Add E2E tests for demo cases

CHANGELOG.md

@@ -8,6 +8,7 @@ Wazuh commit: TBD \
 Release report: TBD
 
 ### Added
+- Add E2E tests for demo cases ([#3293](https:/wazuh/wazuh-qa/pull/3293)) \- (Framework + Tests)
 - Add configuration files for Jenkins automation of system/E2E tests ([#3221](https:/wazuh/wazuh-qa/pull/3221)) \- (Framework)
 - New vulnerability Detector integration tests for Ubuntu 22.04 ([#2957](https:/wazuh/wazuh-qa/pull/2957)) \- (Framework + Tests)
 - New vulnerability Detector integration tests for Amazon Linux 2022 ([#2955](https:/wazuh/wazuh-qa/pull/2955)) \- (Framework + Tests)

deps/wazuh_testing/wazuh_testing/end_to_end/__init__.py

@@ -0,0 +1,94 @@
+# Copyright (C) 2015-2022, Wazuh Inc.
+# Created by Wazuh, Inc. <[email protected]>.
+# This program is free software; you can redistribute it and/or modify it under the terms of GPLv2
+import os
+import requests
+from http import HTTPStatus
+from tempfile import gettempdir
+
+from wazuh_testing.tools.utils import retry
+
+
+fetched_alerts_json_path = os.path.join(gettempdir(), 'alerts.json')
+
+
+@retry(Exception, attempts=3, delay=5)
+def get_alert_indexer_api(query, credentials, ip_address, index='wazuh-alerts-4.x-*'):
+ """Get an alert from the wazuh-indexer API
+
+ Make a request to the wazuh-indexer API to get the last indexed alert that matches the values passed in
+ must_match.
+
+ Args:
+ ip_address (str): wazuh-indexer IP address.
+ index (str): Index in which to search for the alert.
+ query (dict): Query to send to the API.
+ credentials(dict): wazuh-indexer credentials.
+
+ Returns:
+ `obj`(map): Search results
+ """
+ url = f"https://{ip_address}:9200/{index}/_search?"
+
+ response = requests.get(url=url, params={'pretty': 'true'}, json=query, verify=False,
+ auth=requests.auth.HTTPBasicAuth(credentials['user'], credentials['password']))
+
+ if '"hits" : [ ]' in response.text:
+ raise Exception('Alert not indexed')
+ elif response.status_code != HTTPStatus.OK:
+ raise Exception(f"The request wasn't successful.\nActual response: {response.text}")
+
+ return response
+
+
+def delete_index_api(credentials, ip_address, index='wazuh-alerts-4.x-*'):
+ """Delete indices from wazuh-indexer using its API.
+
+ Make a request to the wazuh-indexer API to delete indices that match a given name.
+
+ Args:
+ ip_address (str): wazuh-indexer IP address.
+ index (str): Name of the index to be deleted.
+ credentials(dict): wazuh-indexer credentials.
+
+ Returns:
+ obj(class): `Response <Response>` object
+ obj(class): `NoneType` object
+ """
+ url = f"https://{ip_address}:9200/"
+ authorization = requests.auth.HTTPBasicAuth(credentials['user'], credentials['password'])
+
+ response = requests.delete(url=url+index, params={'pretty': 'true'}, verify=False, auth=authorization)
+
+ if response.status_code != HTTPStatus.OK:
+ raise Exception(f"The index(es) have not been deleted successfully. Actual response {response.text}")
+
+ return response
+
+
+def make_query(must_match):
+ """Create a query according to the values passed in must_match.
+
+ Args:
+ must_match (list): Values to be matched with the indexed alert.
+
+ Returns:
+ dict: Fully formed query.
+ """
+ query = {
+ "query": {
+ "bool": {
+ "must": must_match
+ }
+ },
+ "size": 1,
+ "sort": [
+ {
+ "timestamp": {
+ "order": "desc"
+ }
+ }
+ ]
+ }
+
+ return query

deps/wazuh_testing/wazuh_testing/event_monitor.py

@@ -0,0 +1,39 @@
+import re
+
+from wazuh_testing.tools.monitoring import FileMonitor
+
+
+def make_callback(pattern, prefix=''):
+ """Create a callback function from a text pattern.
+ Args:
+ pattern (str): String to match on the log.
+ prefix (str): regular expression used as prefix before the pattern.
+ Returns:
+ lambda: function that returns if there's a match in the file
+ """
+ pattern = r'\s+'.join(pattern.split())
+ regex = re.compile(r'{}{}'.format(prefix, pattern))
+
+ return lambda line: regex.match(line)
+
+
+def check_event(file_monitor=None, callback='', error_message=None, update_position=True, timeout=20,
+ accum_results=1, file_to_monitor=None):
+ """Check if an API event occurs
+ Args:
+ file_monitor (FileMonitor): FileMonitor object to monitor the file content.
+ callback (str): log regex to check in the file
+ error_message (str): error message to show in case of expected event does not occur
+ update_position (boolean): filter configuration parameter to search in the file
+ timeout (str): timeout to check the event in the file
+ prefix (str): log pattern regex
+ accum_results (int): Accumulation of matches.
+ """
+ file_monitor = FileMonitor(file_to_monitor) if file_monitor is None else file_monitor
+ error_message = f"Could not find this event in {file_to_monitor}: {callback}" if error_message is None else \
+ error_message
+
+ result = file_monitor.start(timeout=timeout, update_position=update_position, accum_results=accum_results,
+ callback=make_callback(callback), error_message=error_message)
+
+ return result

deps/wazuh_testing/wazuh_testing/fim.py

@@ -169,30 +169,27 @@
  REG_QWORD = 0
  KEY_ALL_ACCESS = 0
 
-
  def registry_value_cud():
  pass
 
-
  def registry_key_cud():
  pass
- 
+
  def registry_value_create():
  pass
 
  def registry_value_update():
  pass
- 
+
  def registry_value_delete():
  pass
- 
+
  def create_values_content():
  pass
 
  def validate_registry_event():
  pass
 
-
  RegOpenKeyEx = 0
  RegCloseKey = 0
 
@@ -1612,8 +1609,8 @@ def _get_file_list(self):
  return result_list
 
 
-def wait_for_scheduled_scan(wait_for_scan=False, interval: timedelta = timedelta(seconds=20), monitor: FileMonitor = None,
- timeout=global_parameters.default_timeout):
+def wait_for_scheduled_scan(wait_for_scan=False, interval: timedelta = timedelta(seconds=20),
+ monitor: FileMonitor = None, timeout=global_parameters.default_timeout):
  """Checks if the conditions for waiting for a new scheduled scan.
 
  Optionally, a monitor may be used to check if a scheduled scan has been performed.
@@ -1622,7 +1619,8 @@ def wait_for_scheduled_scan(wait_for_scan=False, interval: timedelta = timedelta
 
  Args:
  wait_scan (boolean): True if we need to update time. False otherwise.
- interval (timedelta, optional): time interval that will be waited for the scheduled scan to start. Default: 20 seconds.
+ interval (timedelta, optional): time interval that will be waited for the scheduled scan to start.
+ Default: 20 seconds.
  monitor (FileMonitor, optional): if passed, after changing system clock it will check for the end of the
  scheduled scan. The `monitor` will not consume any log line. Default `None`.
  timeout (int, optional): If a monitor is provided, this parameter sets how long to wait for the end of scan.
@@ -1641,8 +1639,8 @@ def wait_for_scheduled_scan(wait_for_scan=False, interval: timedelta = timedelta
  time.sleep(interval)
  if monitor:
  monitor.start(timeout=timeout, callback=callback_detect_end_scan,
- update_position=False,
- error_message=f"End of scheduled scan not detected after {timeout} seconds")
+  update_position=False,
+  error_message=f"End of scheduled scan not detected after {timeout} seconds")
 
 
 if sys.platform == 'win32':
@@ -1961,14 +1959,13 @@ def registry_value_cud(root_key, registry_sub_key, log_monitor, arch=KEY_WOW64_6
  error_message=f'End of scheduled scan not detected after '
  f"{global_parameters.default_timeout} seconds")
 
-
  def transform_registry_list(value_list=['test_value'], value_type=win32con.REG_SZ, callback=callback_value_event):
 
  if value_type in [win32con.REG_SZ, win32con.REG_MULTI_SZ]:
  value_default_content = ''
  else:
  value_default_content = 1
- 
+
  aux_dict = {}
  if isinstance(value_list, list):
  for elem in value_list:
@@ -1980,9 +1977,8 @@ def transform_registry_list(value_list=['test_value'], value_type=win32con.REG_S
 
  else:
  raise ValueError('It can only be a list or dictionary')
-
- return aux_dict
 
+ return aux_dict
 
  def set_check_options(options):
  """ Return set of check options. If options given is none, it will return check_all"""
@@ -1991,14 +1987,14 @@ def set_check_options(options):
  options_set = options_set.intersection(options)
  return options_set
 
-
  def create_values_content(value_name, size):
  """ Create a string of data content of a given size for a specific key value"""
  return {value_name: generate_string(size, '0')}
 
  def registry_value_create(root_key, registry_sub_key, log_monitor, arch=KEY_WOW64_64KEY, value_list=['test_value'],
- min_timeout=1, options=None, wait_for_scan=False, scan_delay=10, triggers_event=True, encoding=None,
- callback=callback_value_event, validators_after_create=None, value_type=win32con.REG_SZ):
+ min_timeout=1, options=None, wait_for_scan=False, scan_delay=10, triggers_event=True,
+ encoding=None, callback=callback_value_event, validators_after_create=None,
+ value_type=win32con.REG_SZ):
  """Check if creation of registry value events are detected by syscheck.
 
  This function provides multiple tools to validate events with custom validators.
@@ -2012,7 +2008,8 @@ def registry_value_create(root_key, registry_sub_key, log_monitor, arch=KEY_WOW6
  strings in each value. Default `['test_value']`
  min_timeout (int, optional): Minimum timeout. Default `1`
  options (set, optional): Set with all the checkers. Default `None`
- wait_for_scan (boolean, optional): Boolean to determine if there will be time travels or not. Default `False`
+ wait_for_scan (boolean, optional): Boolean to determine if there will be time travels or not.
+ Default `False`
  scan_delay (int, optional): time the test sleeps waiting for scan to be triggered.
  triggers_event (boolean, optional): Boolean to determine if the
  event should be raised or not. Default `True`
@@ -2033,7 +2030,7 @@ def registry_value_create(root_key, registry_sub_key, log_monitor, arch=KEY_WOW6
  value_added_content = 'added'
  else:
  value_added_content = 0
- 
+
  options_set = set_check_options(options)
 
  custom_validator = CustomValidator(validators_after_create, None, None, None)
@@ -2051,18 +2048,18 @@ def registry_value_create(root_key, registry_sub_key, log_monitor, arch=KEY_WOW6
  if name in registry_path:
  continue
  modify_registry_value(key_handle, name, value_type, value_added_content)
- 
+
  wait_for_scheduled_scan(wait_for_scan=wait_for_scan, interval=scan_delay, monitor=log_monitor)
 
  registry_event_checker.fetch_and_check('added', min_timeout=min_timeout, triggers_event=triggers_event)
 
  if triggers_event:
  logger.info("'added' {} detected as expected.\n".format("events" if len(value_list) > 1 else "event"))
 
-
  def registry_value_update(root_key, registry_sub_key, log_monitor, arch=KEY_WOW64_64KEY, value_list=['test_value'],
- wait_for_scan=False, scan_delay=10, min_timeout=1, options=None, triggers_event=True, encoding=None,
- callback=callback_value_event, validators_after_update=None, value_type=win32con.REG_SZ):
+ wait_for_scan=False, scan_delay=10, min_timeout=1, options=None, triggers_event=True,
+ encoding=None, callback=callback_value_event, validators_after_update=None,
+ value_type=win32con.REG_SZ):
  """Check if update registry value events are detected by syscheck.
 
  This function provides multiple tools to validate events with custom validators.
@@ -2074,7 +2071,8 @@ def registry_value_update(root_key, registry_sub_key, log_monitor, arch=KEY_WOW6
  arch (int): Architecture of the registry key (KEY_WOW64_32KEY or KEY_WOW64_64KEY). Default `KEY_WOW64_64KEY`
  value_list (list(str) or dict, optional): If it is a list, it will be transformed to a dict with empty
  strings in each value. Default `['test_value']`
- wait_for_scan (boolean, optional): Boolean to determine if there will waits for scheduled scans. Default `False`
+ wait_for_scan (boolean, optional): Boolean to determine if there will waits for scheduled scans.
+ Default `False`
  scan_delay (int, optional): time the test sleeps waiting for scan to be triggered.
  min_timeout (int, optional): Minimum timeout. Default `1`
  options (set, optional): Set with all the checkers. Default `None`
@@ -2102,9 +2100,9 @@ def registry_value_update(root_key, registry_sub_key, log_monitor, arch=KEY_WOW6
  registry_dict=value_list, options=options_set,
  custom_validator=custom_validator, encoding=encoding,
  callback=callback, is_value=True)
- 
+
  key_handle = create_registry(registry_parser[root_key], registry_sub_key, arch)
- 
+
  # Modify previous registry values
  for name, content in value_list.items():
  if name in registry_path:
@@ -2119,8 +2117,9 @@ def registry_value_update(root_key, registry_sub_key, log_monitor, arch=KEY_WOW6
  logger.info("'modified' {} detected as expected.\n".format("events" if len(value_list) > 1 else "event"))
 
  def registry_value_delete(root_key, registry_sub_key, log_monitor, arch=KEY_WOW64_64KEY, value_list=['test_value'],
- wait_for_scan=False, scan_delay=10, min_timeout=1, options=None, triggers_event=True, encoding=None,
- callback=callback_value_event, validators_after_delete=None, value_type=win32con.REG_SZ):
+ wait_for_scan=False, scan_delay=10, min_timeout=1, options=None, triggers_event=True,
+ encoding=None, callback=callback_value_event, validators_after_delete=None,
+ value_type=win32con.REG_SZ):
  """Check if delete registry value events are detected by syscheck.
 
  This function provides multiple tools to validate events with custom validators.
@@ -2132,7 +2131,8 @@ def registry_value_delete(root_key, registry_sub_key, log_monitor, arch=KEY_WOW6
  arch (int): Architecture of the registry key (KEY_WOW64_32KEY or KEY_WOW64_64KEY). Default `KEY_WOW64_64KEY`
  value_list (list(str) or dict, optional): If it is a list, it will be transformed to a dict with empty
  strings in each value. Default `['test_value']`
- wait_for_scan (boolean, optional): Boolean to determine if there will waits for scheduled scans. Default `False`
+ wait_for_scan (boolean, optional): Boolean to determine if there will waits for scheduled scans.
+ Default `False`
  scan_delay (int, optional): time the test sleeps waiting for scan to be triggered.
  min_timeout (int, optional): Minimum timeout. Default `1`
  options (set, optional): Set with all the checkers. Default `None`
@@ -2160,9 +2160,9 @@ def registry_value_delete(root_key, registry_sub_key, log_monitor, arch=KEY_WOW6
  registry_dict=value_list, options=options_set,
  custom_validator=custom_validator, encoding=encoding,
  callback=callback, is_value=True)
- 
+
  key_handle = create_registry(registry_parser[root_key], registry_sub_key, arch)
- 
+
  # Delete previous registry values
  for name, _ in value_list.items():
  if name in registry_path:
@@ -2175,7 +2175,6 @@ def registry_value_delete(root_key, registry_sub_key, log_monitor, arch=KEY_WOW6
  if triggers_event:
  logger.info("'deleted' {} detected as expected.\n".format("events" if len(value_list) > 1 else "event"))
 
-
  def registry_key_cud(root_key, registry_sub_key, log_monitor, arch=KEY_WOW64_64KEY, key_list=['test_key'],
  time_travel=False, min_timeout=1, options=None, triggers_event=True, triggers_event_add=True,
  triggers_event_modified=True, triggers_event_delete=True, encoding=None,
@@ -2535,7 +2534,8 @@ def get_scan_timestamp(file_monitor):
  file_monitor (FileMonitor): file log monitor to detect events
  """
  timestamp = file_monitor.start(timeout=60, callback=callback_get_scan_timestap,
- error_message='Did not receive expected "File integrity monitoring scan ended" event').result()
+ error_message='Did not receive expected '
+ '"File integrity monitoring scan ended" event').result()
  return timestamp
 
 
@@ -2710,3 +2710,24 @@ def check_fim_start(file_monitor):
  detect_whodata_start(file_monitor)
  else:
  detect_initial_scan(file_monitor)
+
+
+# Create folder and file inside
+def create_folder_file(host_manager, folder_path):
+ # Create folder
+ host_manager.run_command('wazuh-agent1', f'mkdir {folder_path}')
+
+ # Create file
+ host_manager.run_command('wazuh-agent1', f'touch {folder_path}/{folder_path}.txt')
+
+
+# Check that fim scan end
+def wait_for_fim_scan_end(HostMonitor, inventory_path, messages_path, tmp_path):
+ HostMonitor(inventory_path=inventory_path,
+ messages_path=messages_path,
+ tmp_path=tmp_path).run()
+
+
+# Function that use to run a script inside remote host to execute queries to DB
+def query_db(host_manager, script, db_path, query):
+ return host_manager.run_command('wazuh-manager', "python {} --db_path {} --query {}".format(script, db_path, query))