Skip to content

Commit

Permalink
doc: Create/migrate test_analysisd documentation in QA Docs style
Browse files Browse the repository at this point in the history 
The following tests have been documented:
  * test_error_messages/test_error_messages.py
  * test_event_messages/test_event_messages.py
  * test_integrity_messages/test_integrity_messages.py
  * test_analysisd/test_scan_messages/test_scan_messages.py
Migrated test_mitre/test_mitre_check_alert.py
The scheme of proposal 3 has been used until the definitive one is available.
PEP-8 fixes

Closes: #1804
  • Loading branch information
@mdengra
mdengra committed Sep 2, 2021
1 parent 578d111 commit 0a9d0e2
Show file tree
Hide file tree
Showing 5 changed files with 445 additions and 45 deletions.
96 changes: 87 additions & 9 deletions tests/integration/test_analysisd/test_error_messages/test_error_messages.py
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,53 @@
# Copyright (C) 2015-2021, Wazuh Inc.
# Created by Wazuh, Inc. <info@wazuh.com>.
# This program is free software; you can redistribute it and/or modify it under the terms of GPLv2
'''
copyright:
Copyright (C) 2015-2021, Wazuh Inc.
Created by Wazuh, Inc. <info@wazuh.com>.
This program is free software; you can redistribute it and/or modify it under the terms of GPLv2
type:
integration
description:
These tests will check if the `analysisd` daemon handles correctly the invalid events it receives.
tiers:
- 0
component:
manager
path:
tests/integration/test_analysisd/test_error_messages/
daemons:
- analysisd
- syscheckd
- wazuh-db
os_support:
- linux, rhel5
- linux, rhel6
- linux, rhel7
- linux, rhel8
- linux, amazon linux 1
- linux, amazon linux 2
- linux, debian buster
- linux, debian stretch
- linux, debian wheezy
- linux, ubuntu bionic
- linux, ubuntu xenial
- linux, ubuntu trusty
- linux, arch linux
coverage:
pytest_args:
tags:
'''
import os

import pytest
Expand Down Expand Up @@ -48,13 +94,45 @@
ids=[test_case['name'] for test_case in test_cases])
def test_error_messages(configure_sockets_environment, connect_to_sockets_module, wait_for_analysisd_startup,
test_case: list):
"""Check that every input message in analysisd socket generates the adequate output to wazuh-db socket
'''
description:
Check if when the `analysisd` socket receives a message with an invalid event,
it generates the corresponding error that sends to the `wazuh-db` socket.
wazuh_min_version:
3.12
parameters:
- configure_sockets_environment:
type: fixture
brief: Configure environment for sockets and MITM.
- connect_to_sockets_module:
type: fixture
brief: Module scope version of `connect_to_sockets` fixture.
- wait_for_analysisd_startup:
type: fixture
brief: Wait until analysisd has begun and alerts.json is created.
- test_case:
type: list
brief: List of tests to be performed.
assertions:
- Check that the error messages generated are consistent with the events received.
test_input:
Different test cases that are contained in an external `YAML` file (error_messages.yaml)
that includes `syscheck` events data and the expected output.
logging:
- ossec.log:
- "Multiple values located in the `error_messages.yaml` file."
tags:
Parameters
----------
test_case : list
List of test_case stages (dicts with input, output and stage keys)
"""
'''
for stage in test_case:
receiver_sockets[0].send(stage['input'])
result = log_monitors[0].start(timeout=4 * global_parameters.default_timeout,
Expand Down
101 changes: 90 additions & 11 deletions tests/integration/test_analysisd/test_event_messages/test_event_messages.py
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,53 @@
# Copyright (C) 2015-2021, Wazuh Inc.
# Created by Wazuh, Inc. <info@wazuh.com>.
# This program is free software; you can redistribute it and/or modify it under the terms of GPLv2
'''
copyright:
Copyright (C) 2015-2021, Wazuh Inc.
Created by Wazuh, Inc. <info@wazuh.com>.
This program is free software; you can redistribute it and/or modify it under the terms of GPLv2
type:
integration
description:
These tests will check if the `analysisd` daemon correctly handles incoming events related to file modification.
tiers:
- 0
component:
manager
path:
tests/integration/test_analysisd/test_event_messages/
daemons:
- analysisd
- syscheckd
- wazuh-db
os_support:
- linux, rhel5
- linux, rhel6
- linux, rhel7
- linux, rhel8
- linux, amazon linux 1
- linux, amazon linux 2
- linux, debian buster
- linux, debian stretch
- linux, debian wheezy
- linux, ubuntu bionic
- linux, ubuntu xenial
- linux, ubuntu trusty
- linux, arch linux
coverage:
pytest_args:
tags:
'''
import os

import pytest
Expand Down Expand Up @@ -51,16 +97,49 @@
ids=[test_case['name'] for test_case in test_cases])
def test_event_messages(configure_sockets_environment, connect_to_sockets_module, wait_for_analysisd_startup,
test_case: list):
"""Check that every input message in analysisd socket generates the adequate output to wazuh-db socket.
'''
description:
Check if when the `analysisd` socket receives a message with a file modification-related event,
it generates the corresponding alert that sends to the `wazuh-db` socket.
The `validate_analysis_alert` function checks if an `analysisd` event is properly formatted.
wazuh_min_version:
3.12
parameters:
- configure_sockets_environment:
type: fixture
brief: Configure environment for sockets and MITM.
- connect_to_sockets_module:
type: fixture
brief: Module scope version of `connect_to_sockets` fixture.
- wait_for_analysisd_startup:
type: fixture
brief: Wait until analysisd has begun and alerts.json is created.
- test_case:
type: list
brief: List of tests to be performed.
assertions:
- Check that the alerts generated are consistent with the events received.
test_input:
Different test cases that are contained in an external `YAML` file (event_messages.yaml)
that includes `syscheck` events data and the expected output.
logging:
- ossec.log:
- "Multiple values located in the `event_messages.yaml` file."
- alerts.json:
-"Multiple values located in the `event_messages.yaml` file."
The function validate_analysis_integrity_state is a function responsible for checking that the output follows a
certain jsonschema.
tags:
Parameters
----------
test_case : list
List of test_case stages (dicts with input, output and stage keys)
"""
'''
for stage in test_case:
expected = callback_analysisd_message(stage['output'])
receiver_sockets[0].send(stage['input'])
Expand Down
102 changes: 91 additions & 11 deletions tests/integration/test_analysisd/test_integrity_messages/test_integrity_messages.py
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,53 @@
# Copyright (C) 2015-2021, Wazuh Inc.
# Created by Wazuh, Inc. <info@wazuh.com>.
# This program is free software; you can redistribute it and/or modify it under the terms of GPLv2
'''
copyright:
Copyright (C) 2015-2021, Wazuh Inc.
Created by Wazuh, Inc. <info@wazuh.com>.
This program is free software; you can redistribute it and/or modify it under the terms of GPLv2
type:
integration
description:
These tests will check if the `analysisd` daemon correctly handles incoming events related to file integrity.
tiers:
- 0
component:
manager
path:
tests/integration/test_analysisd/test_integrity_messages/
daemons:
- analysisd
- syscheckd
- wazuh-db
os_support:
- linux, rhel5
- linux, rhel6
- linux, rhel7
- linux, rhel8
- linux, amazon linux 1
- linux, amazon linux 2
- linux, debian buster
- linux, debian stretch
- linux, debian wheezy
- linux, ubuntu bionic
- linux, ubuntu xenial
- linux, ubuntu trusty
- linux, arch linux
coverage:
pytest_args:
tags:
'''
import os

import pytest
Expand Down Expand Up @@ -51,16 +97,50 @@
ids=[test_case['name'] for test_case in test_cases])
def test_integrity_messages(configure_sockets_environment, connect_to_sockets_module, wait_for_analysisd_startup,
test_case: list):
"""Check that every input message in analysisd socket generates the adequate output to wazuh-db socket.
'''
description:
Check if when the `analysisd` socket receives a message with a file integrity-related event,
it generates the corresponding alert that sends to the `wazuh-db` socket.
The `validate_analysis_integrity_state` function checks if an
`analysisd` integrity message is properly formatted.
wazuh_min_version:
3.12
parameters:
- configure_sockets_environment:
type: fixture
brief: Configure environment for sockets and MITM.
- connect_to_sockets_module:
type: fixture
brief: Module scope version of `connect_to_sockets` fixture.
- wait_for_analysisd_startup:
type: fixture
brief: Wait until analysisd has begun and alerts.json is created.
- test_case:
type: list
brief: List of tests to be performed.
assertions:
- Check that the messages generated are consistent with the events received.
test_input:
Different test cases that are contained in an external `YAML` file (integrity_messages.yaml)
that includes `syscheck` events data and the expected output.
logging:
- ossec.log:
- "Multiple values located in the `integrity_messages.yaml` file."
- alerts.json:
- "Multiple values located in the `integrity_messages.yaml` file."
The function validate_analysis_integrity_state is a function responsible for checking that the output follows a
certain jsonschema.
tags:
Parameters
----------
test_case : list
List of test_case stages (dicts with input, output and stage keys)
"""
'''
for stage in test_case:
expected = callback_analysisd_message(stage['output'])
receiver_sockets[0].send(stage['input'])
Expand Down
Loading

0 comments on commit 0a9d0e2

Please sign in to comment.