From 988679a351dc1d646058b6433e399507bcfbf135 Mon Sep 17 00:00:00 2001 From: Deblintrake09 Date: Mon, 24 Apr 2023 15:30:07 -0300 Subject: [PATCH 01/18] fix(#3591): fix registry checker --- deps/wazuh_testing/wazuh_testing/modules/fim/classes.py | 4 +--- deps/wazuh_testing/wazuh_testing/modules/fim/utils.py | 6 +++--- 2 files changed, 4 insertions(+), 6 deletions(-) diff --git a/deps/wazuh_testing/wazuh_testing/modules/fim/classes.py b/deps/wazuh_testing/wazuh_testing/modules/fim/classes.py index 06b734fd6f..35edeaf4f9 100644 --- a/deps/wazuh_testing/wazuh_testing/modules/fim/classes.py +++ b/deps/wazuh_testing/wazuh_testing/modules/fim/classes.py @@ -15,8 +15,6 @@ if sys.platform == 'linux2' or sys.platform == 'linux': from jq import jq -_data_path = os.path.join(os.path.dirname(os.path.realpath(__file__)), 'data') - def validate_event(event, checks=None, mode=None): """Check if event is properly formatted according to some checks. @@ -103,7 +101,7 @@ def get_required_attributes(check_attributes, result=None): return result json_file = 'syscheck_event_windows.json' if sys.platform == "win32" else 'syscheck_event.json' - with open(os.path.join(_data_path, json_file), 'r') as f: + with open(os.path.join(WAZUH_TESTING_DATA_PATH, json_file), 'r') as f: schema = json.load(f) validate(schema=schema, instance=event) diff --git a/deps/wazuh_testing/wazuh_testing/modules/fim/utils.py b/deps/wazuh_testing/wazuh_testing/modules/fim/utils.py index 47b9a5e34d..9741c77605 100644 --- a/deps/wazuh_testing/wazuh_testing/modules/fim/utils.py +++ b/deps/wazuh_testing/wazuh_testing/modules/fim/utils.py @@ -17,12 +17,14 @@ from wazuh_testing.tools.time import TimeMachine from wazuh_testing.modules import fim from wazuh_testing.modules.fim import event_monitor as ev -from wazuh_testing.modules.fim.classes import CustomValidator, EventChecker +from wazuh_testing.modules.fim.classes import CustomValidator, EventChecker, RegistryEventChecker if sys.platform == 'win32': import win32con import win32api + import win32security as win32sec + import ntsecuritycon as ntc import pywintypes @@ -101,8 +103,6 @@ def create_registry(key, subkey, arch): if sys.platform == 'win32': try: - logger.info("Creating registry key " + str(os.path.join(fim.registry_class_name[key], subkey))) - key = win32api.RegCreateKeyEx(key, subkey, win32con.KEY_ALL_ACCESS | arch) return key[0] # Ignore the flag that RegCreateKeyEx returns From 0273459ca18454d849043797072fb16a68a4fd9f Mon Sep 17 00:00:00 2001 From: Deblintrake09 Date: Mon, 24 Apr 2023 15:30:23 -0300 Subject: [PATCH 02/18] feat(#3591): add new fim callbacks --- .../modules/fim/event_monitor.py | 42 ++++++++++++++++--- 1 file changed, 37 insertions(+), 5 deletions(-) diff --git a/deps/wazuh_testing/wazuh_testing/modules/fim/event_monitor.py b/deps/wazuh_testing/wazuh_testing/modules/fim/event_monitor.py index 4eb58724e5..2d23945539 100644 --- a/deps/wazuh_testing/wazuh_testing/modules/fim/event_monitor.py +++ b/deps/wazuh_testing/wazuh_testing/modules/fim/event_monitor.py @@ -55,6 +55,8 @@ CB_SWITCHING_DIRECTORIES_TO_REALTIME = r'.*state_checker.*(Audit policy change detected.\ Switching directories to realtime)' CB_RECIEVED_EVENT_4719 = r'.*win_whodata.*(Event 4719).*Switching directories to realtime' +CB_FIM_REGISTRY_ENTRIES_COUNT = r".*Fim registry entries count: '(.*)'" +CB_FIM_REGISTRY_VALUES_ENTRIES_COUNT = r".*Fim registry values entries count: '(.*)'" # Error message ERR_MSG_REALTIME_FOLDERS_EVENT = 'Did not receive expected "Folders monitored with real-time engine" event' @@ -78,8 +80,7 @@ ERR_MSG_REGISTRY_LIMIT_VALUES = 'Did not receive expected "DEBUG: ...: Maximum number of registry values to \ be monitored: ..." event' ERR_MSG_WRONG_REGISTRY_LIMIT_VALUE = 'Wrong value for db_value_limit registries tag.' -ERR_MSG_FILE_LIMIT_VALUES = 'Did not receive expected "DEBUG: ...: Maximum number of entries to be monitored: \ - ..." event' +ERR_MSG_FILE_LIMIT_VALUES = 'Did not receive expected "DEBUG: ...: Maximum number of files to be monitored:..." event' ERR_MSG_WRONG_FILE_LIMIT_VALUE = 'Wrong value for file_limit.' ERR_MSG_FILE_LIMIT_DISABLED = 'Did not receive expected "DEBUG: ...: No limit set to maximum number of entries \ to be monitored" event' @@ -187,6 +188,33 @@ def callback_integrity_message(line): return datetime.strptime(match.group(1), '%Y/%m/%d %H:%M:%S'), json.dumps(match.group(2)) +def callback_integrity_sync_message(line): + """ Callback that detects if a line contains a integrity sync event + Args: + line (String): string line to be checked by callback in File_Monitor. + Returns: + List: returns a list with formated datetime, And the event's JSON data. + """ + if callback_detect_integrity_control_event(line): + match = re.match(r"(\d{4}/\d{2}/\d{2} \d{2}:\d{2}:\d{2}).*({.*?})$", line) + if match: + return datetime.strptime(match.group(1), '%Y/%m/%d %H:%M:%S'), json.dumps(match.group(2)) + + +def callback_detect_integrity_check_global(line): + """ Callback that detects if a line contains an 'integrity_check_global' event + Args: + line (String): string line to be checked by callback in File_Monitor. + Returns: + JSON: returns event's JSON data. + """ + match = callback_detect_integrity_control_event(line) + if match: + if match['type'] == 'integrity_check_global': + return match + return None + + def callback_detect_file_integrity_event(line): """ Callback that detects if a line contains a file integrity event @@ -278,8 +306,11 @@ def callback_real_time_whodata_started(line): Args: line (String): string line to be checked by callback in File_Monitor. """ - if CB_REALTIME_WHODATA_ENGINE_STARTED in line: + match = re.match(CB_REALTIME_WHODATA_ENGINE_STARTED, line) + if match: return True + return True + return None def callback_detect_registry_integrity_clear_event(line): @@ -434,13 +465,14 @@ def detect_realtime_start(file_monitor): error_message=ERR_MSG_FOLDERS_MONITORED_REALTIME) -def detect_whodata_start(file_monitor): +def detect_whodata_start(file_monitor, timeout=T_60): """Detect whodata engine start when restarting Wazuh. Args: file_monitor (FileMonitor): file log monitor to detect events + timeout (int): timeout for file monitor to try to detect event """ - file_monitor.start(timeout=T_60, callback=generate_monitoring_callback(CB_REALTIME_WHODATA_ENGINE_STARTED), + file_monitor.start(timeout=timeout, callback=generate_monitoring_callback(CB_REALTIME_WHODATA_ENGINE_STARTED), error_message=ERR_MSG_WHODATA_ENGINE_EVENT) From 6e95916aa3d9325e6c290dc078c34ef81307ee8e Mon Sep 17 00:00:00 2001 From: Deblintrake09 Date: Mon, 24 Apr 2023 15:30:42 -0300 Subject: [PATCH 03/18] fix(#3591): fix create_monitored_folders fixture --- tests/integration/test_fim/conftest.py | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/tests/integration/test_fim/conftest.py b/tests/integration/test_fim/conftest.py index 16a8f4c36d..943f467877 100644 --- a/tests/integration/test_fim/conftest.py +++ b/tests/integration/test_fim/conftest.py @@ -136,12 +136,14 @@ def create_monitored_folders(test_folders): test_folders(list): List of folders to create and delete """ for folder in test_folders: - os.mkdir(folder, mode=0o0777) + if not os.path.exists(folder): + os.mkdir(folder, mode=0o0777) yield for folder in test_folders: - delete_path_recursively(folder) + if os.path.exists(folder): + delete_path_recursively(folder) @pytest.fixture(scope='module') @@ -153,12 +155,14 @@ def create_monitored_folders_module(test_folders): test_folders(list): List of folders to create and delete """ for folder in test_folders: - os.mkdir(folder, mode=0o0777) + if not os.path.exists(folder): + os.mkdir(folder, mode=0o0777) yield for folder in test_folders: - delete_path_recursively(folder) + if os.path.exists(folder): + delete_path_recursively(folder) @pytest.fixture() From 607433aeb4bf8a6a083d79bd35eaa405870a6dfa Mon Sep 17 00:00:00 2001 From: Deblintrake09 Date: Mon, 24 Apr 2023 15:31:12 -0300 Subject: [PATCH 04/18] refactor(#3591): update ambiguous_confs modules --- ...figuration_ignore_works_over_restrict.yaml | 42 +++++ ...tion_ignore_works_over_restrict_win32.yaml | 42 +++++ ...ration_whodata_prevails_over_realtime.yaml | 27 +++ .../configuration_whodata_thread.yaml | 30 ++++ .../cases_ignore_works_over_restrict.yaml | 98 +++++++++++ .../cases_whodata_prevails_over_realtime.yaml | 15 ++ .../data/test_cases/cases_whodata_thread.yaml | 17 ++ .../data/wazuh_conf_ignore_restrict.yaml | 53 ------ .../wazuh_conf_ignore_restrict_win32.yaml | 81 --------- ...h_conf_whodata_prevails_over_realtime.yaml | 35 ---- .../data/wazuh_conf_whodata_thread.yaml | 66 -------- .../test_ambiguous_whodata_thread.py | 105 ++++++------ .../test_ignore_works_over_restrict.py | 155 ++++++++---------- .../test_whodata_prevails_over_realtime.py | 123 ++++++++------ 14 files changed, 465 insertions(+), 424 deletions(-) create mode 100644 tests/integration/test_fim/test_files/test_ambiguous_confs/data/configuration_templates/configuration_ignore_works_over_restrict.yaml create mode 100644 tests/integration/test_fim/test_files/test_ambiguous_confs/data/configuration_templates/configuration_ignore_works_over_restrict_win32.yaml create mode 100644 tests/integration/test_fim/test_files/test_ambiguous_confs/data/configuration_templates/configuration_whodata_prevails_over_realtime.yaml create mode 100644 tests/integration/test_fim/test_files/test_ambiguous_confs/data/configuration_templates/configuration_whodata_thread.yaml create mode 100644 tests/integration/test_fim/test_files/test_ambiguous_confs/data/test_cases/cases_ignore_works_over_restrict.yaml create mode 100644 tests/integration/test_fim/test_files/test_ambiguous_confs/data/test_cases/cases_whodata_prevails_over_realtime.yaml create mode 100644 tests/integration/test_fim/test_files/test_ambiguous_confs/data/test_cases/cases_whodata_thread.yaml delete mode 100644 tests/integration/test_fim/test_files/test_ambiguous_confs/data/wazuh_conf_ignore_restrict.yaml delete mode 100644 tests/integration/test_fim/test_files/test_ambiguous_confs/data/wazuh_conf_ignore_restrict_win32.yaml delete mode 100644 tests/integration/test_fim/test_files/test_ambiguous_confs/data/wazuh_conf_whodata_prevails_over_realtime.yaml delete mode 100644 tests/integration/test_fim/test_files/test_ambiguous_confs/data/wazuh_conf_whodata_thread.yaml diff --git a/tests/integration/test_fim/test_files/test_ambiguous_confs/data/configuration_templates/configuration_ignore_works_over_restrict.yaml b/tests/integration/test_fim/test_files/test_ambiguous_confs/data/configuration_templates/configuration_ignore_works_over_restrict.yaml new file mode 100644 index 0000000000..038a79748b --- /dev/null +++ b/tests/integration/test_fim/test_files/test_ambiguous_confs/data/configuration_templates/configuration_ignore_works_over_restrict.yaml @@ -0,0 +1,42 @@ +- sections: + - section: syscheck + elements: + - disabled: + value: 'no' + - frequency: + value: 3 + - directories: + value: TEST_DIR1 + attributes: + - restrict: testfile$ + - whodata: WHODATA + - realtime: REALTIME + - directories: + value: TEST_DIR2 + attributes: + - restrict: regex_testfile$ + - whodata: WHODATA + - realtime: REALTIME + - ignore: + value: /testdir1/testfile + - ignore: + value: regex_testfile$ + attributes: + - type: sregex + + - section: sca + elements: + - enabled: + value: 'no' + + - section: rootcheck + elements: + - disabled: + value: 'yes' + + - section: wodle + attributes: + - name: syscollector + elements: + - disabled: + value: 'yes' diff --git a/tests/integration/test_fim/test_files/test_ambiguous_confs/data/configuration_templates/configuration_ignore_works_over_restrict_win32.yaml b/tests/integration/test_fim/test_files/test_ambiguous_confs/data/configuration_templates/configuration_ignore_works_over_restrict_win32.yaml new file mode 100644 index 0000000000..d216632f00 --- /dev/null +++ b/tests/integration/test_fim/test_files/test_ambiguous_confs/data/configuration_templates/configuration_ignore_works_over_restrict_win32.yaml @@ -0,0 +1,42 @@ +- sections: + - section: syscheck + elements: + - disabled: + value: 'no' + - frequency: + value: 3 + - directories: + value: TEST_DIR1 + attributes: + - restrict: testfile$ + - whodata: WHODATA + - realtime: REALTIME + - directories: + value: TEST_DIR2 + attributes: + - restrict: regex_testfile$ + - whodata: WHODATA + - realtime: REALTIME + - ignore: + value: c:\\testdir1\\testfile + - ignore: + value: regex_testfile$ + attributes: + - type: sregex + + - section: sca + elements: + - enabled: + value: 'no' + + - section: rootcheck + elements: + - disabled: + value: 'yes' + + - section: wodle + attributes: + - name: syscollector + elements: + - disabled: + value: 'yes' diff --git a/tests/integration/test_fim/test_files/test_ambiguous_confs/data/configuration_templates/configuration_whodata_prevails_over_realtime.yaml b/tests/integration/test_fim/test_files/test_ambiguous_confs/data/configuration_templates/configuration_whodata_prevails_over_realtime.yaml new file mode 100644 index 0000000000..cd311d79da --- /dev/null +++ b/tests/integration/test_fim/test_files/test_ambiguous_confs/data/configuration_templates/configuration_whodata_prevails_over_realtime.yaml @@ -0,0 +1,27 @@ +- sections: + - section: syscheck + elements: + - disabled: + value: 'no' + - directories: + value: TEST_DIR + attributes: + - whodata: WHODATA + - realtime: REALTIME + + - section: sca + elements: + - enabled: + value: 'no' + + - section: rootcheck + elements: + - disabled: + value: 'yes' + + - section: wodle + attributes: + - name: syscollector + elements: + - disabled: + value: 'yes' diff --git a/tests/integration/test_fim/test_files/test_ambiguous_confs/data/configuration_templates/configuration_whodata_thread.yaml b/tests/integration/test_fim/test_files/test_ambiguous_confs/data/configuration_templates/configuration_whodata_thread.yaml new file mode 100644 index 0000000000..6687449f2c --- /dev/null +++ b/tests/integration/test_fim/test_files/test_ambiguous_confs/data/configuration_templates/configuration_whodata_thread.yaml @@ -0,0 +1,30 @@ +- sections: + - section: syscheck + elements: + - disabled: + value: 'no' + - directories: + value: TEST_DIR1 + attributes: + - whodata: WHODATA1 + - directories: + value: TEST_DIR2 + attributes: + - whodata: WHODATA2 + + - section: sca + elements: + - enabled: + value: 'no' + + - section: rootcheck + elements: + - disabled: + value: 'yes' + + - section: wodle + attributes: + - name: syscollector + elements: + - disabled: + value: 'yes' diff --git a/tests/integration/test_fim/test_files/test_ambiguous_confs/data/test_cases/cases_ignore_works_over_restrict.yaml b/tests/integration/test_fim/test_files/test_ambiguous_confs/data/test_cases/cases_ignore_works_over_restrict.yaml new file mode 100644 index 0000000000..c2724a39f6 --- /dev/null +++ b/tests/integration/test_fim/test_files/test_ambiguous_confs/data/test_cases/cases_ignore_works_over_restrict.yaml @@ -0,0 +1,98 @@ +- name: Ignore file pattern over restrict regex (Scheduled mode) + description: Check ignore pattern is applied over restrict regex + configuration_parameters: + REALTIME: 'no' + WHODATA: 'no' + metadata: + folder_index: 0 + filename: testfile + is_pattern: true + fim_mode: scheduled + +- name: Ignore file pattern over restrict regex (Realtime mode) + description: Check ignore pattern is applied over restrict regex + configuration_parameters: + REALTIME: 'yes' + WHODATA: 'no' + metadata: + folder_index: 0 + filename: testfile + is_pattern: true + fim_mode: realtime + +- name: Ignore file pattern over restrict regex (Whodata mode) + description: Check ignore pattern is applied over restrict regex + configuration_parameters: + REALTIME: 'no' + WHODATA: 'yes' + metadata: + folder_index: 0 + filename: testfile + is_pattern: true + fim_mode: whodata + +- name: Ignore sregex over restrict regex - different regex (Scheduled mode) + description: Check ignore with sregex is applied over restrict regex - Regexes are different + configuration_parameters: + REALTIME: 'no' + WHODATA: 'no' + metadata: + folder_index: 0 + filename: regex_testfile + is_pattern: false + fim_mode: scheduled + +- name: Ignore sregex over restrict regex - different regex (Realtime mode) + description: Check ignore with sregex is applied over restrict regex - Regexes are different + configuration_parameters: + REALTIME: 'yes' + WHODATA: 'no' + metadata: + folder_index: 0 + filename: regex_testfile + is_pattern: false + fim_mode: realtime + +- name: Ignore sregex over restrict regex - different regex (Whodata mode) + description: Check ignore with sregex is applied over restrict regex - Regexes are different + configuration_parameters: + REALTIME: 'no' + WHODATA: 'yes' + metadata: + folder_index: 0 + filename: regex_testfile + is_pattern: false + fim_mode: whodata + +- name: Ignore sregex over restrict regex - same regex (Scheduled mode) + description: Check ignore with sregex is applied over restrict regex - Regexes are the same + configuration_parameters: + REALTIME: 'no' + WHODATA: 'no' + metadata: + folder_index: 1 + filename: regex_testfile + is_pattern: false + fim_mode: scheduled + +- name: Ignore sregex over restrict regex - same regex (Realtime mode) + description: Check ignore with sregex is applied over restrict regex - Regexes are the same + configuration_parameters: + REALTIME: 'yes' + WHODATA: 'no' + metadata: + folder_index: 1 + filename: regex_testfile + is_pattern: false + fim_mode: realtime + +- name: Ignore sregex over restrict regex - same regex (Whodata mode) + description: Check ignore with sregex is applied over restrict regex - Regexes are the same + configuration_parameters: + REALTIME: 'no' + WHODATA: 'yes' + metadata: + folder_index: 1 + filename: regex_testfile + is_pattern: false + fim_mode: whodata diff --git a/tests/integration/test_fim/test_files/test_ambiguous_confs/data/test_cases/cases_whodata_prevails_over_realtime.yaml b/tests/integration/test_fim/test_files/test_ambiguous_confs/data/test_cases/cases_whodata_prevails_over_realtime.yaml new file mode 100644 index 0000000000..3211f971ce --- /dev/null +++ b/tests/integration/test_fim/test_files/test_ambiguous_confs/data/test_cases/cases_whodata_prevails_over_realtime.yaml @@ -0,0 +1,15 @@ +- name: Whodata thread started with realtime enabled + description: Check Whodata thread is enabled and is used with realtime enabled on same tag + configuration_parameters: + WHODATA: 'yes' + REALTIME: 'yes' + metadata: + fim_mode: whodata + +- name: Whodata thread started with realtime disabled + description: Check Whodata thread is enabled and is used with realtime disabled on same tag + configuration_parameters: + WHODATA: 'yes' + REALTIME: 'no' + metadata: + fim_mode: whodata diff --git a/tests/integration/test_fim/test_files/test_ambiguous_confs/data/test_cases/cases_whodata_thread.yaml b/tests/integration/test_fim/test_files/test_ambiguous_confs/data/test_cases/cases_whodata_thread.yaml new file mode 100644 index 0000000000..1ed35e295e --- /dev/null +++ b/tests/integration/test_fim/test_files/test_ambiguous_confs/data/test_cases/cases_whodata_thread.yaml @@ -0,0 +1,17 @@ +- name: Whodata thread Disabled + description: Check Whodata thread is disabled when last directory has it set to 'no' + configuration_parameters: + WHODATA1: 'yes' + WHODATA2: 'no' + metadata: + fim_mode: whodata + whodata_enabled: false + +- name: Whodata thread Enabled + description: Check Whodata thread is enabled when last directory has it set to 'yes' + configuration_parameters: + WHODATA1: 'no' + WHODATA2: 'yes' + metadata: + fim_mode: whodata + whodata_enabled: true diff --git a/tests/integration/test_fim/test_files/test_ambiguous_confs/data/wazuh_conf_ignore_restrict.yaml b/tests/integration/test_fim/test_files/test_ambiguous_confs/data/wazuh_conf_ignore_restrict.yaml deleted file mode 100644 index 1f503cdc38..0000000000 --- a/tests/integration/test_fim/test_files/test_ambiguous_confs/data/wazuh_conf_ignore_restrict.yaml +++ /dev/null @@ -1,53 +0,0 @@ -# Conf 1 -- tags: - - valid_no_regex - apply_to_modules: - - test_ignore_works_over_restrict - sections: - - section: syscheck - elements: - - disabled: - value: "no" - - frequency: - value: 1 - - directories: - value: /testdir1 - attributes: - - check_all: "yes" - - restrict: testfile$ - - FIM_MODE - - directories: - value: /testdir2 - attributes: - - check_all: "yes" - - FIM_MODE - - ignore: - value: /testdir1/testfile -# Conf 2 -- tags: - - valid_regex - apply_to_modules: - - test_ignore_works_over_restrict - sections: - - section: syscheck - elements: - - disabled: - value: "no" - - frequency: - value: 1 - - directories: - value: /testdir1 - attributes: - - check_all: "yes" - - restrict: testfile2$ - - FIM_MODE - - directories: - value: /testdir2 - attributes: - - check_all: "yes" - - restrict: not_ignored_sregex$ - - FIM_MODE - - ignore: - value: testfile2$ - attributes: - - type: sregex diff --git a/tests/integration/test_fim/test_files/test_ambiguous_confs/data/wazuh_conf_ignore_restrict_win32.yaml b/tests/integration/test_fim/test_files/test_ambiguous_confs/data/wazuh_conf_ignore_restrict_win32.yaml deleted file mode 100644 index 1bbf7316a6..0000000000 --- a/tests/integration/test_fim/test_files/test_ambiguous_confs/data/wazuh_conf_ignore_restrict_win32.yaml +++ /dev/null @@ -1,81 +0,0 @@ -# Conf 1 -- tags: - - valid_no_regex - apply_to_modules: - - test_ignore_works_over_restrict - sections: - - section: syscheck - elements: - - disabled: - value: "no" - - frequency: - value: 1 - - directories: - value: c:\\testdir1 - attributes: - - check_all: "yes" - - restrict: testfile$ - - FIM_MODE - - directories: - value: c:\\testdir2 - attributes: - - check_all: "yes" - - FIM_MODE - - ignore: - value: c:\\testdir1\\testfile - - section: sca - elements: - - enabled: - value: "no" - - section: rootcheck - elements: - - disabled: - value: "yes" - - section: wodle - attributes: - - name: syscollector - elements: - - disabled: - value: "yes" -# Conf 2 -- tags: - - valid_regex - apply_to_modules: - - test_ignore_works_over_restrict - sections: - - section: syscheck - elements: - - disabled: - value: "no" - - frequency: - value: 1 - - directories: - value: c:\\testdir1 - attributes: - - check_all: "yes" - - restrict: testfile2$ - - FIM_MODE - - directories: - value: c:\\testdir2 - attributes: - - check_all: "yes" - - restrict: not_ignored_sregex$ - - FIM_MODE - - ignore: - value: testfile2$ - attributes: - - type: sregex - - section: sca - elements: - - enabled: - value: "no" - - section: rootcheck - elements: - - disabled: - value: "yes" - - section: wodle - attributes: - - name: syscollector - elements: - - disabled: - value: "yes" diff --git a/tests/integration/test_fim/test_files/test_ambiguous_confs/data/wazuh_conf_whodata_prevails_over_realtime.yaml b/tests/integration/test_fim/test_files/test_ambiguous_confs/data/wazuh_conf_whodata_prevails_over_realtime.yaml deleted file mode 100644 index 26ff1fcb7e..0000000000 --- a/tests/integration/test_fim/test_files/test_ambiguous_confs/data/wazuh_conf_whodata_prevails_over_realtime.yaml +++ /dev/null @@ -1,35 +0,0 @@ -# conf 1 -- tags: - - ossec_conf - apply_to_modules: - - MODULE_NAME - sections: - - section: syscheck - elements: - - disabled: - value: 'no' - - directories: - value: TEST_DIR1 - attributes: - - realtime: 'yes' - - whodata: 'yes' - - directories: - value: TEST_DIR2 - attributes: - - whodata: 'yes' - - realtime: 'yes' - - section: sca - elements: - - enabled: - value: 'no' - - section: rootcheck - elements: - - disabled: - value: 'yes' - - section: wodle - attributes: - - name: 'syscollector' - elements: - - disabled: - value: 'yes' - diff --git a/tests/integration/test_fim/test_files/test_ambiguous_confs/data/wazuh_conf_whodata_thread.yaml b/tests/integration/test_fim/test_files/test_ambiguous_confs/data/wazuh_conf_whodata_thread.yaml deleted file mode 100644 index f24ee10ee0..0000000000 --- a/tests/integration/test_fim/test_files/test_ambiguous_confs/data/wazuh_conf_whodata_thread.yaml +++ /dev/null @@ -1,66 +0,0 @@ ---- -# conf 1 -- tags: - - whodata_disabled_conf - apply_to_modules: - - test_ambiguous_whodata_thread - sections: - - section: syscheck - elements: - - disabled: - value: 'no' - - directories: - value: TEST_DIRECTORIES - attributes: - - whodata: 'yes' - - directories: - value: TEST_DIRECTORIES - attributes: - - whodata: 'no' - - section: sca - elements: - - enabled: - value: 'no' - - section: rootcheck - elements: - - disabled: - value: 'yes' - - section: wodle - attributes: - - name: 'syscollector' - elements: - - disabled: - value: 'yes' - -# conf 2 -- tags: - - whodata_enabled_conf - apply_to_modules: - - test_ambiguous_whodata_thread - sections: - - section: syscheck - elements: - - disabled: - value: 'no' - - directories: - value: TEST_DIRECTORIES - attributes: - - whodata: 'no' - - directories: - value: TEST_DIRECTORIES - attributes: - - whodata: 'yes' - - section: sca - elements: - - enabled: - value: 'no' - - section: rootcheck - elements: - - disabled: - value: 'yes' - - section: wodle - attributes: - - name: 'syscollector' - elements: - - disabled: - value: 'yes' diff --git a/tests/integration/test_fim/test_files/test_ambiguous_confs/test_ambiguous_whodata_thread.py b/tests/integration/test_fim/test_files/test_ambiguous_confs/test_ambiguous_whodata_thread.py index 52f27a3729..c0b27504a1 100644 --- a/tests/integration/test_fim/test_files/test_ambiguous_confs/test_ambiguous_whodata_thread.py +++ b/tests/integration/test_fim/test_files/test_ambiguous_confs/test_ambiguous_whodata_thread.py @@ -1,5 +1,5 @@ ''' -copyright: Copyright (C) 2015-2022, Wazuh Inc. +copyright: Copyright (C) 2015-2023, Wazuh Inc. Created by Wazuh, Inc. . @@ -62,78 +62,80 @@ import os import pytest -from wazuh_testing import global_parameters -from wazuh_testing.fim import LOG_FILE_PATH, generate_params, callback_real_time_whodata_started -from wazuh_testing.tools import PREFIX -from wazuh_testing.tools.configuration import load_wazuh_configurations, check_apply_test +from wazuh_testing import LOG_FILE_PATH, T_30 +from wazuh_testing.tools import configuration, PREFIX from wazuh_testing.tools.monitoring import FileMonitor - -# Marks +from wazuh_testing.modules.fim.event_monitor import detect_whodata_start +from wazuh_testing.modules.fim import FIM_DEFAULT_LOCAL_INTERNAL_OPTIONS as local_internal_options -pytestmark = [pytest.mark.linux, pytest.mark.tier(level=2)] +# Marks +pytestmark = [pytest.mark.linux, pytest.mark.win32, pytest.mark.tier(level=2)] # Variables -test_directories = [os.path.join(PREFIX, 'testdir1')] - -directory_str = ','.join(test_directories) -wazuh_log_monitor = FileMonitor(LOG_FILE_PATH) -test_data_path = os.path.join(os.path.dirname(os.path.realpath(__file__)), 'data') -configurations_path = os.path.join(test_data_path, 'wazuh_conf_whodata_thread.yaml') -testdir1 = test_directories[0] +test_directories = os.path.join(PREFIX, 'testidr1') # Configurations +TEST_DATA_PATH = os.path.join(os.path.dirname(os.path.realpath(__file__)), 'data') +CONFIGURATIONS_PATH = os.path.join(TEST_DATA_PATH, 'configuration_templates') +TEST_CASES_PATH = os.path.join(TEST_DATA_PATH, 'test_cases') -p, m = generate_params(extra_params={"TEST_DIRECTORIES": testdir1}, modes=['whodata']) - -configurations = load_wazuh_configurations(configurations_path, __name__, params=p, metadata=m) - +# Configuration and cases data +test_cases_path = os.path.join(TEST_CASES_PATH, 'cases_whodata_thread.yaml') +configurations_path = os.path.join(CONFIGURATIONS_PATH, 'configuration_whodata_thread.yaml') -# Fixtures - - -@pytest.fixture(scope='module', params=configurations) -def get_configuration(request): - """Get configurations from the module.""" - return request.param +# Test configurations +configuration_parameters, configuration_metadata, test_case_ids = configuration.get_test_cases_data(test_cases_path) +for count, value in enumerate(configuration_parameters): + configuration_parameters[count]['TEST_DIR1'] = test_directories + configuration_parameters[count]['TEST_DIR2'] = test_directories +configurations = configuration.load_configuration_template(configurations_path, configuration_parameters, + configuration_metadata) # Tests - - -@pytest.mark.parametrize('whodata_enabled, tags_to_apply', [ - (False, {'whodata_disabled_conf'}), - (True, {'whodata_enabled_conf'}) -]) -def test_ambiguous_whodata_thread(whodata_enabled, tags_to_apply, get_configuration, configure_environment, - restart_syscheckd): +@pytest.mark.parametrize('configuration, metadata', zip(configurations, configuration_metadata), ids=test_case_ids) +def test_ambiguous_whodata_thread(configuration, metadata, set_wazuh_configuration, + configure_local_internal_options_function, restart_syscheck_function): ''' description: Check if the 'wazuh-syscheckd' daemon starts the 'whodata' thread when the configuration is ambiguous. For example, when using 'whodata' on the same directory using conflicting values ('yes' and 'no'). For this purpose, the configuration is applied and it checks that the last value detected for 'whodata' in the 'ossec.conf' file is the one used. + test_phases: + - setup: + - Set wazuh configuration and local_internal_options. + - Create custom folder for monitoring + - Clean logs files and restart wazuh to apply the configuration. + - test: + - Detect if real-time whodata thread has been started + - teardown: + - Delete custom monitored folder + - Restore configuration + - Stop wazuh + wazuh_min_version: 4.2.0 tier: 2 parameters: - - whodata_enabled: - type: bool - brief: Who-data status. - - tags_to_apply: - type: set - brief: Run test if match with a configuration identifier, skip otherwise. - - get_configuration: + - configuration: + type: dict + brief: Configuration values for ossec.conf. + - metadata: + type: dict + brief: Test case data. + - set_wazuh_configuration: type: fixture - brief: Get configurations from the module. - - configure_environment: + brief: Set ossec.conf configuration. + - configure_local_internal_options_function: type: fixture - brief: Configure a custom environment for testing. - - restart_syscheckd: + brief: Set local_internal_options.conf file. + - restart_syscheck_function: type: fixture - brief: Clear the 'ossec.log' file and start a new monitor. + brief: restart syscheckd daemon, and truncate the ossec.log. assertions: - Verify that 'whodata' thread is started when the last 'whodata' value detected is set to 'yes'. @@ -149,14 +151,11 @@ def test_ambiguous_whodata_thread(whodata_enabled, tags_to_apply, get_configurat tags: - who_data ''' - check_apply_test(tags_to_apply, get_configuration['tags']) + wazuh_log_monitor = FileMonitor(LOG_FILE_PATH) - if whodata_enabled: - wazuh_log_monitor.start(timeout=global_parameters.default_timeout, callback=callback_real_time_whodata_started, - error_message='Did not receive expected ' - '"File integrity monitoring real-time Whodata engine started" event') + if metadata['whodata_enabled']: + detect_whodata_start(wazuh_log_monitor, timeout=T_30) else: with pytest.raises(TimeoutError): - wazuh_log_monitor.start(timeout=global_parameters.default_timeout, - callback=callback_real_time_whodata_started) + detect_whodata_start(wazuh_log_monitor, timeout=T_30) raise AttributeError(f'Unexpected event "File integrity monitoring real-time Whodata engine started"') diff --git a/tests/integration/test_fim/test_files/test_ambiguous_confs/test_ignore_works_over_restrict.py b/tests/integration/test_fim/test_files/test_ambiguous_confs/test_ignore_works_over_restrict.py index 841ccf842c..43abcf0dd4 100644 --- a/tests/integration/test_fim/test_files/test_ambiguous_confs/test_ignore_works_over_restrict.py +++ b/tests/integration/test_fim/test_files/test_ambiguous_confs/test_ignore_works_over_restrict.py @@ -1,5 +1,5 @@ ''' -copyright: Copyright (C) 2015-2022, Wazuh Inc. +copyright: Copyright (C) 2015-2023, Wazuh Inc. Created by Wazuh, Inc. . @@ -64,53 +64,45 @@ import sys import pytest -from wazuh_testing import logger -from wazuh_testing.fim import LOG_FILE_PATH, callback_detect_event, create_file, REGULAR, generate_params -from wazuh_testing.modules.fim.event_monitor import CB_IGNORING_DUE_TO_SREGEX, CB_IGNORING_DUE_TO_PATTERN +from wazuh_testing import LOG_FILE_PATH, REGULAR, T_10 from wazuh_testing.tools import PREFIX -from wazuh_testing.tools.configuration import load_wazuh_configurations, check_apply_test +from wazuh_testing.modules.fim.event_monitor import CB_IGNORING_DUE_TO_SREGEX, CB_IGNORING_DUE_TO_PATTERN +from wazuh_testing.tools.configuration import get_test_cases_data, load_configuration_template +from wazuh_testing.tools.file import create_file from wazuh_testing.tools.monitoring import FileMonitor, generate_monitoring_callback +from wazuh_testing.modules.fim import FIM_DEFAULT_LOCAL_INTERNAL_OPTIONS as local_internal_options # Marks - pytestmark = pytest.mark.tier(level=2) # Variables - -test_data_path = os.path.join(os.path.dirname(os.path.realpath(__file__)), 'data') -conf_path = os.path.join(test_data_path, - 'wazuh_conf_ignore_restrict_win32.yaml'if sys.platform == 'win32' - else 'wazuh_conf_ignore_restrict.yaml') test_directories = [os.path.join(PREFIX, 'testdir1'), os.path.join(PREFIX, 'testdir2')] -testdir1, testdir2 = test_directories - -wazuh_log_monitor = FileMonitor(LOG_FILE_PATH) # Configurations +TEST_DATA_PATH = os.path.join(os.path.dirname(os.path.realpath(__file__)), 'data') +CONFIGURATIONS_PATH = os.path.join(TEST_DATA_PATH, 'configuration_templates') +TEST_CASES_PATH = os.path.join(TEST_DATA_PATH, 'test_cases') -params, metadata = generate_params() -configurations = load_wazuh_configurations(conf_path, __name__, params=params, metadata=metadata) - -# Fixtures +# Configuration and cases data +test_cases_path = os.path.join(TEST_CASES_PATH, 'cases_ignore_works_over_restrict.yaml') +config_file = 'configuration_ignore_works_over_restrict_win32.yaml' if sys.platform == 'win32' else \ + 'configuration_ignore_works_over_restrict.yaml' +configurations_path = os.path.join(CONFIGURATIONS_PATH, config_file) +# Test configurations +configuration_parameters, configuration_metadata, test_case_ids = get_test_cases_data(test_cases_path) +for count, value in enumerate(configuration_parameters): + configuration_parameters[count]['TEST_DIR1'] = test_directories[0] + configuration_parameters[count]['TEST_DIR2'] = test_directories[1] +configurations = load_configuration_template(configurations_path, configuration_parameters, configuration_metadata) -@pytest.fixture(scope='module', params=configurations) -def get_configuration(request): - """Get configurations from the module.""" - return request.param # Tests - - -@pytest.mark.parametrize('folder, filename, triggers_event, tags_to_apply', [ - (testdir1, 'testfile', False, {'valid_no_regex'}), - (testdir2, 'not_ignored_string', True, {'valid_no_regex'}), - (testdir1, 'testfile2', False, {'valid_regex'}), - (testdir1, 'ignore_testfile2', False, {'valid_regex'}), - (testdir2, 'not_ignored_sregex', True, {'valid_regex'}) -]) -def test_ignore_works_over_restrict(folder, filename, triggers_event, tags_to_apply, get_configuration, - configure_environment, restart_syscheckd, wait_for_fim_start): +@pytest.mark.parametrize('test_folders', [test_directories], ids='') +@pytest.mark.parametrize('configuration, metadata', zip(configurations, configuration_metadata), ids=test_case_ids) +def test_ignore_works_over_restrict(configuration, metadata, set_wazuh_configuration, test_folders, + create_monitored_folders, configure_local_internal_options_function, + restart_syscheck_function, wait_syscheck_start): ''' description: Check if the 'ignore' tag prevails over the 'restrict' one when using both in the same directory. For example, when a directory is ignored and at the same time monitoring is restricted to a file @@ -118,78 +110,75 @@ def test_ignore_works_over_restrict(folder, filename, triggers_event, tags_to_ap For this purpose, the test case configuration is applied, and it is checked if FIM events are generated when required. + test_phases: + - setup: + - Set wazuh configuration and local_internal_options. + - Create custom folder for monitoring + - Clean logs files and restart wazuh to apply the configuration. + - test: + - Create file and detect event creation event + - Validate Ignored event is generated with matching regex + - teardown: + - Delete custom monitored folder + - Restore configuration + - Stop wazuh + wazuh_min_version: 4.2.0 tier: 2 parameters: - - folder: - type: str - brief: Directory where the file is being created. - - filename: - type: str - brief: Name of the file to be created. - - triggers_event: - type: bool - brief: True if an event must be generated, False otherwise. - - tags_to_apply: - type: set - brief: Run test if match with a configuration identifier, skip otherwise. - - get_configuration: + - configuration: + type: dict + brief: Configuration values for ossec.conf. + - metadata: + type: dict + brief: Test case data. + - test_folders: + type: dict + brief: List of folders to be created for monitoring. + - set_wazuh_configuration: type: fixture - brief: Get configurations from the module. - - configure_environment: + brief: Set ossec.conf configuration. + - create_monitored_folders_module: type: fixture - brief: Configure a custom environment for testing. - - restart_syscheckd: + brief: Create a given list of folders when the module starts. Delete the folders at the end of the module. + - configure_local_internal_options_function: type: fixture - brief: Clear the 'ossec.log' file and start a new monitor. - - wait_for_fim_start: + brief: Set local_internal_options.conf file. + - restart_syscheck_function: type: fixture - brief: Wait for realtime start, whodata start, or end of initial FIM scan. + brief: restart syscheckd daemon, and truncate the ossec.log. + - wait_syscheck_start: + type: fixture + brief: check that the starting FIM scan is detected. assertions: - Verify that when a directory is ignored, the 'restrict' attribute is not taken into account to generate FIM events. - input_description: Two test cases are contained in external YAML file - (wazuh_conf_ignore_restrict.yaml or wazuh_conf_ignore_restrict_win32.yaml) - which includes configuration settings for the 'wazuh-syscheckd' daemon - and testing directories to monitor. + input_description: The file 'configuration_works_over_restrict.yaml' provides the configuration + template. + The file 'cases_ignore_works_over_restrict.yaml' provides the tes cases configuration + details for each test case. expected_output: - - r'.*Sending FIM event: (.+)$' (When the FIM event should be generated) - r".*Ignoring '.*?' '(.*?)' due to (sregex|pattern)? '.*?'" (When the FIM event should be ignored) tags: - scheduled ''' - logger.info('Applying the test configuration') - check_apply_test(tags_to_apply, get_configuration['tags']) + wazuh_log_monitor = FileMonitor(LOG_FILE_PATH) + folder = test_directories[metadata['folder_index']] + filename = metadata['filename'] # Create file that must be ignored - logger.info(f'Adding file {os.path.join(testdir1, filename)}, content: ""') create_file(REGULAR, folder, filename, content='') - # Waiting time for the new scan to be generated. - timeout = 5 # seconds - logger.info(f'Waiting up to {timeout} seconds for the new scan to be detected.') - - if triggers_event: - event = wazuh_log_monitor.start(timeout=timeout, - callback=callback_detect_event, - error_message=f'Did not receive expected "Sending FIM event" ' - f'event for file {os.path.join(testdir1, filename)}').result() - - assert event['data']['type'] == 'added', 'Event type not equal' - assert event['data']['path'] == os.path.join(folder, filename), 'Event path not equal' - else: - regex = CB_IGNORING_DUE_TO_PATTERN if 'valid_no_regex' in tags_to_apply else CB_IGNORING_DUE_TO_SREGEX - matching_log = wazuh_log_monitor.start(timeout=timeout, - accum_results=2, - callback=generate_monitoring_callback(regex), - error_message=f'Did not receive expected ' - f'"Ignoring ... due to ..." event for file ' - f'{os.path.join(testdir1, filename)}').result() - - assert os.path.join(folder, filename) in matching_log, "Ignored file log is not generated." + regex = CB_IGNORING_DUE_TO_PATTERN if metadata['is_pattern'] else CB_IGNORING_DUE_TO_SREGEX + matching_log = wazuh_log_monitor.start(timeout=T_10, accum_results=2, callback=generate_monitoring_callback(regex), + error_message=f'Did not receive expected ' + f'"Ignoring ... due to ..." event for file ' + f'{os.path.join(folder, filename)}').result() + + assert os.path.join(folder, filename) in matching_log, "Ignored file log is not generated." diff --git a/tests/integration/test_fim/test_files/test_ambiguous_confs/test_whodata_prevails_over_realtime.py b/tests/integration/test_fim/test_files/test_ambiguous_confs/test_whodata_prevails_over_realtime.py index 2a5148c66c..b1e90dc8db 100644 --- a/tests/integration/test_fim/test_files/test_ambiguous_confs/test_whodata_prevails_over_realtime.py +++ b/tests/integration/test_fim/test_files/test_ambiguous_confs/test_whodata_prevails_over_realtime.py @@ -1,5 +1,5 @@ ''' -copyright: Copyright (C) 2015-2022, Wazuh Inc. +copyright: Copyright (C) 2015-2023, Wazuh Inc. Created by Wazuh, Inc. . @@ -59,47 +59,43 @@ import os import pytest -from wazuh_testing import global_parameters -from wazuh_testing.fim import (LOG_FILE_PATH, generate_params, callback_detect_event, - REGULAR, create_file, delete_file) +from wazuh_testing import global_parameters, LOG_FILE_PATH, REGULAR from wazuh_testing.tools import PREFIX -from wazuh_testing.tools.configuration import load_wazuh_configurations +from wazuh_testing.tools.configuration import get_test_cases_data, load_configuration_template +from wazuh_testing.tools.file import create_file, delete_file from wazuh_testing.tools.monitoring import FileMonitor +from wazuh_testing.modules.fim.event_monitor import callback_detect_event +from wazuh_testing.modules.fim import FIM_DEFAULT_LOCAL_INTERNAL_OPTIONS as local_internal_options + # Marks pytestmark = pytest.mark.tier(level=2) -# Variables and configuration -wazuh_log_monitor = FileMonitor(LOG_FILE_PATH) - -test_directories = [os.path.join(PREFIX, 'testdir1'), - os.path.join(PREFIX, 'testdir2') - ] -dir1, dir2 = test_directories - -test_data_path = os.path.join(os.path.dirname(os.path.realpath(__file__)), 'data') -configurations_path = os.path.join(test_data_path, 'wazuh_conf_whodata_prevails_over_realtime.yaml') +# Variables +test_directories = [os.path.join(PREFIX, 'testdir1')] -conf_params = {'TEST_DIR1': dir1, 'TEST_DIR2': dir2, 'MODULE_NAME': __name__} -p, m = generate_params(extra_params=conf_params, modes=['whodata']) +# Configuration paths +TEST_DATA_PATH = os.path.join(os.path.dirname(os.path.realpath(__file__)), 'data') +CONFIGURATIONS_PATH = os.path.join(TEST_DATA_PATH, 'configuration_templates') +TEST_CASES_PATH = os.path.join(TEST_DATA_PATH, 'test_cases') -configurations = load_wazuh_configurations(configurations_path, __name__, params=p, metadata=m) +# Configuration and cases data +test_cases_path = os.path.join(TEST_CASES_PATH, 'cases_whodata_prevails_over_realtime.yaml') +configurations_path = os.path.join(CONFIGURATIONS_PATH, 'configuration_whodata_prevails_over_realtime.yaml') - -# Fixture -@pytest.fixture(scope='module', params=configurations) -def get_configuration(request): - """Get configurations from the module.""" - return request.param +# Test configurations +configuration_parameters, configuration_metadata, test_case_ids = get_test_cases_data(test_cases_path) +for count, value in enumerate(configuration_parameters): + configuration_parameters[count]['TEST_DIR'] = test_directories[0] +configurations = load_configuration_template(configurations_path, configuration_parameters, configuration_metadata) # Test -@pytest.mark.parametrize('directory', [ - dir1, - dir2, -]) -def test_whodata_prevails_over_realtime(directory, get_configuration, put_env_variables, configure_environment, - restart_syscheckd, wait_for_fim_start): +@pytest.mark.parametrize('test_folders', [test_directories], scope="module", ids='') +@pytest.mark.parametrize('configuration, metadata', zip(configurations, configuration_metadata), ids=test_case_ids) +def test_whodata_prevails_over_realtime(configuration, metadata, set_wazuh_configuration, test_folders, + create_monitored_folders_module, configure_local_internal_options_function, + restart_syscheck_function, wait_syscheck_start): ''' description: Check if when using the options who-data and real-time at the same time the value of 'whodata' is the one used. For example, when using 'whodata=yes' @@ -109,59 +105,80 @@ def test_whodata_prevails_over_realtime(directory, get_configuration, put_env_va 'who-data' is set to 'yes', the 'realtime' value is not taken into account, enabling in this case the real-time file monitoring. + test_phases: + - setup: + - Set wazuh configuration and local_internal_options. + - Create custom folder for monitoring + - Clean logs files and restart wazuh to apply the configuration. + - test: + - Create file and detect event creation event + - Validate mode is whodata + - Delete file and detect event deletion event + - Validate mode is whodata + - teardown: + - Delete custom monitored folder + - Restore configuration + - Stop wazuh + wazuh_min_version: 4.2.0 tier: 2 parameters: - - directory: - type: str - brief: Testing directory. - - get_configuration: + - configuration: + type: dict + brief: Configuration values for ossec.conf. + - metadata: + type: dict + brief: Test case data. + - test_folders: + type: dict + brief: List of folders to be created for monitoring. + - set_wazuh_configuration: type: fixture - brief: Get configurations from the module. - - put_env_variables: + brief: Set ossec.conf configuration. + - create_monitored_folders_module: type: fixture - brief: Create environment variables. - - configure_environment: + brief: Create a given list of folders when the module starts. Delete the folders at the end of the module. + - configure_local_internal_options_function: type: fixture - brief: Configure a custom environment for testing. - - restart_syscheckd: + brief: Set local_internal_options.conf file. + - restart_syscheck_function: type: fixture - brief: Clear the 'ossec.log' file and start a new monitor. - - wait_for_fim_start: + brief: restart syscheckd daemon, and truncate the ossec.log. + - wait_syscheck_start: type: fixture - brief: Wait for realtime start, whodata start, or end of initial FIM scan. + brief: check that the starting FIM scan is detected. assertions: - - Verify that real-time file monitoring is active. + - Verify that real-time whodata thread active. - input_description: A test case is contained in external YAML file - (wazuh_conf_whodata_prevails_over_realtime.yaml) - which includes configuration settings for the 'wazuh-syscheckd' daemon - and testing directories to monitor. + input_description: The file 'configuration_whodata_prevails_over_realtime.yaml' provides the configuration + template. + The file 'cases_whodata_prevails_over_realtime.yaml' provides the tes cases configuration + details for each test case. expected_output: - r'.*Sending FIM event: (.+)$' tags: - - realtime - who_data ''' + wazuh_log_monitor = FileMonitor(LOG_FILE_PATH) filename = "testfile" - create_file(REGULAR, directory, filename, content="") + create_file(REGULAR, test_directories[0], filename, content="") event = wazuh_log_monitor.start(timeout=global_parameters.default_timeout, callback=callback_detect_event).result() if (event['data']['mode'] != 'whodata' and event['data']['type'] != 'added' and - os.path.join(directory, filename) in event['data']['path']): + os.path.join(test_directories[0], filename) in event['data']['path']): raise AssertionError('Event not found') - delete_file(directory, filename) + delete_file(os.path.join(test_directories[0], filename)) event = wazuh_log_monitor.start(timeout=global_parameters.default_timeout, callback=callback_detect_event).result() if (event['data']['mode'] != 'whodata' and event['data']['type'] != 'deleted' and - os.path.join(directory, filename) in event['data']['path']): + os.path.join(test_directories[0], filename) in event['data']['path']): raise AssertionError('Event not found') From d1a71f9c86e2a1eaaff2ce490db6c1d0c8a55251 Mon Sep 17 00:00:00 2001 From: Deblintrake09 Date: Mon, 24 Apr 2023 15:36:57 -0300 Subject: [PATCH 05/18] fix(#3591): fix flaky tests --- .../test_inotify/data/wazuh_conf_num_watches.yaml | 2 +- .../test_fim/test_files/test_inotify/test_num_watches.py | 9 ++++----- .../test_max_eps/test_sync_max_eps_scheduled.py | 8 +++++--- 3 files changed, 10 insertions(+), 9 deletions(-) diff --git a/tests/integration/test_fim/test_files/test_inotify/data/wazuh_conf_num_watches.yaml b/tests/integration/test_fim/test_files/test_inotify/data/wazuh_conf_num_watches.yaml index 3840371b79..335fab9d09 100644 --- a/tests/integration/test_fim/test_files/test_inotify/data/wazuh_conf_num_watches.yaml +++ b/tests/integration/test_fim/test_files/test_inotify/data/wazuh_conf_num_watches.yaml @@ -11,7 +11,7 @@ - disabled: value: 'no' - frequency: - value: 30 + value: 15 - directories: value: TEST_DIRECTORIES attributes: diff --git a/tests/integration/test_fim/test_files/test_inotify/test_num_watches.py b/tests/integration/test_fim/test_files/test_inotify/test_num_watches.py index c4ecac73de..002ee7063d 100644 --- a/tests/integration/test_fim/test_files/test_inotify/test_num_watches.py +++ b/tests/integration/test_fim/test_files/test_inotify/test_num_watches.py @@ -64,7 +64,7 @@ import sys import pytest -from wazuh_testing import global_parameters +from wazuh_testing import T_60, T_40 from wazuh_testing.fim import LOG_FILE_PATH, callback_num_inotify_watches, generate_params, detect_initial_scan from wazuh_testing.tools import PREFIX from wazuh_testing.tools.configuration import load_wazuh_configurations, check_apply_test @@ -205,8 +205,7 @@ def test_num_watches(realtime_enabled, decreases_num_watches, rename_folder, get # Check that the number of inotify watches is correct before modifying the folder try: - num_watches = wazuh_log_monitor.start(timeout=global_parameters.default_timeout, - callback=callback_num_inotify_watches, + num_watches = wazuh_log_monitor.start(timeout=T_40, callback=callback_num_inotify_watches, error_message='Did not receive expected ' '"Folders monitored with real-time engine: ..." event' ).result() @@ -239,7 +238,7 @@ def test_num_watches(realtime_enabled, decreases_num_watches, rename_folder, get try: # Check that the number of inotify watches is correct after modifying the folder - num_watches = wazuh_log_monitor.start(timeout=40, + num_watches = wazuh_log_monitor.start(timeout=T_40, callback=callback_num_inotify_watches, error_message='Did not receive expected ' '"Folders monitored with real-time engine: ..." event' @@ -270,7 +269,7 @@ def test_num_watches(realtime_enabled, decreases_num_watches, rename_folder, get for directory in test_directories: os.mkdir(directory) - num_watches = wazuh_log_monitor.start(timeout=40, + num_watches = wazuh_log_monitor.start(timeout=T_40, callback=callback_num_inotify_watches, error_message='Did not receive expected ' '"Folders monitored with real-time engine: ..." event' diff --git a/tests/integration/test_fim/test_files/test_max_eps/test_sync_max_eps_scheduled.py b/tests/integration/test_fim/test_files/test_max_eps/test_sync_max_eps_scheduled.py index c95a0ec595..30209d690b 100644 --- a/tests/integration/test_fim/test_files/test_max_eps/test_sync_max_eps_scheduled.py +++ b/tests/integration/test_fim/test_files/test_max_eps/test_sync_max_eps_scheduled.py @@ -70,7 +70,8 @@ from wazuh_testing.modules import DATA, TIER1, AGENT, WINDOWS, LINUX from wazuh_testing.modules.fim import TEST_DIR_1, TEST_DIRECTORIES, YAML_CONF_MAX_EPS_SYNC, SCHEDULED_MODE from wazuh_testing.modules.fim import FIM_DEFAULT_LOCAL_INTERNAL_OPTIONS as local_internal_options -from wazuh_testing.modules.fim.event_monitor import (callback_integrity_message, ERR_MSG_INTEGRITY_CONTROL_MSG, +from wazuh_testing.modules.fim.event_monitor import (callback_detect_integrity_check_global, + callback_integrity_sync_message, ERR_MSG_INTEGRITY_CONTROL_MSG, ERR_MSG_MULTIPLE_FILES_CREATION) from wazuh_testing.tools.file import delete_path_recursively, write_file from wazuh_testing.modules.fim.utils import generate_params @@ -127,6 +128,7 @@ def create_multiple_files(get_configuration): # Tests + def test_max_eps_sync_valid_within_range(configure_local_internal_options_module, get_configuration, create_multiple_files, configure_environment, restart_wazuh): ''' @@ -181,13 +183,13 @@ def test_max_eps_sync_valid_within_range(configure_local_internal_options_module # Find integrity start before attempting to read max_eps. wazuh_log_monitor.start(timeout=TIMEOUT_CHECK_INTEGRATY_START, - callback=callback_integrity_message, + callback=callback_detect_integrity_check_global, error_message=ERR_MSG_INTEGRITY_CONTROL_MSG).result() # Find integrity message for each file created after read max_eps. total_file_created = max_eps + 5 result = wazuh_log_monitor.start(timeout=TIMEOUT_CHECK_EACH_INTEGRITY_MSG, accum_results=total_file_created, - callback=callback_integrity_message, + callback=callback_integrity_sync_message, error_message=f'Received less results than expected\ ({total_file_created})').result() # Collect by time received the messages. From d296091eaa76157db752780e606bc2d49742b7e6 Mon Sep 17 00:00:00 2001 From: Deblintrake09 Date: Mon, 24 Apr 2023 16:55:45 -0300 Subject: [PATCH 06/18] fix(#3591): skip test for Issue #4077 --- .../test_restrict/test_restrict_valid.py | 1 + .../test_files/test_scan/test_scan_day.py | 7 ++-- .../test_scan/test_scan_day_and_time.py | 7 ++-- .../test_files/test_scan/test_scan_time.py | 7 ++-- .../test_registry_ambiguous_complex.py | 24 ++++++-------- ...t_registry_ambiguous_duplicated_entries.py | 12 +++---- .../test_registry_ambiguous_simple.py | 8 ++--- .../data/wazuh_conf_reg_attr.yaml | 2 ++ .../test_basic_usage_delete_registry.py | 4 +-- ...est_basic_usage_entries_match_key_count.py | 32 +++++++++---------- .../test_basic_usage_registry_new_key.py | 4 +-- .../test_long_registry_path.py | 3 +- .../test_registry_checkers.py | 7 ++-- .../data/wazuh_registry_ignore_conf.yaml | 4 +++ .../test_ignore_registry.py | 26 ++++++--------- .../test_registry_limit/data/wazuh_conf.yaml | 6 ++-- .../test_multiple_keys.py | 9 ++---- .../test_registry_no_diff.py | 4 ++- .../data/wazuh_registry_report_changes.yaml | 2 ++ .../test_registry_disk_quota_values.py | 3 +- .../test_registry_diff_size_limit_values.py | 3 +- .../test_registry_file_size_values.py | 3 +- .../test_registry_report_changes.py | 3 +- ...st_registry_report_changes_more_changes.py | 3 +- .../data/wazuh_restrict_conf.yaml | 4 +++ .../test_registry_restrict.py | 3 +- .../test_registry_tags/test_registry_tags.py | 3 +- .../data/wazuh_conf_integrity_scan_win32.yaml | 2 +- .../test_registry_responses_win32.py | 3 +- .../test_synchronization/test_sync_overlap.py | 3 +- .../test_synchronize_integrity_win32.py | 15 +++++---- 31 files changed, 112 insertions(+), 105 deletions(-) diff --git a/tests/integration/test_fim/test_files/test_restrict/test_restrict_valid.py b/tests/integration/test_fim/test_files/test_restrict/test_restrict_valid.py index 9bbc21105e..ff6c5a1645 100644 --- a/tests/integration/test_fim/test_files/test_restrict/test_restrict_valid.py +++ b/tests/integration/test_fim/test_files/test_restrict/test_restrict_valid.py @@ -96,6 +96,7 @@ def get_configuration(request): return request.param +@pytest.mark.skipif(sys.platform == 'win32', reason="Blocked for Issue #4077. When fixed this should be unblocked") @pytest.mark.parametrize('folder', test_directories) @pytest.mark.parametrize('filename, mode, content, triggers_event, tags_to_apply', [ ('.restricted', 'w', "Sample content", True, {'valid_regex1'}), diff --git a/tests/integration/test_fim/test_files/test_scan/test_scan_day.py b/tests/integration/test_fim/test_files/test_scan/test_scan_day.py index b26ce926dd..8bb25e7b50 100644 --- a/tests/integration/test_fim/test_files/test_scan/test_scan_day.py +++ b/tests/integration/test_fim/test_files/test_scan/test_scan_day.py @@ -63,7 +63,7 @@ tags: - fim_scan ''' -import os +import os, sys from datetime import datetime, timedelta import pytest @@ -104,9 +104,8 @@ def get_configuration(request): # tests -@pytest.mark.parametrize('tags_to_apply', [ - {'scan_day'} -]) +@pytest.mark.skipif(sys.platform == 'win32', reason="Blocked for Issue #4077. When fixed this should be unblocked") +@pytest.mark.parametrize('tags_to_apply', [{'scan_day'}]) def test_scan_day(tags_to_apply, get_configuration, configure_environment, restart_syscheckd, wait_for_fim_start): diff --git a/tests/integration/test_fim/test_files/test_scan/test_scan_day_and_time.py b/tests/integration/test_fim/test_files/test_scan/test_scan_day_and_time.py index e04544298b..3b33f0d736 100644 --- a/tests/integration/test_fim/test_files/test_scan/test_scan_day_and_time.py +++ b/tests/integration/test_fim/test_files/test_scan/test_scan_day_and_time.py @@ -60,7 +60,7 @@ tags: - fim_scan ''' -import os +import os, sys from calendar import monthrange from datetime import datetime, timedelta @@ -137,9 +137,8 @@ def get_configuration(request): # tests -@pytest.mark.parametrize('tags_to_apply', [ - {'scan_both'} -]) +@pytest.mark.skipif(sys.platform == 'win32', reason="Blocked for Issue #4077. When fixed this should be unblocked") +@pytest.mark.parametrize('tags_to_apply', [{'scan_both'}]) def test_scan_day_and_time(tags_to_apply, get_configuration, configure_environment, restart_syscheckd, wait_for_fim_start): diff --git a/tests/integration/test_fim/test_files/test_scan/test_scan_time.py b/tests/integration/test_fim/test_files/test_scan/test_scan_time.py index 28542fe911..e9584d2a75 100644 --- a/tests/integration/test_fim/test_files/test_scan/test_scan_time.py +++ b/tests/integration/test_fim/test_files/test_scan/test_scan_time.py @@ -59,7 +59,7 @@ tags: - fim_scan ''' -import os +import os, sys from datetime import datetime, timedelta import pytest @@ -101,9 +101,8 @@ def get_configuration(request): # tests -@pytest.mark.parametrize('tags_to_apply', [ - {'scan_time'} -]) +@pytest.mark.skipif(sys.platform == 'win32', reason="Blocked for Issue #4077. When fixed this should be unblocked") +@pytest.mark.parametrize('tags_to_apply', [{'scan_time'}]) def test_scan_time(tags_to_apply, get_configuration, configure_environment, restart_syscheckd, wait_for_fim_start): diff --git a/tests/integration/test_fim/test_registry/test_registry_ambiguous_confs/test_registry_ambiguous_complex.py b/tests/integration/test_fim/test_registry/test_registry_ambiguous_confs/test_registry_ambiguous_complex.py index 6c6b631de4..e2f003cc92 100644 --- a/tests/integration/test_fim/test_registry/test_registry_ambiguous_confs/test_registry_ambiguous_complex.py +++ b/tests/integration/test_fim/test_registry/test_registry_ambiguous_confs/test_registry_ambiguous_complex.py @@ -55,7 +55,7 @@ tags: - fim_registry_ambiguous_confs ''' -import os +import os, sys from hashlib import sha1 import pytest @@ -126,10 +126,8 @@ def get_configuration(request): # Tests - -@pytest.mark.parametrize('key', [ - key -]) +@pytest.mark.skipif(sys.platform == 'win32', reason="Blocked for Issue #4077. When fixed this should be unblocked") +@pytest.mark.parametrize('key', [key]) @pytest.mark.parametrize('subkey, key_checkers', [ (registry, checkers_key), (subkey_1, checkers_subkey1), @@ -198,9 +196,8 @@ def test_ambiguous_complex_checks(key, subkey, key_checkers, options=key_checkers, time_travel=True) -@pytest.mark.parametrize('key', [ - key -]) +@pytest.mark.skipif(sys.platform == 'win32', reason="Blocked for Issue #4077. When fixed this should be unblocked") +@pytest.mark.parametrize('key', [key]) @pytest.mark.parametrize('subkey, value_list, report,', [ (registry, ['test_value'], True), (subkey_1, ['test_value'], False), @@ -283,9 +280,8 @@ def report_changes_validator(event): value_list=value_list, time_travel=True, validators_after_update=validator_after_update) -@pytest.mark.parametrize('key', [ - key -]) +@pytest.mark.skipif(sys.platform == 'win32', reason="Blocked for Issue #4077. When fixed this should be unblocked") +@pytest.mark.parametrize('key', [key]) @pytest.mark.parametrize('subkey, tag', [ (registry, None), (subkey_1, tag_1), @@ -368,11 +364,9 @@ def tag_validator(event): # Test registry values. registry_key_cud(key, subkey, wazuh_log_monitor, min_timeout=global_parameters.default_timeout, time_travel=True, validators_after_create=validator_after_create, - validators_after_update=validator_after_update, validators_after_delete=validator_after_delete - ) + validators_after_update=validator_after_update, validators_after_delete=validator_after_delete) # Test registry values. registry_value_cud(key, subkey, wazuh_log_monitor, min_timeout=global_parameters.default_timeout, time_travel=True, validators_after_create=validator_after_create, - validators_after_update=validator_after_update, validators_after_delete=validator_after_delete - ) + validators_after_update=validator_after_update, validators_after_delete=validator_after_delete) diff --git a/tests/integration/test_fim/test_registry/test_registry_ambiguous_confs/test_registry_ambiguous_duplicated_entries.py b/tests/integration/test_fim/test_registry/test_registry_ambiguous_confs/test_registry_ambiguous_duplicated_entries.py index d16f64bc63..71f0371d2f 100644 --- a/tests/integration/test_fim/test_registry/test_registry_ambiguous_confs/test_registry_ambiguous_duplicated_entries.py +++ b/tests/integration/test_fim/test_registry/test_registry_ambiguous_confs/test_registry_ambiguous_duplicated_entries.py @@ -56,7 +56,7 @@ tags: - fim_registry_ambiguous_confs ''' -import os +import os, sys from hashlib import sha1 import pytest @@ -119,9 +119,8 @@ def get_configuration(request): # Tests -@pytest.mark.parametrize('key', [ - key -]) +@pytest.mark.skipif(sys.platform == 'win32', reason="Blocked for Issue #4077. When fixed this should be unblocked") +@pytest.mark.parametrize('key', [key]) @pytest.mark.parametrize('subkey, arch, key_list, value_list, checkers, tags_to_apply', [ (subkey_1, KEY_WOW64_64KEY, ['random_key'], ['test_value'], key_all_attrs, {'duplicate_entries'}), (subkey_2, KEY_WOW64_64KEY, ['random_key'], ['test_value'], key_all_attrs, {'duplicate_entries'}), @@ -215,9 +214,8 @@ def test_duplicate_entries(key, subkey, arch, key_list, value_list, checkers, ta min_timeout=global_parameters.default_timeout, time_travel=True, triggers_event=True) -@pytest.mark.parametrize('key', [ - key -]) +@pytest.mark.skipif(sys.platform == 'win32', reason="Blocked for Issue #4077. When fixed this should be unblocked") +@pytest.mark.parametrize('key', [key]) @pytest.mark.parametrize('subkey, arch, value_list, tags_to_apply, report_changes', [ (subkey_1, KEY_WOW64_64KEY, ['test_value'], {'duplicate_report_entries'}, True), (subkey_2, KEY_WOW64_64KEY, ['test_value'], {'duplicate_report_entries'}, False), diff --git a/tests/integration/test_fim/test_registry/test_registry_ambiguous_confs/test_registry_ambiguous_simple.py b/tests/integration/test_fim/test_registry/test_registry_ambiguous_confs/test_registry_ambiguous_simple.py index d59e1de7a5..5470e6092d 100644 --- a/tests/integration/test_fim/test_registry/test_registry_ambiguous_confs/test_registry_ambiguous_simple.py +++ b/tests/integration/test_fim/test_registry/test_registry_ambiguous_confs/test_registry_ambiguous_simple.py @@ -56,7 +56,7 @@ tags: - fim_registry_ambiguous_confs ''' -import os +import os, sys import pytest from wazuh_testing import global_parameters @@ -128,8 +128,6 @@ # Fixtures - - @pytest.fixture(scope='module', params=configurations) def get_configuration(request): """Get configurations from the module.""" @@ -137,7 +135,7 @@ def get_configuration(request): # Tests - +@pytest.mark.skipif(sys.platform == 'win32', reason="Blocked for Issue #4077. When fixed this should be unblocked") @pytest.mark.parametrize('key, sub_keys, arch', [ (key, (subkey_1, os.path.join(subkey_1, key_name)), KEY_WOW64_64KEY), (key, (subkey_2, os.path.join(subkey_2, key_name)), KEY_WOW64_64KEY), @@ -215,6 +213,7 @@ def no_tag_validator(event): min_timeout=global_parameters.default_timeout, validators_after_cud=[no_tag_validator]) +@pytest.mark.skipif(sys.platform == 'win32', reason="Blocked for Issue #4077. When fixed this should be unblocked") @pytest.mark.parametrize('key, subkey, arch', [ (key, os.path.join(subkey_1, recursion_key), KEY_WOW64_64KEY), (key, os.path.join(subkey_2, recursion_key), KEY_WOW64_64KEY), @@ -284,6 +283,7 @@ def test_ambiguous_recursion(key, subkey, arch, time_travel=True, triggers_event=True, min_timeout=global_parameters.default_timeout) +@pytest.mark.skipif(sys.platform == 'win32', reason="Blocked for Issue #4077. When fixed this should be unblocked") @pytest.mark.parametrize('key, subkey, key_checkers, subkey_checkers', [ (key, (subkey_1, os.path.join(subkey_1, key_name)), checkers_key_case1, checkers_subkey_case1), (key, (subkey_2, os.path.join(subkey_2, key_name)), checkers_key_case2, checkers_subkey_case2) diff --git a/tests/integration/test_fim/test_registry/test_registry_basic_usage/data/wazuh_conf_reg_attr.yaml b/tests/integration/test_fim/test_registry/test_registry_basic_usage/data/wazuh_conf_reg_attr.yaml index 8a4220f76e..d281ec90b3 100644 --- a/tests/integration/test_fim/test_registry/test_registry_basic_usage/data/wazuh_conf_reg_attr.yaml +++ b/tests/integration/test_fim/test_registry/test_registry_basic_usage/data/wazuh_conf_reg_attr.yaml @@ -16,6 +16,8 @@ attributes: - ATTRIBUTE - arch: "64bit" + - frequency: + value: 3 - section: sca elements: - enabled: diff --git a/tests/integration/test_fim/test_registry/test_registry_basic_usage/test_basic_usage_delete_registry.py b/tests/integration/test_fim/test_registry/test_registry_basic_usage/test_basic_usage_delete_registry.py index 2af11d8747..d049c75f0f 100644 --- a/tests/integration/test_fim/test_registry/test_registry_basic_usage/test_basic_usage_delete_registry.py +++ b/tests/integration/test_fim/test_registry/test_registry_basic_usage/test_basic_usage_delete_registry.py @@ -53,7 +53,7 @@ tags: - fim_registry_basic_usage ''' -import os +import os, sys from collections import Counter import pytest @@ -101,7 +101,7 @@ def get_configuration(request): # test - +@pytest.mark.xfail(sys.platform == 'win32', reason="Blocked for Issue #4077. When fixed this should be unblocked") @pytest.mark.parametrize('key, subkey, arch, value_list', [ (key, sub_key_1, KEY_WOW64_64KEY, ['value1', 'value2', 'value3']), (key, sub_key_2, KEY_WOW64_32KEY, ['value1', 'value2', 'value3']), diff --git a/tests/integration/test_fim/test_registry/test_registry_basic_usage/test_basic_usage_entries_match_key_count.py b/tests/integration/test_fim/test_registry/test_registry_basic_usage/test_basic_usage_entries_match_key_count.py index cfd5141b56..3e07aae77e 100644 --- a/tests/integration/test_fim/test_registry/test_registry_basic_usage/test_basic_usage_entries_match_key_count.py +++ b/tests/integration/test_fim/test_registry/test_registry_basic_usage/test_basic_usage_entries_match_key_count.py @@ -56,12 +56,12 @@ import os import pytest -from wazuh_testing import global_parameters -from wazuh_testing.fim import LOG_FILE_PATH, generate_params, callback_registry_count_entries, \ - check_time_travel, create_registry, modify_registry_value, registry_parser, KEY_WOW64_64KEY, \ - REG_SZ, REG_MULTI_SZ, REG_DWORD +from wazuh_testing import T_20, LOG_FILE_PATH from wazuh_testing.tools.configuration import load_wazuh_configurations -from wazuh_testing.tools.monitoring import FileMonitor +from wazuh_testing.tools.monitoring import FileMonitor, generate_monitoring_callback +from wazuh_testing.modules.fim import registry_parser, KEY_WOW64_64KEY, REG_SZ, REG_MULTI_SZ, REG_DWORD +from wazuh_testing.modules.fim.utils import generate_params, create_registry, modify_registry_value +from wazuh_testing.modules.fim.event_monitor import CB_FIM_REGISTRY_ENTRIES_COUNT, CB_FIM_REGISTRY_VALUES_ENTRIES_COUNT # Marks @@ -147,14 +147,14 @@ def test_entries_match_key_count(get_configuration, configure_environment, resta - scheduled - time_travel ''' - entries = wazuh_log_monitor.start(timeout=global_parameters.default_timeout, - callback=callback_registry_count_entries, - error_message='Did not receive expected ' - '"Fim inode entries: ..., path count: ..." event' - ).result() - check_time_travel(True, monitor=wazuh_log_monitor) - - if entries: - assert entries == '4', 'Wrong number of entries' - else: - raise AssertionError('Wrong number of entries') + registry_entries = wazuh_log_monitor.start(timeout=T_20, update_position=False, + callback=generate_monitoring_callback(CB_FIM_REGISTRY_ENTRIES_COUNT), + error_message=f'Did not receive expected "{CB_FIM_REGISTRY_ENTRIES_COUNT}" \ + event').result() + + value_entries = wazuh_log_monitor.start(timeout=T_20, + callback=generate_monitoring_callback(CB_FIM_REGISTRY_VALUES_ENTRIES_COUNT), + error_message=f'Did not receive expected \ + "{CB_FIM_REGISTRY_VALUES_ENTRIES_COUNT}" event').result() + + assert int(registry_entries) + int(value_entries) == 4, 'Wrong number of entries' diff --git a/tests/integration/test_fim/test_registry/test_registry_basic_usage/test_basic_usage_registry_new_key.py b/tests/integration/test_fim/test_registry/test_registry_basic_usage/test_basic_usage_registry_new_key.py index edab9a49cb..ec0505623d 100644 --- a/tests/integration/test_fim/test_registry/test_registry_basic_usage/test_basic_usage_registry_new_key.py +++ b/tests/integration/test_fim/test_registry/test_registry_basic_usage/test_basic_usage_registry_new_key.py @@ -54,7 +54,7 @@ tags: - fim_registry_basic_usage ''' -import os +import os, sys import pytest from wazuh_testing import global_parameters @@ -96,7 +96,7 @@ def get_configuration(request): # tests - +@pytest.mark.xfail(sys.platform == 'win32', reason="Blocked for Issue #4077. When fixed this should be unblocked") def test_new_key(get_configuration, configure_environment, restart_syscheckd, wait_for_fim_start): ''' description: Check if the 'wazuh-syscheckd' daemon generates events from a new monitored key after diff --git a/tests/integration/test_fim/test_registry/test_registry_basic_usage/test_long_registry_path.py b/tests/integration/test_fim/test_registry/test_registry_basic_usage/test_long_registry_path.py index 2a2ca8e5bc..546db0f8b8 100644 --- a/tests/integration/test_fim/test_registry/test_registry_basic_usage/test_long_registry_path.py +++ b/tests/integration/test_fim/test_registry/test_registry_basic_usage/test_long_registry_path.py @@ -54,7 +54,7 @@ tags: - fim_registry_basic_usage ''' -import os +import os, sys import pytest from wazuh_testing import global_parameters @@ -98,6 +98,7 @@ def get_configuration(request): return request.param +@pytest.mark.xfail(sys.platform == 'win32', reason="Blocked for Issue #4077. When fixed this should be unblocked") def test_long_registry_path(get_configuration, configure_environment, restart_syscheckd, wait_for_fim_start): ''' description: Check if the 'wazuh-syscheckd' daemon generates events from monitored keys with long paths. diff --git a/tests/integration/test_fim/test_registry/test_registry_checks/test_registry_checkers.py b/tests/integration/test_fim/test_registry/test_registry_checks/test_registry_checkers.py index 8bade9852e..99f21751a6 100644 --- a/tests/integration/test_fim/test_registry/test_registry_checks/test_registry_checkers.py +++ b/tests/integration/test_fim/test_registry/test_registry_checks/test_registry_checkers.py @@ -54,7 +54,7 @@ tags: - fim_registry_checks ''' -import os +import os, sys import pytest from wazuh_testing import global_parameters @@ -137,9 +137,8 @@ def get_configuration(request): # Test -@pytest.mark.parametrize('key', [ - key -]) +@pytest.mark.xfail(sys.platform == 'win32', reason="Blocked for Issue #4077. When fixed this should be unblocked") +@pytest.mark.parametrize('key', [key]) @pytest.mark.parametrize('subkey, arch, key_attrs, value_attrs, tags_to_apply, triggers_modification', [ (sub_key_1, KEY_WOW64_64KEY, key_all_attrs, value_all_attrs, {'check_all_yes'}, True), (sub_key_2, KEY_WOW64_32KEY, key_all_attrs, value_all_attrs, {'check_all_yes'}, True), diff --git a/tests/integration/test_fim/test_registry/test_registry_ignore/data/wazuh_registry_ignore_conf.yaml b/tests/integration/test_fim/test_registry/test_registry_ignore/data/wazuh_registry_ignore_conf.yaml index 3bf04bcd36..e434654d1d 100644 --- a/tests/integration/test_fim/test_registry/test_registry_ignore/data/wazuh_registry_ignore_conf.yaml +++ b/tests/integration/test_fim/test_registry/test_registry_ignore/data/wazuh_registry_ignore_conf.yaml @@ -30,6 +30,8 @@ value: WINDOWS_REGISTRY_2 attributes: - arch: '64bit' + - frequency: + value: 5 - section: sca elements: - enabled: @@ -75,6 +77,8 @@ value: WINDOWS_REGISTRY_2 attributes: - arch: '64bit' + - frequency: + value: 5 - section: sca elements: - enabled: diff --git a/tests/integration/test_fim/test_registry/test_registry_ignore/test_ignore_registry.py b/tests/integration/test_fim/test_registry/test_registry_ignore/test_ignore_registry.py index 2a8518c48f..31d1487467 100755 --- a/tests/integration/test_fim/test_registry/test_registry_ignore/test_ignore_registry.py +++ b/tests/integration/test_fim/test_registry/test_registry_ignore/test_ignore_registry.py @@ -53,10 +53,10 @@ tags: - fim_registry_ignore ''' -import os +import os, sys import pytest -from wazuh_testing import global_parameters, fim +from wazuh_testing import T_20, fim from wazuh_testing.tools.configuration import load_wazuh_configurations, check_apply_test from wazuh_testing.tools.monitoring import FileMonitor @@ -190,17 +190,15 @@ def test_ignore_registry_key(root_key, registry, arch, subkey, triggers_event, t - time_travel ''' check_apply_test(tags_to_apply, get_configuration['tags']) - scheduled = get_configuration['metadata']['fim_mode'] == 'scheduled' fim.registry_ignore_path = os.path.join(root_key, registry) # Create registry fim.create_registry(fim.registry_parser[root_key], os.path.join(registry, subkey), arch) - # Go ahead in time to let syscheck perform a new scan - fim.check_time_travel(scheduled, monitor=wazuh_log_monitor) + # Let syscheck perform a new scan if triggers_event: - event = wazuh_log_monitor.start(timeout=global_parameters.default_timeout, + event = wazuh_log_monitor.start(timeout=T_20, callback=fim.callback_key_event, error_message='Did not receive expected ' '"Sending FIM event: ..." event').result() @@ -210,7 +208,7 @@ def test_ignore_registry_key(root_key, registry, arch, subkey, triggers_event, t else: with pytest.raises(TimeoutError): - event = wazuh_log_monitor.start(timeout=global_parameters.default_timeout, + event = wazuh_log_monitor.start(timeout=T_20, callback=fim.callback_key_event, error_message='Did not receive expected ' '"Sending FIM event: ..." event').result() @@ -293,19 +291,16 @@ def test_ignore_registry_value(root_key, registry, arch, value, triggers_event, - time_travel ''' check_apply_test(tags_to_apply, get_configuration['tags']) - scheduled = get_configuration['metadata']['fim_mode'] == 'scheduled' + # Open the key (this shouldn't create an alert) key_h = fim.create_registry(fim.registry_parser[root_key], registry, arch) # Create values fim.modify_registry_value(key_h, value, fim.REG_SZ, "test_value") - # Go ahead in time to let syscheck perform a new scan - fim.check_time_travel(scheduled, monitor=wazuh_log_monitor) + # Let syscheck perform a new scan if triggers_event: - event = wazuh_log_monitor.start(timeout=global_parameters.default_timeout, - callback=fim.callback_value_event, - error_message='Did not receive expected ' - '"Sending FIM event: ..." event').result() + event = wazuh_log_monitor.start(timeout=T_20, callback=fim.callback_value_event, + error_message='Did not receive expected "Sending FIM event:.." event').result() assert event['data']['type'] == 'added', 'Wrong event type.' assert event['data']['path'] == os.path.join(root_key, registry), 'Wrong value path.' @@ -314,7 +309,6 @@ def test_ignore_registry_value(root_key, registry, arch, value, triggers_event, else: with pytest.raises(TimeoutError): - event = wazuh_log_monitor.start(timeout=global_parameters.default_timeout, - callback=fim.callback_value_event, + event = wazuh_log_monitor.start(timeout=T_20, callback=fim.callback_value_event, error_message='Did not receive expected ' '"Sending FIM event: ..." event').result() diff --git a/tests/integration/test_fim/test_registry/test_registry_limit/data/wazuh_conf.yaml b/tests/integration/test_fim/test_registry/test_registry_limit/data/wazuh_conf.yaml index a2dcec0394..561a04cc46 100644 --- a/tests/integration/test_fim/test_registry/test_registry_limit/data/wazuh_conf.yaml +++ b/tests/integration/test_fim/test_registry/test_registry_limit/data/wazuh_conf.yaml @@ -11,7 +11,7 @@ - disabled: value: 'no' - frequency: - value: 5 + value: 3 - windows_registry: value: WINDOWS_REGISTRY attributes: @@ -52,7 +52,7 @@ - disabled: value: 'no' - frequency: - value: 5 + value: 3 - windows_registry: value: WINDOWS_REGISTRY_1 attributes: @@ -97,7 +97,7 @@ - disabled: value: 'no' - frequency: - value: 5 + value: 3 - windows_registry: value: WINDOWS_REGISTRY_1 attributes: diff --git a/tests/integration/test_fim/test_registry/test_registry_multiple_registries/test_multiple_keys.py b/tests/integration/test_fim/test_registry/test_registry_multiple_registries/test_multiple_keys.py index c561ae4a69..b7a2ee127e 100644 --- a/tests/integration/test_fim/test_registry/test_registry_multiple_registries/test_multiple_keys.py +++ b/tests/integration/test_fim/test_registry/test_registry_multiple_registries/test_multiple_keys.py @@ -53,7 +53,7 @@ tags: - fim_registry_multiple_registries ''' -import os +import os, sys import time import pytest @@ -102,11 +102,8 @@ def get_configuration(request): # Test - - -@pytest.mark.parametrize('tags_to_apply', [ - ({'multiple_keys'}) -]) +@pytest.mark.xfail(sys.platform == 'win32', reason="Blocked for Issue #4077. When fixed this should be unblocked") +@pytest.mark.parametrize('tags_to_apply', [({'multiple_keys'})]) def test_multiple_keys(tags_to_apply, get_configuration, configure_environment, restart_syscheckd): ''' description: Check if the 'wazuh-syscheckd' daemon detects every event when adding, modifying, and deleting diff --git a/tests/integration/test_fim/test_registry/test_registry_nodiff/test_registry_no_diff.py b/tests/integration/test_fim/test_registry/test_registry_nodiff/test_registry_no_diff.py index 8a2bbb16cc..0b2d355df8 100644 --- a/tests/integration/test_fim/test_registry/test_registry_nodiff/test_registry_no_diff.py +++ b/tests/integration/test_fim/test_registry/test_registry_nodiff/test_registry_no_diff.py @@ -53,7 +53,7 @@ tags: - fim_registry_nodiff ''' -import os +import os, sys from hashlib import sha1 from time import sleep @@ -107,6 +107,8 @@ def get_configuration(request): return request.param + +@pytest.mark.xfail(sys.platform == 'win32', reason="Blocked for Issue #4077. When fixed this should be unblocked") @pytest.mark.parametrize('key, subkey, arch, value_name, truncated, tags_to_apply', [ (key, sub_key_1, KEY_WOW64_64KEY, no_diff_value, True, {'no_diff_str'}), (key, sub_key_1, KEY_WOW64_64KEY, "some_value", False, {'no_diff_str'}), diff --git a/tests/integration/test_fim/test_registry/test_registry_report_changes/data/wazuh_registry_report_changes.yaml b/tests/integration/test_fim/test_registry/test_registry_report_changes/data/wazuh_registry_report_changes.yaml index a1f00f85d2..d461d5f17b 100644 --- a/tests/integration/test_fim/test_registry/test_registry_report_changes/data/wazuh_registry_report_changes.yaml +++ b/tests/integration/test_fim/test_registry/test_registry_report_changes/data/wazuh_registry_report_changes.yaml @@ -21,6 +21,8 @@ attributes: - arch: '64bit' - report_changes: 'yes' + - frequency: + value: 3 - section: sca elements: - enabled: diff --git a/tests/integration/test_fim/test_registry/test_registry_report_changes/test_disk_quota/test_registry_disk_quota_values.py b/tests/integration/test_fim/test_registry/test_registry_report_changes/test_disk_quota/test_registry_disk_quota_values.py index cf100fe75e..ee60f8c624 100644 --- a/tests/integration/test_fim/test_registry/test_registry_report_changes/test_disk_quota/test_registry_disk_quota_values.py +++ b/tests/integration/test_fim/test_registry/test_registry_report_changes/test_disk_quota/test_registry_disk_quota_values.py @@ -54,7 +54,7 @@ tags: - fim_registry_report_changes """ -import os +import os, sys import pytest from wazuh_testing import LOG_FILE_PATH, global_parameters @@ -103,6 +103,7 @@ def get_configuration(request): return request.param +@pytest.mark.xfail(sys.platform == 'win32', reason="Blocked for Issue #4077. When fixed this should be unblocked") @pytest.mark.parametrize("size", [(4096), (32768)]) @pytest.mark.parametrize("key, subkey, arch, value_name", [ diff --git a/tests/integration/test_fim/test_registry/test_registry_report_changes/test_registry_diff_size_limit_values.py b/tests/integration/test_fim/test_registry/test_registry_report_changes/test_registry_diff_size_limit_values.py index 1379b1f72a..fac9d98574 100644 --- a/tests/integration/test_fim/test_registry/test_registry_report_changes/test_registry_diff_size_limit_values.py +++ b/tests/integration/test_fim/test_registry/test_registry_report_changes/test_registry_diff_size_limit_values.py @@ -54,7 +54,7 @@ tags: - fim_registry_report_changes ''' -import os +import os, sys import pytest from wazuh_testing import LOG_FILE_PATH, global_parameters @@ -98,6 +98,7 @@ def get_configuration(request): return request.param +@pytest.mark.xfail(sys.platform == 'win32', reason="Blocked for Issue #4077. When fixed this should be unblocked") @pytest.mark.parametrize('size', [(4096), (16384)]) @pytest.mark.parametrize('key, subkey, arch, value_name', [ (WINDOWS_HKEY_LOCAL_MACHINE, MONITORED_KEY, KEY_WOW64_64KEY, 'some_value'), diff --git a/tests/integration/test_fim/test_registry/test_registry_report_changes/test_registry_file_size_values.py b/tests/integration/test_fim/test_registry/test_registry_report_changes/test_registry_file_size_values.py index 3cb4d60755..d49dff9168 100644 --- a/tests/integration/test_fim/test_registry/test_registry_report_changes/test_registry_file_size_values.py +++ b/tests/integration/test_fim/test_registry/test_registry_report_changes/test_registry_file_size_values.py @@ -54,7 +54,7 @@ tags: - fim_registry_report_changes ''' -import os +import os, sys import pytest from wazuh_testing import global_parameters @@ -100,6 +100,7 @@ def get_configuration(request): return request.param +@pytest.mark.xfail(sys.platform == 'win32', reason="Blocked for Issue #4077. When fixed this should be unblocked") @pytest.mark.parametrize('size', [(4096), (16384)]) @pytest.mark.parametrize('key, subkey, arch, value_name', [ (WINDOWS_HKEY_LOCAL_MACHINE, MONITORED_KEY, KEY_WOW64_64KEY, "some_value"), diff --git a/tests/integration/test_fim/test_registry/test_registry_report_changes/test_registry_report_changes.py b/tests/integration/test_fim/test_registry/test_registry_report_changes/test_registry_report_changes.py index c00e5c2273..dc589a87ba 100644 --- a/tests/integration/test_fim/test_registry/test_registry_report_changes/test_registry_report_changes.py +++ b/tests/integration/test_fim/test_registry/test_registry_report_changes/test_registry_report_changes.py @@ -54,7 +54,7 @@ tags: - fim_registry_report_changes ''' -import os +import os, sys import pytest from wazuh_testing import global_parameters @@ -100,6 +100,7 @@ def get_configuration(request): return request.param +@pytest.mark.xfail(sys.platform == 'win32', reason="Blocked for Issue #4077. When fixed this should be unblocked") @pytest.mark.parametrize('key, subkey, arch, value_name, tags_to_apply', [ (key, sub_key_1, KEY_WOW64_64KEY, "some_value", {'test_report_changes'}), (key, sub_key_1, KEY_WOW64_32KEY, "some_value", {'test_report_changes'}), diff --git a/tests/integration/test_fim/test_registry/test_registry_report_changes/test_registry_report_changes_more_changes.py b/tests/integration/test_fim/test_registry/test_registry_report_changes/test_registry_report_changes_more_changes.py index f8cea6ede6..42c76bf620 100644 --- a/tests/integration/test_fim/test_registry/test_registry_report_changes/test_registry_report_changes_more_changes.py +++ b/tests/integration/test_fim/test_registry/test_registry_report_changes/test_registry_report_changes_more_changes.py @@ -54,7 +54,7 @@ tags: - fim_registry_report_changes ''' -import os +import os, sys import pytest from test_fim.common import generate_string @@ -103,6 +103,7 @@ def get_configuration(request): return request.param +@pytest.mark.xfail(sys.platform == 'win32', reason="Blocked for Issue #4077. When fixed this should be unblocked") @pytest.mark.parametrize('key, subkey, arch, value_name, tags_to_apply', [ (key, sub_key_1, KEY_WOW64_64KEY, "some_value", {'test_report_changes'}), (key, sub_key_1, KEY_WOW64_32KEY, "some_value", {'test_report_changes'}), diff --git a/tests/integration/test_fim/test_registry/test_registry_restrict/data/wazuh_restrict_conf.yaml b/tests/integration/test_fim/test_registry/test_registry_restrict/data/wazuh_restrict_conf.yaml index 153ba96a4b..253a444559 100644 --- a/tests/integration/test_fim/test_registry/test_registry_restrict/data/wazuh_restrict_conf.yaml +++ b/tests/integration/test_fim/test_registry/test_registry_restrict/data/wazuh_restrict_conf.yaml @@ -20,6 +20,8 @@ attributes: - arch: "both" - restrict_value: RESTRICT_VALUE + - frequency: + value: 3 - section: sca elements: - enabled: @@ -55,6 +57,8 @@ attributes: - arch: "both" - restrict_key: RESTRICT_KEY + - frequency: + value: 3 - section: sca elements: - enabled: diff --git a/tests/integration/test_fim/test_registry/test_registry_restrict/test_registry_restrict.py b/tests/integration/test_fim/test_registry/test_registry_restrict/test_registry_restrict.py index 69d97e2989..b64a46edb8 100644 --- a/tests/integration/test_fim/test_registry/test_registry_restrict/test_registry_restrict.py +++ b/tests/integration/test_fim/test_registry/test_registry_restrict/test_registry_restrict.py @@ -54,7 +54,7 @@ tags: - fim_registry_restrict ''' -import os +import os, sys import pytest from wazuh_testing import global_parameters @@ -104,6 +104,7 @@ def get_configuration(request): return request.param +@pytest.mark.xfail(sys.platform == 'win32', reason="Blocked for Issue #4077. When fixed this should be unblocked") @pytest.mark.parametrize('key, subkey, arch, value_name, triggers_event, tags_to_apply', [ (key, sub_key_1, KEY_WOW64_64KEY, valid_value_name, True, {'value_restrict'}), (key, sub_key_2, KEY_WOW64_32KEY, valid_value_name, True, {'value_restrict'}), diff --git a/tests/integration/test_fim/test_registry/test_registry_tags/test_registry_tags.py b/tests/integration/test_fim/test_registry/test_registry_tags/test_registry_tags.py index 7fb51a1bf3..5a13f3829c 100644 --- a/tests/integration/test_fim/test_registry/test_registry_tags/test_registry_tags.py +++ b/tests/integration/test_fim/test_registry/test_registry_tags/test_registry_tags.py @@ -50,7 +50,7 @@ 1: Only level 1 tests are performed, they check functionalities of medium complexity. 2: Only level 2 tests are performed, they check advanced functionalities and are slow to perform. ''' -import os +import os, sys import pytest from wazuh_testing import global_parameters @@ -89,6 +89,7 @@ def get_configuration(request): return request.param +@pytest.mark.xfail(sys.platform == 'win32', reason="Blocked for Issue #4077. When fixed this should be unblocked") @pytest.mark.parametrize('key, subkey, arch', [ (key, sub_key, KEY_WOW64_32KEY), (key, sub_key, KEY_WOW64_64KEY), diff --git a/tests/integration/test_fim/test_synchronization/data/wazuh_conf_integrity_scan_win32.yaml b/tests/integration/test_fim/test_synchronization/data/wazuh_conf_integrity_scan_win32.yaml index 061a59341f..362bd79aba 100644 --- a/tests/integration/test_fim/test_synchronization/data/wazuh_conf_integrity_scan_win32.yaml +++ b/tests/integration/test_fim/test_synchronization/data/wazuh_conf_integrity_scan_win32.yaml @@ -8,7 +8,7 @@ - disabled: value: 'no' - frequency: - value: 40 + value: 20 - directories: value: TEST_DIRECTORIES attributes: diff --git a/tests/integration/test_fim/test_synchronization/test_registry_responses_win32.py b/tests/integration/test_fim/test_synchronization/test_registry_responses_win32.py index d4254cd359..13f9244005 100644 --- a/tests/integration/test_fim/test_synchronization/test_registry_responses_win32.py +++ b/tests/integration/test_fim/test_synchronization/test_registry_responses_win32.py @@ -54,7 +54,7 @@ tags: - fim_synchronization ''' -import os +import os, sys import pytest from wazuh_testing import LOG_FILE_PATH, DATA, WAZUH_SERVICES_START from wazuh_testing.tools.configuration import load_wazuh_configurations @@ -92,6 +92,7 @@ def get_configuration(request): # tests +@pytest.mark.xfail(sys.platform == 'win32', reason="Blocked for Issue #4077. When fixed this should be unblocked") @pytest.mark.parametrize('key_name', [':subkey1', 'subkey2:', ':subkey3:']) @pytest.mark.parametrize('value_name', [':value1', 'value2:', ':value3:']) def test_registry_sync_after_restart(key_name, value_name, configure_local_internal_options_module, diff --git a/tests/integration/test_fim/test_synchronization/test_sync_overlap.py b/tests/integration/test_fim/test_synchronization/test_sync_overlap.py index 97ffbd0423..ef1fdc7b98 100644 --- a/tests/integration/test_fim/test_synchronization/test_sync_overlap.py +++ b/tests/integration/test_fim/test_synchronization/test_sync_overlap.py @@ -59,7 +59,7 @@ tags: - fim_synchronization ''' -import os +import os, sys import pytest from wazuh_testing import global_parameters @@ -98,6 +98,7 @@ # Tests +@pytest.mark.xfail(sys.platform == 'win32', reason="Blocked for Issue #4077. When fixed this should be unblocked") @pytest.mark.parametrize('configuration, metadata', zip(configurations, configuration_metadata), ids=test_case_ids) @pytest.mark.parametrize('files_number', [configuration_metadata[0]['files']]) def test_sync_overlap(configuration, metadata, set_wazuh_configuration, configure_local_internal_options_function, diff --git a/tests/integration/test_fim/test_synchronization/test_synchronize_integrity_win32.py b/tests/integration/test_fim/test_synchronization/test_synchronize_integrity_win32.py index f150053880..972fd48a1a 100644 --- a/tests/integration/test_fim/test_synchronization/test_synchronize_integrity_win32.py +++ b/tests/integration/test_fim/test_synchronization/test_synchronize_integrity_win32.py @@ -65,7 +65,8 @@ from wazuh_testing.modules import TIER2, WINDOWS from wazuh_testing.modules.fim import (WINDOWS_HKEY_LOCAL_MACHINE, KEY_WOW64_64KEY, registry_parser, REG_SZ, MONITORED_KEY) -from wazuh_testing.modules.fim.event_monitor import (callback_detect_event, callback_real_time_whodata_started, +from wazuh_testing.modules.fim.event_monitor import (callback_detect_event, callback_detect_file_added_event, + callback_real_time_whodata_started, callback_detect_synchronization, ERR_MSG_FIM_EVENT_NOT_RECIEVED, ERR_MSG_INTEGRITY_OR_WHODATA_NOT_STARTED, ERR_MSG_INTEGRITY_CHECK_EVENT) @@ -83,7 +84,7 @@ directory_str = ','.join(test_directories) test_data_path = os.path.join(os.path.dirname(os.path.realpath(__file__)), 'data') configurations_path = os.path.join(test_data_path, 'wazuh_conf_integrity_scan_win32.yaml') -conf_params = {'TEST_DIRECTORIES': test_directories, +conf_params = {'TEST_DIRECTORIES': directory_str, 'TEST_REGS': os.path.join(WINDOWS_HKEY_LOCAL_MACHINE, subkey)} file_list = [] @@ -177,11 +178,11 @@ def test_events_while_integrity_scan(get_configuration, configure_environment, r # Wait for whodata to start and the synchronization check. Since they are different threads, we cannot expect # them to come in order every time if get_configuration['metadata']['fim_mode'] == 'whodata': - value_1 = wazuh_log_monitor.start(timeout=global_parameters.default_timeout * 3, + value_1 = wazuh_log_monitor.start(timeout=global_parameters.default_timeout * 5, callback=callback_integrity_or_whodata, error_message=ERR_MSG_INTEGRITY_OR_WHODATA_NOT_STARTED).result() - value_2 = wazuh_log_monitor.start(timeout=global_parameters.default_timeout * 3, + value_2 = wazuh_log_monitor.start(timeout=global_parameters.default_timeout * 5, callback=callback_integrity_or_whodata, error_message=ERR_MSG_INTEGRITY_OR_WHODATA_NOT_STARTED).result() assert value_1 != value_2, "callback_integrity_or_whodata detected the same message twice" @@ -197,12 +198,14 @@ def test_events_while_integrity_scan(get_configuration, configure_environment, r create_file(REGULAR, folder, file_name, content='') modify_registry_value(key_h, "test_value", REG_SZ, 'added') - sending_event = wazuh_log_monitor.start(timeout=global_parameters.default_timeout*5, callback=callback_detect_event, + sending_event = wazuh_log_monitor.start(timeout=global_parameters.default_timeout*5, + callback=callback_detect_file_added_event, error_message=ERR_MSG_FIM_EVENT_NOT_RECIEVED).result() assert sending_event['data']['path'] == os.path.join(folder, file_name) time.sleep(global_parameters.default_timeout) - sending_event = wazuh_log_monitor.start(timeout=global_parameters.default_timeout*5, callback=callback_detect_event, + sending_event = wazuh_log_monitor.start(timeout=global_parameters.default_timeout*5, + callback=callback_detect_event, error_message=ERR_MSG_FIM_EVENT_NOT_RECIEVED).result() assert sending_event['data']['path'] == os.path.join(WINDOWS_HKEY_LOCAL_MACHINE, subkey) assert sending_event['data']['arch'] == '[x64]' From 4348f5f907cea6eaa898c6916816363bb296c370 Mon Sep 17 00:00:00 2001 From: Deblintrake09 Date: Mon, 24 Apr 2023 17:05:26 -0300 Subject: [PATCH 07/18] docs(#3591): update changelog.md --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index dfd57373f6..76b40db2fc 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -20,7 +20,7 @@ Release report: TBD - Add new module to support migration tool. ([#3837](https://github.com/wazuh/wazuh-qa/pull/3837)) ### Changed - +- Update FIM test_ambiguous_confs IT to new framework ([#4121](https://github.com/wazuh/wazuh-qa/pull/4121)) \- (Tests) - Update `test_logcollector` invalid configs log level ([#4094](https://github.com/wazuh/wazuh-qa/pull/4094)) \- (Tests) - Update `test_office365` to support the new tag `API_TYPE` ([#4065](https://github.com/wazuh/wazuh-qa/pull/4065)) \- (Framework + Tests) - Update `test_wazuh_db` & `test_enrollment` to support new column `status_code` and new value on the enrollment `payload`. ([#4021](https://github.com/wazuh/wazuh-qa/pull/4021)) \- (Tests) From a6cfd69b6b4477bbdf44f01fa1bfa32794c06fbc Mon Sep 17 00:00:00 2001 From: Deblintrake09 Date: Mon, 24 Apr 2023 17:08:06 -0300 Subject: [PATCH 08/18] fix(#3591): fix imports --- .../integration/test_fim/test_files/test_scan/test_scan_day.py | 3 ++- .../test_fim/test_files/test_scan/test_scan_day_and_time.py | 3 ++- .../test_fim/test_files/test_scan/test_scan_time.py | 3 ++- .../test_registry_ambiguous_complex.py | 3 ++- .../test_registry_ambiguous_duplicated_entries.py | 3 ++- .../test_registry_ambiguous_simple.py | 3 ++- .../test_basic_usage_delete_registry.py | 3 ++- .../test_basic_usage_registry_new_key.py | 3 ++- .../test_registry_basic_usage/test_long_registry_path.py | 3 ++- .../test_registry_checks/test_registry_checkers.py | 3 ++- .../test_registry/test_registry_ignore/test_ignore_registry.py | 3 ++- .../test_registry_multiple_registries/test_multiple_keys.py | 3 ++- .../test_registry_nodiff/test_registry_no_diff.py | 3 ++- .../test_disk_quota/test_registry_disk_quota_values.py | 3 ++- .../test_registry_diff_size_limit_values.py | 3 ++- .../test_registry_file_size_values.py | 3 ++- .../test_registry_report_changes.py | 3 ++- .../test_registry_report_changes_more_changes.py | 3 ++- .../test_registry_restrict/test_registry_restrict.py | 3 ++- .../test_registry/test_registry_tags/test_registry_tags.py | 3 ++- .../test_synchronization/test_registry_responses_win32.py | 3 ++- .../test_fim/test_synchronization/test_sync_overlap.py | 3 ++- 22 files changed, 44 insertions(+), 22 deletions(-) diff --git a/tests/integration/test_fim/test_files/test_scan/test_scan_day.py b/tests/integration/test_fim/test_files/test_scan/test_scan_day.py index 8bb25e7b50..dad576e0b9 100644 --- a/tests/integration/test_fim/test_files/test_scan/test_scan_day.py +++ b/tests/integration/test_fim/test_files/test_scan/test_scan_day.py @@ -63,7 +63,8 @@ tags: - fim_scan ''' -import os, sys +import os +import sys from datetime import datetime, timedelta import pytest diff --git a/tests/integration/test_fim/test_files/test_scan/test_scan_day_and_time.py b/tests/integration/test_fim/test_files/test_scan/test_scan_day_and_time.py index 3b33f0d736..80b41405f1 100644 --- a/tests/integration/test_fim/test_files/test_scan/test_scan_day_and_time.py +++ b/tests/integration/test_fim/test_files/test_scan/test_scan_day_and_time.py @@ -60,7 +60,8 @@ tags: - fim_scan ''' -import os, sys +import os +import sys from calendar import monthrange from datetime import datetime, timedelta diff --git a/tests/integration/test_fim/test_files/test_scan/test_scan_time.py b/tests/integration/test_fim/test_files/test_scan/test_scan_time.py index e9584d2a75..72b80c2cb0 100644 --- a/tests/integration/test_fim/test_files/test_scan/test_scan_time.py +++ b/tests/integration/test_fim/test_files/test_scan/test_scan_time.py @@ -59,7 +59,8 @@ tags: - fim_scan ''' -import os, sys +import os +import sys from datetime import datetime, timedelta import pytest diff --git a/tests/integration/test_fim/test_registry/test_registry_ambiguous_confs/test_registry_ambiguous_complex.py b/tests/integration/test_fim/test_registry/test_registry_ambiguous_confs/test_registry_ambiguous_complex.py index e2f003cc92..c5b0500d68 100644 --- a/tests/integration/test_fim/test_registry/test_registry_ambiguous_confs/test_registry_ambiguous_complex.py +++ b/tests/integration/test_fim/test_registry/test_registry_ambiguous_confs/test_registry_ambiguous_complex.py @@ -55,7 +55,8 @@ tags: - fim_registry_ambiguous_confs ''' -import os, sys +import os +import sys from hashlib import sha1 import pytest diff --git a/tests/integration/test_fim/test_registry/test_registry_ambiguous_confs/test_registry_ambiguous_duplicated_entries.py b/tests/integration/test_fim/test_registry/test_registry_ambiguous_confs/test_registry_ambiguous_duplicated_entries.py index 71f0371d2f..b693fe9b27 100644 --- a/tests/integration/test_fim/test_registry/test_registry_ambiguous_confs/test_registry_ambiguous_duplicated_entries.py +++ b/tests/integration/test_fim/test_registry/test_registry_ambiguous_confs/test_registry_ambiguous_duplicated_entries.py @@ -56,7 +56,8 @@ tags: - fim_registry_ambiguous_confs ''' -import os, sys +import os +import sys from hashlib import sha1 import pytest diff --git a/tests/integration/test_fim/test_registry/test_registry_ambiguous_confs/test_registry_ambiguous_simple.py b/tests/integration/test_fim/test_registry/test_registry_ambiguous_confs/test_registry_ambiguous_simple.py index 5470e6092d..8ab935be43 100644 --- a/tests/integration/test_fim/test_registry/test_registry_ambiguous_confs/test_registry_ambiguous_simple.py +++ b/tests/integration/test_fim/test_registry/test_registry_ambiguous_confs/test_registry_ambiguous_simple.py @@ -56,7 +56,8 @@ tags: - fim_registry_ambiguous_confs ''' -import os, sys +import os +import sys import pytest from wazuh_testing import global_parameters diff --git a/tests/integration/test_fim/test_registry/test_registry_basic_usage/test_basic_usage_delete_registry.py b/tests/integration/test_fim/test_registry/test_registry_basic_usage/test_basic_usage_delete_registry.py index d049c75f0f..1a1fbb68b5 100644 --- a/tests/integration/test_fim/test_registry/test_registry_basic_usage/test_basic_usage_delete_registry.py +++ b/tests/integration/test_fim/test_registry/test_registry_basic_usage/test_basic_usage_delete_registry.py @@ -53,7 +53,8 @@ tags: - fim_registry_basic_usage ''' -import os, sys +import os +import sys from collections import Counter import pytest diff --git a/tests/integration/test_fim/test_registry/test_registry_basic_usage/test_basic_usage_registry_new_key.py b/tests/integration/test_fim/test_registry/test_registry_basic_usage/test_basic_usage_registry_new_key.py index ec0505623d..2b48824ae9 100644 --- a/tests/integration/test_fim/test_registry/test_registry_basic_usage/test_basic_usage_registry_new_key.py +++ b/tests/integration/test_fim/test_registry/test_registry_basic_usage/test_basic_usage_registry_new_key.py @@ -54,7 +54,8 @@ tags: - fim_registry_basic_usage ''' -import os, sys +import os +import sys import pytest from wazuh_testing import global_parameters diff --git a/tests/integration/test_fim/test_registry/test_registry_basic_usage/test_long_registry_path.py b/tests/integration/test_fim/test_registry/test_registry_basic_usage/test_long_registry_path.py index 546db0f8b8..f1ed50b76e 100644 --- a/tests/integration/test_fim/test_registry/test_registry_basic_usage/test_long_registry_path.py +++ b/tests/integration/test_fim/test_registry/test_registry_basic_usage/test_long_registry_path.py @@ -54,7 +54,8 @@ tags: - fim_registry_basic_usage ''' -import os, sys +import os +import sys import pytest from wazuh_testing import global_parameters diff --git a/tests/integration/test_fim/test_registry/test_registry_checks/test_registry_checkers.py b/tests/integration/test_fim/test_registry/test_registry_checks/test_registry_checkers.py index 99f21751a6..7a207fb046 100644 --- a/tests/integration/test_fim/test_registry/test_registry_checks/test_registry_checkers.py +++ b/tests/integration/test_fim/test_registry/test_registry_checks/test_registry_checkers.py @@ -54,7 +54,8 @@ tags: - fim_registry_checks ''' -import os, sys +import os +import sys import pytest from wazuh_testing import global_parameters diff --git a/tests/integration/test_fim/test_registry/test_registry_ignore/test_ignore_registry.py b/tests/integration/test_fim/test_registry/test_registry_ignore/test_ignore_registry.py index 31d1487467..17392174a8 100755 --- a/tests/integration/test_fim/test_registry/test_registry_ignore/test_ignore_registry.py +++ b/tests/integration/test_fim/test_registry/test_registry_ignore/test_ignore_registry.py @@ -53,7 +53,8 @@ tags: - fim_registry_ignore ''' -import os, sys +import os +import sys import pytest from wazuh_testing import T_20, fim diff --git a/tests/integration/test_fim/test_registry/test_registry_multiple_registries/test_multiple_keys.py b/tests/integration/test_fim/test_registry/test_registry_multiple_registries/test_multiple_keys.py index b7a2ee127e..51a9ad2fbb 100644 --- a/tests/integration/test_fim/test_registry/test_registry_multiple_registries/test_multiple_keys.py +++ b/tests/integration/test_fim/test_registry/test_registry_multiple_registries/test_multiple_keys.py @@ -53,7 +53,8 @@ tags: - fim_registry_multiple_registries ''' -import os, sys +import os +import sys import time import pytest diff --git a/tests/integration/test_fim/test_registry/test_registry_nodiff/test_registry_no_diff.py b/tests/integration/test_fim/test_registry/test_registry_nodiff/test_registry_no_diff.py index 0b2d355df8..05ceaed114 100644 --- a/tests/integration/test_fim/test_registry/test_registry_nodiff/test_registry_no_diff.py +++ b/tests/integration/test_fim/test_registry/test_registry_nodiff/test_registry_no_diff.py @@ -53,7 +53,8 @@ tags: - fim_registry_nodiff ''' -import os, sys +import os +import sys from hashlib import sha1 from time import sleep diff --git a/tests/integration/test_fim/test_registry/test_registry_report_changes/test_disk_quota/test_registry_disk_quota_values.py b/tests/integration/test_fim/test_registry/test_registry_report_changes/test_disk_quota/test_registry_disk_quota_values.py index ee60f8c624..342c6f0b65 100644 --- a/tests/integration/test_fim/test_registry/test_registry_report_changes/test_disk_quota/test_registry_disk_quota_values.py +++ b/tests/integration/test_fim/test_registry/test_registry_report_changes/test_disk_quota/test_registry_disk_quota_values.py @@ -54,7 +54,8 @@ tags: - fim_registry_report_changes """ -import os, sys +import os +import sys import pytest from wazuh_testing import LOG_FILE_PATH, global_parameters diff --git a/tests/integration/test_fim/test_registry/test_registry_report_changes/test_registry_diff_size_limit_values.py b/tests/integration/test_fim/test_registry/test_registry_report_changes/test_registry_diff_size_limit_values.py index fac9d98574..8908a6cfa3 100644 --- a/tests/integration/test_fim/test_registry/test_registry_report_changes/test_registry_diff_size_limit_values.py +++ b/tests/integration/test_fim/test_registry/test_registry_report_changes/test_registry_diff_size_limit_values.py @@ -54,7 +54,8 @@ tags: - fim_registry_report_changes ''' -import os, sys +import os +import sys import pytest from wazuh_testing import LOG_FILE_PATH, global_parameters diff --git a/tests/integration/test_fim/test_registry/test_registry_report_changes/test_registry_file_size_values.py b/tests/integration/test_fim/test_registry/test_registry_report_changes/test_registry_file_size_values.py index d49dff9168..2ab3b3cf36 100644 --- a/tests/integration/test_fim/test_registry/test_registry_report_changes/test_registry_file_size_values.py +++ b/tests/integration/test_fim/test_registry/test_registry_report_changes/test_registry_file_size_values.py @@ -54,7 +54,8 @@ tags: - fim_registry_report_changes ''' -import os, sys +import os +import sys import pytest from wazuh_testing import global_parameters diff --git a/tests/integration/test_fim/test_registry/test_registry_report_changes/test_registry_report_changes.py b/tests/integration/test_fim/test_registry/test_registry_report_changes/test_registry_report_changes.py index dc589a87ba..4946c8c2f5 100644 --- a/tests/integration/test_fim/test_registry/test_registry_report_changes/test_registry_report_changes.py +++ b/tests/integration/test_fim/test_registry/test_registry_report_changes/test_registry_report_changes.py @@ -54,7 +54,8 @@ tags: - fim_registry_report_changes ''' -import os, sys +import os +import sys import pytest from wazuh_testing import global_parameters diff --git a/tests/integration/test_fim/test_registry/test_registry_report_changes/test_registry_report_changes_more_changes.py b/tests/integration/test_fim/test_registry/test_registry_report_changes/test_registry_report_changes_more_changes.py index 42c76bf620..8cd7f38945 100644 --- a/tests/integration/test_fim/test_registry/test_registry_report_changes/test_registry_report_changes_more_changes.py +++ b/tests/integration/test_fim/test_registry/test_registry_report_changes/test_registry_report_changes_more_changes.py @@ -54,7 +54,8 @@ tags: - fim_registry_report_changes ''' -import os, sys +import os +import sys import pytest from test_fim.common import generate_string diff --git a/tests/integration/test_fim/test_registry/test_registry_restrict/test_registry_restrict.py b/tests/integration/test_fim/test_registry/test_registry_restrict/test_registry_restrict.py index b64a46edb8..dee5b65ef1 100644 --- a/tests/integration/test_fim/test_registry/test_registry_restrict/test_registry_restrict.py +++ b/tests/integration/test_fim/test_registry/test_registry_restrict/test_registry_restrict.py @@ -54,7 +54,8 @@ tags: - fim_registry_restrict ''' -import os, sys +import os +import sys import pytest from wazuh_testing import global_parameters diff --git a/tests/integration/test_fim/test_registry/test_registry_tags/test_registry_tags.py b/tests/integration/test_fim/test_registry/test_registry_tags/test_registry_tags.py index 5a13f3829c..691660c3e9 100644 --- a/tests/integration/test_fim/test_registry/test_registry_tags/test_registry_tags.py +++ b/tests/integration/test_fim/test_registry/test_registry_tags/test_registry_tags.py @@ -50,7 +50,8 @@ 1: Only level 1 tests are performed, they check functionalities of medium complexity. 2: Only level 2 tests are performed, they check advanced functionalities and are slow to perform. ''' -import os, sys +import os +import sys import pytest from wazuh_testing import global_parameters diff --git a/tests/integration/test_fim/test_synchronization/test_registry_responses_win32.py b/tests/integration/test_fim/test_synchronization/test_registry_responses_win32.py index 13f9244005..b10d682e85 100644 --- a/tests/integration/test_fim/test_synchronization/test_registry_responses_win32.py +++ b/tests/integration/test_fim/test_synchronization/test_registry_responses_win32.py @@ -54,7 +54,8 @@ tags: - fim_synchronization ''' -import os, sys +import os +import sys import pytest from wazuh_testing import LOG_FILE_PATH, DATA, WAZUH_SERVICES_START from wazuh_testing.tools.configuration import load_wazuh_configurations diff --git a/tests/integration/test_fim/test_synchronization/test_sync_overlap.py b/tests/integration/test_fim/test_synchronization/test_sync_overlap.py index ef1fdc7b98..1732e050cd 100644 --- a/tests/integration/test_fim/test_synchronization/test_sync_overlap.py +++ b/tests/integration/test_fim/test_synchronization/test_sync_overlap.py @@ -59,7 +59,8 @@ tags: - fim_synchronization ''' -import os, sys +import os +import sys import pytest from wazuh_testing import global_parameters From 446aebad0ed98f319163db8577bb46c2a592154b Mon Sep 17 00:00:00 2001 From: Deblintrake09 Date: Mon, 24 Apr 2023 17:16:58 -0300 Subject: [PATCH 09/18] style(#3591): fix indents and spacing --- .../test_basic_usage_entries_match_key_count.py | 16 ++++++++-------- .../test_registry_no_diff.py | 1 - 2 files changed, 8 insertions(+), 9 deletions(-) diff --git a/tests/integration/test_fim/test_registry/test_registry_basic_usage/test_basic_usage_entries_match_key_count.py b/tests/integration/test_fim/test_registry/test_registry_basic_usage/test_basic_usage_entries_match_key_count.py index 3e07aae77e..83cbef61fe 100644 --- a/tests/integration/test_fim/test_registry/test_registry_basic_usage/test_basic_usage_entries_match_key_count.py +++ b/tests/integration/test_fim/test_registry/test_registry_basic_usage/test_basic_usage_entries_match_key_count.py @@ -60,7 +60,7 @@ from wazuh_testing.tools.configuration import load_wazuh_configurations from wazuh_testing.tools.monitoring import FileMonitor, generate_monitoring_callback from wazuh_testing.modules.fim import registry_parser, KEY_WOW64_64KEY, REG_SZ, REG_MULTI_SZ, REG_DWORD -from wazuh_testing.modules.fim.utils import generate_params, create_registry, modify_registry_value +from wazuh_testing.modules.fim.utils import generate_params, create_registry, modify_registry_value from wazuh_testing.modules.fim.event_monitor import CB_FIM_REGISTRY_ENTRIES_COUNT, CB_FIM_REGISTRY_VALUES_ENTRIES_COUNT # Marks @@ -149,12 +149,12 @@ def test_entries_match_key_count(get_configuration, configure_environment, resta ''' registry_entries = wazuh_log_monitor.start(timeout=T_20, update_position=False, callback=generate_monitoring_callback(CB_FIM_REGISTRY_ENTRIES_COUNT), - error_message=f'Did not receive expected "{CB_FIM_REGISTRY_ENTRIES_COUNT}" \ - event').result() - - value_entries = wazuh_log_monitor.start(timeout=T_20, - callback=generate_monitoring_callback(CB_FIM_REGISTRY_VALUES_ENTRIES_COUNT), - error_message=f'Did not receive expected \ - "{CB_FIM_REGISTRY_VALUES_ENTRIES_COUNT}" event').result() + error_message=f'Did not receive expected \ + "{CB_FIM_REGISTRY_ENTRIES_COUNT}" event').result() + + callback=generate_monitoring_callback(CB_FIM_REGISTRY_VALUES_ENTRIES_COUNT) + value_entries = wazuh_log_monitor.start(timeout=T_20, callback=callback, + error_message=f'Did not receive expected \ + "{CB_FIM_REGISTRY_VALUES_ENTRIES_COUNT}" event').result() assert int(registry_entries) + int(value_entries) == 4, 'Wrong number of entries' diff --git a/tests/integration/test_fim/test_registry/test_registry_nodiff/test_registry_no_diff.py b/tests/integration/test_fim/test_registry/test_registry_nodiff/test_registry_no_diff.py index 05ceaed114..f177eaa6b3 100644 --- a/tests/integration/test_fim/test_registry/test_registry_nodiff/test_registry_no_diff.py +++ b/tests/integration/test_fim/test_registry/test_registry_nodiff/test_registry_no_diff.py @@ -108,7 +108,6 @@ def get_configuration(request): return request.param - @pytest.mark.xfail(sys.platform == 'win32', reason="Blocked for Issue #4077. When fixed this should be unblocked") @pytest.mark.parametrize('key, subkey, arch, value_name, truncated, tags_to_apply', [ (key, sub_key_1, KEY_WOW64_64KEY, no_diff_value, True, {'no_diff_str'}), From 462312599fddae6d6e1281cafd97e0012778359d Mon Sep 17 00:00:00 2001 From: Deblintrake09 Date: Mon, 24 Apr 2023 18:02:28 -0300 Subject: [PATCH 10/18] style(#3591): fix indents and spacing --- .../test_basic_usage_entries_match_key_count.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/integration/test_fim/test_registry/test_registry_basic_usage/test_basic_usage_entries_match_key_count.py b/tests/integration/test_fim/test_registry/test_registry_basic_usage/test_basic_usage_entries_match_key_count.py index 83cbef61fe..7d1fb7c8c7 100644 --- a/tests/integration/test_fim/test_registry/test_registry_basic_usage/test_basic_usage_entries_match_key_count.py +++ b/tests/integration/test_fim/test_registry/test_registry_basic_usage/test_basic_usage_entries_match_key_count.py @@ -151,8 +151,8 @@ def test_entries_match_key_count(get_configuration, configure_environment, resta callback=generate_monitoring_callback(CB_FIM_REGISTRY_ENTRIES_COUNT), error_message=f'Did not receive expected \ "{CB_FIM_REGISTRY_ENTRIES_COUNT}" event').result() - - callback=generate_monitoring_callback(CB_FIM_REGISTRY_VALUES_ENTRIES_COUNT) + + callback = generate_monitoring_callback(CB_FIM_REGISTRY_VALUES_ENTRIES_COUNT) value_entries = wazuh_log_monitor.start(timeout=T_20, callback=callback, error_message=f'Did not receive expected \ "{CB_FIM_REGISTRY_VALUES_ENTRIES_COUNT}" event').result() From 0c73d32b5e64d0490f413a62222c9f75c5581188 Mon Sep 17 00:00:00 2001 From: Deblintrake09 Date: Mon, 24 Apr 2023 19:18:19 -0300 Subject: [PATCH 11/18] fix(#3591): fix timeout import --- .../test_files/test_inotify/test_num_watches.py | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/tests/integration/test_fim/test_files/test_inotify/test_num_watches.py b/tests/integration/test_fim/test_files/test_inotify/test_num_watches.py index 002ee7063d..24c2081ca0 100644 --- a/tests/integration/test_fim/test_files/test_inotify/test_num_watches.py +++ b/tests/integration/test_fim/test_files/test_inotify/test_num_watches.py @@ -64,7 +64,7 @@ import sys import pytest -from wazuh_testing import T_60, T_40 +from wazuh_testing import T_60 from wazuh_testing.fim import LOG_FILE_PATH, callback_num_inotify_watches, generate_params, detect_initial_scan from wazuh_testing.tools import PREFIX from wazuh_testing.tools.configuration import load_wazuh_configurations, check_apply_test @@ -205,7 +205,7 @@ def test_num_watches(realtime_enabled, decreases_num_watches, rename_folder, get # Check that the number of inotify watches is correct before modifying the folder try: - num_watches = wazuh_log_monitor.start(timeout=T_40, callback=callback_num_inotify_watches, + num_watches = wazuh_log_monitor.start(timeout=T_60, callback=callback_num_inotify_watches, error_message='Did not receive expected ' '"Folders monitored with real-time engine: ..." event' ).result() @@ -238,8 +238,7 @@ def test_num_watches(realtime_enabled, decreases_num_watches, rename_folder, get try: # Check that the number of inotify watches is correct after modifying the folder - num_watches = wazuh_log_monitor.start(timeout=T_40, - callback=callback_num_inotify_watches, + num_watches = wazuh_log_monitor.start(timeout=T_60, callback=callback_num_inotify_watches, error_message='Did not receive expected ' '"Folders monitored with real-time engine: ..." event' ).result() @@ -269,8 +268,7 @@ def test_num_watches(realtime_enabled, decreases_num_watches, rename_folder, get for directory in test_directories: os.mkdir(directory) - num_watches = wazuh_log_monitor.start(timeout=T_40, - callback=callback_num_inotify_watches, + num_watches = wazuh_log_monitor.start(timeout=T_60, callback=callback_num_inotify_watches, error_message='Did not receive expected ' '"Folders monitored with real-time engine: ..." event' ).result() From fe33c1a80e9d98b3b497819407808677b2312b7c Mon Sep 17 00:00:00 2001 From: Deblintrake09 Date: Tue, 25 Apr 2023 11:45:11 -0300 Subject: [PATCH 12/18] fix(#3591): replace xfail for skip in scheduled IT --- .../test_basic_usage_delete_registry.py | 2 +- .../test_basic_usage_registry_new_key.py | 2 +- .../test_registry_basic_usage/test_long_registry_path.py | 2 +- .../test_registry_checks/test_registry_checkers.py | 2 +- .../test_registry_multiple_registries/test_multiple_keys.py | 2 +- .../test_registry_nodiff/test_registry_no_diff.py | 2 +- .../test_disk_quota/test_registry_disk_quota_values.py | 2 +- .../test_registry_diff_size_limit_values.py | 2 +- .../test_registry_file_size_values.py | 2 +- .../test_registry_report_changes.py | 2 +- .../test_registry_report_changes_more_changes.py | 2 +- .../test_registry_restrict/test_registry_restrict.py | 2 +- .../test_registry/test_registry_tags/test_registry_tags.py | 2 +- .../test_synchronization/test_registry_responses_win32.py | 2 +- .../test_fim/test_synchronization/test_sync_overlap.py | 3 ++- 15 files changed, 16 insertions(+), 15 deletions(-) diff --git a/tests/integration/test_fim/test_registry/test_registry_basic_usage/test_basic_usage_delete_registry.py b/tests/integration/test_fim/test_registry/test_registry_basic_usage/test_basic_usage_delete_registry.py index 1a1fbb68b5..03b11ec643 100644 --- a/tests/integration/test_fim/test_registry/test_registry_basic_usage/test_basic_usage_delete_registry.py +++ b/tests/integration/test_fim/test_registry/test_registry_basic_usage/test_basic_usage_delete_registry.py @@ -102,7 +102,7 @@ def get_configuration(request): # test -@pytest.mark.xfail(sys.platform == 'win32', reason="Blocked for Issue #4077. When fixed this should be unblocked") +@pytest.mark.skip(sys.platform == 'win32', reason="Blocked for Issue #4077. When fixed this should be unblocked") @pytest.mark.parametrize('key, subkey, arch, value_list', [ (key, sub_key_1, KEY_WOW64_64KEY, ['value1', 'value2', 'value3']), (key, sub_key_2, KEY_WOW64_32KEY, ['value1', 'value2', 'value3']), diff --git a/tests/integration/test_fim/test_registry/test_registry_basic_usage/test_basic_usage_registry_new_key.py b/tests/integration/test_fim/test_registry/test_registry_basic_usage/test_basic_usage_registry_new_key.py index 2b48824ae9..ff02042d52 100644 --- a/tests/integration/test_fim/test_registry/test_registry_basic_usage/test_basic_usage_registry_new_key.py +++ b/tests/integration/test_fim/test_registry/test_registry_basic_usage/test_basic_usage_registry_new_key.py @@ -97,7 +97,7 @@ def get_configuration(request): # tests -@pytest.mark.xfail(sys.platform == 'win32', reason="Blocked for Issue #4077. When fixed this should be unblocked") +@pytest.mark.skipif(sys.platform == 'win32', reason="Blocked for Issue #4077. When fixed this should be unblocked") def test_new_key(get_configuration, configure_environment, restart_syscheckd, wait_for_fim_start): ''' description: Check if the 'wazuh-syscheckd' daemon generates events from a new monitored key after diff --git a/tests/integration/test_fim/test_registry/test_registry_basic_usage/test_long_registry_path.py b/tests/integration/test_fim/test_registry/test_registry_basic_usage/test_long_registry_path.py index f1ed50b76e..62dbf54394 100644 --- a/tests/integration/test_fim/test_registry/test_registry_basic_usage/test_long_registry_path.py +++ b/tests/integration/test_fim/test_registry/test_registry_basic_usage/test_long_registry_path.py @@ -99,7 +99,7 @@ def get_configuration(request): return request.param -@pytest.mark.xfail(sys.platform == 'win32', reason="Blocked for Issue #4077. When fixed this should be unblocked") +@pytest.mark.skipif(sys.platform == 'win32', reason="Blocked for Issue #4077. When fixed this should be unblocked") def test_long_registry_path(get_configuration, configure_environment, restart_syscheckd, wait_for_fim_start): ''' description: Check if the 'wazuh-syscheckd' daemon generates events from monitored keys with long paths. diff --git a/tests/integration/test_fim/test_registry/test_registry_checks/test_registry_checkers.py b/tests/integration/test_fim/test_registry/test_registry_checks/test_registry_checkers.py index 7a207fb046..8bf3a4908a 100644 --- a/tests/integration/test_fim/test_registry/test_registry_checks/test_registry_checkers.py +++ b/tests/integration/test_fim/test_registry/test_registry_checks/test_registry_checkers.py @@ -138,7 +138,7 @@ def get_configuration(request): # Test -@pytest.mark.xfail(sys.platform == 'win32', reason="Blocked for Issue #4077. When fixed this should be unblocked") +@pytest.mark.skipif(sys.platform == 'win32', reason="Blocked for Issue #4077. When fixed this should be unblocked") @pytest.mark.parametrize('key', [key]) @pytest.mark.parametrize('subkey, arch, key_attrs, value_attrs, tags_to_apply, triggers_modification', [ (sub_key_1, KEY_WOW64_64KEY, key_all_attrs, value_all_attrs, {'check_all_yes'}, True), diff --git a/tests/integration/test_fim/test_registry/test_registry_multiple_registries/test_multiple_keys.py b/tests/integration/test_fim/test_registry/test_registry_multiple_registries/test_multiple_keys.py index 51a9ad2fbb..569badbaec 100644 --- a/tests/integration/test_fim/test_registry/test_registry_multiple_registries/test_multiple_keys.py +++ b/tests/integration/test_fim/test_registry/test_registry_multiple_registries/test_multiple_keys.py @@ -103,7 +103,7 @@ def get_configuration(request): # Test -@pytest.mark.xfail(sys.platform == 'win32', reason="Blocked for Issue #4077. When fixed this should be unblocked") +@pytest.mark.skipif(sys.platform == 'win32', reason="Blocked for Issue #4077. When fixed this should be unblocked") @pytest.mark.parametrize('tags_to_apply', [({'multiple_keys'})]) def test_multiple_keys(tags_to_apply, get_configuration, configure_environment, restart_syscheckd): ''' diff --git a/tests/integration/test_fim/test_registry/test_registry_nodiff/test_registry_no_diff.py b/tests/integration/test_fim/test_registry/test_registry_nodiff/test_registry_no_diff.py index f177eaa6b3..d0fc7a0dbe 100644 --- a/tests/integration/test_fim/test_registry/test_registry_nodiff/test_registry_no_diff.py +++ b/tests/integration/test_fim/test_registry/test_registry_nodiff/test_registry_no_diff.py @@ -108,7 +108,7 @@ def get_configuration(request): return request.param -@pytest.mark.xfail(sys.platform == 'win32', reason="Blocked for Issue #4077. When fixed this should be unblocked") +@pytest.mark.skipif(sys.platform == 'win32', reason="Blocked for Issue #4077. When fixed this should be unblocked") @pytest.mark.parametrize('key, subkey, arch, value_name, truncated, tags_to_apply', [ (key, sub_key_1, KEY_WOW64_64KEY, no_diff_value, True, {'no_diff_str'}), (key, sub_key_1, KEY_WOW64_64KEY, "some_value", False, {'no_diff_str'}), diff --git a/tests/integration/test_fim/test_registry/test_registry_report_changes/test_disk_quota/test_registry_disk_quota_values.py b/tests/integration/test_fim/test_registry/test_registry_report_changes/test_disk_quota/test_registry_disk_quota_values.py index 342c6f0b65..c544675356 100644 --- a/tests/integration/test_fim/test_registry/test_registry_report_changes/test_disk_quota/test_registry_disk_quota_values.py +++ b/tests/integration/test_fim/test_registry/test_registry_report_changes/test_disk_quota/test_registry_disk_quota_values.py @@ -104,7 +104,7 @@ def get_configuration(request): return request.param -@pytest.mark.xfail(sys.platform == 'win32', reason="Blocked for Issue #4077. When fixed this should be unblocked") +@pytest.mark.skipif(sys.platform == 'win32', reason="Blocked for Issue #4077. When fixed this should be unblocked") @pytest.mark.parametrize("size", [(4096), (32768)]) @pytest.mark.parametrize("key, subkey, arch, value_name", [ diff --git a/tests/integration/test_fim/test_registry/test_registry_report_changes/test_registry_diff_size_limit_values.py b/tests/integration/test_fim/test_registry/test_registry_report_changes/test_registry_diff_size_limit_values.py index 8908a6cfa3..b1aacd6aaf 100644 --- a/tests/integration/test_fim/test_registry/test_registry_report_changes/test_registry_diff_size_limit_values.py +++ b/tests/integration/test_fim/test_registry/test_registry_report_changes/test_registry_diff_size_limit_values.py @@ -99,7 +99,7 @@ def get_configuration(request): return request.param -@pytest.mark.xfail(sys.platform == 'win32', reason="Blocked for Issue #4077. When fixed this should be unblocked") +@pytest.mark.skipif(sys.platform == 'win32', reason="Blocked for Issue #4077. When fixed this should be unblocked") @pytest.mark.parametrize('size', [(4096), (16384)]) @pytest.mark.parametrize('key, subkey, arch, value_name', [ (WINDOWS_HKEY_LOCAL_MACHINE, MONITORED_KEY, KEY_WOW64_64KEY, 'some_value'), diff --git a/tests/integration/test_fim/test_registry/test_registry_report_changes/test_registry_file_size_values.py b/tests/integration/test_fim/test_registry/test_registry_report_changes/test_registry_file_size_values.py index 2ab3b3cf36..e97397b866 100644 --- a/tests/integration/test_fim/test_registry/test_registry_report_changes/test_registry_file_size_values.py +++ b/tests/integration/test_fim/test_registry/test_registry_report_changes/test_registry_file_size_values.py @@ -101,7 +101,7 @@ def get_configuration(request): return request.param -@pytest.mark.xfail(sys.platform == 'win32', reason="Blocked for Issue #4077. When fixed this should be unblocked") +@pytest.mark.skipif(sys.platform == 'win32', reason="Blocked for Issue #4077. When fixed this should be unblocked") @pytest.mark.parametrize('size', [(4096), (16384)]) @pytest.mark.parametrize('key, subkey, arch, value_name', [ (WINDOWS_HKEY_LOCAL_MACHINE, MONITORED_KEY, KEY_WOW64_64KEY, "some_value"), diff --git a/tests/integration/test_fim/test_registry/test_registry_report_changes/test_registry_report_changes.py b/tests/integration/test_fim/test_registry/test_registry_report_changes/test_registry_report_changes.py index 4946c8c2f5..9aa5b431dc 100644 --- a/tests/integration/test_fim/test_registry/test_registry_report_changes/test_registry_report_changes.py +++ b/tests/integration/test_fim/test_registry/test_registry_report_changes/test_registry_report_changes.py @@ -101,7 +101,7 @@ def get_configuration(request): return request.param -@pytest.mark.xfail(sys.platform == 'win32', reason="Blocked for Issue #4077. When fixed this should be unblocked") +@pytest.mark.skipif(sys.platform == 'win32', reason="Blocked for Issue #4077. When fixed this should be unblocked") @pytest.mark.parametrize('key, subkey, arch, value_name, tags_to_apply', [ (key, sub_key_1, KEY_WOW64_64KEY, "some_value", {'test_report_changes'}), (key, sub_key_1, KEY_WOW64_32KEY, "some_value", {'test_report_changes'}), diff --git a/tests/integration/test_fim/test_registry/test_registry_report_changes/test_registry_report_changes_more_changes.py b/tests/integration/test_fim/test_registry/test_registry_report_changes/test_registry_report_changes_more_changes.py index 8cd7f38945..6c78ec4ed6 100644 --- a/tests/integration/test_fim/test_registry/test_registry_report_changes/test_registry_report_changes_more_changes.py +++ b/tests/integration/test_fim/test_registry/test_registry_report_changes/test_registry_report_changes_more_changes.py @@ -104,7 +104,7 @@ def get_configuration(request): return request.param -@pytest.mark.xfail(sys.platform == 'win32', reason="Blocked for Issue #4077. When fixed this should be unblocked") +@pytest.mark.skipif(sys.platform == 'win32', reason="Blocked for Issue #4077. When fixed this should be unblocked") @pytest.mark.parametrize('key, subkey, arch, value_name, tags_to_apply', [ (key, sub_key_1, KEY_WOW64_64KEY, "some_value", {'test_report_changes'}), (key, sub_key_1, KEY_WOW64_32KEY, "some_value", {'test_report_changes'}), diff --git a/tests/integration/test_fim/test_registry/test_registry_restrict/test_registry_restrict.py b/tests/integration/test_fim/test_registry/test_registry_restrict/test_registry_restrict.py index dee5b65ef1..7c168a6f3b 100644 --- a/tests/integration/test_fim/test_registry/test_registry_restrict/test_registry_restrict.py +++ b/tests/integration/test_fim/test_registry/test_registry_restrict/test_registry_restrict.py @@ -105,7 +105,7 @@ def get_configuration(request): return request.param -@pytest.mark.xfail(sys.platform == 'win32', reason="Blocked for Issue #4077. When fixed this should be unblocked") +@pytest.mark.skipif(sys.platform == 'win32', reason="Blocked for Issue #4077. When fixed this should be unblocked") @pytest.mark.parametrize('key, subkey, arch, value_name, triggers_event, tags_to_apply', [ (key, sub_key_1, KEY_WOW64_64KEY, valid_value_name, True, {'value_restrict'}), (key, sub_key_2, KEY_WOW64_32KEY, valid_value_name, True, {'value_restrict'}), diff --git a/tests/integration/test_fim/test_registry/test_registry_tags/test_registry_tags.py b/tests/integration/test_fim/test_registry/test_registry_tags/test_registry_tags.py index 691660c3e9..f921b05a5e 100644 --- a/tests/integration/test_fim/test_registry/test_registry_tags/test_registry_tags.py +++ b/tests/integration/test_fim/test_registry/test_registry_tags/test_registry_tags.py @@ -90,7 +90,7 @@ def get_configuration(request): return request.param -@pytest.mark.xfail(sys.platform == 'win32', reason="Blocked for Issue #4077. When fixed this should be unblocked") +@pytest.mark.skipif(sys.platform == 'win32', reason="Blocked for Issue #4077. When fixed this should be unblocked") @pytest.mark.parametrize('key, subkey, arch', [ (key, sub_key, KEY_WOW64_32KEY), (key, sub_key, KEY_WOW64_64KEY), diff --git a/tests/integration/test_fim/test_synchronization/test_registry_responses_win32.py b/tests/integration/test_fim/test_synchronization/test_registry_responses_win32.py index b10d682e85..9b4eec9c63 100644 --- a/tests/integration/test_fim/test_synchronization/test_registry_responses_win32.py +++ b/tests/integration/test_fim/test_synchronization/test_registry_responses_win32.py @@ -93,7 +93,7 @@ def get_configuration(request): # tests -@pytest.mark.xfail(sys.platform == 'win32', reason="Blocked for Issue #4077. When fixed this should be unblocked") +@pytest.mark.skip(sys.platform == 'win32', reason="Blocked for Issue #4077. When fixed this should be unblocked") @pytest.mark.parametrize('key_name', [':subkey1', 'subkey2:', ':subkey3:']) @pytest.mark.parametrize('value_name', [':value1', 'value2:', ':value3:']) def test_registry_sync_after_restart(key_name, value_name, configure_local_internal_options_module, diff --git a/tests/integration/test_fim/test_synchronization/test_sync_overlap.py b/tests/integration/test_fim/test_synchronization/test_sync_overlap.py index 1732e050cd..5fd09dd820 100644 --- a/tests/integration/test_fim/test_synchronization/test_sync_overlap.py +++ b/tests/integration/test_fim/test_synchronization/test_sync_overlap.py @@ -99,7 +99,6 @@ # Tests -@pytest.mark.xfail(sys.platform == 'win32', reason="Blocked for Issue #4077. When fixed this should be unblocked") @pytest.mark.parametrize('configuration, metadata', zip(configurations, configuration_metadata), ids=test_case_ids) @pytest.mark.parametrize('files_number', [configuration_metadata[0]['files']]) def test_sync_overlap(configuration, metadata, set_wazuh_configuration, configure_local_internal_options_function, @@ -161,6 +160,8 @@ def test_sync_overlap(configuration, metadata, set_wazuh_configuration, configur tags: - scheduled ''' + if sys.platform == 'win32' and metadata['lower']: + pytest.xfail("It will be blocked by wazuh/wazuh-qa#4071") wazuh_log_monitor = FileMonitor(LOG_FILE_PATH) From 0298b40cf597afaa64e9a7cb28bd02c3cce025b9 Mon Sep 17 00:00:00 2001 From: Deblintrake09 Date: Wed, 26 Apr 2023 16:24:13 -0300 Subject: [PATCH 13/18] docs(#3591): change skipped tests reason parameter --- .../test_files/test_restrict/test_restrict_valid.py | 2 +- .../test_fim/test_files/test_scan/test_scan_day.py | 2 +- .../test_fim/test_files/test_scan/test_scan_day_and_time.py | 2 +- .../test_fim/test_files/test_scan/test_scan_time.py | 2 +- .../test_registry_ambiguous_complex.py | 6 +++--- .../test_registry_ambiguous_duplicated_entries.py | 4 ++-- .../test_registry_ambiguous_simple.py | 6 +++--- .../test_basic_usage_delete_registry.py | 2 +- .../test_basic_usage_registry_new_key.py | 2 +- .../test_registry_basic_usage/test_long_registry_path.py | 2 +- .../test_registry_checks/test_registry_checkers.py | 2 +- .../test_registry_multiple_registries/test_multiple_keys.py | 2 +- .../test_registry_nodiff/test_registry_no_diff.py | 2 +- .../test_disk_quota/test_registry_disk_quota_values.py | 2 +- .../test_registry_diff_size_limit_values.py | 2 +- .../test_registry_file_size_values.py | 2 +- .../test_registry_report_changes.py | 2 +- .../test_registry_report_changes_more_changes.py | 2 +- .../test_registry_restrict/test_registry_restrict.py | 2 +- .../test_registry/test_registry_tags/test_registry_tags.py | 2 +- .../test_synchronization/test_registry_responses_win32.py | 2 +- 21 files changed, 26 insertions(+), 26 deletions(-) diff --git a/tests/integration/test_fim/test_files/test_restrict/test_restrict_valid.py b/tests/integration/test_fim/test_files/test_restrict/test_restrict_valid.py index ff6c5a1645..d7b3f5c721 100644 --- a/tests/integration/test_fim/test_files/test_restrict/test_restrict_valid.py +++ b/tests/integration/test_fim/test_files/test_restrict/test_restrict_valid.py @@ -96,7 +96,7 @@ def get_configuration(request): return request.param -@pytest.mark.skipif(sys.platform == 'win32', reason="Blocked for Issue #4077. When fixed this should be unblocked") +@pytest.mark.skipif(sys.platform=='win32', reason="Blocked by #4077.") @pytest.mark.parametrize('folder', test_directories) @pytest.mark.parametrize('filename, mode, content, triggers_event, tags_to_apply', [ ('.restricted', 'w', "Sample content", True, {'valid_regex1'}), diff --git a/tests/integration/test_fim/test_files/test_scan/test_scan_day.py b/tests/integration/test_fim/test_files/test_scan/test_scan_day.py index dad576e0b9..ef1459602d 100644 --- a/tests/integration/test_fim/test_files/test_scan/test_scan_day.py +++ b/tests/integration/test_fim/test_files/test_scan/test_scan_day.py @@ -105,7 +105,7 @@ def get_configuration(request): # tests -@pytest.mark.skipif(sys.platform == 'win32', reason="Blocked for Issue #4077. When fixed this should be unblocked") +@pytest.mark.skipif(sys.platform=='win32', reason="Blocked by #4077.") @pytest.mark.parametrize('tags_to_apply', [{'scan_day'}]) def test_scan_day(tags_to_apply, get_configuration, configure_environment, diff --git a/tests/integration/test_fim/test_files/test_scan/test_scan_day_and_time.py b/tests/integration/test_fim/test_files/test_scan/test_scan_day_and_time.py index 80b41405f1..0109b9dd12 100644 --- a/tests/integration/test_fim/test_files/test_scan/test_scan_day_and_time.py +++ b/tests/integration/test_fim/test_files/test_scan/test_scan_day_and_time.py @@ -138,7 +138,7 @@ def get_configuration(request): # tests -@pytest.mark.skipif(sys.platform == 'win32', reason="Blocked for Issue #4077. When fixed this should be unblocked") +@pytest.mark.skipif(sys.platform=='win32', reason="Blocked by #4077.") @pytest.mark.parametrize('tags_to_apply', [{'scan_both'}]) def test_scan_day_and_time(tags_to_apply, get_configuration, configure_environment, diff --git a/tests/integration/test_fim/test_files/test_scan/test_scan_time.py b/tests/integration/test_fim/test_files/test_scan/test_scan_time.py index 72b80c2cb0..e6b634c975 100644 --- a/tests/integration/test_fim/test_files/test_scan/test_scan_time.py +++ b/tests/integration/test_fim/test_files/test_scan/test_scan_time.py @@ -102,7 +102,7 @@ def get_configuration(request): # tests -@pytest.mark.skipif(sys.platform == 'win32', reason="Blocked for Issue #4077. When fixed this should be unblocked") +@pytest.mark.skipif(sys.platform=='win32', reason="Blocked by #4077.") @pytest.mark.parametrize('tags_to_apply', [{'scan_time'}]) def test_scan_time(tags_to_apply, get_configuration, configure_environment, diff --git a/tests/integration/test_fim/test_registry/test_registry_ambiguous_confs/test_registry_ambiguous_complex.py b/tests/integration/test_fim/test_registry/test_registry_ambiguous_confs/test_registry_ambiguous_complex.py index c5b0500d68..0cda62f769 100644 --- a/tests/integration/test_fim/test_registry/test_registry_ambiguous_confs/test_registry_ambiguous_complex.py +++ b/tests/integration/test_fim/test_registry/test_registry_ambiguous_confs/test_registry_ambiguous_complex.py @@ -127,7 +127,7 @@ def get_configuration(request): # Tests -@pytest.mark.skipif(sys.platform == 'win32', reason="Blocked for Issue #4077. When fixed this should be unblocked") +@pytest.mark.skipif(sys.platform=='win32', reason="Blocked by #4077.") @pytest.mark.parametrize('key', [key]) @pytest.mark.parametrize('subkey, key_checkers', [ (registry, checkers_key), @@ -197,7 +197,7 @@ def test_ambiguous_complex_checks(key, subkey, key_checkers, options=key_checkers, time_travel=True) -@pytest.mark.skipif(sys.platform == 'win32', reason="Blocked for Issue #4077. When fixed this should be unblocked") +@pytest.mark.skipif(sys.platform=='win32', reason="Blocked by #4077.") @pytest.mark.parametrize('key', [key]) @pytest.mark.parametrize('subkey, value_list, report,', [ (registry, ['test_value'], True), @@ -281,7 +281,7 @@ def report_changes_validator(event): value_list=value_list, time_travel=True, validators_after_update=validator_after_update) -@pytest.mark.skipif(sys.platform == 'win32', reason="Blocked for Issue #4077. When fixed this should be unblocked") +@pytest.mark.skipif(sys.platform=='win32', reason="Blocked by #4077.") @pytest.mark.parametrize('key', [key]) @pytest.mark.parametrize('subkey, tag', [ (registry, None), diff --git a/tests/integration/test_fim/test_registry/test_registry_ambiguous_confs/test_registry_ambiguous_duplicated_entries.py b/tests/integration/test_fim/test_registry/test_registry_ambiguous_confs/test_registry_ambiguous_duplicated_entries.py index b693fe9b27..b93c6264d0 100644 --- a/tests/integration/test_fim/test_registry/test_registry_ambiguous_confs/test_registry_ambiguous_duplicated_entries.py +++ b/tests/integration/test_fim/test_registry/test_registry_ambiguous_confs/test_registry_ambiguous_duplicated_entries.py @@ -120,7 +120,7 @@ def get_configuration(request): # Tests -@pytest.mark.skipif(sys.platform == 'win32', reason="Blocked for Issue #4077. When fixed this should be unblocked") +@pytest.mark.skipif(sys.platform=='win32', reason="Blocked by #4077.") @pytest.mark.parametrize('key', [key]) @pytest.mark.parametrize('subkey, arch, key_list, value_list, checkers, tags_to_apply', [ (subkey_1, KEY_WOW64_64KEY, ['random_key'], ['test_value'], key_all_attrs, {'duplicate_entries'}), @@ -215,7 +215,7 @@ def test_duplicate_entries(key, subkey, arch, key_list, value_list, checkers, ta min_timeout=global_parameters.default_timeout, time_travel=True, triggers_event=True) -@pytest.mark.skipif(sys.platform == 'win32', reason="Blocked for Issue #4077. When fixed this should be unblocked") +@pytest.mark.skipif(sys.platform=='win32', reason="Blocked by #4077.") @pytest.mark.parametrize('key', [key]) @pytest.mark.parametrize('subkey, arch, value_list, tags_to_apply, report_changes', [ (subkey_1, KEY_WOW64_64KEY, ['test_value'], {'duplicate_report_entries'}, True), diff --git a/tests/integration/test_fim/test_registry/test_registry_ambiguous_confs/test_registry_ambiguous_simple.py b/tests/integration/test_fim/test_registry/test_registry_ambiguous_confs/test_registry_ambiguous_simple.py index 8ab935be43..44ffdee07d 100644 --- a/tests/integration/test_fim/test_registry/test_registry_ambiguous_confs/test_registry_ambiguous_simple.py +++ b/tests/integration/test_fim/test_registry/test_registry_ambiguous_confs/test_registry_ambiguous_simple.py @@ -136,7 +136,7 @@ def get_configuration(request): # Tests -@pytest.mark.skipif(sys.platform == 'win32', reason="Blocked for Issue #4077. When fixed this should be unblocked") +@pytest.mark.skipif(sys.platform=='win32', reason="Blocked by #4077.") @pytest.mark.parametrize('key, sub_keys, arch', [ (key, (subkey_1, os.path.join(subkey_1, key_name)), KEY_WOW64_64KEY), (key, (subkey_2, os.path.join(subkey_2, key_name)), KEY_WOW64_64KEY), @@ -214,7 +214,7 @@ def no_tag_validator(event): min_timeout=global_parameters.default_timeout, validators_after_cud=[no_tag_validator]) -@pytest.mark.skipif(sys.platform == 'win32', reason="Blocked for Issue #4077. When fixed this should be unblocked") +@pytest.mark.skipif(sys.platform=='win32', reason="Blocked by #4077.") @pytest.mark.parametrize('key, subkey, arch', [ (key, os.path.join(subkey_1, recursion_key), KEY_WOW64_64KEY), (key, os.path.join(subkey_2, recursion_key), KEY_WOW64_64KEY), @@ -284,7 +284,7 @@ def test_ambiguous_recursion(key, subkey, arch, time_travel=True, triggers_event=True, min_timeout=global_parameters.default_timeout) -@pytest.mark.skipif(sys.platform == 'win32', reason="Blocked for Issue #4077. When fixed this should be unblocked") +@pytest.mark.skipif(sys.platform=='win32', reason="Blocked by #4077.") @pytest.mark.parametrize('key, subkey, key_checkers, subkey_checkers', [ (key, (subkey_1, os.path.join(subkey_1, key_name)), checkers_key_case1, checkers_subkey_case1), (key, (subkey_2, os.path.join(subkey_2, key_name)), checkers_key_case2, checkers_subkey_case2) diff --git a/tests/integration/test_fim/test_registry/test_registry_basic_usage/test_basic_usage_delete_registry.py b/tests/integration/test_fim/test_registry/test_registry_basic_usage/test_basic_usage_delete_registry.py index 03b11ec643..e2c5cab7be 100644 --- a/tests/integration/test_fim/test_registry/test_registry_basic_usage/test_basic_usage_delete_registry.py +++ b/tests/integration/test_fim/test_registry/test_registry_basic_usage/test_basic_usage_delete_registry.py @@ -102,7 +102,7 @@ def get_configuration(request): # test -@pytest.mark.skip(sys.platform == 'win32', reason="Blocked for Issue #4077. When fixed this should be unblocked") +@pytest.mark.skip(sys.platform=='win32', reason="Blocked by #4077.") @pytest.mark.parametrize('key, subkey, arch, value_list', [ (key, sub_key_1, KEY_WOW64_64KEY, ['value1', 'value2', 'value3']), (key, sub_key_2, KEY_WOW64_32KEY, ['value1', 'value2', 'value3']), diff --git a/tests/integration/test_fim/test_registry/test_registry_basic_usage/test_basic_usage_registry_new_key.py b/tests/integration/test_fim/test_registry/test_registry_basic_usage/test_basic_usage_registry_new_key.py index ff02042d52..cbde5c3e7b 100644 --- a/tests/integration/test_fim/test_registry/test_registry_basic_usage/test_basic_usage_registry_new_key.py +++ b/tests/integration/test_fim/test_registry/test_registry_basic_usage/test_basic_usage_registry_new_key.py @@ -97,7 +97,7 @@ def get_configuration(request): # tests -@pytest.mark.skipif(sys.platform == 'win32', reason="Blocked for Issue #4077. When fixed this should be unblocked") +@pytest.mark.skipif(sys.platform=='win32', reason="Blocked by #4077.") def test_new_key(get_configuration, configure_environment, restart_syscheckd, wait_for_fim_start): ''' description: Check if the 'wazuh-syscheckd' daemon generates events from a new monitored key after diff --git a/tests/integration/test_fim/test_registry/test_registry_basic_usage/test_long_registry_path.py b/tests/integration/test_fim/test_registry/test_registry_basic_usage/test_long_registry_path.py index 62dbf54394..1d6759bf96 100644 --- a/tests/integration/test_fim/test_registry/test_registry_basic_usage/test_long_registry_path.py +++ b/tests/integration/test_fim/test_registry/test_registry_basic_usage/test_long_registry_path.py @@ -99,7 +99,7 @@ def get_configuration(request): return request.param -@pytest.mark.skipif(sys.platform == 'win32', reason="Blocked for Issue #4077. When fixed this should be unblocked") +@pytest.mark.skipif(sys.platform=='win32', reason="Blocked by #4077.") def test_long_registry_path(get_configuration, configure_environment, restart_syscheckd, wait_for_fim_start): ''' description: Check if the 'wazuh-syscheckd' daemon generates events from monitored keys with long paths. diff --git a/tests/integration/test_fim/test_registry/test_registry_checks/test_registry_checkers.py b/tests/integration/test_fim/test_registry/test_registry_checks/test_registry_checkers.py index 8bf3a4908a..ef916139d5 100644 --- a/tests/integration/test_fim/test_registry/test_registry_checks/test_registry_checkers.py +++ b/tests/integration/test_fim/test_registry/test_registry_checks/test_registry_checkers.py @@ -138,7 +138,7 @@ def get_configuration(request): # Test -@pytest.mark.skipif(sys.platform == 'win32', reason="Blocked for Issue #4077. When fixed this should be unblocked") +@pytest.mark.skipif(sys.platform=='win32', reason="Blocked by #4077.") @pytest.mark.parametrize('key', [key]) @pytest.mark.parametrize('subkey, arch, key_attrs, value_attrs, tags_to_apply, triggers_modification', [ (sub_key_1, KEY_WOW64_64KEY, key_all_attrs, value_all_attrs, {'check_all_yes'}, True), diff --git a/tests/integration/test_fim/test_registry/test_registry_multiple_registries/test_multiple_keys.py b/tests/integration/test_fim/test_registry/test_registry_multiple_registries/test_multiple_keys.py index 569badbaec..ab6b4cfcf6 100644 --- a/tests/integration/test_fim/test_registry/test_registry_multiple_registries/test_multiple_keys.py +++ b/tests/integration/test_fim/test_registry/test_registry_multiple_registries/test_multiple_keys.py @@ -103,7 +103,7 @@ def get_configuration(request): # Test -@pytest.mark.skipif(sys.platform == 'win32', reason="Blocked for Issue #4077. When fixed this should be unblocked") +@pytest.mark.skipif(sys.platform=='win32', reason="Blocked by #4077.") @pytest.mark.parametrize('tags_to_apply', [({'multiple_keys'})]) def test_multiple_keys(tags_to_apply, get_configuration, configure_environment, restart_syscheckd): ''' diff --git a/tests/integration/test_fim/test_registry/test_registry_nodiff/test_registry_no_diff.py b/tests/integration/test_fim/test_registry/test_registry_nodiff/test_registry_no_diff.py index d0fc7a0dbe..b043c91164 100644 --- a/tests/integration/test_fim/test_registry/test_registry_nodiff/test_registry_no_diff.py +++ b/tests/integration/test_fim/test_registry/test_registry_nodiff/test_registry_no_diff.py @@ -108,7 +108,7 @@ def get_configuration(request): return request.param -@pytest.mark.skipif(sys.platform == 'win32', reason="Blocked for Issue #4077. When fixed this should be unblocked") +@pytest.mark.skipif(sys.platform=='win32', reason="Blocked by #4077.") @pytest.mark.parametrize('key, subkey, arch, value_name, truncated, tags_to_apply', [ (key, sub_key_1, KEY_WOW64_64KEY, no_diff_value, True, {'no_diff_str'}), (key, sub_key_1, KEY_WOW64_64KEY, "some_value", False, {'no_diff_str'}), diff --git a/tests/integration/test_fim/test_registry/test_registry_report_changes/test_disk_quota/test_registry_disk_quota_values.py b/tests/integration/test_fim/test_registry/test_registry_report_changes/test_disk_quota/test_registry_disk_quota_values.py index c544675356..70a585a0b7 100644 --- a/tests/integration/test_fim/test_registry/test_registry_report_changes/test_disk_quota/test_registry_disk_quota_values.py +++ b/tests/integration/test_fim/test_registry/test_registry_report_changes/test_disk_quota/test_registry_disk_quota_values.py @@ -104,7 +104,7 @@ def get_configuration(request): return request.param -@pytest.mark.skipif(sys.platform == 'win32', reason="Blocked for Issue #4077. When fixed this should be unblocked") +@pytest.mark.skipif(sys.platform=='win32', reason="Blocked by #4077.") @pytest.mark.parametrize("size", [(4096), (32768)]) @pytest.mark.parametrize("key, subkey, arch, value_name", [ diff --git a/tests/integration/test_fim/test_registry/test_registry_report_changes/test_registry_diff_size_limit_values.py b/tests/integration/test_fim/test_registry/test_registry_report_changes/test_registry_diff_size_limit_values.py index b1aacd6aaf..b43d195b0f 100644 --- a/tests/integration/test_fim/test_registry/test_registry_report_changes/test_registry_diff_size_limit_values.py +++ b/tests/integration/test_fim/test_registry/test_registry_report_changes/test_registry_diff_size_limit_values.py @@ -99,7 +99,7 @@ def get_configuration(request): return request.param -@pytest.mark.skipif(sys.platform == 'win32', reason="Blocked for Issue #4077. When fixed this should be unblocked") +@pytest.mark.skipif(sys.platform=='win32', reason="Blocked by #4077.") @pytest.mark.parametrize('size', [(4096), (16384)]) @pytest.mark.parametrize('key, subkey, arch, value_name', [ (WINDOWS_HKEY_LOCAL_MACHINE, MONITORED_KEY, KEY_WOW64_64KEY, 'some_value'), diff --git a/tests/integration/test_fim/test_registry/test_registry_report_changes/test_registry_file_size_values.py b/tests/integration/test_fim/test_registry/test_registry_report_changes/test_registry_file_size_values.py index e97397b866..656579944d 100644 --- a/tests/integration/test_fim/test_registry/test_registry_report_changes/test_registry_file_size_values.py +++ b/tests/integration/test_fim/test_registry/test_registry_report_changes/test_registry_file_size_values.py @@ -101,7 +101,7 @@ def get_configuration(request): return request.param -@pytest.mark.skipif(sys.platform == 'win32', reason="Blocked for Issue #4077. When fixed this should be unblocked") +@pytest.mark.skipif(sys.platform=='win32', reason="Blocked by #4077.") @pytest.mark.parametrize('size', [(4096), (16384)]) @pytest.mark.parametrize('key, subkey, arch, value_name', [ (WINDOWS_HKEY_LOCAL_MACHINE, MONITORED_KEY, KEY_WOW64_64KEY, "some_value"), diff --git a/tests/integration/test_fim/test_registry/test_registry_report_changes/test_registry_report_changes.py b/tests/integration/test_fim/test_registry/test_registry_report_changes/test_registry_report_changes.py index 9aa5b431dc..4bcba3d8e8 100644 --- a/tests/integration/test_fim/test_registry/test_registry_report_changes/test_registry_report_changes.py +++ b/tests/integration/test_fim/test_registry/test_registry_report_changes/test_registry_report_changes.py @@ -101,7 +101,7 @@ def get_configuration(request): return request.param -@pytest.mark.skipif(sys.platform == 'win32', reason="Blocked for Issue #4077. When fixed this should be unblocked") +@pytest.mark.skipif(sys.platform=='win32', reason="Blocked by #4077.") @pytest.mark.parametrize('key, subkey, arch, value_name, tags_to_apply', [ (key, sub_key_1, KEY_WOW64_64KEY, "some_value", {'test_report_changes'}), (key, sub_key_1, KEY_WOW64_32KEY, "some_value", {'test_report_changes'}), diff --git a/tests/integration/test_fim/test_registry/test_registry_report_changes/test_registry_report_changes_more_changes.py b/tests/integration/test_fim/test_registry/test_registry_report_changes/test_registry_report_changes_more_changes.py index 6c78ec4ed6..ede6173908 100644 --- a/tests/integration/test_fim/test_registry/test_registry_report_changes/test_registry_report_changes_more_changes.py +++ b/tests/integration/test_fim/test_registry/test_registry_report_changes/test_registry_report_changes_more_changes.py @@ -104,7 +104,7 @@ def get_configuration(request): return request.param -@pytest.mark.skipif(sys.platform == 'win32', reason="Blocked for Issue #4077. When fixed this should be unblocked") +@pytest.mark.skipif(sys.platform=='win32', reason="Blocked by #4077.") @pytest.mark.parametrize('key, subkey, arch, value_name, tags_to_apply', [ (key, sub_key_1, KEY_WOW64_64KEY, "some_value", {'test_report_changes'}), (key, sub_key_1, KEY_WOW64_32KEY, "some_value", {'test_report_changes'}), diff --git a/tests/integration/test_fim/test_registry/test_registry_restrict/test_registry_restrict.py b/tests/integration/test_fim/test_registry/test_registry_restrict/test_registry_restrict.py index 7c168a6f3b..9b13211aa0 100644 --- a/tests/integration/test_fim/test_registry/test_registry_restrict/test_registry_restrict.py +++ b/tests/integration/test_fim/test_registry/test_registry_restrict/test_registry_restrict.py @@ -105,7 +105,7 @@ def get_configuration(request): return request.param -@pytest.mark.skipif(sys.platform == 'win32', reason="Blocked for Issue #4077. When fixed this should be unblocked") +@pytest.mark.skipif(sys.platform=='win32', reason="Blocked by #4077.") @pytest.mark.parametrize('key, subkey, arch, value_name, triggers_event, tags_to_apply', [ (key, sub_key_1, KEY_WOW64_64KEY, valid_value_name, True, {'value_restrict'}), (key, sub_key_2, KEY_WOW64_32KEY, valid_value_name, True, {'value_restrict'}), diff --git a/tests/integration/test_fim/test_registry/test_registry_tags/test_registry_tags.py b/tests/integration/test_fim/test_registry/test_registry_tags/test_registry_tags.py index f921b05a5e..afcc2baa43 100644 --- a/tests/integration/test_fim/test_registry/test_registry_tags/test_registry_tags.py +++ b/tests/integration/test_fim/test_registry/test_registry_tags/test_registry_tags.py @@ -90,7 +90,7 @@ def get_configuration(request): return request.param -@pytest.mark.skipif(sys.platform == 'win32', reason="Blocked for Issue #4077. When fixed this should be unblocked") +@pytest.mark.skipif(sys.platform=='win32', reason="Blocked by #4077.") @pytest.mark.parametrize('key, subkey, arch', [ (key, sub_key, KEY_WOW64_32KEY), (key, sub_key, KEY_WOW64_64KEY), diff --git a/tests/integration/test_fim/test_synchronization/test_registry_responses_win32.py b/tests/integration/test_fim/test_synchronization/test_registry_responses_win32.py index 9b4eec9c63..a9f7940a79 100644 --- a/tests/integration/test_fim/test_synchronization/test_registry_responses_win32.py +++ b/tests/integration/test_fim/test_synchronization/test_registry_responses_win32.py @@ -93,7 +93,7 @@ def get_configuration(request): # tests -@pytest.mark.skip(sys.platform == 'win32', reason="Blocked for Issue #4077. When fixed this should be unblocked") +@pytest.mark.skip(sys.platform=='win32', reason="Blocked by #4077.") @pytest.mark.parametrize('key_name', [':subkey1', 'subkey2:', ':subkey3:']) @pytest.mark.parametrize('value_name', [':value1', 'value2:', ':value3:']) def test_registry_sync_after_restart(key_name, value_name, configure_local_internal_options_module, From c78a50c874a99ec4de574d273fe6e18e2c8d659b Mon Sep 17 00:00:00 2001 From: Deblintrake09 Date: Fri, 28 Apr 2023 08:45:49 -0300 Subject: [PATCH 14/18] docs(#3591): updated documentation --- CHANGELOG.md | 2 +- .../wazuh_testing/modules/fim/event_monitor.py | 6 +++--- .../test_ignore_works_over_restrict.py | 4 ++-- .../test_whodata_prevails_over_realtime.py | 12 ++++++------ 4 files changed, 12 insertions(+), 12 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 76b40db2fc..085348364c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -20,7 +20,7 @@ Release report: TBD - Add new module to support migration tool. ([#3837](https://github.com/wazuh/wazuh-qa/pull/3837)) ### Changed -- Update FIM test_ambiguous_confs IT to new framework ([#4121](https://github.com/wazuh/wazuh-qa/pull/4121)) \- (Tests) +- Update FIM test_ambiguous_confs IT to new framework ([#4121](https://github.com/wazuh/wazuh-qa/pull/4121)) \- (Tests + Framework) - Update `test_logcollector` invalid configs log level ([#4094](https://github.com/wazuh/wazuh-qa/pull/4094)) \- (Tests) - Update `test_office365` to support the new tag `API_TYPE` ([#4065](https://github.com/wazuh/wazuh-qa/pull/4065)) \- (Framework + Tests) - Update `test_wazuh_db` & `test_enrollment` to support new column `status_code` and new value on the enrollment `payload`. ([#4021](https://github.com/wazuh/wazuh-qa/pull/4021)) \- (Tests) diff --git a/deps/wazuh_testing/wazuh_testing/modules/fim/event_monitor.py b/deps/wazuh_testing/wazuh_testing/modules/fim/event_monitor.py index 2d23945539..0cedc43467 100644 --- a/deps/wazuh_testing/wazuh_testing/modules/fim/event_monitor.py +++ b/deps/wazuh_testing/wazuh_testing/modules/fim/event_monitor.py @@ -279,7 +279,7 @@ def callback_num_inotify_watches(line): """ Callback that detects if a line contains the folders monitored in realtime event Args: - line (String): string line to be checked by callback in File_Monitor. + line (String): string line to be checked by callback in FileMonitor. """ match = re.match(CB_FOLDERS_MONITORED_REALTIME, line) @@ -304,12 +304,12 @@ def callback_state_event_time(line): def callback_real_time_whodata_started(line): """ Callback that detects if a line contains "Whodata engine started" event Args: - line (String): string line to be checked by callback in File_Monitor. + line (String): string line to be checked by callback in FileMonitor. """ match = re.match(CB_REALTIME_WHODATA_ENGINE_STARTED, line) if match: return True - return True + return None diff --git a/tests/integration/test_fim/test_files/test_ambiguous_confs/test_ignore_works_over_restrict.py b/tests/integration/test_fim/test_files/test_ambiguous_confs/test_ignore_works_over_restrict.py index 43abcf0dd4..f2b9dd9f27 100644 --- a/tests/integration/test_fim/test_files/test_ambiguous_confs/test_ignore_works_over_restrict.py +++ b/tests/integration/test_fim/test_files/test_ambiguous_confs/test_ignore_works_over_restrict.py @@ -117,11 +117,11 @@ def test_ignore_works_over_restrict(configuration, metadata, set_wazuh_configura - Clean logs files and restart wazuh to apply the configuration. - test: - Create file and detect event creation event - - Validate Ignored event is generated with matching regex + - Validate ignored event is generated with matching regex - teardown: - Delete custom monitored folder - Restore configuration - - Stop wazuh + - Stop Wazuh wazuh_min_version: 4.2.0 diff --git a/tests/integration/test_fim/test_files/test_ambiguous_confs/test_whodata_prevails_over_realtime.py b/tests/integration/test_fim/test_files/test_ambiguous_confs/test_whodata_prevails_over_realtime.py index b1e90dc8db..16ed422c5c 100644 --- a/tests/integration/test_fim/test_files/test_ambiguous_confs/test_whodata_prevails_over_realtime.py +++ b/tests/integration/test_fim/test_files/test_ambiguous_confs/test_whodata_prevails_over_realtime.py @@ -171,14 +171,14 @@ def test_whodata_prevails_over_realtime(configuration, metadata, set_wazuh_confi event = wazuh_log_monitor.start(timeout=global_parameters.default_timeout, callback=callback_detect_event).result() - if (event['data']['mode'] != 'whodata' and event['data']['type'] != 'added' and - os.path.join(test_directories[0], filename) in event['data']['path']): - raise AssertionError('Event not found') + assert event['data']['mode'] == 'whodata', f"Unexpected event mode found:{event['data']['mode']}, expected whodata" + assert event['data']['type'] == 'added', f"Unexpected event type found:{event['data']['type']}, expected added" + assert os.path.join(test_directories[0], filename) in event['data']['path'], 'Unexpected file path found' delete_file(os.path.join(test_directories[0], filename)) event = wazuh_log_monitor.start(timeout=global_parameters.default_timeout, callback=callback_detect_event).result() - if (event['data']['mode'] != 'whodata' and event['data']['type'] != 'deleted' and - os.path.join(test_directories[0], filename) in event['data']['path']): - raise AssertionError('Event not found') + assert event['data']['mode'] == 'whodata', f"Unexpected event mode found:{event['data']['mode']}, expected whodata" + assert event['data']['type'] == 'deleted', f"Unexpected event type found:{event['data']['type']}, expected deleted" + assert os.path.join(test_directories[0], filename) in event['data']['path'], 'Unexpected file path found' From 9af9442d44c06d9cec3862cab523aae15e8bb3d4 Mon Sep 17 00:00:00 2001 From: Deblintrake09 Date: Fri, 28 Apr 2023 08:46:11 -0300 Subject: [PATCH 15/18] docs(#3591): improved test cases names --- .../cases_ignore_works_over_restrict.yaml | 18 +++++++++--------- .../cases_whodata_prevails_over_realtime.yaml | 4 ++-- .../data/test_cases/cases_whodata_thread.yaml | 4 ++-- 3 files changed, 13 insertions(+), 13 deletions(-) diff --git a/tests/integration/test_fim/test_files/test_ambiguous_confs/data/test_cases/cases_ignore_works_over_restrict.yaml b/tests/integration/test_fim/test_files/test_ambiguous_confs/data/test_cases/cases_ignore_works_over_restrict.yaml index c2724a39f6..05c566be34 100644 --- a/tests/integration/test_fim/test_files/test_ambiguous_confs/data/test_cases/cases_ignore_works_over_restrict.yaml +++ b/tests/integration/test_fim/test_files/test_ambiguous_confs/data/test_cases/cases_ignore_works_over_restrict.yaml @@ -1,4 +1,4 @@ -- name: Ignore file pattern over restrict regex (Scheduled mode) +- name: ignore_file_pattern_over_restrict_regex_scheduled description: Check ignore pattern is applied over restrict regex configuration_parameters: REALTIME: 'no' @@ -9,7 +9,7 @@ is_pattern: true fim_mode: scheduled -- name: Ignore file pattern over restrict regex (Realtime mode) +- name: ignore_file_pattern_over_restrict_regex_realtime description: Check ignore pattern is applied over restrict regex configuration_parameters: REALTIME: 'yes' @@ -20,7 +20,7 @@ is_pattern: true fim_mode: realtime -- name: Ignore file pattern over restrict regex (Whodata mode) +- name: ignore_file_pattern_over_restrict_regex_whodata description: Check ignore pattern is applied over restrict regex configuration_parameters: REALTIME: 'no' @@ -31,7 +31,7 @@ is_pattern: true fim_mode: whodata -- name: Ignore sregex over restrict regex - different regex (Scheduled mode) +- name: ignore_sregex_over_restrict_regex_different_regex_scheduled description: Check ignore with sregex is applied over restrict regex - Regexes are different configuration_parameters: REALTIME: 'no' @@ -42,7 +42,7 @@ is_pattern: false fim_mode: scheduled -- name: Ignore sregex over restrict regex - different regex (Realtime mode) +- name: ignore_sregex_over_restrict_regex_different_regex_realtime description: Check ignore with sregex is applied over restrict regex - Regexes are different configuration_parameters: REALTIME: 'yes' @@ -53,7 +53,7 @@ is_pattern: false fim_mode: realtime -- name: Ignore sregex over restrict regex - different regex (Whodata mode) +- name: ignore_sregex_over_restrict_regex_different_regex_whodata description: Check ignore with sregex is applied over restrict regex - Regexes are different configuration_parameters: REALTIME: 'no' @@ -64,7 +64,7 @@ is_pattern: false fim_mode: whodata -- name: Ignore sregex over restrict regex - same regex (Scheduled mode) +- name: ignore_sregex_over_restrict_regex_same_regex_scheduled description: Check ignore with sregex is applied over restrict regex - Regexes are the same configuration_parameters: REALTIME: 'no' @@ -75,7 +75,7 @@ is_pattern: false fim_mode: scheduled -- name: Ignore sregex over restrict regex - same regex (Realtime mode) +- name: ignore_sregex_over_restrict_regex_same_regex_realtime description: Check ignore with sregex is applied over restrict regex - Regexes are the same configuration_parameters: REALTIME: 'yes' @@ -86,7 +86,7 @@ is_pattern: false fim_mode: realtime -- name: Ignore sregex over restrict regex - same regex (Whodata mode) +- name: ignore_sregex_over_restrict_regex_same_regex_whodata description: Check ignore with sregex is applied over restrict regex - Regexes are the same configuration_parameters: REALTIME: 'no' diff --git a/tests/integration/test_fim/test_files/test_ambiguous_confs/data/test_cases/cases_whodata_prevails_over_realtime.yaml b/tests/integration/test_fim/test_files/test_ambiguous_confs/data/test_cases/cases_whodata_prevails_over_realtime.yaml index 3211f971ce..107c5d10d8 100644 --- a/tests/integration/test_fim/test_files/test_ambiguous_confs/data/test_cases/cases_whodata_prevails_over_realtime.yaml +++ b/tests/integration/test_fim/test_files/test_ambiguous_confs/data/test_cases/cases_whodata_prevails_over_realtime.yaml @@ -1,4 +1,4 @@ -- name: Whodata thread started with realtime enabled +- name: whodata_thread_started_with_realtime_enabled description: Check Whodata thread is enabled and is used with realtime enabled on same tag configuration_parameters: WHODATA: 'yes' @@ -6,7 +6,7 @@ metadata: fim_mode: whodata -- name: Whodata thread started with realtime disabled +- name: whodata_thread_started_with_realtime_disabled description: Check Whodata thread is enabled and is used with realtime disabled on same tag configuration_parameters: WHODATA: 'yes' diff --git a/tests/integration/test_fim/test_files/test_ambiguous_confs/data/test_cases/cases_whodata_thread.yaml b/tests/integration/test_fim/test_files/test_ambiguous_confs/data/test_cases/cases_whodata_thread.yaml index 1ed35e295e..1aebbc0c06 100644 --- a/tests/integration/test_fim/test_files/test_ambiguous_confs/data/test_cases/cases_whodata_thread.yaml +++ b/tests/integration/test_fim/test_files/test_ambiguous_confs/data/test_cases/cases_whodata_thread.yaml @@ -1,4 +1,4 @@ -- name: Whodata thread Disabled +- name: whodata_thread_disabled description: Check Whodata thread is disabled when last directory has it set to 'no' configuration_parameters: WHODATA1: 'yes' @@ -7,7 +7,7 @@ fim_mode: whodata whodata_enabled: false -- name: Whodata thread Enabled +- name: whodata_thread_enabled description: Check Whodata thread is enabled when last directory has it set to 'yes' configuration_parameters: WHODATA1: 'no' From d7067af7037f8d8d307393cb37d85b6c4f8a51d0 Mon Sep 17 00:00:00 2001 From: Deblintrake09 Date: Fri, 28 Apr 2023 08:50:08 -0300 Subject: [PATCH 16/18] docs(#3591): updated documentation --- .../wazuh_testing/modules/fim/event_monitor.py | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/deps/wazuh_testing/wazuh_testing/modules/fim/event_monitor.py b/deps/wazuh_testing/wazuh_testing/modules/fim/event_monitor.py index 0cedc43467..131a51a14c 100644 --- a/deps/wazuh_testing/wazuh_testing/modules/fim/event_monitor.py +++ b/deps/wazuh_testing/wazuh_testing/modules/fim/event_monitor.py @@ -191,7 +191,7 @@ def callback_integrity_message(line): def callback_integrity_sync_message(line): """ Callback that detects if a line contains a integrity sync event Args: - line (String): string line to be checked by callback in File_Monitor. + line (String): string line to be checked by callback in FileMonitor. Returns: List: returns a list with formated datetime, And the event's JSON data. """ @@ -204,7 +204,7 @@ def callback_integrity_sync_message(line): def callback_detect_integrity_check_global(line): """ Callback that detects if a line contains an 'integrity_check_global' event Args: - line (String): string line to be checked by callback in File_Monitor. + line (String): string line to be checked by callback in FileMonitor. Returns: JSON: returns event's JSON data. """ @@ -219,7 +219,7 @@ def callback_detect_file_integrity_event(line): """ Callback that detects if a line contains a file integrity event Args: - line (String): string line to be checked by callback in File_Monitor. + line (String): string line to be checked by callback in FileMonitor. """ event = callback_detect_integrity_control_event(line) if event and event['component'] == 'fim_file': @@ -240,7 +240,7 @@ def callback_detect_registry_integrity_event(line): """ Callback that detects if a line contains a registry integrity event for a registry_key or registry_value Args: - line (String): string line to be checked by callback in File_Monitor. + line (String): string line to be checked by callback in FileMonitor. """ event = callback_detect_integrity_control_event(line) if event and event['component'] == 'fim_registry_key': @@ -254,7 +254,7 @@ def callback_detect_registry_integrity_state_event(line): """ Callback that detects if a line contains a registry integrity event of the state type Args: - line (String): string line to be checked by callback in File_Monitor. + line (String): string line to be checked by callback in FileMonitor. """ event = callback_detect_registry_integrity_event(line) if event and event['type'] == 'state': @@ -317,7 +317,7 @@ def callback_detect_registry_integrity_clear_event(line): """ Callback that detects if a line contains a registry integrity_clear event Args: - line (String): string line to be checked by callback in File_Monitor. + line (String): string line to be checked by callback in FileMonitor. """ event = callback_detect_integrity_control_event(line) if event and event['component'] == 'fim_registry_key' and event['type'] == 'integrity_clear': From 78f1c5672e3be05e4f8b84a9812aacb96965b2a5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andr=C3=A9s=20Carmelo=20Micalizzi=20Casali?= Date: Fri, 28 Apr 2023 10:32:15 -0300 Subject: [PATCH 17/18] docs(#3591): improve create_registry logger --- deps/wazuh_testing/wazuh_testing/modules/fim/utils.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/deps/wazuh_testing/wazuh_testing/modules/fim/utils.py b/deps/wazuh_testing/wazuh_testing/modules/fim/utils.py index 9741c77605..149e729e68 100644 --- a/deps/wazuh_testing/wazuh_testing/modules/fim/utils.py +++ b/deps/wazuh_testing/wazuh_testing/modules/fim/utils.py @@ -104,12 +104,13 @@ def create_registry(key, subkey, arch): if sys.platform == 'win32': try: key = win32api.RegCreateKeyEx(key, subkey, win32con.KEY_ALL_ACCESS | arch) - + logger.info("Created registry key " + str(os.path.join(fim.registry_class_name[key], subkey))) return key[0] # Ignore the flag that RegCreateKeyEx returns except OSError as e: logger.warning(f"Registry could not be created: {e}") except pywintypes.error as e: logger.warning(f"Registry could not be created: {e}") + def modify_key_perms(key, subkey, arch, user): From 21d8ab54050bd28b958a776ca3d4b983ba79b37f Mon Sep 17 00:00:00 2001 From: Deblintrake09 Date: Thu, 4 May 2023 20:22:32 -0300 Subject: [PATCH 18/18] fix(#3591): add markers to refactored tests --- .../test_ambiguous_confs/test_ignore_works_over_restrict.py | 2 +- .../test_ambiguous_confs/test_whodata_prevails_over_realtime.py | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/integration/test_fim/test_files/test_ambiguous_confs/test_ignore_works_over_restrict.py b/tests/integration/test_fim/test_files/test_ambiguous_confs/test_ignore_works_over_restrict.py index f2b9dd9f27..74e22b2eac 100644 --- a/tests/integration/test_fim/test_files/test_ambiguous_confs/test_ignore_works_over_restrict.py +++ b/tests/integration/test_fim/test_files/test_ambiguous_confs/test_ignore_works_over_restrict.py @@ -73,7 +73,7 @@ from wazuh_testing.modules.fim import FIM_DEFAULT_LOCAL_INTERNAL_OPTIONS as local_internal_options # Marks -pytestmark = pytest.mark.tier(level=2) +pytestmark = [pytest.mark.linux, pytest.mark.win32, pytest.mark.tier(level=2)] # Variables test_directories = [os.path.join(PREFIX, 'testdir1'), os.path.join(PREFIX, 'testdir2')] diff --git a/tests/integration/test_fim/test_files/test_ambiguous_confs/test_whodata_prevails_over_realtime.py b/tests/integration/test_fim/test_files/test_ambiguous_confs/test_whodata_prevails_over_realtime.py index 16ed422c5c..f780717a15 100644 --- a/tests/integration/test_fim/test_files/test_ambiguous_confs/test_whodata_prevails_over_realtime.py +++ b/tests/integration/test_fim/test_files/test_ambiguous_confs/test_whodata_prevails_over_realtime.py @@ -69,7 +69,7 @@ # Marks -pytestmark = pytest.mark.tier(level=2) +pytestmark = [pytest.mark.linux, pytest.mark.win32, pytest.mark.tier(level=2)] # Variables test_directories = [os.path.join(PREFIX, 'testdir1')]