Merge pull request #705 from wazuh/697-access-while-open

Add test to check if files can be accessed while FIM has them opened
wazuh · Jan 27, 2022 · 6767e7a · 6767e7a
2 parents e0c742c + e00cd1b
commit 6767e7a
Show file tree

Hide file tree

Showing 4 changed files with 349 additions and 10 deletions.
diff --git a/deps/wazuh_testing/wazuh_testing/fim.py b/deps/wazuh_testing/wazuh_testing/fim.py
@@ -984,7 +984,41 @@ def callback_detect_end_scan(line):
         logger.warning(f"Couldn't load a log line into json object. Reason {e}")
 
 
+def callback_detect_scan_start(line):
+    """
+    Detect the start of a scheduled scan or initial scan.
+    """
+    msg = r'.*Sending FIM event: (.+)$'
+    match = re.match(msg, line)
+    if not match:
+        return None
+
+    try:
+        if json.loads(match.group(1))['type'] == 'scan_start':
+            return True
+    except (JSONDecodeError, AttributeError, KeyError) as e:
+        logger.warning(f"Couldn't load a log line into json object. Reason {e}")
+
+
+def callback_get_scan_timestap(line):
+    """
+    Get the timestamp for the end of the initial scan or a scheduled scan
+    """
+    msg = r'.*Sending FIM event: (.+)$'
+    match = re.match(msg, line)
+    if not match:
+        return None
+    try:
+        if json.loads(match.group(1))['type'] == 'scan_end':
+            return json.loads(match.group(1))['data']['timestamp']
+    except (JSONDecodeError, AttributeError, KeyError) as e:
+        logger.warning(f"Couldn't load a log line into json object. Reason {e}")
+
+
 def callback_detect_event(line):
+    """
+    Detect an 'event' type FIM log.
+    """
     msg = r'.*Sending FIM event: (.+)$'
     match = re.match(msg, line)
     if not match:
@@ -2266,6 +2300,16 @@ def detect_initial_scan(file_monitor):
                        error_message='Did not receive expected "File integrity monitoring scan ended" event')
 
 
+def detect_initial_scan_start(file_monitor):
+    """Detect initial scan start when restarting Wazuh.
+
+    Args:
+        file_monitor (FileMonitor): file log monitor to detect events
+    """
+    file_monitor.start(timeout=60, callback=callback_detect_scan_start,
+                       error_message='Did not receive expected "File integrity monitoring scan started" event')
+
+
 def detect_realtime_start(file_monitor):
     """Detect realtime engine start when restarting Wazuh.
 
@@ -2287,6 +2331,17 @@ def detect_whodata_start(file_monitor):
                                      '"File integrity monitoring real-time Whodata engine started" event')
 
 
+def get_scan_timestamp(file_monitor):
+    """Get the timestamp for the for the end of a scan
+
+    Args:
+        file_monitor (FileMonitor): file log monitor to detect events
+    """
+    timestamp = file_monitor.start(timeout=60, callback=callback_get_scan_timestap,
+                       error_message='Did not receive expected "File integrity monitoring scan ended" event').result()
+    return timestamp
+
+
 def wait_for_audit(whodata, monitor):
     """Wait for the audit callback if we are using whodata monitoring.
     Args:

diff --git a/deps/wazuh_testing/wazuh_testing/tools/file.py b/deps/wazuh_testing/wazuh_testing/tools/file.py
@@ -156,6 +156,17 @@ def write_yaml_file(file_path, data, allow_unicode=True, sort_keys=False):
     write_file(file_path, yaml.dump(data, allow_unicode=allow_unicode, sort_keys=sort_keys))
 
 
+def rename_file(file_path, new_path):
+    """
+    Renames a file
+    Args:
+        file_path (str): File path of the file to rename.
+        new_path (str): New file path after rename.
+    """
+    if os.path.exists(file_path):
+        os.rename(file_path, new_path)
+
+
 def delete_file(file_path):
     if os.path.exists(file_path):
         os.remove(file_path)
@@ -412,6 +423,25 @@ def count_file_lines(filepath):
         return sum(1 for line in file if line.strip())
 
 
+def create_large_file(directory, file_path):
+    """ Create a large file
+    Args:
+         directory(str): directory where the file will be genarated
+         file_path(str): absolute path of the file
+    """
+    # If path exists delete it
+    if os.path.exists(directory):
+        delete_path_recursively(directory)
+    # create directory
+    os.mkdir(directory)
+    file_size = 1024 * 1024 * 960  # 968 MB
+    chunksize = 1024 * 768
+    # create file and write to it.
+    with open(file_path, "a") as f:
+        while os.stat(file_path).st_size < file_size:
+            f.write(random.choice(string.printable) * chunksize)
+
+
 def download_text_file(file_url, local_destination_path):
     """Download a remote file with text/plain content type.
 

diff --git a/tests/integration/test_fim/test_files/conftest.py b/tests/integration/test_fim/test_files/conftest.py
@@ -4,36 +4,73 @@
 
 import pytest
 
-from wazuh_testing.fim import LOG_FILE_PATH, detect_initial_scan, detect_realtime_start, detect_whodata_start
+from wazuh_testing.fim import (LOG_FILE_PATH, detect_initial_scan, detect_realtime_start, detect_whodata_start, 
+                               detect_initial_scan_start)
 from wazuh_testing.tools.file import truncate_file
 from wazuh_testing.tools.monitoring import FileMonitor
 from wazuh_testing.tools.services import control_service
 
 
-@pytest.fixture(scope='module')
+@pytest.fixture(scope="module")
 def restart_syscheckd(get_configuration, request):
     """
     Reset ossec.log and start a new monitor.
     """
-    control_service('stop', daemon='wazuh-syscheckd')
+    control_service("stop", daemon="wazuh-syscheckd")
     truncate_file(LOG_FILE_PATH)
     file_monitor = FileMonitor(LOG_FILE_PATH)
-    setattr(request.module, 'wazuh_log_monitor', file_monitor)
-    control_service('start', daemon='wazuh-syscheckd')
+    setattr(request.module, "wazuh_log_monitor", file_monitor)
+    control_service("start", daemon="wazuh-syscheckd")
 
 
-@pytest.fixture(scope='module')
+@pytest.fixture(scope="function")
+def restart_syscheckd_function(get_configuration, request):
+    """
+    Restart syscheckd daemon.
+    """
+    control_service("stop", daemon="wazuh-syscheckd")
+    truncate_file(LOG_FILE_PATH)
+    file_monitor = FileMonitor(LOG_FILE_PATH)
+    setattr(request.module, "wazuh_log_monitor", file_monitor)
+    control_service("start", daemon="wazuh-syscheckd")
+
+
+@pytest.fixture(scope="module")
 def wait_for_fim_start(get_configuration, request):
+    """
+    Wait for fim to start 
+    """
+    wait_for_fim_active(get_configuration, request)
+
+
+@pytest.fixture(scope="function")
+def wait_for_fim_start_function(get_configuration, request):
+    """
+    Wait for fim to start
+    """
+    wait_for_fim_start(get_configuration, request)
+
+
+@pytest.fixture(scope="function")
+def wait_for_scan_start(get_configuration, request):
+    """
+    Wait for start of initial FIM scan.
+    """
+    file_monitor = getattr(request.module, "wazuh_log_monitor")
+    detect_initial_scan_start(file_monitor)
+
+
+def wait_for_fim_active(get_configuration, request):
     """
     Wait for realtime start, whodata start or end of initial FIM scan.
     """
-    file_monitor = getattr(request.module, 'wazuh_log_monitor')
-    mode_key = 'fim_mode' if 'fim_mode2' not in get_configuration['metadata'] else 'fim_mode2'
+    file_monitor = getattr(request.module, "wazuh_log_monitor")
+    mode_key = "fim_mode" if "fim_mode2" not in get_configuration["metadata"] else "fim_mode2"
 
     try:
-        if get_configuration['metadata'][mode_key] == 'realtime':
+        if get_configuration["metadata"][mode_key] == "realtime":
             detect_realtime_start(file_monitor)
-        elif get_configuration['metadata'][mode_key] == 'whodata':
+        elif get_configuration["metadata"][mode_key] == "whodata":
             detect_whodata_start(file_monitor)
         else:  # scheduled
             detect_initial_scan(file_monitor)