pre-defined +configurations that either produce `wazuh-logtest` to correctly start; to be +disabled or to log an error. + +## Objective + +- Confirm that, under different sets of configurations, `wazuh-logtest` +correctly handles the configuration and creates a log entry on the Wazuh log, +reporting the result of loading it. + +## General info + +|Tier | Total | Time spent | +| :--:| :--: | :--: | +| 0 | 5 | 1m30s | + +## Expected behavior + +- Fail if the expected log entry is not found among the Wazuh logs. + +## Code documentation + +::: tests.integration.test_logtest.test_configuration.test_configuration_file diff --git a/docs/tests/integration/test_logtest/test_configuration/test_get_configuration_sock.md b/docs/tests/integration/test_logtest/test_configuration/test_get_configuration_sock.md index e69de29bb2..216d7dfea7 100644 --- a/docs/tests/integration/test_logtest/test_configuration/test_get_configuration_sock.md +++ b/docs/tests/integration/test_logtest/test_configuration/test_get_configuration_sock.md @@ -0,0 +1,28 @@ +# Test logtest - get configuration socket + +## Overview + +Check if `wazuh-analisysd` correctly retrieves the `rule_test` configuration. + +## Objective + +- Confirm that, under different sets of configurations, `wazuh-analisysd` +returns the right information from the `rule_test` configuration block. + +## General info + +|Tier | Total | Time spent | +| :--:| :--: | :--: | +| 0 | 5 | 1m23s | + +## Expected behavior + +- Fail if `wazuh-analisysd` does not retrieve the information in the expected format. +- Fail if `wazuh-analisysd` does not retrieve the expected value of the `enabled` field. +- Fail if `wazuh-analisysd` does not retrieve the expected value of the `threads` field. +- Fail if `wazuh-analisysd` does not retrieve the expected value of the `max_sessions` field. +- Fail if `wazuh-analisysd` does not retrieve the expected value of the `session_timeout` field. + +## Code documentation + +::: tests.integration.test_logtest.test_configuration.test_get_configuration_sock diff --git a/docs/tests/integration/test_logtest/test_invalid_rule_decoders_syntax/test_invalid_decoder_syntax.md b/docs/tests/integration/test_logtest/test_invalid_rule_decoders_syntax/test_invalid_decoder_syntax.md index e69de29bb2..ee65119d04 100644 --- a/docs/tests/integration/test_logtest/test_invalid_rule_decoders_syntax/test_invalid_decoder_syntax.md +++ b/docs/tests/integration/test_logtest/test_invalid_rule_decoders_syntax/test_invalid_decoder_syntax.md @@ -0,0 +1,23 @@ +# Test logtest - invalid decoder syntax + +## Overview + +Check if `wazuh-logtest` correctly detects and handles errors when processing a decoders file. + +## Objective + +- Confirm that `wazuh-logtest` retrieves errors when the loaded decoders are invalid. + +## General info + +|Tier | Total | Time spent | +| :--:| :--: | :--: | +| 0 | 11 | 1s | + +## Expected behavior + +- Fail if `wazuh-logtest` does not retrieve an error when it should. + +## Code documentation + +::: tests.integration.test_logtest.test_invalid_rule_decoders_syntax.test_invalid_decoder_syntax diff --git a/docs/tests/integration/test_logtest/test_invalid_rule_decoders_syntax/test_invalid_rules_syntax.md b/docs/tests/integration/test_logtest/test_invalid_rule_decoders_syntax/test_invalid_rules_syntax.md index e69de29bb2..b46e23c280 100644 --- a/docs/tests/integration/test_logtest/test_invalid_rule_decoders_syntax/test_invalid_rules_syntax.md +++ b/docs/tests/integration/test_logtest/test_invalid_rule_decoders_syntax/test_invalid_rules_syntax.md @@ -0,0 +1,23 @@ +# Test logtest - invalid rules syntax + +## Overview + +Check if `wazuh-logtest` correctly detects and handles errors when processing a rules file. + +## Objective + +- Confirm that `wazuh-logtest` retrieves errors when the loaded rules are invalid. + +## General info + +|Tier | Total | Time spent | +| :--:| :--: | :--: | +| 0 | 15 | 9s | + +## Expected behavior + +- Fail if `wazuh-logtest` does not retrieve an error when it should. + +## Code documentation + +::: tests.integration.test_logtest.test_invalid_rule_decoders_syntax.test_invalid_rules_syntax diff --git a/docs/tests/integration/test_logtest/test_invalid_socket_input/test_invalid_socket_input.md b/docs/tests/integration/test_logtest/test_invalid_socket_input/test_invalid_socket_input.md index e69de29bb2..f62489992a 100644 --- a/docs/tests/integration/test_logtest/test_invalid_socket_input/test_invalid_socket_input.md +++ b/docs/tests/integration/test_logtest/test_invalid_socket_input/test_invalid_socket_input.md @@ -0,0 +1,25 @@ +# Test logtest - invalid socket input + +## Overview + +Check if `wazuh-logtest` correctly detects and handles errors when sending a +message through the socket to `analysisd`. + +## Objective + +- Confirm that the comunication through the sockets works well by verifying that +all the test cases produce the right output. + +## General info + +|Tier | Total | Time spent | +| :--:| :--: | :--: | +| 0 | 26 | 1s | + +## Expected behavior + +- Fail if the message received through the socket does not match the expected output. + +## Code documentation + +::: tests.integration.test_logtest.test_invalid_socket_input.test_invalid_socket_input diff --git a/docs/tests/integration/test_logtest/test_invalid_token/test_invalid_session_token.md b/docs/tests/integration/test_logtest/test_invalid_token/test_invalid_session_token.md index e69de29bb2..5ee3ad65f1 100644 --- a/docs/tests/integration/test_logtest/test_invalid_token/test_invalid_session_token.md +++ b/docs/tests/integration/test_logtest/test_invalid_token/test_invalid_session_token.md @@ -0,0 +1,23 @@ +# Test logtest - invalid session token + +## Overview + +Check if `wazuh-logtest` correctly detects and handles errors when using a session token. + +## Objective + +- Confirm that `wazuh-logtest` detects invalid session tokens. + +## General info + +|Tier | Total | Time spent | +| :--:| :--: | :--: | +| 0 | 6 | 3s | + +## Expected behavior + +- Fail if `wazuh-logtest` does not produce an error when trying to use an invalid session token. + +## Code documentation + +::: tests.integration.test_logtest.test_invalid_token.test_invalid_session_token diff --git a/docs/tests/integration/test_logtest/test_remove_old_sessions/test_remove_old_session_for_inactivity.md b/docs/tests/integration/test_logtest/test_remove_old_sessions/test_remove_old_session_for_inactivity.md index e69de29bb2..0455cbfd03 100644 --- a/docs/tests/integration/test_logtest/test_remove_old_sessions/test_remove_old_session_for_inactivity.md +++ b/docs/tests/integration/test_logtest/test_remove_old_sessions/test_remove_old_session_for_inactivity.md @@ -0,0 +1,27 @@ +# Test logtest - remove old session for inactivity + +## Overview + +Check if `wazuh-logtest` correctly detects and handles the situation where trying +to use more sessions than allowed and then old sessions are released due to +inactivity. + +## Objective + +- Confirm that `wazuh-logtest` removes the inactive sessions after a certain time. + +## General info + +|Tier | Total | Time spent | +| :--:| :--: | :--: | +| 0 | 1 | 1m 5s | + +## Expected behavior + +- Fail if `wazuh-logtest` does not start. +- Fail if `wazuh-logtest` can not create a new session. +- Fail if `wazuh-logtest` old session is not removed. + +## Code documentation + +::: tests.integration.test_logtest.test_remove_old_sessions.test_remove_old_session_for_inactivity diff --git a/docs/tests/integration/test_logtest/test_remove_old_sessions/test_remove_old_sessions.md b/docs/tests/integration/test_logtest/test_remove_old_sessions/test_remove_old_sessions.md index e69de29bb2..41ce06ff14 100644 --- a/docs/tests/integration/test_logtest/test_remove_old_sessions/test_remove_old_sessions.md +++ b/docs/tests/integration/test_logtest/test_remove_old_sessions/test_remove_old_sessions.md @@ -0,0 +1,28 @@ +# Test logtest - remove old sessions + +## Overview + +Check if `wazuh-logtest` correctly detects and handles the situation when trying +to use more sessions than allowed and so, to make room, the oldest session is +released. + +## Objective + +- Confirm that `wazuh-logtest` releases the oldest session when a new session is +opened and the number of active sessions reached its limit. + +## General info + +|Tier | Total | Time spent | +| :--:| :--: | :--: | +| 0 | 1 | 1m | + +## Expected behavior + +- Fail if `wazuh-logtest` does not start. +- Fail if `wazuh-logtest` can not create a new session. +- Fail if `wazuh-logtest` oldest session is not removed. + +## Code documentation + +::: tests.integration.test_logtest.test_remove_old_sessions.test_remove_old_sessions diff --git a/docs/tests/integration/test_logtest/test_remove_session/test_remove_session.md b/docs/tests/integration/test_logtest/test_remove_session/test_remove_session.md index e69de29bb2..fbb5ab2343 100644 --- a/docs/tests/integration/test_logtest/test_remove_session/test_remove_session.md +++ b/docs/tests/integration/test_logtest/test_remove_session/test_remove_session.md @@ -0,0 +1,24 @@ +# Test logtest - remove session + +## Overview + +Check if `wazuh-logtest` correctly detects and removes the sessions under +pre-defined scenarios. + +## Objective + +- Confirm that `wazuh-logtest` correctly handles the sessions removals. + +## General info + +|Tier | Total | Time spent | +| :--:| :--: | :--: | +| 0 | 9 | 1s | + +## Expected behavior + +- Fail if the session removal attempt does not produce the expected result message. + +## Code documentation + +::: tests.integration.test_logtest.test_remove_session.test_remove_session diff --git a/docs/tests/integration/test_logtest/test_rules_decoders_load/test_load_rules_decoders.md b/docs/tests/integration/test_logtest/test_rules_decoders_load/test_load_rules_decoders.md index e69de29bb2..13de70d0f3 100644 --- a/docs/tests/integration/test_logtest/test_rules_decoders_load/test_load_rules_decoders.md +++ b/docs/tests/integration/test_logtest/test_rules_decoders_load/test_load_rules_decoders.md @@ -0,0 +1,24 @@ +# Test logtest - load rules decoders + +## Overview + +Check if `wazuh-logtest` produce the correct rule/decoder matching. + +## Objective + +- Confirm that `wazuh-logtest` does produce the right decoder/rule matching when +processing a log under different sets of configurations. + +## General info + +|Tier | Total | Time spent | +| :--:| :--: | :--: | +| 0 | 6 | 7s | + +## Expected behavior + +- Fail if `wazuh-logtest` does not produce the expected output when processing a log. + +## Code documentation + +::: tests.integration.test_logtest.test_rules_decoders_load.test_load_rules_decoders diff --git a/docs/tests/integration/test_logtest/test_ruleset_refresh/test_alert_labels.md b/docs/tests/integration/test_logtest/test_ruleset_refresh/test_alert_labels.md new file mode 100644 index 0000000000..de106c374c --- /dev/null +++ b/docs/tests/integration/test_logtest/test_ruleset_refresh/test_alert_labels.md @@ -0,0 +1,38 @@ +# Test logtest - rules labels + +## Overview + +Check that after modifying the alert level it takes effect when opening a new +logtest sessions, without having to reset the manager. + +## Objective + +- To confirm that, when using the default alert level, a log under +test, that should trigger an alert when being analyzed with `logtest`, does +indeed trigger an alert. +- To confirm that, when using the default alert level, a log under +test, that should not trigger an alert when being analyzed with `logtest`, does +not trigger any alert. +- To confirm that, when using a custom alert level, a log under +test, that should trigger an alert when being analyzed with `logtest`, does +indeed trigger an alert, without having to reset the manager. +- To confirm that, when using a custom alert level, a log under +test, that should not trigger an alert when being analyzed with `logtest`, does +not trigger any alert, without having to reset the manager. + +## General info + +|Tier | Total | Time spent | +| :--:| :--: | :--: | +| 0 | 4 | 3s | + +## Expected behavior + +- Fail if `wazuh-analysisd` is not running +- Fail if `wazuh-analysisd` returns an error +- Fail if `wazuh-analysisd` does not trigger an alert when, according to the alert level, it should do so +- Fail if `wazuh-analysisd` does trigger an alert when, according to the alert level, it should not do so + +## Code documentation + +::: tests.integration.test_logtest.test_ruleset_refresh.test_alert_labels diff --git a/docs/tests/integration/test_logtest/test_ruleset_refresh/test_cdb_labels.md b/docs/tests/integration/test_logtest/test_ruleset_refresh/test_cdb_labels.md new file mode 100644 index 0000000000..fbff2c9c55 --- /dev/null +++ b/docs/tests/integration/test_logtest/test_ruleset_refresh/test_cdb_labels.md @@ -0,0 +1,27 @@ +# Test logtest - cdb labels file + +## Overview + +Checks if modifying the configuration of the cdb list, by using its labels, takes +effect when opening new logtest sessions without having to reset the manager. + +## Objective + +- To confirm that, when adding a new cdb list file, the +new cdb list are correctly loaded when a new session of logtest is opened + +## General info + +|Tier | Total | Time spent | +| :--:| :--: | :--: | +| 0 | 1 | 8.4s | + +## Expected behavior + +- Fail if `wazuh-analysisd` is not running +- Fail if `wazuh-analysisd` returns an error +- Fail if `wazuh-analysisd` does not match the corresponding cdb list + +## Code documentation + +::: tests.integration.test_logtest.test_ruleset_refresh.test_cdb_labels \ No newline at end of file diff --git a/docs/tests/integration/test_logtest/test_ruleset_refresh/test_decoder_labels.md b/docs/tests/integration/test_logtest/test_ruleset_refresh/test_decoder_labels.md new file mode 100644 index 0000000000..4a7d821eed --- /dev/null +++ b/docs/tests/integration/test_logtest/test_ruleset_refresh/test_decoder_labels.md @@ -0,0 +1,34 @@ +# Test logtest - decoder labels +## Overview + +Checks if modifying the configuration of the decoder, by using its labels, takes +effect when opening new logtest sessions without having to reset the manager. + +## Objective + +- To confirm that, when adding a new file in the default decoders directory, the +new decoders are correctly loaded when a new session of logtest is opened +- To confirm that, when adding a new custom decoder directory, the new decoders +are correctly loaded when a new session of logtest is opened +- To confirm that, when adding a new decoder file, the +new decoders are correctly loaded when a new session of logtest is opened +- To confirm that, when excluding a decoder file, the +decoders are not loaded when a new session of logtest is opened + +## General info + +|Tier | Total | Time spent | +| :--:| :--: | :--: | +| 0 | 4 | 3s | + + +## Expected behavior + +- Fail if `wazuh-analysisd` is not running +- Fail if `wazuh-analysisd` returns an error +- Fail if `wazuh-analysisd` does not match the corresponding decoder +- Fail if `wazuh-analysisd` does match the decoder when it should not (exclude) + +## Code documentation + +::: tests.integration.test_logtest.test_ruleset_refresh.test_decoder_labels diff --git a/docs/tests/integration/test_logtest/test_ruleset_refresh/test_rule_labels.md b/docs/tests/integration/test_logtest/test_ruleset_refresh/test_rule_labels.md new file mode 100644 index 0000000000..728f71675a --- /dev/null +++ b/docs/tests/integration/test_logtest/test_ruleset_refresh/test_rule_labels.md @@ -0,0 +1,34 @@ +# Test logtest - rules labels + +## Overview + +Checks if modifying the configuration of the rules, by using its labels, takes +effect when opening new logtest sessions, without having to reset the manager. + +## Objective + +- To confirm that, when adding a new file in the default rules directory, the +new rules are correctly loaded when a new session of logtest is opened +- To confirm that, when adding a new custom rules directory, the new rules +are correctly loaded when a new session of logtest is opened +- To confirm that, when adding a new rules file, the new rules are correctly +loaded when a new session of logtest is opened +- To confirm that, when excluding a rules file, the rules are not loaded when a +new session of logtest is opened + +## General info + +|Tier | Total | Time spent | +| :--:| :--: | :--: | +| 0 | 4 | 2s | + +## Expected behavior + +- Fail if `wazuh-analysisd` is not running +- Fail if `wazuh-analysisd` returns an error +- Fail if `wazuh-analysisd` does not match the corresponding rule +- Fail if `wazuh-analysisd` does match the rule when it should not (exclude) + +## Code documentation + +::: tests.integration.test_logtest.test_ruleset_refresh.test_rule_labels diff --git a/mkdocs.yml b/mkdocs.yml index 7368c56844..2b26a2f554 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -499,6 +499,11 @@ nav: - Test invalid rule decoders syntax: - Test invalid decoder syntax: tests/integration/test_logtest/test_invalid_rule_decoders_syntax/test_invalid_decoder_syntax.md - Test invalid rules syntax: tests/integration/test_logtest/test_invalid_rule_decoders_syntax/test_invalid_rules_syntax.md + - Test ruleset refresh: + - Test alert labels: tests/integration/test_logtest/test_ruleset_refresh/test_alert_labels.md + - Test cdb labels: tests/integration/test_logtest/test_ruleset_refresh/test_cdb_labels.md + - Test rule labels: tests/integration/test_logtest/test_ruleset_refresh/test_rule_labels.md + - Test decoder labels: tests/integration/test_logtest/test_ruleset_refresh/test_decoder_labels.md - RIDS: - tests/integration/test_rids/index.md - Test rids conf: tests/integration/test_rids/test_rids.md diff --git a/tests/integration/conftest.py b/tests/integration/conftest.py index 9b636df276..7eab2fb849 100644 --- a/tests/integration/conftest.py +++ b/tests/integration/conftest.py @@ -821,7 +821,8 @@ def daemons_handler(get_configuration, request): for daemon in daemons: logger.debug(f"Stopping {daemon}") control_service('stop', daemon=daemon) - + + @pytest.fixture(scope='function') def file_monitoring(request): """Fixture to handle the monitoring of a specified file. @@ -846,7 +847,7 @@ def file_monitoring(request): truncate_file(file_to_monitor) logger.debug(f"Trucanted {file_to_monitor}") - + @pytest.fixture(scope='module') def configure_local_internal_options_module(request): """Fixture to configure the local internal options file. diff --git a/tests/integration/test_logtest/conftest.py b/tests/integration/test_logtest/conftest.py new file mode 100644 index 0000000000..80f5de7807 --- /dev/null +++ b/tests/integration/test_logtest/conftest.py @@ -0,0 +1,38 @@ +# Copyright (C) 2015-2021, Wazuh Inc. +# Created by Wazuh, Inc. . +# This program is free software; you can redistribute it and/or modify it under the terms of GPLv2 + +import pytest + +from wazuh_testing.logcollector import LOG_COLLECTOR_GLOBAL_TIMEOUT +from wazuh_testing.logtest import callback_logtest_started +from wazuh_testing.tools.services import control_service +from wazuh_testing.tools.monitoring import FileMonitor +from wazuh_testing.tools.file import truncate_file +from wazuh_testing.tools import LOG_FILE_PATH + + +@pytest.fixture(scope='module') +def restart_required_logtest_daemons(): + """Wazuh logtests daemons handler.""" + required_logtest_daemons = ['wazuh-analysisd', 'wazuh-db'] + + for daemon in required_logtest_daemons: + control_service('stop', daemon=daemon) + + truncate_file(LOG_FILE_PATH) + + for daemon in required_logtest_daemons: + control_service('start', daemon=daemon) + + yield + + for daemon in required_logtest_daemons: + control_service('stop', daemon=daemon) + + +@pytest.fixture(scope='module') +def wait_for_logtest_startup(request): + """Wait until logtest has begun.""" + log_monitor = FileMonitor(LOG_FILE_PATH) + log_monitor.start(timeout=LOG_COLLECTOR_GLOBAL_TIMEOUT, callback=callback_logtest_started) diff --git a/tests/integration/test_logtest/test_invalid_rule_decoders_syntax/data/invalid_decoder_syntax.yaml b/tests/integration/test_logtest/test_invalid_rule_decoders_syntax/data/invalid_decoder_syntax.yaml index 792346f207..1ba2874481 100644 --- a/tests/integration/test_logtest/test_invalid_rule_decoders_syntax/data/invalid_decoder_syntax.yaml +++ b/tests/integration/test_logtest/test_invalid_rule_decoders_syntax/data/invalid_decoder_syntax.yaml @@ -4,14 +4,14 @@ decoder: "custom_decoder_0.xml" input: '{"version":1,"origin":{"name":"Integration Test","module":"api"},"command":"log_processing","parameters":{"event": "dummy log","log_format": "syslog","location": "master->/var/log/syslog"}}' output_error: 0 - output_data_msg: "(1226): Error reading XML file 'etc/decoders/local_decoder.xml': XMLERR: Attribute 'is' has no value. (line 2)." + output_data_msg: "(1226): Error reading XML file 'etc/decoders/custom_decoder_0.xml': XMLERR: Attribute 'is' has no value. (line 2)." output_data_codemsg: -1 - name: "Invalid decoder syntax: no closing XML tag" decoder: "custom_decoder_1.xml" input: '{"version":1,"origin":{"name":"Integration Test","module":"api"},"command":"log_processing","parameters":{"event": "dummy log","log_format": "syslog","location": "master->/var/log/syslog"}}' output_error: 0 - output_data_msg: "(1226): Error reading XML file 'etc/decoders/local_decoder.xml': XMLERR: End of file and some elements were not closed. (line 3)." + output_data_msg: "(1226): Error reading XML file 'etc/decoders/custom_decoder_1.xml': XMLERR: End of file and some elements were not closed. (line 3)." output_data_codemsg: -1 - name: "Invalid decoder syntax: no existing parent" diff --git a/tests/integration/test_logtest/test_invalid_rule_decoders_syntax/data/invalid_rules_syntax.yaml b/tests/integration/test_logtest/test_invalid_rule_decoders_syntax/data/invalid_rules_syntax.yaml index d15475fa86..48ed765363 100644 --- a/tests/integration/test_logtest/test_invalid_rule_decoders_syntax/data/invalid_rules_syntax.yaml +++ b/tests/integration/test_logtest/test_invalid_rule_decoders_syntax/data/invalid_rules_syntax.yaml @@ -4,14 +4,14 @@ rules: "custom_rule_0.xml" input: '{"version":1,"origin":{"name":"Integration Test","module":"api"},"command":"log_processing","parameters":{"event": "dummy log","log_format": "syslog","location": "master->/var/log/syslog"}}' output_error: 0 - output_data_msg: "(1226): Error reading XML file 'etc/rules/local_rules.xml': XMLERR: Attribute 'is' has no value. (line 2)." + output_data_msg: "(1226): Error reading XML file 'etc/rules/custom_rule_0.xml': XMLERR: Attribute 'is' has no value. (line 2)." output_data_codemsg: -1 - name: "Invalid rules syntax: no closing XML tag" rules: "custom_rule_1.xml" input: '{"version":1,"origin":{"name":"Integration Test","module":"api"},"command":"log_processing","parameters":{"event": "dummy log","log_format": "syslog","location": "master->/var/log/syslog"}}' output_error: 0 - output_data_msg: "(1226): Error reading XML file 'etc/rules/local_rules.xml': XMLERR: End of file and some elements were not closed. (line 11)." + output_data_msg: "(1226): Error reading XML file 'etc/rules/custom_rule_1.xml': XMLERR: End of file and some elements were not closed. (line 11)." output_data_codemsg: -1 - name: "Invalid rules syntax: no group" diff --git a/tests/integration/test_logtest/test_invalid_rule_decoders_syntax/test_invalid_decoder_syntax.py b/tests/integration/test_logtest/test_invalid_rule_decoders_syntax/test_invalid_decoder_syntax.py index 375894efbe..2d5d2284b8 100644 --- a/tests/integration/test_logtest/test_invalid_rule_decoders_syntax/test_invalid_decoder_syntax.py +++ b/tests/integration/test_logtest/test_invalid_rule_decoders_syntax/test_invalid_decoder_syntax.py @@ -2,13 +2,13 @@ # Created by Wazuh, Inc. . # This program is free software; you can redistribute it and/or modify it under the terms of GPLv2 -import json +import pytest import os -import shutil -import pytest -import yaml from wazuh_testing.tools import WAZUH_PATH +from yaml import safe_load +from shutil import copy +from json import loads # Marks @@ -19,7 +19,7 @@ test_data_path = os.path.join(os.path.dirname(os.path.realpath(__file__)), 'data') messages_path = os.path.join(test_data_path, 'invalid_decoder_syntax.yaml') with open(messages_path) as f: - test_cases = yaml.safe_load(f) + test_cases = safe_load(f) # Variables @@ -30,23 +30,19 @@ # Fixtures @pytest.fixture(scope='function') -def configure_local_decoders(get_configuration, request): - """ - Configure a custom decoder in local_decoder.xml for testing. - Restart Wazuh is needed for applying the configuration is optional. - """ - - # save current configuration - shutil.copy('/var/ossec/etc/decoders/local_decoder.xml', '/var/ossec/etc/decoders/local_decoder.xml.cpy') +def configure_local_decoders(get_configuration): + """Configure a custom decoder for testing.""" # configuration for testing file_test = os.path.join(test_data_path, get_configuration['decoder']) - shutil.copy(file_test, '/var/ossec/etc/decoders/local_decoder.xml') + target_file_test = os.path.join(WAZUH_PATH, 'etc', 'decoders', get_configuration['decoder']) + + copy(file_test, target_file_test) yield # restore previous configuration - shutil.copy('/var/ossec/etc/decoders/local_decoder.xml.cpy', '/var/ossec/etc/decoders/local_decoder.xml') + os.remove(target_file_test) @pytest.fixture(scope='module', params=test_cases, ids=[test_case['name'] for test_case in test_cases]) @@ -56,16 +52,18 @@ def get_configuration(request): # Tests - -def test_invalid_decoder_syntax(get_configuration, configure_local_decoders, connect_to_sockets_function): - """Check that every input message in logtest socket generates the adequate output """ +def test_invalid_decoder_syntax(get_configuration, configure_local_decoders, + restart_required_logtest_daemons, + wait_for_logtest_startup, + connect_to_sockets_function): + """Check that every input message in logtest socket generates the adequate output.""" # send the logtest request receiver_sockets[0].send(get_configuration['input'], size=True) # receive logtest reply and parse it response = receiver_sockets[0].receive(size=True).rstrip(b'\x00').decode() - result = json.loads(response) + result = loads(response) # error list to enable multi-assert per test-case errors = [] diff --git a/tests/integration/test_logtest/test_invalid_rule_decoders_syntax/test_invalid_rules_syntax.py b/tests/integration/test_logtest/test_invalid_rule_decoders_syntax/test_invalid_rules_syntax.py index cc89178254..be5f032596 100644 --- a/tests/integration/test_logtest/test_invalid_rule_decoders_syntax/test_invalid_rules_syntax.py +++ b/tests/integration/test_logtest/test_invalid_rule_decoders_syntax/test_invalid_rules_syntax.py @@ -2,13 +2,13 @@ # Created by Wazuh, Inc. . # This program is free software; you can redistribute it and/or modify it under the terms of GPLv2 -import json +import pytest import os -import shutil -import pytest -import yaml from wazuh_testing.tools import WAZUH_PATH +from yaml import safe_load +from shutil import copy +from json import loads # Marks @@ -19,7 +19,7 @@ test_data_path = os.path.join(os.path.dirname(os.path.realpath(__file__)), 'data') messages_path = os.path.join(test_data_path, 'invalid_rules_syntax.yaml') with open(messages_path) as f: - test_cases = yaml.safe_load(f) + test_cases = safe_load(f) # Variables @@ -31,19 +31,17 @@ @pytest.fixture(scope='function') def configure_local_rules(get_configuration, request): - """Configure a custom rule in local_rules.xml for testing""" - - # save current configuration - shutil.copy('/var/ossec/etc/rules/local_rules.xml', '/var/ossec/etc/rules/local_rules.xml.cpy') + """Configure a custom rule in local_rules.xml for testing.""" # configuration for testing file_test = os.path.join(test_data_path, get_configuration['rules']) - shutil.copy(file_test, '/var/ossec/etc/rules/local_rules.xml') + target_file_test = os.path.join(WAZUH_PATH, 'etc', 'rules', get_configuration['rules']) + copy(file_test, target_file_test) yield - # restore previous configuration - shutil.copy('/var/ossec/etc/rules/local_rules.xml.cpy', '/var/ossec/etc/rules/local_rules.xml') + # remove configuration + os.remove(target_file_test) @pytest.fixture(scope='module', params=test_cases, ids=[test_case['name'] for test_case in test_cases]) @@ -54,7 +52,10 @@ def get_configuration(request): # Tests -def test_invalid_rule_syntax(get_configuration, configure_local_rules, connect_to_sockets_function): +def test_invalid_rule_syntax(get_configuration, configure_local_rules, + restart_required_logtest_daemons, + wait_for_logtest_startup, + connect_to_sockets_function): """Check that every input message in logtest socket generates the adequate output """ # send the logtest request @@ -62,7 +63,7 @@ def test_invalid_rule_syntax(get_configuration, configure_local_rules, connect_t # receive logtest reply and parse it response = receiver_sockets[0].receive(size=True).rstrip(b'\x00').decode() - result = json.loads(response) + result = loads(response) # error list to enable multi-assert per test-case errors = [] diff --git a/tests/integration/test_logtest/test_invalid_socket_input/test_invalid_socket_input.py b/tests/integration/test_logtest/test_invalid_socket_input/test_invalid_socket_input.py index e5d813e0a9..12d4296ff1 100644 --- a/tests/integration/test_logtest/test_invalid_socket_input/test_invalid_socket_input.py +++ b/tests/integration/test_logtest/test_invalid_socket_input/test_invalid_socket_input.py @@ -29,7 +29,7 @@ @pytest.mark.parametrize('test_case', [test_case['test_case'] for test_case in test_cases], ids=[test_case['name'] for test_case in test_cases]) -def test_invalid_socket_input(connect_to_sockets_function, test_case: list): +def test_invalid_socket_input(restart_required_logtest_daemons, wait_for_logtest_startup, connect_to_sockets_function, test_case: list): """Check that every input message in logtest socket generates the adequate output Parameters diff --git a/tests/integration/test_logtest/test_invalid_token/test_invalid_session_token.py b/tests/integration/test_logtest/test_invalid_token/test_invalid_session_token.py index e4ec36fc10..a532301b4b 100644 --- a/tests/integration/test_logtest/test_invalid_token/test_invalid_session_token.py +++ b/tests/integration/test_logtest/test_invalid_token/test_invalid_session_token.py @@ -43,7 +43,7 @@ def close_connection(connection): @pytest.mark.parametrize('test_case', [test_case['test_case'] for test_case in test_cases], ids=[test_case['name'] for test_case in test_cases]) -def test_invalid_session_token(test_case): +def test_invalid_session_token(restart_required_logtest_daemons, wait_for_logtest_startup, test_case): """Check that every input message in logtest socket generates the adequate output Parameters diff --git a/tests/integration/test_logtest/test_remove_old_sessions/test_remove_old_session_for_inactivity.py b/tests/integration/test_logtest/test_remove_old_sessions/test_remove_old_session_for_inactivity.py index 45bf35e107..c3542dcfcf 100644 --- a/tests/integration/test_logtest/test_remove_old_sessions/test_remove_old_session_for_inactivity.py +++ b/tests/integration/test_logtest/test_remove_old_sessions/test_remove_old_session_for_inactivity.py @@ -2,17 +2,15 @@ # Created by Wazuh, Inc. . # This program is free software; you can redistribute it and/or modify it under the terms of GPLv2 +import pytest import os -import time -import pytest -from wazuh_testing import global_parameters -from wazuh_testing.logtest import (callback_logtest_started, - callback_remove_session, - callback_session_initialized) -from wazuh_testing.tools import LOG_FILE_PATH, WAZUH_PATH +from wazuh_testing.logtest import callback_remove_session, callback_session_initialized from wazuh_testing.tools.configuration import load_wazuh_configurations -from wazuh_testing.tools.monitoring import FileMonitor +from wazuh_testing.tools import LOGTEST_SOCKET_PATH +from wazuh_testing import global_parameters +from time import sleep +from json import dumps # Marks pytestmark = [pytest.mark.linux, pytest.mark.tier(level=0), pytest.mark.server] @@ -21,20 +19,21 @@ test_data_path = os.path.join(os.path.dirname(os.path.realpath(__file__)), 'data') configurations_path = os.path.join(test_data_path, 'wazuh_conf.yaml') configurations = load_wazuh_configurations(configurations_path, __name__) +local_internal_options = {'analysisd.debug': '2'} # Variables -wazuh_log_monitor = FileMonitor(LOG_FILE_PATH) - -logtest_sock = os.path.join(os.path.join(WAZUH_PATH, 'queue', 'sockets', 'logtest')) -receiver_sockets_params = [(logtest_sock, 'AF_UNIX', 'TCP')] +receiver_sockets_params = [(LOGTEST_SOCKET_PATH, 'AF_UNIX', 'TCP')] receiver_sockets = None +local_internal_options = {'analysisd.debug': '1'} +create_session_data = {'version':1, 'command':'log_processing', + 'parameters':{'event': 'Oct 15 21:07:56 linux-agent sshd[29205]: Invalid user blimey from 18.18.18.18 port 48928', + 'log_format': 'syslog', + 'location': 'master->/var/log/syslog'}} +msg_create_session = dumps(create_session_data) -msg_create_session = """{"version":1, "command":"log_processing", "parameters":{ -"event": "Oct 15 21:07:56 linux-agent sshd[29205]: Invalid user blimey from 18.18.18.18 port 48928", -"log_format": "syslog", "location": "master->/var/log/syslog"}}""" +# Fixtures -# Fixture @pytest.fixture(scope='module', params=configurations) def get_configuration(request): """Get configurations from the module.""" @@ -42,29 +41,30 @@ def get_configuration(request): # Test -def test_remove_old_session_for_inactivity(get_configuration, configure_environment, - restart_wazuh, connect_to_sockets_function): - """ - Create more sessions than allowed and wait session_timeout seconds, + +def test_remove_old_session_for_inactivity(configure_local_internal_options_module, + get_configuration, + configure_environment, + restart_required_logtest_daemons, + file_monitoring, + wait_for_logtest_startup, + connect_to_sockets_function): + """Create more sessions than allowed and wait session_timeout seconds, then check Wazuh-logtest has removed session for inactivity. """ - wazuh_log_monitor.start(timeout=global_parameters.default_timeout, - callback=callback_logtest_started, - error_message="Event 'logtest started' not found") - session_timeout = int(get_configuration['sections'][0]['elements'][3]['session_timeout']['value']) receiver_sockets[0].send(msg_create_session, True) msg_recived = receiver_sockets[0].receive()[4:] msg_recived = msg_recived.decode() - wazuh_log_monitor.start(timeout=global_parameters.default_timeout, + log_monitor.start(timeout=global_parameters.default_timeout, callback=callback_session_initialized, - error_message="Event 'session initialized' not found") + error_message="Session initialization event not found") - time.sleep(session_timeout) + sleep(session_timeout) - wazuh_log_monitor.start(timeout=global_parameters.default_timeout, + log_monitor.start(timeout=global_parameters.default_timeout, callback=callback_remove_session, - error_message="Event 'session removed' not found") + error_message="Session removal event not found") diff --git a/tests/integration/test_logtest/test_remove_old_sessions/test_remove_old_sessions.py b/tests/integration/test_logtest/test_remove_old_sessions/test_remove_old_sessions.py index 0bf306a0e2..0ab0081c75 100644 --- a/tests/integration/test_logtest/test_remove_old_sessions/test_remove_old_sessions.py +++ b/tests/integration/test_logtest/test_remove_old_sessions/test_remove_old_sessions.py @@ -2,16 +2,15 @@ # Created by Wazuh, Inc. . # This program is free software; you can redistribute it and/or modify it under the terms of GPLv2 +import pytest import os -import pytest -from wazuh_testing import global_parameters -from wazuh_testing.logtest import (callback_logtest_started, - callback_remove_session, - callback_session_initialized) -from wazuh_testing.tools import LOG_FILE_PATH, WAZUH_PATH +from wazuh_testing.logtest import callback_remove_session, callback_session_initialized from wazuh_testing.tools.configuration import load_wazuh_configurations -from wazuh_testing.tools.monitoring import FileMonitor, SocketController +from wazuh_testing.tools.monitoring import SocketController +from wazuh_testing.tools import LOGTEST_SOCKET_PATH +from wazuh_testing import global_parameters +from json import dumps # Marks pytestmark = [pytest.mark.linux, pytest.mark.tier(level=0), pytest.mark.server] @@ -20,19 +19,20 @@ test_data_path = os.path.join(os.path.dirname(os.path.realpath(__file__)), 'data') configurations_path = os.path.join(test_data_path, 'wazuh_conf.yaml') configurations = load_wazuh_configurations(configurations_path, __name__) +local_internal_options = {'analysisd.debug': '2'} # Variables -wazuh_log_monitor = FileMonitor(LOG_FILE_PATH) -logtest_sock = os.path.join(os.path.join(WAZUH_PATH, 'queue', 'sockets', 'logtest')) - -msg_create_session = """{"version":1, "command":"log_processing", "parameters":{ -"event": "Oct 15 21:07:56 linux-agent sshd[29205]: Invalid user blimey from 18.18.18.18 port 48928", -"log_format": "syslog", "location": "master->/var/log/syslog"}}""" +local_internal_options = {'analysisd.debug': '1'} +create_session_data = {'version': 1, 'command': 'log_processing', + 'parameters': {'event': 'Oct 15 21:07:56 linux-agent sshd[29205]: Invalid user blimey from 18.18.18.18 port 48928', + 'log_format': 'syslog', + 'location': 'master->/var/log/syslog'}} +msg_create_session = dumps(create_session_data) -# Function to manage the comunication with Wazuh-logtest +# Functions to manage the comunication with Wazuh-logtest def create_connection(): - return SocketController(address=logtest_sock, family='AF_UNIX', connection_protocol='TCP') + return SocketController(address=LOGTEST_SOCKET_PATH, family='AF_UNIX', connection_protocol='TCP') def remove_connection(connection): @@ -41,6 +41,7 @@ def remove_connection(connection): # Fixture + @pytest.fixture(scope='module', params=configurations) def get_configuration(request): """Get configurations from the module.""" @@ -48,16 +49,15 @@ def get_configuration(request): # Test -def test_remove_old_session(get_configuration, configure_environment, restart_wazuh): - """ - Create more sessions than allowed and wait for the message which + +def test_remove_old_session(configure_local_internal_options_module, + get_configuration, configure_environment, + file_monitoring, restart_required_logtest_daemons, + wait_for_logtest_startup): + """Create more sessions than allowed and wait for the message which informs that Wazuh-logtest has removed the oldest session. """ - wazuh_log_monitor.start(timeout=global_parameters.default_timeout, - callback=callback_logtest_started, - error_message='Event not found') - max_sessions = int(get_configuration['sections'][0]['elements'][2]['max_sessions']['value']) first_session_token = None @@ -71,13 +71,13 @@ def test_remove_old_session(get_configuration, configure_environment, restart_wa remove_connection(receiver_socket) if i == 0: - first_session_token = wazuh_log_monitor.start(timeout=global_parameters.default_timeout, - callback=callback_session_initialized, - error_message='Event not found') + first_session_token = log_monitor.start(timeout=global_parameters.default_timeout, + callback=callback_session_initialized, + error_message='Session initialization event not found') else: - wazuh_log_monitor.start(timeout=global_parameters.default_timeout, - callback=callback_session_initialized, - error_message='Event not found') + log_monitor.start(timeout=global_parameters.default_timeout, + callback=callback_session_initialized, + error_message='Session initialization event not found') # This session should do Wazuh-logtest to remove the oldest session receiver_socket = create_connection() @@ -86,12 +86,12 @@ def test_remove_old_session(get_configuration, configure_environment, restart_wa msg_recived = msg_recived.decode() remove_connection(receiver_socket) - remove_session_token = wazuh_log_monitor.start(timeout=global_parameters.default_timeout, - callback=callback_remove_session, - error_message='Event not found') + remove_session_token = log_monitor.start(timeout=global_parameters.default_timeout, + callback=callback_remove_session, + error_message='Session removal event not found') assert first_session_token == remove_session_token, "Incorrect session removed" - wazuh_log_monitor.start(timeout=global_parameters.default_timeout, - callback=callback_session_initialized, - error_message='Event not found') + log_monitor.start(timeout=global_parameters.default_timeout, + callback=callback_session_initialized, + error_message='Session initialization event not found') diff --git a/tests/integration/test_logtest/test_remove_session/test_remove_session.py b/tests/integration/test_logtest/test_remove_session/test_remove_session.py index 1d304c9009..6eaf3039c4 100644 --- a/tests/integration/test_logtest/test_remove_session/test_remove_session.py +++ b/tests/integration/test_logtest/test_remove_session/test_remove_session.py @@ -49,7 +49,7 @@ def create_session(): @pytest.mark.parametrize('test_case', [test_case['test_case'] for test_case in test_cases], ids=[test_case['name'] for test_case in test_cases]) -def test_remove_session(connect_to_sockets_function, test_case: list): +def test_remove_session(restart_required_logtest_daemons, wait_for_logtest_startup, connect_to_sockets_function, test_case: list): """Check that every input message in logtest socket generates the adequate output Parameters diff --git a/tests/integration/test_logtest/test_rules_decoders_load/test_load_rules_decoders.py b/tests/integration/test_logtest/test_rules_decoders_load/test_load_rules_decoders.py index 5fea74d4db..565834ff44 100644 --- a/tests/integration/test_logtest/test_rules_decoders_load/test_load_rules_decoders.py +++ b/tests/integration/test_logtest/test_rules_decoders_load/test_load_rules_decoders.py @@ -56,7 +56,7 @@ def create_dummy_session(): @pytest.mark.parametrize('test_case', list(test_cases), ids=[test_case['name'] for test_case in test_cases]) -def test_load_rules_decoders(test_case): +def test_load_rules_decoders(restart_required_logtest_daemons, wait_for_logtest_startup, test_case): # List to store assert messages errors = [] diff --git a/tests/integration/test_logtest/test_ruleset_refresh/data/cdb_list.yaml b/tests/integration/test_logtest/test_ruleset_refresh/data/cdb_list.yaml new file mode 100644 index 0000000000..95926dd18b --- /dev/null +++ b/tests/integration/test_logtest/test_ruleset_refresh/data/cdb_list.yaml @@ -0,0 +1,24 @@ +--- +- + name: 'check_list_label' + input: '{"version":1,"origin":{"name":"Integration Test","module":"api"},"command":"log_processing","parameters":{"event": "{\"it_logtest\" : \"rules\", \"test\": \"list_test\", \"key_test\": \"test_ok\"}","log_format": "syslog","location": "master->/var/log/syslog"}}' + rule_dir: 'etc/rules/' + rule_file: 'custom_cdb_rules.xml' + rule_id: '770000' + cdb_dir: 'etc/lists/' + cdb_file: 'custom_cdb_list' + sections: + - section: 'ruleset' + elements: + - decoder_dir: + value: 'ruleset/decoders' + - rule_dir: + value: 'ruleset/rules' + - rule_exclude: + value: '0215-policy_rules.xml' + - decoder_dir: + value: 'etc/decoders' + - rule_dir: + value: 'etc/rules' + - list: + value: 'etc/lists/custom_cdb_list' diff --git a/tests/integration/test_logtest/test_ruleset_refresh/data/custom_alert_rule_default.xml b/tests/integration/test_logtest/test_ruleset_refresh/data/custom_alert_rule_default.xml new file mode 100644 index 0000000000..ad7532911a --- /dev/null +++ b/tests/integration/test_logtest/test_ruleset_refresh/data/custom_alert_rule_default.xml @@ -0,0 +1,25 @@ + + + + + json + rules + Parent rules IT + + + + 880000 + ^test_alert$ + test test_alert + + + + 880000 + ^test_no_alert$ + test test_no_alert + + + diff --git a/tests/integration/test_logtest/test_ruleset_refresh/data/custom_alert_rule_level_8.xml b/tests/integration/test_logtest/test_ruleset_refresh/data/custom_alert_rule_level_8.xml new file mode 100644 index 0000000000..b6c21d5bef --- /dev/null +++ b/tests/integration/test_logtest/test_ruleset_refresh/data/custom_alert_rule_level_8.xml @@ -0,0 +1,25 @@ + + + + + json + rules + Parent rules IT + + + + 880000 + ^test_alert$ + test test_alert + + + + 880000 + ^test_no_alert$ + test test_no_alert + + + diff --git a/tests/integration/test_logtest/test_ruleset_refresh/data/custom_cdb_list b/tests/integration/test_logtest/test_ruleset_refresh/data/custom_cdb_list new file mode 100644 index 0000000000..41606a395b --- /dev/null +++ b/tests/integration/test_logtest/test_ruleset_refresh/data/custom_cdb_list @@ -0,0 +1 @@ +test_ok:ok diff --git a/tests/integration/test_logtest/test_ruleset_refresh/data/custom_cdb_rules.xml b/tests/integration/test_logtest/test_ruleset_refresh/data/custom_cdb_rules.xml new file mode 100644 index 0000000000..92fc3d6a1d --- /dev/null +++ b/tests/integration/test_logtest/test_ruleset_refresh/data/custom_cdb_rules.xml @@ -0,0 +1,25 @@ + + + + + + json + rules + Parent list IT + + + + 100088 + ^list_test$ + test list_test + + + + 100089 + etc/lists/custom_cdb_list + test test_ok + + + diff --git a/tests/integration/test_logtest/test_ruleset_refresh/data/custom_decoder_0.xml b/tests/integration/test_logtest/test_ruleset_refresh/data/custom_decoder_0.xml new file mode 100644 index 0000000000..154ddd15fe --- /dev/null +++ b/tests/integration/test_logtest/test_ruleset_refresh/data/custom_decoder_0.xml @@ -0,0 +1,6 @@ + + + decoder_IT_test_decoder_0 + diff --git a/tests/integration/test_logtest/test_ruleset_refresh/data/custom_decoder_1.xml b/tests/integration/test_logtest/test_ruleset_refresh/data/custom_decoder_1.xml new file mode 100644 index 0000000000..93ac8dfc17 --- /dev/null +++ b/tests/integration/test_logtest/test_ruleset_refresh/data/custom_decoder_1.xml @@ -0,0 +1,6 @@ + + + decoder_IT_test_decoder_1 + diff --git a/tests/integration/test_logtest/test_ruleset_refresh/data/custom_decoder_2.xml b/tests/integration/test_logtest/test_ruleset_refresh/data/custom_decoder_2.xml new file mode 100644 index 0000000000..f04818b134 --- /dev/null +++ b/tests/integration/test_logtest/test_ruleset_refresh/data/custom_decoder_2.xml @@ -0,0 +1,6 @@ + + + decoder_IT_test_decoder_2 + diff --git a/tests/integration/test_logtest/test_ruleset_refresh/data/custom_decoder_3.xml b/tests/integration/test_logtest/test_ruleset_refresh/data/custom_decoder_3.xml new file mode 100644 index 0000000000..db08323861 --- /dev/null +++ b/tests/integration/test_logtest/test_ruleset_refresh/data/custom_decoder_3.xml @@ -0,0 +1,6 @@ + + + decoder_IT_test_decoder_3 + diff --git a/tests/integration/test_logtest/test_ruleset_refresh/data/custom_rule_0.xml b/tests/integration/test_logtest/test_ruleset_refresh/data/custom_rule_0.xml new file mode 100644 index 0000000000..87c6064152 --- /dev/null +++ b/tests/integration/test_logtest/test_ruleset_refresh/data/custom_rule_0.xml @@ -0,0 +1,19 @@ + + + + + + json + rules + Parent rules IT + + + + 100088 + ^rule_include_default$ + test rule_include_default + + + diff --git a/tests/integration/test_logtest/test_ruleset_refresh/data/custom_rule_1.xml b/tests/integration/test_logtest/test_ruleset_refresh/data/custom_rule_1.xml new file mode 100644 index 0000000000..2b36936148 --- /dev/null +++ b/tests/integration/test_logtest/test_ruleset_refresh/data/custom_rule_1.xml @@ -0,0 +1,18 @@ + + + + + json + rules + Parent rules IT + + + + 100088 + ^rule_dir_include$ + test rule_dir_include + + + diff --git a/tests/integration/test_logtest/test_ruleset_refresh/data/custom_rule_2.xml b/tests/integration/test_logtest/test_ruleset_refresh/data/custom_rule_2.xml new file mode 100644 index 0000000000..da71997aa8 --- /dev/null +++ b/tests/integration/test_logtest/test_ruleset_refresh/data/custom_rule_2.xml @@ -0,0 +1,18 @@ + + + + + json + rules + Parent rules IT + + + + 100088 + ^rule_include$ + test rule_include + + + diff --git a/tests/integration/test_logtest/test_ruleset_refresh/data/custom_rule_3.xml b/tests/integration/test_logtest/test_ruleset_refresh/data/custom_rule_3.xml new file mode 100644 index 0000000000..b303213ebc --- /dev/null +++ b/tests/integration/test_logtest/test_ruleset_refresh/data/custom_rule_3.xml @@ -0,0 +1,18 @@ + + + + + json + rules + Parent rules IT + + + + 100088 + ^rule_exclude$ + test rule_exclude + + + diff --git a/tests/integration/test_logtest/test_ruleset_refresh/data/decoder_list.yaml b/tests/integration/test_logtest/test_ruleset_refresh/data/decoder_list.yaml new file mode 100644 index 0000000000..1aa027ec7d --- /dev/null +++ b/tests/integration/test_logtest/test_ruleset_refresh/data/decoder_list.yaml @@ -0,0 +1,70 @@ +--- +- + name: 'check_loading_files_default_directory' + input: '{"version":1,"origin":{"name":"Integration Test","module":"api"},"command":"log_processing","parameters":{"event": "Oct 15 21:07:00 linux-agent decoder_IT_test_decoder_0[29205]: Test IT decoder","log_format": "syslog","location": "master->/var/log/syslog"}}' + decoder_dir : 'etc/decoders/' + decoder_file: "custom_decoder_0.xml" + decoder_name: "decoder_IT_test_decoder_0" + sections: + - section: 'ruleset' + elements: + - decoder_dir: + value: 'ruleset/decoders' + - rule_dir: + value: 'ruleset/rules' + - decoder_dir: + value: 'etc/decoders' +- + name: 'check_decoder_dir_label' + input: '{"version":1,"origin":{"name":"Integration Test","module":"api"},"command":"log_processing","parameters":{"event": "Oct 15 21:07:00 linux-agent decoder_IT_test_decoder_1[29205]: Test IT decoder","log_format": "syslog","location": "master->/var/log/syslog"}}' + decoder_dir: 'etc/decoders_1/' + decoder_file: "custom_decoder_1.xml" + decoder_name: 'decoder_IT_test_decoder_1' + sections: + - section: 'ruleset' + elements: + - decoder_dir: + value: 'ruleset/decoders' + - rule_dir: + value: 'ruleset/rules' + - rule_exclude: + value: '0215-policy_rules.xml' + - decoder_dir: + value: 'etc/decoders_1' +- + name: 'check_decoder_include_label' + input: '{"version":1,"origin":{"name":"Integration Test","module":"api"},"command":"log_processing","parameters":{"event": "Oct 15 21:07:00 linux-agent decoder_IT_test_decoder_2[29205]: Test IT decoder","log_format": "syslog","location": "master->/var/log/syslog"}}' + decoder_dir: 'etc/decoders_2/' + decoder_file: 'custom_decoder_2.xml' + decoder_name: 'decoder_IT_test_decoder_2' + sections: + - section: 'ruleset' + elements: + - decoder_dir: + value: 'ruleset/decoders' + - rule_dir: + value: 'ruleset/rules' + - rule_exclude: + value: '0215-policy_rules.xml' + - decoder_include: + value: 'etc/decoders_2/custom_decoder_2.xml' +- + name: 'check_decoder_exclude_label' + input: '{"version":1,"origin":{"name":"Integration Test","module":"api"},"command":"log_processing","parameters":{"event": "Oct 15 21:07:00 linux-agent decoder_IT_test_decoder_3[29205]: Test IT decoder","log_format": "syslog","location": "master->/var/log/syslog"}}' + decoder_dir: 'etc/decoders' + decoder_file: 'custom_decoder_3.xml' + decoder_name: 'decoder_IT_test_decoder_3' + test_exclude: 'yes' + sections: + - section: ruleset + elements: + - decoder_dir: + value: 'ruleset/decoders' + - decoder_dir: + value: 'etc/decoders' + - rule_dir: + value: 'ruleset/rules' + - rule_exclude: + value: '0215-policy_rules.xml' + - decoder_exclude: + value: 'custom_decoder_3.xml' diff --git a/tests/integration/test_logtest/test_ruleset_refresh/data/log_alert_level.yaml b/tests/integration/test_logtest/test_ruleset_refresh/data/log_alert_level.yaml new file mode 100644 index 0000000000..ead74ae7ab --- /dev/null +++ b/tests/integration/test_logtest/test_ruleset_refresh/data/log_alert_level.yaml @@ -0,0 +1,99 @@ +--- +- + name: 'check_no_alerts_default_log_alert_level' + input: '{"version":1,"origin":{"name":"Integration Test","module":"api"},"command":"log_processing","parameters":{"event": "{\"it_logtest\" : \"rules\", \"test\": \"test_no_alert\"}","log_format": "syslog","location": "master->/var/log/syslog"}}' + rule_id: '880002' + rule_dir: 'etc/rules/' + rule_file: "custom_alert_rule_default.xml" + alert: False + sections: + - section: 'ruleset' + elements: + - decoder_dir: + value: 'ruleset/decoders' + - rule_dir: + value: 'ruleset/rules' + - rule_exclude: + value: '0215-policy_rules.xml' + - rule_dir: + value: 'etc/rules' + - section: 'alerts' + elements: + - log_alert_level: + value: 3 + - email_alert_level: + value: 12 + +- + name: 'check_alert_default_log_alert_level' + input: '{"version":1,"origin":{"name":"Integration Test","module":"api"},"command":"log_processing","parameters":{"event": "{\"it_logtest\" : \"rules\", \"test\": \"test_alert\"}","log_format": "syslog","location": "master->/var/log/syslog"}}' + rule_id: '880001' + rule_dir: 'etc/rules/' + rule_file: "custom_alert_rule_default.xml" + alert: True + sections: + - section: 'ruleset' + elements: + - decoder_dir: + value: 'ruleset/decoders' + - rule_dir: + value: 'ruleset/rules' + - rule_exclude: + value: '0215-policy_rules.xml' + - rule_dir: + value: 'etc/rules' + - section: 'alerts' + elements: + - log_alert_level: + value: 3 + - email_alert_level: + value: 12 + +- + name: 'check_no_alerts_log_alert_level_8' + input: '{"version":1,"origin":{"name":"Integration Test","module":"api"},"command":"log_processing","parameters":{"event": "{\"it_logtest\" : \"rules\", \"test\": \"test_no_alert\"}","log_format": "syslog","location": "master->/var/log/syslog"}}' + rule_id: '880002' + rule_dir: 'etc/rules/' + rule_file: "custom_alert_rule_level_8.xml" + alert: False + sections: + - section: 'ruleset' + elements: + - decoder_dir: + value: 'ruleset/decoders' + - rule_dir: + value: 'ruleset/rules' + - rule_exclude: + value: '0215-policy_rules.xml' + - rule_dir: + value: 'etc/rules' + - section: 'alerts' + elements: + - log_alert_level: + value: 8 + - email_alert_level: + value: 12 +- + name: 'check_alert_log_alert_level_8' + input: '{"version":1,"origin":{"name":"Integration Test","module":"api"},"command":"log_processing","parameters":{"event": "{\"it_logtest\" : \"rules\", \"test\": \"test_alert\"}","log_format": "syslog","location": "master->/var/log/syslog"}}' + rule_id: '880001' + rule_dir: 'etc/rules/' + rule_file: "custom_alert_rule_level_8.xml" + alert: True + sections: + - section: 'ruleset' + elements: + - decoder_dir: + value: 'ruleset/decoders' + - rule_dir: + value: 'ruleset/rules' + - rule_exclude: + value: '0215-policy_rules.xml' + - rule_dir: + value: 'etc/rules' + - section: 'alerts' + elements: + - log_alert_level: + value: 8 + - email_alert_level: + value: 12 diff --git a/tests/integration/test_logtest/test_ruleset_refresh/data/rule_list.yaml b/tests/integration/test_logtest/test_ruleset_refresh/data/rule_list.yaml new file mode 100644 index 0000000000..5df7491bab --- /dev/null +++ b/tests/integration/test_logtest/test_ruleset_refresh/data/rule_list.yaml @@ -0,0 +1,72 @@ +--- +- + name: 'check_loading_files_default_directory' + input: '{"version":1,"origin":{"name":"Integration Test","module":"api"},"command":"log_processing","parameters":{"event": "{\"it_logtest\" : \"rules\", \"test\": \"rule_include_default\"}","log_format": "syslog","location": "master->/var/log/syslog"}}' + rule_dir : 'etc/rules/' + rule_file: 'custom_rule_0.xml' + rule_id: '880000' + sections: + - section: 'ruleset' + elements: + - decoder_dir: + value: 'ruleset/decoders' + - rule_dir: + value: 'ruleset/rules' + - rule_dir: + value: 'etc/rules' +- + name: 'check_rule_dir_label' + input: '{"version":1,"origin":{"name":"Integration Test","module":"api"},"command":"log_processing","parameters":{"event": "{\"it_logtest\" : \"rules\", \"test\": \"rule_dir_include\"}","log_format": "syslog","location": "master->/var/log/syslog"}}' + rule_dir: 'etc/rules_1/' + rule_file: "custom_rule_1.xml" + rule_id: '880001' + sections: + - section: 'ruleset' + elements: + - decoder_dir: + value: 'ruleset/decoders' + - rule_dir: + value: 'ruleset/rules' + - rule_exclude: + value: '0215-policy_rules.xml' + - rule_dir: + value: 'etc/rules_1' +- + name: 'check_rule_include_label' + input: '{"version":1,"origin":{"name":"Integration Test","module":"api"},"command":"log_processing","parameters":{"event": "{\"it_logtest\" : \"rules\", \"test\": \"rule_include\"}","log_format": "syslog","location": "master->/var/log/syslog"}}' + rule_dir: 'etc/rules_1/' + rule_file: "custom_rule_2.xml" + rule_id: '880002' + sections: + - section: 'ruleset' + elements: + - decoder_dir: + value: 'ruleset/decoders' + - rule_dir: + value: 'ruleset/rules' + - rule_exclude: + value: '0215-policy_rules.xml' + - rule_include: + value: 'etc/rules_1/custom_rule_2.xml' +- + name: 'check_rule_exclude_label' + input: '{"version":1,"origin":{"name":"Integration Test","module":"api"},"command":"log_processing","parameters":{"event": "{\"it_logtest\" : \"rules\", \"test\": \"rule_exclude\"}","log_format": "syslog","location": "master->/var/log/syslog"}}' + rule_dir: 'etc/rules/' + rule_file: "custom_rule_3.xml" + rule_id: '880003' + test_exclude: 'yes' + sections: + - section: 'ruleset' + elements: + - decoder_dir: + value: 'ruleset/decoders' + - rule_dir: + value: 'ruleset/rules' + - rule_exclude: + value: '0215-policy_rules.xml' + - decoder_dir: + value: 'etc/decoders' + - rule_dir: + value: 'etc/rules' + - rule_exclude: + value: 'etc/rules/custom_rule_3.xml' diff --git a/tests/integration/test_logtest/test_ruleset_refresh/test_alert_labels.py b/tests/integration/test_logtest/test_ruleset_refresh/test_alert_labels.py new file mode 100644 index 0000000000..a15108d640 --- /dev/null +++ b/tests/integration/test_logtest/test_ruleset_refresh/test_alert_labels.py @@ -0,0 +1,75 @@ +# Copyright (C) 2015-2021, Wazuh Inc. +# Created by Wazuh, Inc. . +# This program is free software; you can redistribute it and/or modify it under the terms of GPLv2 + +import os +import pytest + +from wazuh_testing.tools import WAZUH_PATH, LOGTEST_SOCKET_PATH +from yaml import safe_load +from shutil import copy +from json import loads + + +# Marks +pytestmark = [pytest.mark.linux, pytest.mark.tier(level=0), pytest.mark.server] + +# Configurations +test_data_path = os.path.join(os.path.dirname(os.path.realpath(__file__)), 'data') +messages_path = os.path.join(test_data_path, 'log_alert_level.yaml') + +with open(messages_path) as f: + test_cases = safe_load(f) + +# Variables +receiver_sockets_params = [(LOGTEST_SOCKET_PATH, 'AF_UNIX', 'TCP')] +receiver_sockets = None + + +# Fixtures +@pytest.fixture(scope='function') +def configure_rules_list(get_configuration, request): + """Configure a custom rules and log alert level for testing. + Restart Wazuh is not needed for applying the configuration is optional. + """ + + # configuration for testing + rules_dir = os.path.join(WAZUH_PATH, get_configuration['rule_dir']) + if not os.path.exists(rules_dir): + os.makedirs(rules_dir) + + file_test = os.path.join(test_data_path, get_configuration['rule_file']) + file_dst = os.path.join(rules_dir, get_configuration['rule_file']) + + copy(file_test, file_dst) + + yield + + # restore previous configuration + os.remove(file_dst) + if len(os.listdir(rules_dir)) == 0: + os.rmdir(rules_dir) + + +@pytest.fixture(scope='module', params=test_cases, ids=[test_case['name'] for test_case in test_cases]) +def get_configuration(request): + """Get configurations from the module.""" + return request.param + + +# Tests +def test_rule_list(restart_required_logtest_daemons, get_configuration, + configure_environment, configure_rules_list, + wait_for_logtest_startup, connect_to_sockets_function): + """Check that every test case run on logtest generates the adequate output.""" + + # send the logtest request + receiver_sockets[0].send(get_configuration['input'], size=True) + + # receive logtest reply and parse it + response = receiver_sockets[0].receive(size=True).rstrip(b'\x00').decode() + result = loads(response) + + assert result['error'] == 0 + assert result['data']['output']['rule']['id'] == get_configuration['rule_id'] + assert result['data']['alert'] is get_configuration['alert'] diff --git a/tests/integration/test_logtest/test_ruleset_refresh/test_cdb_labels.py b/tests/integration/test_logtest/test_ruleset_refresh/test_cdb_labels.py new file mode 100644 index 0000000000..7ad44837d3 --- /dev/null +++ b/tests/integration/test_logtest/test_ruleset_refresh/test_cdb_labels.py @@ -0,0 +1,89 @@ +# Copyright (C) 2015-2021, Wazuh Inc. +# Created by Wazuh, Inc. . +# This program is free software; you can redistribute it and/or modify it under the terms of GPLv2 + +import os +import pytest + +from wazuh_testing.tools import WAZUH_PATH +from yaml import safe_load +from shutil import copy +from json import loads + +# Marks +pytestmark = [pytest.mark.linux, pytest.mark.tier(level=0), pytest.mark.server] + +# Configurations +test_data_path = os.path.join(os.path.dirname(os.path.realpath(__file__)), 'data') +messages_path = os.path.join(test_data_path, 'cdb_list.yaml') + +with open(messages_path) as f: + test_cases = safe_load(f) + +# Variables +logtest_path = os.path.join(os.path.join(WAZUH_PATH, 'queue', 'sockets', 'logtest')) +receiver_sockets_params = [(logtest_path, 'AF_UNIX', 'TCP')] +receiver_sockets = None + + +# Fixtures +@pytest.fixture(scope='function') +def configure_cdbs_list(get_configuration, request): + """Configure a custom cdbs for testing. + Restart Wazuh is not needed for applying the configuration is optional. + """ + + # cdb configuration for testing + cdb_dir = os.path.join(WAZUH_PATH, get_configuration['cdb_dir']) + if not os.path.exists(cdb_dir): + os.makedirs(cdb_dir) + + file_cdb_test = os.path.join(test_data_path, get_configuration['cdb_file']) + file_cdb_dst = os.path.join(cdb_dir, get_configuration['cdb_file']) + + copy(file_cdb_test, file_cdb_dst) + + # rule configuration for testing + rule_dir = os.path.join(WAZUH_PATH, get_configuration['rule_dir']) + if not os.path.exists(rule_dir): + os.makedirs(rule_dir) + + file_rule_test = os.path.join(test_data_path, get_configuration['rule_file']) + file_rule_dst = os.path.join(rule_dir, get_configuration['rule_file']) + + copy(file_rule_test, file_rule_dst) + + yield + + # restore previous configuration + os.remove(file_cdb_dst) + if len(os.listdir(cdb_dir)) == 0: + os.rmdir(cdb_dir) + os.remove(file_rule_dst) + if len(os.listdir(rule_dir)) == 0: + os.rmdir(rule_dir) + + +@pytest.fixture(scope='module', params=test_cases, ids=[test_case['name'] for test_case in test_cases]) +def get_configuration(request): + """Get configurations from the module.""" + return request.param + + +def test_cdb_list(restart_required_logtest_daemons, get_configuration, + configure_environment, configure_cdbs_list, + wait_for_logtest_startup, connect_to_sockets_function): + """Check that every test case run on logtest generates the adequate output.""" + + # send the logtest request + receiver_sockets[0].send(get_configuration['input'], size=True) + + # receive logtest reply and parse it + response = receiver_sockets[0].receive(size=True).rstrip(b'\x00').decode() + result = loads(response) + + assert result['error'] == 0 + if 'test_exclude' in get_configuration: + assert 'cdb' not in result['data']['output'] + else: + assert result['data']['output']['rule']['id'] == get_configuration['rule_id'] diff --git a/tests/integration/test_logtest/test_ruleset_refresh/test_decoder_labels.py b/tests/integration/test_logtest/test_ruleset_refresh/test_decoder_labels.py new file mode 100644 index 0000000000..7dd1d8f3eb --- /dev/null +++ b/tests/integration/test_logtest/test_ruleset_refresh/test_decoder_labels.py @@ -0,0 +1,77 @@ +# Copyright (C) 2015-2021, Wazuh Inc. +# Created by Wazuh, Inc. . +# This program is free software; you can redistribute it and/or modify it under the terms of GPLv2 + +import os +import pytest + +from wazuh_testing.tools import WAZUH_PATH, LOGTEST_SOCKET_PATH +from yaml import safe_load +from shutil import copy +from json import loads + + +# Marks +pytestmark = [pytest.mark.linux, pytest.mark.tier(level=0), pytest.mark.server] + +# Configurations +test_data_path = os.path.join(os.path.dirname(os.path.realpath(__file__)), 'data') +messages_path = os.path.join(test_data_path, 'decoder_list.yaml') + +with open(messages_path) as f: + test_cases = safe_load(f) + +# Variables +receiver_sockets_params = [(LOGTEST_SOCKET_PATH, 'AF_UNIX', 'TCP')] +receiver_sockets = None + + +# Fixtures +@pytest.fixture(scope='function') +def configure_decoders_list(get_configuration, request): + """Configure a custom decoder in local_decoder.xml for testing. + Restart Wazuh is needed for applying the configuration is optional. + """ + + # configuration for testing + decode_dir = os.path.join(WAZUH_PATH, get_configuration['decoder_dir']) + if not os.path.exists(decode_dir): + os.makedirs(decode_dir) + + file_test = os.path.join(test_data_path, get_configuration['decoder_file']) + file_dst = os.path.join(decode_dir, get_configuration['decoder_file']) + + copy(file_test, file_dst) + + yield + + # restore previous configuration + os.remove(file_dst) + if len(os.listdir(decode_dir)) == 0: + os.rmdir(decode_dir) + + +@pytest.fixture(scope='module', params=test_cases, ids=[test_case['name'] for test_case in test_cases]) +def get_configuration(request): + """Get configurations from the module.""" + return request.param + + +# Tests +def test_rules_verbose(restart_required_logtest_daemons, get_configuration, + configure_environment, configure_decoders_list, + wait_for_logtest_startup, connect_to_sockets_function): + """Check that every test case run on logtest generates the adequate output.""" + + # send the logtest request + receiver_sockets[0].send(get_configuration['input'], size=True) + + # receive logtest reply and parse it + response = receiver_sockets[0].receive(size=True).rstrip(b'\x00').decode() + result = loads(response) + + assert result['error'] == 0 + if 'test_exclude' in get_configuration: + assert 'name' not in result['data']['output']['decoder'] + else: + assert result['data']['output']['decoder']['name'] == get_configuration['decoder_name'] diff --git a/tests/integration/test_logtest/test_ruleset_refresh/test_rule_labels.py b/tests/integration/test_logtest/test_ruleset_refresh/test_rule_labels.py new file mode 100644 index 0000000000..e56b607df2 --- /dev/null +++ b/tests/integration/test_logtest/test_ruleset_refresh/test_rule_labels.py @@ -0,0 +1,77 @@ +# Copyright (C) 2015-2021, Wazuh Inc. +# Created by Wazuh, Inc. . +# This program is free software; you can redistribute it and/or modify it under the terms of GPLv2 + +import os +import pytest + +from wazuh_testing.tools import WAZUH_PATH, LOGTEST_SOCKET_PATH +from yaml import safe_load +from shutil import copy +from json import loads + + +# Marks +pytestmark = [pytest.mark.linux, pytest.mark.tier(level=0), pytest.mark.server] + +# Configurations +test_data_path = os.path.join(os.path.dirname(os.path.realpath(__file__)), 'data') +messages_path = os.path.join(test_data_path, 'rule_list.yaml') + +with open(messages_path) as f: + test_cases = safe_load(f) + +# Variables +receiver_sockets_params = [(LOGTEST_SOCKET_PATH, 'AF_UNIX', 'TCP')] +receiver_sockets = None + + +# Fixtures +@pytest.fixture(scope='function') +def configure_rules_list(get_configuration, request): + """Configure a custom rules for testing. + Restart Wazuh is not needed for applying the configuration is optional. + """ + + # configuration for testing + rules_dir = os.path.join(WAZUH_PATH, get_configuration['rule_dir']) + if not os.path.exists(rules_dir): + os.makedirs(rules_dir) + + file_test = os.path.join(test_data_path, get_configuration['rule_file']) + file_dst = os.path.join(rules_dir, get_configuration['rule_file']) + + copy(file_test, file_dst) + + yield + + # restore previous configuration + os.remove(file_dst) + if len(os.listdir(rules_dir)) == 0: + os.rmdir(rules_dir) + + +@pytest.fixture(scope='module', params=test_cases, ids=[test_case['name'] for test_case in test_cases]) +def get_configuration(request): + """Get configurations from the module.""" + return request.param + + +# Tests +def test_rule_list(restart_required_logtest_daemons, get_configuration, + configure_environment, configure_rules_list, + wait_for_logtest_startup, connect_to_sockets_function): + """Check that every test case run on logtest generates the adequate output.""" + + # send the logtest request + receiver_sockets[0].send(get_configuration['input'], size=True) + + # receive logtest reply and parse it + response = receiver_sockets[0].receive(size=True).rstrip(b'\x00').decode() + result = loads(response) + + assert result['error'] == 0 + if 'test_exclude' in get_configuration: + assert 'rule' not in result['data']['output'] + else: + assert result['data']['output']['rule']['id'] == get_configuration['rule_id']