From 8ee732a93ec3e61586e22799ba0c3bc67cab267f Mon Sep 17 00:00:00 2001 From: Deblintrake09 Date: Wed, 2 Feb 2022 15:38:01 +0000 Subject: [PATCH 1/6] rem - remove unnecesary variable asignment --- .../test_registry_diff_size_limit_values.py | 3 +-- .../test_registry_file_size_values.py | 3 +-- 2 files changed, 2 insertions(+), 4 deletions(-) diff --git a/tests/integration/test_fim/test_registry/test_registry_report_changes/test_registry_diff_size_limit_values.py b/tests/integration/test_fim/test_registry/test_registry_report_changes/test_registry_diff_size_limit_values.py index 641d2823b2..4e490e48fe 100644 --- a/tests/integration/test_fim/test_registry/test_registry_report_changes/test_registry_diff_size_limit_values.py +++ b/tests/integration/test_fim/test_registry/test_registry_report_changes/test_registry_diff_size_limit_values.py @@ -77,7 +77,6 @@ os.path.join(WINDOWS_HKEY_LOCAL_MACHINE, MONITORED_KEY_2)] test_data_path = os.path.join(os.path.dirname(os.path.realpath(__file__)), 'data') wazuh_log_monitor = FileMonitor(LOG_FILE_PATH) -size_limit_configured = SIZE_LIMIT_CONFIGURED_VALUE scan_delay = 2 # Configurations @@ -176,7 +175,7 @@ def report_changes_validator_diff(event): assert os.path.exists(diff_file), '{diff_file} does not exist' assert event['data'].get('content_changes') is not None, ERR_MSG_CONTENT_CHANGES_EMPTY - if size > size_limit_configured: + if size > SIZE_LIMIT_CONFIGURED_VALUE: callback_test = report_changes_validator_no_diff else: callback_test = report_changes_validator_diff diff --git a/tests/integration/test_fim/test_registry/test_registry_report_changes/test_registry_file_size_values.py b/tests/integration/test_fim/test_registry/test_registry_report_changes/test_registry_file_size_values.py index ab38e7961a..731627891d 100644 --- a/tests/integration/test_fim/test_registry/test_registry_report_changes/test_registry_file_size_values.py +++ b/tests/integration/test_fim/test_registry/test_registry_report_changes/test_registry_file_size_values.py @@ -77,7 +77,6 @@ os.path.join(WINDOWS_HKEY_LOCAL_MACHINE, MONITORED_KEY_2)] test_data_path = os.path.join(os.path.dirname(os.path.realpath(__file__)), 'data') wazuh_log_monitor = FileMonitor(LOG_FILE_PATH) -size_limit_configured = SIZE_LIMIT_CONFIGURED_VALUE scan_delay = 2 # Configurations @@ -180,7 +179,7 @@ def report_changes_validator_diff(event): assert os.path.exists(diff_file), '{diff_file} does not exist' assert event['data'].get('content_changes') is not None, ERR_MSG_CONTENT_CHANGES_EMPTY - if size > size_limit_configured: + if size > SIZE_LIMIT_CONFIGURED_VALUE: callback_test = report_changes_validator_no_diff else: callback_test = report_changes_validator_diff From dc8c9db733c484bf7e630c5090c8daf470f62229 Mon Sep 17 00:00:00 2001 From: Deblintrake09 Date: Wed, 2 Feb 2022 15:38:38 +0000 Subject: [PATCH 2/6] fix - remove duplicated entry from changelog --- CHANGELOG.md | 1 - .../test_registry_file_limit/test_registry_limit_full.py | 2 +- 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index b7da921330..ce0bfa46b5 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -16,7 +16,6 @@ Release report: TBD - Add test to check if files can be accessed while FIM has them opened ([#705](https://github.com/wazuh/wazuh-qa/pull/705)) ### Changed -- Refactor: FIM `test_synchronization` according to new standard. Phase 1. ([#2358](https://github.com/wazuh/wazuh-qa/pull/2358)) - Refactor: FIM `test_registry_file_limit` and `test_registry_report_changes`. ([#2478](https://github.com/wazuh/wazuh-qa/pull/2478)) - Adapt logtest ITs given the rules skipping ([#2146](https://github.com/wazuh/wazuh-qa/pull/2146)) - Fix version validation in qa-ctl config generator ([#2454](https://github.com/wazuh/wazuh-qa/pull/2454)) diff --git a/tests/integration/test_fim/test_registry/test_registry_file_limit/test_registry_limit_full.py b/tests/integration/test_fim/test_registry/test_registry_file_limit/test_registry_limit_full.py index 96df8c99ac..996aee6a1b 100644 --- a/tests/integration/test_fim/test_registry/test_registry_file_limit/test_registry_limit_full.py +++ b/tests/integration/test_fim/test_registry/test_registry_file_limit/test_registry_limit_full.py @@ -44,7 +44,7 @@ pytest_args: - fim_mode: - scheduled: + scheduled: file/registry changes are monitored only at the configured interval - tier: 0: Only level 0 tests are performed, they check basic functionalities and are quick to perform. 1: Only level 1 tests are performed, they check functionalities of medium complexity. From 614c293db4d5d2039db074732587ef205527e252 Mon Sep 17 00:00:00 2001 From: Deblintrake09 Date: Wed, 2 Feb 2022 18:55:16 +0000 Subject: [PATCH 3/6] skip test_report_changes_after_restart - flaky --- .../test_registry_report_changes_deleted.py | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/integration/test_fim/test_registry/test_registry_report_changes/test_registry_report_changes_deleted.py b/tests/integration/test_fim/test_registry/test_registry_report_changes/test_registry_report_changes_deleted.py index 12ffc41d1f..42ac054493 100644 --- a/tests/integration/test_fim/test_registry/test_registry_report_changes/test_registry_report_changes_deleted.py +++ b/tests/integration/test_fim/test_registry/test_registry_report_changes/test_registry_report_changes_deleted.py @@ -244,6 +244,7 @@ def report_changes_removed_diff_file_validator(unused_param): assert not os.path.exists(folder_path), f'{folder_path} exists' +@pytest.mark.skip(reason="It will be blocked by #2174, when it was solve we can enable again this test") def test_report_changes_after_restart(get_configuration, configure_environment, restart_syscheckd, wait_for_fim_start): ''' description: Check if the 'wazuh-syscheckd' daemon removes the 'diff' directories when disabling From 43119ce0f8176eb986b85201a4814206553afeba Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andr=C3=A9s=20Carmelo=20Micalizzi?= Date: Thu, 3 Feb 2022 15:29:08 -0300 Subject: [PATCH 4/6] modify: test skip type and minor typo MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Dámaris --- .../test_registry_file_limit/test_registry_limit_values.py | 2 +- .../test_registry_disk_quota_bigger_file_limit.py | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/integration/test_fim/test_registry/test_registry_file_limit/test_registry_limit_values.py b/tests/integration/test_fim/test_registry/test_registry_file_limit/test_registry_limit_values.py index dfcd54a4c3..fbd3dd5e83 100644 --- a/tests/integration/test_fim/test_registry/test_registry_file_limit/test_registry_limit_values.py +++ b/tests/integration/test_fim/test_registry/test_registry_file_limit/test_registry_limit_values.py @@ -108,7 +108,7 @@ def extra_configuration_before_yield(): # Tests -@pytest.mark.skipif(sys.platform=='win32', reason="Blocked by issue wazuh/wazuh #11819") +@pytest.mark.skip(reason="Blocked by issue wazuh/wazuh #11819") def test_file_limit_values(get_configuration, configure_environment, restart_syscheckd): ''' description: Check if the 'wazuh-syscheckd' daemon detects the value of the 'entries' tag, which corresponds to diff --git a/tests/integration/test_fim/test_registry/test_registry_report_changes/test_disk_quota/test_registry_disk_quota_bigger_file_limit.py b/tests/integration/test_fim/test_registry/test_registry_report_changes/test_disk_quota/test_registry_disk_quota_bigger_file_limit.py index d47442ffb6..39faf3040b 100644 --- a/tests/integration/test_fim/test_registry/test_registry_report_changes/test_disk_quota/test_registry_disk_quota_bigger_file_limit.py +++ b/tests/integration/test_fim/test_registry/test_registry_report_changes/test_disk_quota/test_registry_disk_quota_bigger_file_limit.py @@ -200,6 +200,6 @@ def report_changes_validator_diff(event): registry_value_update(key, subkey, wazuh_log_monitor, arch=arch, value_list=values, wait_for_scan=True, scan_delay=scan_delay, min_timeout=global_parameters.default_timeout, triggers_event=True, validators_after_update=[test_callback]) - # Delete the vaue created to clean up enviroment + # Delete the value created to clean up enviroment registry_value_delete(key, subkey, wazuh_log_monitor, arch=arch, value_list=values, wait_for_scan=True, scan_delay=scan_delay, min_timeout=global_parameters.default_timeout, triggers_event=True) From db939b28f3ad4cdcfe56b672e138c153507f2bf9 Mon Sep 17 00:00:00 2001 From: Deblintrake09 Date: Thu, 3 Feb 2022 19:19:32 +0000 Subject: [PATCH 5/6] fix - comments and documentation --- .../wazuh_testing/fim_module/fim_variables.py | 16 ++++++++-------- .../test_registry_limit_capacity_alerts.py | 2 +- .../test_registry_file_size_values.py | 4 ++++ 3 files changed, 13 insertions(+), 9 deletions(-) diff --git a/deps/wazuh_testing/wazuh_testing/fim_module/fim_variables.py b/deps/wazuh_testing/wazuh_testing/fim_module/fim_variables.py index 22552da570..e0224e99e6 100644 --- a/deps/wazuh_testing/wazuh_testing/fim_module/fim_variables.py +++ b/deps/wazuh_testing/wazuh_testing/fim_module/fim_variables.py @@ -10,25 +10,25 @@ # Variables SIZE_LIMIT_CONFIGURED_VALUE = 10 * 1024 -# Key variables +# Key Variables WINDOWS_HKEY_LOCAL_MACHINE = 'HKEY_LOCAL_MACHINE' MONITORED_KEY = 'SOFTWARE\\random_key' MONITORED_KEY_2 = "SOFTWARE\\Classes\\random_key_2" WINDOWS_REGISTRY = 'WINDOWS_REGISTRY' -# Value key +# Value Key SYNC_INTERVAL = 'SYNC_INTERVAL' SYNC_INTERVAL_VALUE = MAX_EVENTS_VALUE = 20 -# Folders variables +# Folder Variables TEST_DIR_1 = 'testdir1' TEST_DIRECTORIES = 'TEST_DIRECTORIES' TEST_REGISTRIES = 'TEST_REGISTRIES' -# Syscheck attributes +# Syscheck Attributes REPORT_CHANGES = 'report_changes' DIFF_SIZE_LIMIT = 'diff_size_limit' FILE_SIZE_ENABLED = 'FILE_SIZE_ENABLED' @@ -36,12 +36,12 @@ DISK_QUOTA_ENABLED = 'DISK_QUOTA_ENABLED' DISK_QUOTA_LIMIT = 'DISK_QUOTA_LIMIT' -# Syscheck values +# Syscheck Values DIFF_LIMIT_VALUE = 2 DIFF_DEFAULT_LIMIT_VALUE = 51200 -# FIM modules +# FIM Modes SCHEDULE_MODE = 'scheduled' # Yaml Configuration @@ -49,11 +49,11 @@ YAML_CONF_SYNC_WIN32 = 'wazuh_sync_conf_win32.yaml' YAML_CONF_DIFF = 'wazuh_conf_diff.yaml' -# Synchronization options +# Synchronization Options SYNCHRONIZATION_ENABLED = 'SYNCHRONIZATION_ENABLED' SYNCHRONIZATION_REGISTRY_ENABLED = 'SYNCHRONIZATION_REGISTRY_ENABLED' -# Callbacks message +# Callback Messages CB_INTEGRITY_CONTROL_MESSAGE = r'.*Sending integrity control message: (.+)$' CB_REGISTRY_DBSYNC_NO_DATA = r'.*#!-fim_registry dbsync no_data (.+)' CB_FILE_LIMIT_CAPACITY = r".*Sending DB (\d+)% full alert." diff --git a/tests/integration/test_fim/test_registry/test_registry_file_limit/test_registry_limit_capacity_alerts.py b/tests/integration/test_fim/test_registry/test_registry_file_limit/test_registry_limit_capacity_alerts.py index 479ef72bfa..0e1030897e 100644 --- a/tests/integration/test_fim/test_registry/test_registry_file_limit/test_registry_limit_capacity_alerts.py +++ b/tests/integration/test_fim/test_registry/test_registry_file_limit/test_registry_limit_capacity_alerts.py @@ -55,8 +55,8 @@ - fim_registry_file_limit ''' import os -from sys import platform import pytest +from sys import platform from wazuh_testing import global_parameters from wazuh_testing.fim import LOG_FILE_PATH, generate_params, modify_registry_value, wait_for_scheduled_scan, \ delete_registry_value, registry_parser, KEY_WOW64_64KEY, callback_detect_end_scan, REG_SZ, KEY_ALL_ACCESS, \ diff --git a/tests/integration/test_fim/test_registry/test_registry_report_changes/test_registry_file_size_values.py b/tests/integration/test_fim/test_registry/test_registry_report_changes/test_registry_file_size_values.py index 731627891d..4cf0c7ffdb 100644 --- a/tests/integration/test_fim/test_registry/test_registry_report_changes/test_registry_file_size_values.py +++ b/tests/integration/test_fim/test_registry/test_registry_report_changes/test_registry_file_size_values.py @@ -115,6 +115,10 @@ def test_file_size_values(key, subkey, arch, value_name, size, get_configuration its size on each test case. Finally, the test will verify that the compressed 'diff' file has been created, and the related FIM event includes the 'content_changes' field if the value size does not exceed the specified limit and vice versa. + - Case 1: small size - the size for the file is smaller than the file_size_limit. The diff_file + is generated and the logs have content_changes data. + - Case 2: big size - when the size for the file is bigger than the file_size_limit. The diff_file + is not generated and the logs should not have content_changes data. wazuh_min_version: 4.2.0 From 67cbad9a47850404714d70444c2d30a8bb4e7bc3 Mon Sep 17 00:00:00 2001 From: Cami Romero <37776796+CamiRomero@users.noreply.github.com> Date: Tue, 22 Feb 2022 09:06:25 -0300 Subject: [PATCH 6/6] Update CHANGELOG.md --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 9711d3abb1..c98d5780f6 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -20,7 +20,7 @@ Release report: TBD ### Changed - Refactor: FIM `test_synchronization` according to new standard. Phase 1. ([#2358](https://github.com/wazuh/wazuh-qa/pull/2358)) -- Refactor: FIM `test_registry_file_limit` and `test_registry_report_changes`. ([#2478](https://github.com/wazuh/wazuh-qa/pull/)) +- Refactor: FIM `test_registry_file_limit` and `test_registry_report_changes`. ([#2478](https://github.com/wazuh/wazuh-qa/pull/2478)) - Refactor: FIM `test_files/test_file_limit` and updated imports to new standard. ([#2501](https://github.com/wazuh/wazuh-qa/pull/2501)) - Fix the unstable FIM tests that need refactoring. ([#2421](https://github.com/wazuh/wazuh-qa/pull/2458)) - Skip : FIM `test_registry_limit_values` until expected message is added to Windows Agent ([#2446](https://github.com/wazuh/wazuh-qa/pull/2446))