Add localfile wildcard support for windows IT

CHANGELOG.md

@@ -9,6 +9,7 @@ Release report: TBD
 
 ### Added
 
+- Add Windows location wildcards tests ([#3906](https:/wazuh/wazuh-qa/pull/3906)) \- (Tests)
 - Add tests with new options to avoid FIM synchronization overlapping. ([#3318](https:/wazuh/wazuh-qa/pull/3318)) \- (Framework + tests)
 - Add Logcollector millisecond granularity support test case ([#3910](https:/wazuh/wazuh-qa/pull/3910)) \- (Tests)
 - Add Windows System folders FIM monitoring tests ([#3720](https:/wazuh/wazuh-qa/pull/3720)) \- (Tests)

deps/wazuh_testing/wazuh_testing/modules/logcollector/event_monitor.py

@@ -6,6 +6,7 @@
 from wazuh_testing.tools.monitoring import FileMonitor
 
 
+# Event detectors
 def make_logcollector_callback(pattern, prefix=LOG_COLLECTOR_PREFIX, escape=False):
  """Create a callback function from a text pattern.
 
@@ -132,3 +133,43 @@ def check_ignore_restrict_message_not_found(message, regex, tag, prefix):
  with pytest.raises(TimeoutError):
  log_found = check_ignore_restrict_message(message=message, regex=regex, tag=tag, prefix=prefix)
  assert log_found is False, ERR_MSG_UNEXPECTED_IGNORE_EVENT
+
+
+def check_wildcard_pattern_expanded(file_path, location_regex, prefix, error_message=None, file_monitor=None,
+ timeout=T_10, escape=False):
+ """Create a callback to detect "New file that matches the '{file_path}' pattern: '(.*)'" line.
+
+ Args:
+ file_path (str): file path that is being monitored
+ location_regex (str): path configured in location tag
+ prefix (str): Daemon that generates the error log.
+ error_message (str): Error message.
+ file_monitor (FileMonitor): Log monitor.
+ timeout (int): Timeout to check the log.
+ escape (bool): Flag to escape special characters in the pattern.
+
+ Returns: True if the expected message has been found, False otherwise.
+ """
+ callback_msg = f".*New file that matches the '{location_regex}' pattern: '{file_path}'"
+
+ return check_logcollector_event(file_monitor=file_monitor, timeout=timeout, callback=callback_msg,
+ error_message=error_message, prefix=prefix, escape=escape)
+
+
+def check_wildcard_pattern_no_match(regex, prefix, error_message=None, file_monitor=None, timeout=T_10, escape=False):
+ """Create a callback to detect "DEBUG: No file/folder that matches ..." line.
+
+ Args:
+ regex (str): regex pattern configured in location tag for monitoring
+ prefix (str): Daemon that generates the error log.
+ error_message (str): Error message.
+ file_monitor (FileMonitor): Log monitor.
+ timeout (int): Timeout to check the log.
+ escape (bool): Flag to escape special characters in the pattern.
+
+ Returns: True if the expected message has been found, False otherwise.
+ """
+ callback_msg = f".*expand_win32_wildcards.*DEBUG: No .* that matches {regex}"
+
+ return check_logcollector_event(file_monitor=file_monitor, timeout=timeout, callback=callback_msg,
+ error_message=error_message, prefix=prefix, escape=escape)

deps/wazuh_testing/wazuh_testing/tools/file.py

@@ -236,7 +236,7 @@ def delete_file(file_path):
 
 def delete_path_recursively(path):
  if os.path.exists(path):
- shutil.rmtree(path, onerror=on_write_error)
+ shutil.rmtree(path, ignore_errors=True, onerror=on_write_error)
 
 
 def on_write_error(function, path, exc_info):
@@ -466,10 +466,10 @@ def recursive_directory_creation(path):
  if parent != '' and not os.path.exists(parent):
  split = os.path.split(parent)
  recursive_directory_creation(split[0])
- os.mkdir(parent)
+ os.mkdir(parent, mode=0o0777)
 
  if not os.path.exists(path):
- os.mkdir(path)
+ os.mkdir(path, mode=0o0777)
 
 
 def move_everything_from_one_directory_to_another(source_directory, destination_directory):

tests/integration/conftest.py

@@ -21,7 +21,8 @@
 from wazuh_testing.tools import (PREFIX, LOG_FILE_PATH, WAZUH_CONF, get_service, ALERT_FILE_PATH,
  WAZUH_LOCAL_INTERNAL_OPTIONS)
 from wazuh_testing.tools.configuration import get_wazuh_conf, set_section_wazuh_conf, write_wazuh_conf
-from wazuh_testing.tools.file import truncate_file, recursive_directory_creation, remove_file, copy, write_file
+from wazuh_testing.tools.file import (truncate_file, recursive_directory_creation, remove_file, copy, write_file,
+ delete_path_recursively)
 from wazuh_testing.tools.monitoring import QueueMonitor, FileMonitor, SocketController, close_sockets
 from wazuh_testing.tools.services import control_service, check_daemon_status, delete_dbs
 from wazuh_testing.tools.time import TimeMachine
@@ -1204,6 +1205,23 @@ def copy_file(source_path, destination_path):
  remove_file(file)
 
 
+@pytest.fixture()
+def create_files_in_folder(folder_path, file_list):
+ """Create a list of files, inside a given path. Deletes it at the end.
+
+ Args:
+ folder_path (str): folder path to create.
+ file_list (List): list of file names to create
+ """
+ recursive_directory_creation(folder_path)
+ for file in file_list:
+ write_file(os.path.join(folder_path, file))
+
+ yield
+
+ delete_path_recursively(folder_path)
+
+
 @pytest.fixture(scope='function')
 def create_file(new_file_path):
  """Create an empty file.

tests/integration/test_logcollector/test_configuration/test_basic_configuration_ignore_binaries.py

@@ -56,6 +56,7 @@
 import os
 import pytest
 import sys
+import re
 
 from wazuh_testing.tools.configuration import load_wazuh_configurations
 import wazuh_testing.generic_callbacks as gc
@@ -64,7 +65,10 @@
 from wazuh_testing.tools.services import control_service
 from wazuh_testing.tools.file import truncate_file
 import wazuh_testing.api as api
-from wazuh_testing.tools.monitoring import LOG_COLLECTOR_DETECTOR_PREFIX, WINDOWS_AGENT_DETECTOR_PREFIX, FileMonitor
+from wazuh_testing.tools.monitoring import FileMonitor
+from wazuh_testing.modules.logcollector import LOG_COLLECTOR_PREFIX, WINDOWS_AGENT_PREFIX
+from wazuh_testing.modules.logcollector.event_monitor import check_wildcard_pattern_no_match
+
 
 import subprocess as sb
 
@@ -83,10 +87,8 @@
  force_restart_after_restoring = True
  location = r'C:\testing\files*'
  wazuh_configuration = 'ossec.conf'
- prefix = WINDOWS_AGENT_DETECTOR_PREFIX
 
 else:
- prefix = LOG_COLLECTOR_DETECTOR_PREFIX
  location = '/tmp/testing/files*'
  wazuh_configuration = 'etc/ossec.conf'
 
@@ -145,10 +147,8 @@ def check_ignore_binaries_valid(cfg):
  wazuh_log_monitor = FileMonitor(LOG_FILE_PATH)
 
  if sys.platform == 'win32':
- log_callback = logcollector.callback_invalid_location_pattern(cfg['location'])
- wazuh_log_monitor.start(timeout=5, callback=log_callback,
- error_message=logcollector.GENERIC_CALLBACK_ERROR_INVALID_LOCATION)
-
+ check_wildcard_pattern_no_match(re.escape(cfg['location']), WINDOWS_AGENT_PREFIX, escape=False)
+
  if wazuh_component == 'wazuh-manager':
  real_configuration = cfg.copy()
  real_configuration.pop('valid_value')
@@ -167,17 +167,17 @@ def check_ignore_binaries_invalid(cfg):
  """
  wazuh_log_monitor = FileMonitor(LOG_FILE_PATH)
 
- log_callback = gc.callback_invalid_value('ignore_binaries', cfg['ignore_binaries'], prefix)
+ log_callback = gc.callback_invalid_value('ignore_binaries', cfg['ignore_binaries'], LOG_COLLECTOR_PREFIX)
  wazuh_log_monitor.start(timeout=5, callback=log_callback,
  error_message=gc.GENERIC_CALLBACK_ERROR_MESSAGE)
 
- log_callback = gc.callback_error_in_configuration('ERROR', prefix,
+ log_callback = gc.callback_error_in_configuration('ERROR', LOG_COLLECTOR_PREFIX,
  conf_path=f'{wazuh_configuration}')
  wazuh_log_monitor.start(timeout=5, callback=log_callback,
  error_message=gc.GENERIC_CALLBACK_ERROR_MESSAGE)
 
  if sys.platform != 'win32':
- log_callback = gc.callback_error_in_configuration('CRITICAL', prefix,
+ log_callback = gc.callback_error_in_configuration('CRITICAL', LOG_COLLECTOR_PREFIX,
  conf_path=f'{wazuh_configuration}')
  wazuh_log_monitor.start(timeout=5, callback=log_callback,
  error_message=gc.GENERIC_CALLBACK_ERROR_MESSAGE)

tests/integration/test_logcollector/test_location_wildcards/data/configuration_template/configuration_location_wildcards.yaml

@@ -0,0 +1,29 @@
+- sections:
+ - section: localfile
+ elements:
+ - log_format:
+ value: syslog
+ - location:
+ value: LOCATION
+
+ - section: sca
+ elements:
+ - enabled:
+ value: 'no'
+
+ - section: rootcheck
+ elements:
+ - disabled:
+ value: 'yes'
+
+ - section: syscheck
+ elements:
+ - disabled:
+ value: 'yes'
+
+ - section: wodle
+ attributes:
+ - name: syscollector
+ elements:
+ - disabled:
+ value: 'yes'

tests/integration/test_logcollector/test_location_wildcards/data/test_cases/cases_location_wildcards.yaml

@@ -0,0 +1,47 @@
+- name: Test single asterisk wildcard
+ description: Test location tag with one asterisk wildcard
+ configuration_parameters:
+ LOCATION: c:\testfol*\subfolder\test
+ metadata:
+ matches: true
+ location: c:\testfol*\subfolder\test
+
+- name: Test single question mark wildcard
+ description: Test location tag with one question mark wildcard
+ configuration_parameters:
+ LOCATION: c:\testfolde?\subfolder\test
+ metadata:
+ location: c:\testfolde?\subfolder\test
+ matches: true
+
+- name: Test partial words with asterisk wildcards
+ description: Test location tag with words completed using asterisk wildcard
+ configuration_parameters:
+ LOCATION: c:\test*\sub*\t*
+ metadata:
+ location: c:\test*\sub*\t*
+ matches: true
+
+- name: Test mixed wildcards
+ description: Test location tag with mixed asterisk and question mark wildcards
+ configuration_parameters:
+ LOCATION: c:\testf?lder\*\tes?
+ metadata:
+ location: c:\testf?lder\*\tes?
+ matches: true
+
+- name: Test mixed wildcards - path asterisk only
+ description: Test location tag were filepath uses asterisk only
+ configuration_parameters:
+ LOCATION: c:\*\*\?es?
+ metadata:
+ location: c:\*\*\?es?
+ matches: true
+
+- name: Test invalid wildcards - no match
+ description: Test location tag where wildcards do not match a valid file
+ configuration_parameters:
+ LOCATION: c:\testfolder\subfolder\tes?.log
+ metadata:
+ matches: false
+ location: c:\testfolder\subfolder\tes?.log