From b8d0df4598c074c98d8567850a057f9eebdd41ca Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Seyla=20D=C3=A1maris=20Gomez?= Date: Thu, 24 Aug 2023 15:20:22 -0300 Subject: [PATCH] Merge 4.6.0 into 4.7.0 (#4459) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * docs(#3786): update changelog.md * feat(#3786): new event_monitors * fix(#3786): recursive_directory_creation perms * feat(#3786): new fixture * fix(#3786): configuration imports * feat(#3786): new test module * docs(#3786): update changelog.md * style(#3786): fix indentation and whitelines * style(#3786): fix indentation * feat(#3693): add cases and configuration files * feat(#3693): add test_registry_wildcards module * feat(#3693): add new callbacks and event_monitor * docs(#3693): update changelog.md * style(#3693): fix whitelines * feat(#4281): New invalid decoder test case for wazuh-logtest * fix(#4281): Fix invalid_decoder_syntax.yaml file line lengths * feat(#4325): upgrade pyyaml to 6.0.1 * feat: bump version 4.5.2 * fix(#4275): modified year field in test_update_from_year * fix(#4275): update custom feeds to NVD 2.0 structure * fix(#4275): deprecate NVD update_from_year option and related changes * fix(#4275): NVD feed must be in one line * fix(#4275): more NVD feed one line fix * style(#4275): fix quoted errors in YAML file * style(#4275): added changelog entry and fixed indexing problems * Merge 4.5.2 into 4.6.0 (#4348) * feat(#4281): New invalid decoder test case for wazuh-logtest * fix(#4281): Fix invalid_decoder_syntax.yaml file line lengths * feat(#4325): upgrade pyyaml to 6.0.1 * feat: bump version 4.5.2 * refactor(#4344): Add space to version json * feat(#4344): add Release section --------- Co-authored-by: Vikman Fernandez-Castro Co-authored-by: Victor M. Fernandez-Castro Co-authored-by: jnasselle Co-authored-by: Julia Co-authored-by: Julia Magán <80041853+juliamagan@users.noreply.github.com> Co-authored-by: David Jose Iglesias Lopez Co-authored-by: Víctor Rebollo Pérez * Move 4.5.0 `CHANGELOG.md` changes to 4.6.0 (#4331) * Fix registry wildcards path (#4357) * fix(#4356): fix configuration_templates path * docs(#4356): update test wazuh_min_version * fix(#3786): imports and paths * fix: delete update_from_year for nvd * Added new test to verify every check tag in configuration * feat(#3723): Adds custom AlmaLinux OVAL feed * feat(#3723): Adds AlmaLinux to test_providers vd tests * feat(#3723): Adds AlmaLinux to test_scan_results vd tests * feat(#3723): Adds AlmaLinux to test_feeds vd tests * feat(#3723): Adds AlmaLinux to the remaining vd tests description * feat(#3723): Adds AlmaLinux init configurations * style(#3723): minor fixes * style(#3723): Formatting .yaml files according to linting test * fix: renamed syscollector wmodules prefix * fix(#4336): fix flaky test. * style(#4336): add missing line * fix(#4336): fix test logic * docs: include 4382 to changelog * fix(#4231): fix canonical tests * style(#3723): Fixing formatting for AlmaLinux .yaml config file * docs: include affected component to changelog Co-Authored-By: Juan Nicolas Asselle * Fix FIM framework to validate path in event correctly * docs: update changelog * docs: update changelog * refactor: rename discard cases files * feat: add cloudwatch and inspector discard regex tests and cases * docs: add changelog entry * fix(#4368): Change test and config file * docs(#4368): update changelog * Fixed error related to logs format in reliability test (#4387) * fix(#4365): Adds new logs validations for Agent-groups_recv.yaml * fix(#4635): Remove single quotes * fix(#4635): Updates log messages * fix(#4635): Adds new line at end of Agent-groups_recv.yaml * fix(#4635): Adds PR to changelog. * fix(#4365): Update to changelog * fix(#4365): Update changelog. --------- Co-authored-by: GGP1 Co-authored-by: mauromalara * docs: modify changelog and test cases descriptions * fix(#4423): fix NVD custom feed * Merge 4.5.2 into 4.6.0 (#4458) * refactor: bump revision * Fix package name in one_manager_agent system test environment * Add fix to changelog * Update CHANGELOG.md Co-authored-by: Víctor Rebollo Pérez * Update CHANGELOG.md Co-authored-by: Víctor Rebollo Pérez * Merge 4.5.1 into 4.5.2 (#4457) * fix: update VD validate xml test RHEL url * docs: include 4424 in changelog * fix(#4231): fix canonical tests * docs: change changelog line to include all changes * fix(#4411): Upgrading integration test dependencies for python in Mac (#4427) * docs: update changelog * docs: update changelog * docs: delete extra number sign * refactor: bump revision * Change revision to 4.5.1-rc2 (#4435) * Update Changelog --------- Co-authored-by: Víctor Rebollo Pérez Co-authored-by: BelenValdivia Co-authored-by: Jorge Marino Co-authored-by: Julia Magán <80041853+juliamagan@users.noreply.github.com> Co-authored-by: Julia --------- Co-authored-by: Julia Co-authored-by: Julia Magán <80041853+juliamagan@users.noreply.github.com> Co-authored-by: Miguel Verdaguer Velázquez Co-authored-by: Víctor Rebollo Pérez Co-authored-by: BelenValdivia Co-authored-by: Jorge Marino --------- Co-authored-by: Deblintrake09 Co-authored-by: Vikman Fernandez-Castro Co-authored-by: Victor M. Fernandez-Castro Co-authored-by: jnasselle Co-authored-by: Julia Co-authored-by: Julia Magán <80041853+juliamagan@users.noreply.github.com> Co-authored-by: David Jose Iglesias Lopez Co-authored-by: lsayanes Co-authored-by: Leonardo Quiceno Co-authored-by: Mateo Cervilla Co-authored-by: lsayanes Co-authored-by: Marcel Kemp Co-authored-by: Víctor Rebollo Pérez Co-authored-by: Octavio Valle Co-authored-by: Jose Luis Carreras Marin Co-authored-by: Matias Pereyra Co-authored-by: mauromalara Co-authored-by: BelenValdivia Co-authored-by: Facundo Dalmau Co-authored-by: Selutario Co-authored-by: Eduardo Co-authored-by: Javier Castro Co-authored-by: Federico Ramos <37565679+RamosFe@users.noreply.github.com> Co-authored-by: GGP1 Co-authored-by: Miguel Verdaguer Velázquez Co-authored-by: Jorge Marino --- CHANGELOG.md | 37 ++ tests/integration/README.md | 2 +- ...> configuration_bucket_discard_regex.yaml} | 0 ...uration_cloudwatch_discard_regex_json.yaml | 23 + ..._cloudwatch_discard_regex_simple_text.yaml | 21 + ...configuration_inspector_discard_regex.yaml | 21 + ...x.yaml => cases_bucket_discard_regex.yaml} | 0 .../cases_cloudwatch_discard_regex_json.yaml | 19 + ..._cloudwatch_discard_regex_simple_text.yaml | 17 + .../cases_inspector_discard_regex.yaml | 17 + .../test_aws/test_discard_regex.py | 415 +++++++++++++++++- .../test_registry_wildcards.py | 2 +- .../data/feeds/nvd/custom_nvd_feed.json | 2 +- .../cases_validate_xml_feed_content.yaml | 2 +- .../data/Agent-groups_recv.yaml | 55 +++ .../data/Agent-groups_recv.yml | 61 --- .../roles/agent-role/tasks/main.yml | 2 +- .../{cluster_json.yml => cluster_json.yaml} | 2 +- .../test_integrity_sync.py | 4 +- 19 files changed, 617 insertions(+), 85 deletions(-) rename tests/integration/test_aws/data/configuration_template/discard_regex_test_module/{configuration_discard_regex.yaml => configuration_bucket_discard_regex.yaml} (100%) create mode 100644 tests/integration/test_aws/data/configuration_template/discard_regex_test_module/configuration_cloudwatch_discard_regex_json.yaml create mode 100644 tests/integration/test_aws/data/configuration_template/discard_regex_test_module/configuration_cloudwatch_discard_regex_simple_text.yaml create mode 100644 tests/integration/test_aws/data/configuration_template/discard_regex_test_module/configuration_inspector_discard_regex.yaml rename tests/integration/test_aws/data/test_cases/discard_regex_test_module/{cases_discard_regex.yaml => cases_bucket_discard_regex.yaml} (100%) create mode 100644 tests/integration/test_aws/data/test_cases/discard_regex_test_module/cases_cloudwatch_discard_regex_json.yaml create mode 100644 tests/integration/test_aws/data/test_cases/discard_regex_test_module/cases_cloudwatch_discard_regex_simple_text.yaml create mode 100644 tests/integration/test_aws/data/test_cases/discard_regex_test_module/cases_inspector_discard_regex.yaml create mode 100644 tests/reliability/test_cluster/test_cluster_logs/test_cluster_worker_logs_order/data/Agent-groups_recv.yaml delete mode 100644 tests/reliability/test_cluster/test_cluster_logs/test_cluster_worker_logs_order/data/Agent-groups_recv.yml rename tests/system/test_cluster/test_integrity_sync/data/{cluster_json.yml => cluster_json.yaml} (69%) diff --git a/CHANGELOG.md b/CHANGELOG.md index 117dcb2c28..578c08c80f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -28,6 +28,7 @@ Release report: TBD ### Added +- Add new test cases for the `discard_regex` functionality of `CloudWatchLogs` and `Inspector` services. ([#4278](https://github.com/wazuh/wazuh-qa/pull/4278)) \- (Tests) - Add Windows location wildcards tests ([#4263](https://github.com/wazuh/wazuh-qa/pull/4263)) \- (Tests + Framework) - New 'SCA' test suite and framework. ([#3566](https://github.com/wazuh/wazuh-qa/pull/3566)) \- (Framework + Tests) - Add integration tests for AWS module. ([#3911](https://github.com/wazuh/wazuh-qa/pull/3911)) \- (Framework + Tests + Documentation) @@ -69,6 +70,7 @@ Release report: TBD ### Fixed +- Fix an error related to logs format in reliability test ([#4387](https://github.com/wazuh/wazuh-qa/pull/4387)) \- (Tests) - Fix boto3 version requirement for legacy OS ([#4150](https://github.com/wazuh/wazuh-qa/pull/4150)) \- (Framework) - Fix cases yaml of the analysisd windows registry IT ([#4149](https://github.com/wazuh/wazuh-qa/pull/4149)) \- (Tests) - Fix a bug in on Migration tool's library ([#4106](https://github.com/wazuh/wazuh-qa/pull/4106)) \- (Framework) @@ -76,6 +78,41 @@ Release report: TBD - Fix a regex error in the FIM integration tests ([#3061](https://github.com/wazuh/wazuh-qa/issues/3061)) \- (Framework + Tests) - Fix an error in the cluster performance tests related to CSV parser ([#2999](https://github.com/wazuh/wazuh-qa/pull/2999)) \- (Framework + Tests) - Fix bug in the framework on migration tool ([#4027](https://github.com/wazuh/wazuh-qa/pull/4027)) \- (Framework) +- Fix test cluster / integrity sync system test and configuration to avoid flaky behavior ([#4406](https://github.com/wazuh/wazuh-qa/pull/4406)) \- (Tests) + +## [4.5.2] - TBD + +Wazuh commit: TBD \ +Release report: TBD + +### Changed + +- Fix one_manager_agent environment provisioning by packages for system tests ([#4438](https://github.com/wazuh/wazuh-qa/pull/4438)) \- (Framework) + +## [4.5.1] - 24-08-2023 + +Wazuh commit: https://github.com/wazuh/wazuh/commit/731cdf39a430d2fb6fa02f3721624e07f887b02f +Release report: https://github.com/wazuh/wazuh/issues/18475 + +### Added + +- Add an integration test to check the wazuh-analysisd's decoder parser ([#4286](https://github.com/wazuh/wazuh-qa/pull/4286)) \- (Tests) + +### Changed + +- Update python integration test dependencies in the README ([#4427](https://github.com/wazuh/wazuh-qa/pull/4427)) \- (Documentation) +- Update vulnerability detector IT outdated URLs ([#4428](https://github.com/wazuh/wazuh-qa/pull/4428)) \- (Tests) + +## [4.5.0] - 11-08-2023 + +Wazuh commit: https://github.com/wazuh/wazuh/commit/f6aba151d08ef065dfc1bdc9b8885c3d4f618fca +Release report: https://github.com/wazuh/wazuh/issues/18235 + +### Changed + +- Delete `update_from_year` from system and E2E tests configuration ([#4372](https://github.com/wazuh/wazuh-qa/pull/4372)) \- (Tests) +- Upgrade PyYAML to 6.0.1. ([#4326](https://github.com/wazuh/wazuh-qa/pull/4326)) \- (Framework) +- Change Vulnerability Detector ITs to support the development of the NVD 2.0 refactor. ([#4327](https://github.com/wazuh/wazuh-qa/pull/4327)) \- (Tests) ## [4.5.2] - TBD diff --git a/tests/integration/README.md b/tests/integration/README.md index 6a1d804772..85e5332b90 100644 --- a/tests/integration/README.md +++ b/tests/integration/README.md @@ -117,7 +117,7 @@ brew install python3 brew install autoconf automake libtool # Install Python libraries -pip3 install pytest freezegun jq jsonschema pyyaml==5.4 psutil paramiko distro pandas==0.25.3 pytest-html==2.0.1 numpydoc==0.9.2 +pip3 install filetype freezegun jq jsonschema lockfile numpydoc psutil pytest-html pytest-testinfra pyyaml ``` - Add some internal options and restart diff --git a/tests/integration/test_aws/data/configuration_template/discard_regex_test_module/configuration_discard_regex.yaml b/tests/integration/test_aws/data/configuration_template/discard_regex_test_module/configuration_bucket_discard_regex.yaml similarity index 100% rename from tests/integration/test_aws/data/configuration_template/discard_regex_test_module/configuration_discard_regex.yaml rename to tests/integration/test_aws/data/configuration_template/discard_regex_test_module/configuration_bucket_discard_regex.yaml diff --git a/tests/integration/test_aws/data/configuration_template/discard_regex_test_module/configuration_cloudwatch_discard_regex_json.yaml b/tests/integration/test_aws/data/configuration_template/discard_regex_test_module/configuration_cloudwatch_discard_regex_json.yaml new file mode 100644 index 0000000000..d25c21bc4d --- /dev/null +++ b/tests/integration/test_aws/data/configuration_template/discard_regex_test_module/configuration_cloudwatch_discard_regex_json.yaml @@ -0,0 +1,23 @@ +- sections: + - section: wodle + attributes: + - name: aws-s3 + elements: + - disabled: + value: 'no' + - service: + attributes: + - type: SERVICE_TYPE + elements: + - aws_profile: + value: qa + - aws_log_groups: + value: LOG_GROUP_NAME + - only_logs_after: + value: ONLY_LOGS_AFTER + - regions: + value: REGIONS + - discard_regex: + attributes: + - field: DISCARD_FIELD + value: DISCARD_REGEX diff --git a/tests/integration/test_aws/data/configuration_template/discard_regex_test_module/configuration_cloudwatch_discard_regex_simple_text.yaml b/tests/integration/test_aws/data/configuration_template/discard_regex_test_module/configuration_cloudwatch_discard_regex_simple_text.yaml new file mode 100644 index 0000000000..cb433b979f --- /dev/null +++ b/tests/integration/test_aws/data/configuration_template/discard_regex_test_module/configuration_cloudwatch_discard_regex_simple_text.yaml @@ -0,0 +1,21 @@ +- sections: + - section: wodle + attributes: + - name: aws-s3 + elements: + - disabled: + value: 'no' + - service: + attributes: + - type: SERVICE_TYPE + elements: + - aws_profile: + value: qa + - aws_log_groups: + value: LOG_GROUP_NAME + - only_logs_after: + value: ONLY_LOGS_AFTER + - regions: + value: REGIONS + - discard_regex: + value: DISCARD_REGEX diff --git a/tests/integration/test_aws/data/configuration_template/discard_regex_test_module/configuration_inspector_discard_regex.yaml b/tests/integration/test_aws/data/configuration_template/discard_regex_test_module/configuration_inspector_discard_regex.yaml new file mode 100644 index 0000000000..fd4086fb9f --- /dev/null +++ b/tests/integration/test_aws/data/configuration_template/discard_regex_test_module/configuration_inspector_discard_regex.yaml @@ -0,0 +1,21 @@ +- sections: + - section: wodle + attributes: + - name: aws-s3 + elements: + - disabled: + value: 'no' + - service: + attributes: + - type: SERVICE_TYPE + elements: + - aws_profile: + value: qa + - only_logs_after: + value: ONLY_LOGS_AFTER + - regions: + value: REGIONS + - discard_regex: + attributes: + - field: DISCARD_FIELD + value: DISCARD_REGEX diff --git a/tests/integration/test_aws/data/test_cases/discard_regex_test_module/cases_discard_regex.yaml b/tests/integration/test_aws/data/test_cases/discard_regex_test_module/cases_bucket_discard_regex.yaml similarity index 100% rename from tests/integration/test_aws/data/test_cases/discard_regex_test_module/cases_discard_regex.yaml rename to tests/integration/test_aws/data/test_cases/discard_regex_test_module/cases_bucket_discard_regex.yaml diff --git a/tests/integration/test_aws/data/test_cases/discard_regex_test_module/cases_cloudwatch_discard_regex_json.yaml b/tests/integration/test_aws/data/test_cases/discard_regex_test_module/cases_cloudwatch_discard_regex_json.yaml new file mode 100644 index 0000000000..fd3836cc7e --- /dev/null +++ b/tests/integration/test_aws/data/test_cases/discard_regex_test_module/cases_cloudwatch_discard_regex_json.yaml @@ -0,0 +1,19 @@ +- name: cloudwatch_discard_regex_json + description: > + CloudWatch configuration for an event being discarded when the regex matches + the content in the specified field inside the incoming JSON log + configuration_parameters: + SERVICE_TYPE: cloudwatchlogs + LOG_GROUP_NAME: wazuh-cloudwatchlogs-integration-tests + REGIONS: us-east-1 + DISCARD_FIELD: networkInterfaces.networkInterfaceId + DISCARD_REGEX: .*eni-networkInterfaceId* + ONLY_LOGS_AFTER: 2023-JUL-03 + metadata: + service_type: cloudwatchlogs + log_group_name: wazuh-cloudwatchlogs-integration-tests + only_logs_after: 2023-JUL-03 + discard_field: networkInterfaces.networkInterfaceId + discard_regex: .*eni-networkInterfaceId.* + regions: us-east-1 + found_logs: 1 diff --git a/tests/integration/test_aws/data/test_cases/discard_regex_test_module/cases_cloudwatch_discard_regex_simple_text.yaml b/tests/integration/test_aws/data/test_cases/discard_regex_test_module/cases_cloudwatch_discard_regex_simple_text.yaml new file mode 100644 index 0000000000..d10325cd04 --- /dev/null +++ b/tests/integration/test_aws/data/test_cases/discard_regex_test_module/cases_cloudwatch_discard_regex_simple_text.yaml @@ -0,0 +1,17 @@ +- name: cloudwatch_discard_regex_simple_text + description: > + CloudWatch configuration for an event being discarded when the regex matches + the content inside the incoming simple text log + configuration_parameters: + SERVICE_TYPE: cloudwatchlogs + LOG_GROUP_NAME: wazuh-cloudwatchlogs-integration-tests + REGIONS: us-east-1 + DISCARD_REGEX: .*Test.* + ONLY_LOGS_AFTER: 2023-JAN-12 + metadata: + service_type: cloudwatchlogs + log_group_name: wazuh-cloudwatchlogs-integration-tests + only_logs_after: 2023-JAN-12 + discard_regex: .*Test.* + regions: us-east-1 + found_logs: 3 diff --git a/tests/integration/test_aws/data/test_cases/discard_regex_test_module/cases_inspector_discard_regex.yaml b/tests/integration/test_aws/data/test_cases/discard_regex_test_module/cases_inspector_discard_regex.yaml new file mode 100644 index 0000000000..0af561d13f --- /dev/null +++ b/tests/integration/test_aws/data/test_cases/discard_regex_test_module/cases_inspector_discard_regex.yaml @@ -0,0 +1,17 @@ +- name: inspector_discard_regex + description: > + Inspector configuration for an event being discarded when the regex matches + the content in the specified field inside the incoming JSON log + configuration_parameters: + SERVICE_TYPE: inspector + REGIONS: us-east-1 + DISCARD_FIELD: assetAttributes.tags.value + DISCARD_REGEX: .*inspector-integration-test.* + ONLY_LOGS_AFTER: 2023-JAN-12 + metadata: + service_type: inspector + only_logs_after: 2023-JAN-12 + discard_field: assetAttributes.tags.value + discard_regex: .*inspector-integration-test.* + regions: us-east-1 + found_logs: 4 diff --git a/tests/integration/test_aws/test_discard_regex.py b/tests/integration/test_aws/test_discard_regex.py index f18b783061..63130ee238 100644 --- a/tests/integration/test_aws/test_discard_regex.py +++ b/tests/integration/test_aws/test_discard_regex.py @@ -3,7 +3,7 @@ import pytest from wazuh_testing import T_20, TEMPLATE_DIR, TEST_CASES_DIR, global_parameters from wazuh_testing.modules.aws import event_monitor, local_internal_options # noqa: F401 -from wazuh_testing.modules.aws.db_utils import s3_db_exists +from wazuh_testing.modules.aws.db_utils import s3_db_exists, services_db_exists from wazuh_testing.tools.configuration import ( get_test_cases_data, load_configuration_template, @@ -11,31 +11,32 @@ pytestmark = [pytest.mark.server] - # Generic vars MODULE = 'discard_regex_test_module' TEST_DATA_PATH = os.path.join(os.path.dirname(os.path.realpath(__file__)), 'data') CONFIGURATIONS_PATH = os.path.join(TEST_DATA_PATH, TEMPLATE_DIR, MODULE) TEST_CASES_PATH = os.path.join(TEST_DATA_PATH, TEST_CASES_DIR, MODULE) -# ---------------------------------------------------- TEST_PATH ------------------------------------------------------- -configurations_path = os.path.join(CONFIGURATIONS_PATH, 'configuration_discard_regex.yaml') -cases_path = os.path.join(TEST_CASES_PATH, 'cases_discard_regex.yaml') +# --------------------------------------------- TEST_BUCKET_DISCARD_REGEX --------------------------------------------- +t0_configurations_path = os.path.join(CONFIGURATIONS_PATH, 'configuration_bucket_discard_regex.yaml') +t0_cases_path = os.path.join(TEST_CASES_PATH, 'cases_bucket_discard_regex.yaml') -configuration_parameters, configuration_metadata, case_ids = get_test_cases_data(cases_path) -configurations = load_configuration_template( - configurations_path, configuration_parameters, configuration_metadata +t0_configuration_parameters, t0_configuration_metadata, t0_case_ids = get_test_cases_data(t0_cases_path) +t0_configurations = load_configuration_template( + t0_configurations_path, t0_configuration_parameters, t0_configuration_metadata ) @pytest.mark.tier(level=0) -@pytest.mark.parametrize('configuration, metadata', zip(configurations, configuration_metadata), ids=case_ids) -def test_discard_regex( - configuration, metadata, load_wazuh_basic_configuration, set_wazuh_configuration, clean_s3_cloudtrail_db, - configure_local_internal_options_function, truncate_monitored_files, restart_wazuh_function, file_monitoring, +@pytest.mark.parametrize('configuration, metadata', zip(t0_configurations, t0_configuration_metadata), ids=t0_case_ids) +def test_bucket_discard_regex( + configuration, metadata, load_wazuh_basic_configuration, set_wazuh_configuration, clean_s3_cloudtrail_db, + configure_local_internal_options_function, truncate_monitored_files, restart_wazuh_function, file_monitoring, ): """ - description: Fetch logs excluding the ones that match with the regex. + description: Check that some bucket logs are excluded when the regex and field defined in + match an event. + test_phases: - setup: - Load Wazuh light configuration. @@ -52,7 +53,9 @@ def test_discard_regex( - Truncate wazuh logs. - Restore initial configuration, both ossec.conf and local_internal_options.conf. - Delete the uploaded file + wazuh_min_version: 4.6.0 + parameters: - configuration: type: dict @@ -81,13 +84,15 @@ def test_discard_regex( - file_monitoring: type: fixture brief: Handle the monitoring of a specified file. + assertions: - Check in the log that the module was called with correct parameters. - Check the expected number of events were forwarded to analysisd. - Check the database was created and updated accordingly. + input_description: - - The `configuration_discard_regex` file provides the module configuration for this test. - - The `cases_discard_regex` file provides the test cases. + - The `configuration_bucket_discard_regex` file provides the module configuration for this test. + - The `cases_bucket_discard_regex` file provides the test cases. """ bucket_name = metadata['bucket_name'] bucket_type = metadata['bucket_type'] @@ -98,7 +103,8 @@ def test_discard_regex( skipped_logs = metadata['skipped_logs'] path = metadata['path'] if 'path' in metadata else None - pattern = fr'.*The "{discard_regex}" regex found a match in the "{discard_field}" field. The event will be skipped.' + pattern = fr'.*The "{discard_regex}" regex found a match in the "{discard_field}" field.' \ + ' The event will be skipped.' parameters = [ 'wodles/aws/aws-s3', @@ -140,3 +146,380 @@ def test_discard_regex( ).result() assert s3_db_exists() + + +# ----------------------------------------- TEST_CLOUDWATCH_DISCARD_REGEX_JSON ---------------------------------------- +t1_configurations_path = os.path.join(CONFIGURATIONS_PATH, 'configuration_cloudwatch_discard_regex_json.yaml') +t1_cases_path = os.path.join(TEST_CASES_PATH, 'cases_cloudwatch_discard_regex_json.yaml') + +t1_configuration_parameters, t1_configuration_metadata, t1_case_ids = get_test_cases_data(t1_cases_path) +t1_configurations = load_configuration_template( + t1_configurations_path, t1_configuration_parameters, t1_configuration_metadata +) + + +@pytest.mark.tier(level=0) +@pytest.mark.parametrize('configuration, metadata', zip(t1_configurations, t1_configuration_metadata), ids=t1_case_ids) +def test_cloudwatch_discard_regex_json( + configuration, metadata, load_wazuh_basic_configuration, set_wazuh_configuration, clean_aws_services_db, + configure_local_internal_options_function, truncate_monitored_files, restart_wazuh_function, file_monitoring, +): + """ + description: Check that some CloudWatch JSON logs are excluded when the regex and field defined in + match an event. + + test_phases: + - setup: + - Load Wazuh light configuration. + - Apply ossec.conf configuration changes according to the configuration template and use case. + - Apply custom settings in local_internal_options.conf. + - Truncate wazuh logs. + - Restart wazuh-manager service to apply configuration changes. + - test: + - Check in the ossec.log that a line has appeared calling the module with correct parameters. + - Check the expected number of events were forwarded to analysisd, only logs stored in the bucket and skips + the ones that match with regex. + - Check the database was created and updated accordingly. + - teardown: + - Truncate wazuh logs. + - Restore initial configuration, both ossec.conf and local_internal_options.conf. + - Delete the uploaded file + + wazuh_min_version: 4.6.0 + + parameters: + - configuration: + type: dict + brief: Get configurations from the module. + - metadata: + type: dict + brief: Get metadata from the module. + - load_wazuh_basic_configuration: + type: fixture + brief: Load basic wazuh configuration. + - set_wazuh_configuration: + type: fixture + brief: Apply changes to the ossec.conf configuration. + - clean_aws_services_db: + type: fixture + brief: Delete the DB file before and after the test execution. + - configure_local_internal_options_function: + type: fixture + brief: Apply changes to the local_internal_options.conf configuration. + - truncate_monitored_files: + type: fixture + brief: Truncate wazuh logs. + - restart_wazuh_daemon_function: + type: fixture + brief: Restart the wazuh service. + - file_monitoring: + type: fixture + brief: Handle the monitoring of a specified file. + + assertions: + - Check in the log that the module was called with correct parameters. + - Check the expected number of events were forwarded to analysisd. + - Check the database was created and updated accordingly. + + input_description: + - The `configuration_cloudwatch_discard_regex` file provides the module configuration for this test. + - The `cases_cloudwatch_discard_regex` file provides the test cases. + """ + log_group_name = metadata.get('log_group_name') + service_type = metadata.get('service_type') + only_logs_after = metadata.get('only_logs_after') + regions: str = metadata.get('regions') + discard_field = metadata.get('discard_field', None) + discard_regex = metadata.get('discard_regex') + found_logs = metadata.get('found_logs') + + pattern = fr'.*The "{discard_regex}" regex found a match in the "{discard_field}" field.' \ + ' The event will be skipped.' + + parameters = [ + 'wodles/aws/aws-s3', + '--service', service_type, + '--aws_profile', 'qa', + '--only_logs_after', only_logs_after, + '--regions', regions, + '--aws_log_groups', log_group_name, + '--discard-field', discard_field, + '--discard-regex', discard_regex, + '--debug', '2' + ] + + # Check AWS module started + log_monitor.start( + timeout=global_parameters.default_timeout, + callback=event_monitor.callback_detect_aws_module_start, + error_message='The AWS module did not start as expected', + ).result() + + # Check command was called correctly + log_monitor.start( + timeout=global_parameters.default_timeout, + callback=event_monitor.callback_detect_aws_module_called(parameters), + error_message='The AWS module was not called with the correct parameters', + ).result() + + log_monitor.start( + timeout=T_20, + callback=event_monitor.callback_detect_event_processed_or_skipped(pattern), + error_message=( + 'The AWS module did not show the correct message about discard regex or ', + 'did not process the expected amount of logs' + ), + accum_results=found_logs + ).result() + + assert services_db_exists() + + +# ------------------------------------- TEST_CLOUDWATCH_DISCARD_REGEX_SIMPLE_TEXT ------------------------------------- +t2_configurations_path = os.path.join(CONFIGURATIONS_PATH, 'configuration_cloudwatch_discard_regex_simple_text.yaml') +t2_cases_path = os.path.join(TEST_CASES_PATH, 'cases_cloudwatch_discard_regex_simple_text.yaml') + +t2_configuration_parameters, t2_configuration_metadata, t2_case_ids = get_test_cases_data(t2_cases_path) +t2_configurations = load_configuration_template( + t2_configurations_path, t2_configuration_parameters, t2_configuration_metadata +) + + +@pytest.mark.tier(level=0) +@pytest.mark.parametrize('configuration, metadata', zip(t2_configurations, t2_configuration_metadata), ids=t2_case_ids) +def test_cloudwatch_discard_regex_simple_text( + configuration, metadata, load_wazuh_basic_configuration, set_wazuh_configuration, clean_aws_services_db, + configure_local_internal_options_function, truncate_monitored_files, restart_wazuh_function, file_monitoring, +): + """ + description: Check that some CloudWatch simple text logs are excluded when the regex defined in + matches an event. + + test_phases: + - setup: + - Load Wazuh light configuration. + - Apply ossec.conf configuration changes according to the configuration template and use case. + - Apply custom settings in local_internal_options.conf. + - Truncate wazuh logs. + - Restart wazuh-manager service to apply configuration changes. + - test: + - Check in the ossec.log that a line has appeared calling the module with correct parameters. + - Check the expected number of events were forwarded to analysisd, only logs stored in the bucket and skips + the ones that match with regex. + - Check the database was created and updated accordingly. + - teardown: + - Truncate wazuh logs. + - Restore initial configuration, both ossec.conf and local_internal_options.conf. + - Delete the uploaded file + + wazuh_min_version: 4.6.0 + + parameters: + - configuration: + type: dict + brief: Get configurations from the module. + - metadata: + type: dict + brief: Get metadata from the module. + - load_wazuh_basic_configuration: + type: fixture + brief: Load basic wazuh configuration. + - set_wazuh_configuration: + type: fixture + brief: Apply changes to the ossec.conf configuration. + - clean_aws_services_db: + type: fixture + brief: Delete the DB file before and after the test execution. + - configure_local_internal_options_function: + type: fixture + brief: Apply changes to the local_internal_options.conf configuration. + - truncate_monitored_files: + type: fixture + brief: Truncate wazuh logs. + - restart_wazuh_daemon_function: + type: fixture + brief: Restart the wazuh service. + - file_monitoring: + type: fixture + brief: Handle the monitoring of a specified file. + + assertions: + - Check in the log that the module was called with correct parameters. + - Check the expected number of events were forwarded to analysisd. + - Check the database was created and updated accordingly. + + input_description: + - The `configuration_cloudwatch_discard_regex_simple_text` file provides + the module configuration for this test. + - The `cases_cloudwatch_discard_regex_simple_text` file provides the test cases. + """ + log_group_name = metadata.get('log_group_name') + service_type = metadata.get('service_type') + only_logs_after = metadata.get('only_logs_after') + regions: str = metadata.get('regions') + discard_regex = metadata.get('discard_regex') + found_logs = metadata.get('found_logs') + + pattern = fr'.*The "{discard_regex}" regex found a match. The event will be skipped.' + + parameters = [ + 'wodles/aws/aws-s3', + '--service', service_type, + '--aws_profile', 'qa', + '--only_logs_after', only_logs_after, + '--regions', regions, + '--aws_log_groups', log_group_name, + '--discard-regex', discard_regex, + '--debug', '2' + ] + + # Check AWS module started + log_monitor.start( + timeout=global_parameters.default_timeout, + callback=event_monitor.callback_detect_aws_module_start, + error_message='The AWS module did not start as expected', + ).result() + + # Check command was called correctly + log_monitor.start( + timeout=global_parameters.default_timeout, + callback=event_monitor.callback_detect_aws_module_called(parameters), + error_message='The AWS module was not called with the correct parameters', + ).result() + + log_monitor.start( + timeout=T_20, + callback=event_monitor.callback_detect_event_processed_or_skipped(pattern), + error_message=( + 'The AWS module did not show the correct message about discard regex or ', + 'did not process the expected amount of logs' + ), + accum_results=found_logs + ).result() + + assert services_db_exists() + + +# ------------------------------------------- TEST_INSPECTOR_DISCARD_REGEX -------------------------------------------- +t3_configurations_path = os.path.join(CONFIGURATIONS_PATH, 'configuration_inspector_discard_regex.yaml') +t3_cases_path = os.path.join(TEST_CASES_PATH, 'cases_inspector_discard_regex.yaml') + +t3_configuration_parameters, t3_configuration_metadata, t3_case_ids = get_test_cases_data(t3_cases_path) +t3_configurations = load_configuration_template( + t3_configurations_path, t3_configuration_parameters, t3_configuration_metadata +) + + +@pytest.mark.tier(level=0) +@pytest.mark.parametrize('configuration, metadata', zip(t3_configurations, t3_configuration_metadata), ids=t3_case_ids) +def test_inspector_discard_regex( + configuration, metadata, load_wazuh_basic_configuration, set_wazuh_configuration, clean_aws_services_db, + configure_local_internal_options_function, truncate_monitored_files, restart_wazuh_function, file_monitoring, +): + """ + description: Check that some Inspector logs are excluded when the regex and field defined in + match an event. + + test_phases: + - setup: + - Load Wazuh light configuration. + - Apply ossec.conf configuration changes according to the configuration template and use case. + - Apply custom settings in local_internal_options.conf. + - Truncate wazuh logs. + - Restart wazuh-manager service to apply configuration changes. + - test: + - Check in the ossec.log that a line has appeared calling the module with correct parameters. + - Check the expected number of events were forwarded to analysisd, only logs stored in the bucket and skips + the ones that match with regex. + - Check the database was created and updated accordingly. + - teardown: + - Truncate wazuh logs. + - Restore initial configuration, both ossec.conf and local_internal_options.conf. + - Delete the uploaded file + + wazuh_min_version: 4.6.0 + + parameters: + - configuration: + type: dict + brief: Get configurations from the module. + - metadata: + type: dict + brief: Get metadata from the module. + - load_wazuh_basic_configuration: + type: fixture + brief: Load basic wazuh configuration. + - set_wazuh_configuration: + type: fixture + brief: Apply changes to the ossec.conf configuration. + - clean_aws_services_db: + type: fixture + brief: Delete the DB file before and after the test execution. + - configure_local_internal_options_function: + type: fixture + brief: Apply changes to the local_internal_options.conf configuration. + - truncate_monitored_files: + type: fixture + brief: Truncate wazuh logs. + - restart_wazuh_daemon_function: + type: fixture + brief: Restart the wazuh service. + - file_monitoring: + type: fixture + brief: Handle the monitoring of a specified file. + + assertions: + - Check in the log that the module was called with correct parameters. + - Check the expected number of events were forwarded to analysisd. + - Check the database was created and updated accordingly. + + input_description: + - The `configuration_inspector_discard_regex` file provides the module configuration for this test. + - The `cases_inspector_discard_regex` file provides the test cases. + """ + service_type = metadata.get('service_type') + only_logs_after = metadata.get('only_logs_after') + regions: str = metadata.get('regions') + discard_field = metadata.get('discard_field', '') + discard_regex = metadata.get('discard_regex') + found_logs = metadata.get('found_logs') + + pattern = fr'.*The "{discard_regex}" regex found a match in the "{discard_field}" field.' \ + ' The event will be skipped.' + + parameters = [ + 'wodles/aws/aws-s3', + '--service', service_type, + '--aws_profile', 'qa', + '--only_logs_after', only_logs_after, + '--regions', regions, + '--discard-field', discard_field, + '--discard-regex', discard_regex, + '--debug', '2' + ] + + # Check AWS module started + log_monitor.start( + timeout=global_parameters.default_timeout, + callback=event_monitor.callback_detect_aws_module_start, + error_message='The AWS module did not start as expected', + ).result() + + # Check command was called correctly + log_monitor.start( + timeout=global_parameters.default_timeout, + callback=event_monitor.callback_detect_aws_module_called(parameters), + error_message='The AWS module was not called with the correct parameters', + ).result() + + log_monitor.start( + timeout=T_20, + callback=event_monitor.callback_detect_event_processed_or_skipped(pattern), + error_message=( + 'The AWS module did not show the correct message about discard regex or ', + 'did not process the expected amount of logs' + ), + accum_results=found_logs + ).result() + + assert services_db_exists() diff --git a/tests/integration/test_fim/test_registry/test_registry_wildcards/test_registry_wildcards.py b/tests/integration/test_fim/test_registry/test_registry_wildcards/test_registry_wildcards.py index ee7e627d92..a0bc808d43 100644 --- a/tests/integration/test_fim/test_registry/test_registry_wildcards/test_registry_wildcards.py +++ b/tests/integration/test_fim/test_registry/test_registry_wildcards/test_registry_wildcards.py @@ -104,7 +104,7 @@ def test_registry_key_wildcards(configuration, metadata, set_wazuh_configuration description: Check the behavior of FIM when using wildcards to configure the path of registry keys, and validate the keys creation, modification and deletion is detected correctly. - wazuh_min_version: 4.7.0 + wazuh_min_version: 4.6.0 test_phases: - setup: diff --git a/tests/integration/test_vulnerability_detector/data/feeds/nvd/custom_nvd_feed.json b/tests/integration/test_vulnerability_detector/data/feeds/nvd/custom_nvd_feed.json index 7cb17cbe18..8a38a8a801 100644 --- a/tests/integration/test_vulnerability_detector/data/feeds/nvd/custom_nvd_feed.json +++ b/tests/integration/test_vulnerability_detector/data/feeds/nvd/custom_nvd_feed.json @@ -1 +1 @@ -{"resultsPerPage":5,"startIndex":0,"totalResults":5,"format":"NVD_CVE","version":"2.0","timestamp":"2023-05-30T16:35:57.987","vulnerabilities":[{"cve":{"id":"CVE-000","sourceIdentifier":"WAZUH","published":"2020-03-12T18:15:12.023","lastModified":"2021-05-19T17:00:01.097","vulnStatus":"Analyzed","descriptions":[{"lang":"en","value":"Wazuh mocking NVD vulnerability"}],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:P/A:P","accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL","baseScore":10},"baseSeverity":"CRITICAL","exploitabilityScore":10,"impactScore":10,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:wazuh-mocking:custom-package-0:*:*:*:*:*:*:*:*","versionStartIncluding":"1.0.0","versionEndExcluding":"2.0.0","matchCriteriaId":" "}]}]}],"references":[{"url":"https://github.com/wazuh/wazuh-qa/","source":"WAZUH","tags":[]}]}},{"cve":{"id":"CVE-001","sourceIdentifier":"WAZUH","published":"2020-03-12T18:15:12.023","lastModified":"2021-05-19T17:00:01.097","vulnStatus":"Analyzed","descriptions":[{"lang":"en","value":"Wazuh mocking NVD vulnerability"}],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:P/A:P","accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL","baseScore":10},"baseSeverity":"CRITICAL","exploitabilityScore":10,"impactScore":10,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:wazuh-mocking:custom-package-1:*:*:*:*:*:*:*:*","versionStartIncluding":"1.0.0","versionEndExcluding":"2.0.0","matchCriteriaId":" "}]}]}],"references":[{"url":"https://github.com/wazuh/wazuh-qa/","source":"WAZUH","tags":[]}]}},{"cve":{"id":"CVE-002","sourceIdentifier":"WAZUH","published":"2020-03-12T18:15:12.023","lastModified":"2021-05-19T17:00:01.097","vulnStatus":"Analyzed","descriptions":[{"lang":"en","value":"Wazuh mocking NVD vulnerability"}],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:P/A:P","accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL","baseScore":10},"baseSeverity":"CRITICAL","exploitabilityScore":10,"impactScore":10,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:wazuh-mocking:custom-package-2:*:*:*:*:*:*:*:*","versionStartIncluding":"1.0.0","versionEndExcluding":"2.0.0","matchCriteriaId":" "}]}]}],"references":[{"url":"https://github.com/wazuh/wazuh-qa/","source":"WAZUH","tags":[]}]}},{"cve":{"id":"CVE-003","sourceIdentifier":"WAZUH","published":"2020-03-12T18:15:12.023","lastModified":"2021-05-19T17:00:01.097","vulnStatus":"Analyzed","descriptions":[{"lang":"en","value":"Wazuh mocking NVD vulnerability"}],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:P/A:P","accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL","baseScore":10},"baseSeverity":"CRITICAL","exploitabilityScore":10,"impactScore":10,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:wazuh-mocking:custom-package-3:*:*:*:*:*:*:*:*","versionStartIncluding":"1.0.0","versionEndExcluding":"2.0.0","matchCriteriaId":" "}]}]}],"references":[{"url":"https://github.com/wazuh/wazuh-qa/","source":"WAZUH","tags":[]}]}},{"cve":{"id":"CVE-004","sourceIdentifier":"WAZUH","published":"2020-03-12T18:15:12.023","lastModified":"2021-05-19T17:00:01.097","vulnStatus":"Analyzed","descriptions":[{"lang":"en","value":"Wazuh mocking NVD vulnerability"}],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:P/A:P","accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL","baseScore":10},"baseSeverity":"CRITICAL","exploitabilityScore":10,"impactScore":10,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:wazuh-mocking:custom-package-4:*:*:*:*:*:*:*:*","versionStartIncluding":"1.0.0","versionEndExcluding":"2.0.0","matchCriteriaId":" "}]}]}],"references":[{"url":"https://github.com/wazuh/wazuh-qa/","source":"WAZUH","tags":[]}]}}]} \ No newline at end of file +{"resultsPerPage":5,"startIndex":0,"totalResults":5,"format":"NVD_CVE","version":"2.0","timestamp":"2023-05-30T16:35:57.987","vulnerabilities":[{"cve":{"id":"CVE-000","sourceIdentifier":"WAZUH","published":"2020-03-12T18:15:12.023","lastModified":"2021-05-19T17:00:01.097","vulnStatus":"Analyzed","descriptions":[{"lang":"en","value":"Wazuh mocking NVD vulnerability"}],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:P/A:P","accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL","baseScore":10},"baseSeverity":"CRITICAL","exploitabilityScore":10,"impactScore":10,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:wazuh-mocking:custom-package-0:*:*:*:*:*:*:*:*","versionStartIncluding":"1.0.0","versionEndExcluding":"2.0.0","matchCriteriaId":" "}]}]}],"references":[{"url":"https://github.com/wazuh/wazuh-qa/","source":"WAZUH","tags":[]}]}},{"cve":{"id":"CVE-001","sourceIdentifier":"WAZUH","published":"2020-03-12T18:15:12.023","lastModified":"2021-05-19T17:00:01.097","vulnStatus":"Analyzed","descriptions":[{"lang":"en","value":"Wazuh mocking NVD vulnerability"}],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:P/A:P","accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL","baseScore":10},"baseSeverity":"CRITICAL","exploitabilityScore":10,"impactScore":10,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:wazuh-mocking:custom-package-1:*:*:*:*:*:*:*:*","versionStartIncluding":"1.0.0","versionEndExcluding":"2.0.0","matchCriteriaId":" "}]}]}],"references":[{"url":"https://github.com/wazuh/wazuh-qa/","source":"WAZUH","tags":[]}]}},{"cve":{"id":"CVE-002","sourceIdentifier":"WAZUH","published":"2020-03-12T18:15:12.023","lastModified":"2021-05-19T17:00:01.097","vulnStatus":"Analyzed","descriptions":[{"lang":"en","value":"Wazuh mocking NVD vulnerability"}],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:P/A:P","accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL","baseScore":10},"baseSeverity":"CRITICAL","exploitabilityScore":10,"impactScore":10,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:wazuh-mocking:custom-package-2:*:*:*:*:*:*:*:*","versionStartIncluding":"1.0.0","versionEndExcluding":"2.0.0","matchCriteriaId":" "}]}]}],"references":[{"url":"https://github.com/wazuh/wazuh-qa/","source":"WAZUH","tags":[]}]}},{"cve":{"id":"CVE-003","sourceIdentifier":"WAZUH","published":"2020-03-12T18:15:12.023","lastModified":"2021-05-19T17:00:01.097","vulnStatus":"Analyzed","descriptions":[{"lang":"en","value":"Wazuh mocking NVD vulnerability"}],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:P/A:P","accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL","baseScore":10},"baseSeverity":"CRITICAL","exploitabilityScore":10,"impactScore":10,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:wazuh-mocking:custom-package-3:*:*:*:*:*:*:*:*","versionStartIncluding":"1.0.0","versionEndExcluding":"2.0.0","matchCriteriaId":" "}]}]}],"references":[{"url":"https://github.com/wazuh/wazuh-qa/","source":"WAZUH","tags":[]}]}},{"cve":{"id":"CVE-004","sourceIdentifier":"WAZUH","published":"2020-03-12T18:15:12.023","lastModified":"2021-05-19T17:00:01.097","vulnStatus":"Analyzed","descriptions":[{"lang":"en","value":"Wazuh mocking NVD vulnerability"}],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:P/A:P","accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL","baseScore":10},"baseSeverity":"CRITICAL","exploitabilityScore":10,"impactScore":10,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:wazuh-mocking:custom-package-4:*:*:*:*:*:*:*:*","versionStartIncluding":"1.0.0","versionEndExcluding":"2.0.0","matchCriteriaId":" "}]}]}],"references":[{"url":"https://github.com/wazuh/wazuh-qa/","source":"WAZUH","tags":[]}]}}]} diff --git a/tests/integration/test_vulnerability_detector/test_feeds/data/test_cases/cases_validate_xml_feed_content.yaml b/tests/integration/test_vulnerability_detector/test_feeds/data/test_cases/cases_validate_xml_feed_content.yaml index d2e05d6348..4178488cdf 100644 --- a/tests/integration/test_vulnerability_detector/test_feeds/data/test_cases/cases_validate_xml_feed_content.yaml +++ b/tests/integration/test_vulnerability_detector/test_feeds/data/test_cases/cases_validate_xml_feed_content.yaml @@ -7,7 +7,7 @@ path: /tmp/com.redhat.rhsa-RHEL5.xml.bz2 extension: bz2 decompressed_file: /tmp/rhel5.xml - url: https://www.redhat.com/security/data/oval/com.redhat.rhsa-RHEL5.xml.bz2 + url: https://feed.wazuh.com/vulnerability-detector/RHEL/5/com.redhat.rhsa-RHEL5_v1.xml.bz2 - name: Red Hat Enterprise Linux description: Red Hat Enterprise Linux provider diff --git a/tests/reliability/test_cluster/test_cluster_logs/test_cluster_worker_logs_order/data/Agent-groups_recv.yaml b/tests/reliability/test_cluster/test_cluster_logs/test_cluster_worker_logs_order/data/Agent-groups_recv.yaml new file mode 100644 index 0000000000..862ccf5711 --- /dev/null +++ b/tests/reliability/test_cluster/test_cluster_logs/test_cluster_worker_logs_order/data/Agent-groups_recv.yaml @@ -0,0 +1,55 @@ +# Root +- log_id: root + parent: null + tag: Agent-groups recv root + +# Common logs +- log_id: log0 + parent: root + tag: Starting.* +- log_id: log1 + parent: log0 + tag: .*chunks updated in wazuh-db in.* +- log_id: log2 + parent: log1 + tag: Obtained.*chunks of data in.* + +# No need to synchronize after failed synchronization tries. +- log_id: log3 + parent: log2 + tag: The checksum of both databases match.*Counter reset. +- log_id: log4 + parent: log3 + tag: Finished in.*Updated.*chunks.* + +# No need to synchronize. +- log_id: log15 + parent: log2 + tag: The checksum of both databases match.* +- log_id: log16 + parent: log15 + tag: Finished in.*Updated.*chunks.* + +# The checksum differs +- log_id: log9 + parent: log2 + tag: The checksum of master (.*) and worker (.*) are different. + +# Checksum comparison fails. +- log_id: log12 + parent: log9 + tag: Checksum comparison failed \([0-4]/5\). +- log_id: log13 + parent: log12 + tag: Finished in.*Updated.*chunks.* + +# Forced synchronization is required. +- log_id: log5 + parent: log9 + tag: Checksum comparison failed \(5/5\). +- log_id: log7 + parent: log5 + tag: Sent request to obtain all agent-groups information from the master node.* +- log_id: log8 + parent: log7 + tag: Finished in.*Updated.*chunks.* diff --git a/tests/reliability/test_cluster/test_cluster_logs/test_cluster_worker_logs_order/data/Agent-groups_recv.yml b/tests/reliability/test_cluster/test_cluster_logs/test_cluster_worker_logs_order/data/Agent-groups_recv.yml deleted file mode 100644 index a7849e111a..0000000000 --- a/tests/reliability/test_cluster/test_cluster_logs/test_cluster_worker_logs_order/data/Agent-groups_recv.yml +++ /dev/null @@ -1,61 +0,0 @@ -# Root -- log_id: root - parent: null - tag: 'Agent-groups recv root' - -# Common logs -- log_id: log0 - parent: root - tag: 'Starting.*' -- log_id: log1 - parent: log0 - tag: '.*chunks updated in wazuh-db in.*' -- log_id: log2 - parent: log1 - tag: 'Obtained.*chunks of data in.*' - -# No need to synchronize after failed synchronization tries. -- log_id: log3 - parent: log2 - tag: 'The checksum of both databases match.*Reset the attempt counter.' -- log_id: log4 - parent: log3 - tag: 'Finished in.*Updated.*chunks.*' - -# No need to synchronize. -- log_id: log15 - parent: log2 - tag: 'The checksum of both databases match.*' -- log_id: log16 - parent: log15 - tag: 'Finished in.*Updated.*chunks.*' - -# Forced synchronization is required. -- log_id: log5 - parent: log2 - tag: 'Checksum comparison failed. Attempt 10/10.*' -- log_id: log7 - parent: log5 - tag: 'Sent request to obtain all agent-groups information from the master node.*' -- log_id: log8 - parent: log7 - tag: 'Finished in.*Updated.*chunks.*' - -# Checksum comparison fails. -- log_id: log12 - parent: log2 - tag: 'Checksum comparison failed. Attempt .*' -- log_id: log13 - parent: log12 - tag: 'Finished in.*Updated.*chunks.*' - -# The checksum differs -- log_id: log9 - parent: log2 - tag: "The master's checksum and the worker's checksum are different. Local checksum:.*| Master checksum:.*." -- log_id: log10 - parent: log9 - tag: 'Sent request to obtain all agent-groups information from the master node.*' -- log_id: log11 - parent: log10 - tag: 'Finished in.*Updated.*chunks.*' diff --git a/tests/system/provisioning/one_manager_agent/roles/agent-role/tasks/main.yml b/tests/system/provisioning/one_manager_agent/roles/agent-role/tasks/main.yml index 4ef7b15d89..df4ce751df 100644 --- a/tests/system/provisioning/one_manager_agent/roles/agent-role/tasks/main.yml +++ b/tests/system/provisioning/one_manager_agent/roles/agent-role/tasks/main.yml @@ -52,7 +52,7 @@ - name: "Get agent package" ansible.builtin.get_url: url: "https://{{package_repository}}.wazuh.com/{{repository}}/apt/pool/main/w/wazuh-agent/wazuh-agent_{{package_version}}-{{package_revision}}_amd64.deb" - dest: /tmp/wazuh-manager.deb + dest: /tmp/wazuh-agent.deb when: wazuh_branch is not defined - name: "Install agent package" diff --git a/tests/system/test_cluster/test_integrity_sync/data/cluster_json.yml b/tests/system/test_cluster/test_integrity_sync/data/cluster_json.yaml similarity index 69% rename from tests/system/test_cluster/test_integrity_sync/data/cluster_json.yml rename to tests/system/test_cluster/test_integrity_sync/data/cluster_json.yaml index e92c8c7268..2c95e70834 100644 --- a/tests/system/test_cluster/test_integrity_sync/data/cluster_json.yml +++ b/tests/system/test_cluster/test_integrity_sync/data/cluster_json.yaml @@ -1,5 +1,5 @@ --- timeout_receiving_file: 1 -max_zip_size: 52428800 # 50 MB +max_zip_size: 104857600 # 100 MB min_zip_size: 15728640 # 15 MB compress_level: 0 diff --git a/tests/system/test_cluster/test_integrity_sync/test_integrity_sync.py b/tests/system/test_cluster/test_integrity_sync/test_integrity_sync.py index 329c11e3ed..120a1e6123 100644 --- a/tests/system/test_cluster/test_integrity_sync/test_integrity_sync.py +++ b/tests/system/test_cluster/test_integrity_sync/test_integrity_sync.py @@ -22,7 +22,7 @@ test_hosts = ['wazuh-master', 'wazuh-worker1', 'wazuh-worker2'] worker_hosts = test_hosts[1:] test_data_path = os.path.join(os.path.dirname(os.path.realpath(__file__)), 'data') -configuration = yaml.safe_load(open(os.path.join(test_data_path, 'cluster_json.yml'))) +configuration = yaml.safe_load(open(os.path.join(test_data_path, 'cluster_json.yaml'))) messages_path = os.path.join(test_data_path, 'messages.yml') tmp_path = os.path.join(test_data_path, 'tmp') inventory_path = os.path.join(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))), @@ -262,7 +262,7 @@ def test_zip_size_limit(clean_files, update_cluster_json): """ too_big_size = configuration['max_zip_size'] + 1024 big_size = configuration['min_zip_size'] - 1024 - big_filenames = {file_prefix + str(i) for i in range(5)} + big_filenames = {file_prefix + str(i) for i in range(10)} # Create a tmp folder and all files inside in the master node. host_manager.run_command(test_hosts[0], f"mkdir {tmp_size_test_path}")