Merge pull request #4286 from wazuh/4281-add-analysisd-decoder-test

Add an integration test to check the wazuh-analysisd's decoder parser
wazuh · Jul 13, 2023 · 989f966 · 989f966
2 parents 43bfe59 + 145d456
commit 989f966
Show file tree

Hide file tree

Showing 2 changed files with 53 additions and 13 deletions.
diff --git a/tests/integration/test_logtest/test_invalid_rule_decoders_syntax/data/custom_decoder_11.xml b/tests/integration/test_logtest/test_invalid_rule_decoders_syntax/data/custom_decoder_11.xml
@@ -0,0 +1,6 @@
+<!-- Test: invalid regex offset-->
+<decoder name="sudo-fields">
+  <parent>sudo</parent>
+  <regex offset="after_regex">(\S+)</regex>
+  <order>boom</order>
+</decoder>
diff --git a/...tegration/test_logtest/test_invalid_rule_decoders_syntax/data/invalid_decoder_syntax.yaml b/...tegration/test_logtest/test_invalid_rule_decoders_syntax/data/invalid_decoder_syntax.yaml
@@ -2,77 +2,111 @@
 -
   name: "Invalid decoder syntax: garbage file"
   decoder: "custom_decoder_0.xml"
-  input: '{"version":1,"origin":{"name":"Integration Test","module":"api"},"command":"log_processing","parameters":{"event": "dummy log","log_format": "syslog","location": "master->/var/log/syslog"}}'
+  input: >-
+    {"version":1,"origin":{"name":"Integration Test","module":"api"},"command":"log_processing","parameters":{"event":
+    "dummy log","log_format": "syslog","location": "master->/var/log/syslog"}}
   output_error: 0
-  output_data_msg: "(1226): Error reading XML file 'etc/decoders/custom_decoder_0.xml': XMLERR: Attribute 'is' has no value. (line 2)."
+  output_data_msg: >-
+    (1226): Error reading XML file 'etc/decoders/custom_decoder_0.xml': XMLERR: Attribute 'is' has no value. (line 2).
   output_data_codemsg: -1
 -
   name: "Invalid decoder syntax: no closing XML tag"
   decoder: "custom_decoder_1.xml"
-  input: '{"version":1,"origin":{"name":"Integration Test","module":"api"},"command":"log_processing","parameters":{"event": "dummy log","log_format": "syslog","location": "master->/var/log/syslog"}}'
+  input: >-
+    {"version":1,"origin":{"name":"Integration Test","module":"api"},"command":"log_processing","parameters":{"event":
+    "dummy log","log_format": "syslog","location": "master->/var/log/syslog"}}
   output_error: 0
-  output_data_msg: "(1226): Error reading XML file 'etc/decoders/custom_decoder_1.xml': XMLERR: End of file and some elements were not closed. (line 3)."
+  output: >-
+    ata_msg: "(1226): Error reading XML file 'etc/decoders/custom_decoder_1.xml': XMLERR: End of file and some elements
+    were not closed. (line 3).
   output_data_codemsg: -1
 -
   name: "Invalid decoder syntax: no existing parent"
   decoder: "custom_decoder_2.xml"
-  input: '{"version":1,"origin":{"name":"Integration Test","module":"api"},"command":"log_processing","parameters":{"event": "dummy log","log_format": "syslog","location": "master->/var/log/syslog"}}'
+  input: >-
+    {"version":1,"origin":{"name":"Integration Test","module":"api"},"command":"log_processing","parameters":{"event":
+    "dummy log","log_format": "syslog","location": "master->/var/log/syslog"}}
   output_error: 0
   output_data_msg: "(2101): Parent decoder name invalid: 'test-parent'."
   output_data_codemsg: -1
 -
   name: "Invalid decoder syntax: no existing attribute"
   decoder: "custom_decoder_3.xml"
-  input: '{"version":1,"origin":{"name":"Integration Test","module":"api"},"command":"log_processing","parameters":{"event": "dummy log","log_format": "syslog","location": "master->/var/log/syslog"}}'
+  input: >-
+    {"version":1,"origin":{"name":"Integration Test","module":"api"},"command":"log_processing","parameters":{"event":
+    "dummy log","log_format": "syslog","location": "master->/var/log/syslog"}}
   output_error: 0
   output_data_msg: "Invalid element 'invalid_field' for decoder 'decoder'"
   output_data_codemsg: -1
 -
   name: "Invalid decoder syntax: decoder with no name"
   decoder: "custom_decoder_4.xml"
-  input: '{"version":1,"origin":{"name":"Integration Test","module":"api"},"command":"log_processing","parameters":{"event": "dummy log","log_format": "syslog","location": "master->/var/log/syslog"}}'
+  input: >-
+    {"version":1,"origin":{"name":"Integration Test","module":"api"},"command":"log_processing","parameters":{"event":
+    "dummy log","log_format": "syslog","location": "master->/var/log/syslog"}}
   output_error: 0
   output_data_msg: "(1230): Invalid element in the configuration: 'decoder'."
   output_data_codemsg: -1
 -
   name: "Invalid decoder syntax: regex attribute without order attribute"
   decoder: "custom_decoder_5.xml"
-  input: '{"version":1,"origin":{"name":"Integration Test","module":"api"},"command":"log_processing","parameters":{"event": "dummy log","log_format": "syslog","location": "master->/var/log/syslog"}}'
+  input: >-
+    {"version":1,"origin":{"name":"Integration Test","module":"api"},"command":"log_processing","parameters":{"event":
+    "dummy log","log_format": "syslog","location": "master->/var/log/syslog"}}
   output_error: 0
   output_data_msg: "(2107): Decoder configuration error: 'test'."
   output_data_codemsg: -1
 -
   name: "Invalid decoder syntax: regex attribute without prematch/program_name/parent attribute"
   decoder: "custom_decoder_6.xml"
-  input: '{"version":1,"origin":{"name":"Integration Test","module":"api"},"command":"log_processing","parameters":{"event": "dummy log","log_format": "syslog","location": "master->/var/log/syslog"}}'
+  input: >-
+    {"version":1,"origin":{"name":"Integration Test","module":"api"},"command":"log_processing","parameters":{"event":
+    "dummy log","log_format": "syslog","location": "master->/var/log/syslog"}}
   output_error: 0
   output_data_msg: "(2108): No 'prematch' found in decoder: 'test'."
   output_data_codemsg: -1
 -
   name: "Invalid decoder syntax: order attribute without regex attribute"
   decoder: "custom_decoder_7.xml"
-  input: '{"version":1,"origin":{"name":"Integration Test","module":"api"},"command":"log_processing","parameters":{"event": "dummy log","log_format": "syslog","location": "master->/var/log/syslog"}}'
+  input: >-
+    {"version":1,"origin":{"name":"Integration Test","module":"api"},"command":"log_processing","parameters":{"event":
+    "dummy log","log_format": "syslog","location": "master->/var/log/syslog"}}
   output_error: 0
   output_data_msg: "(2107): Decoder configuration error: 'test'."
   output_data_codemsg: -1
 -
   name: "Invalid decoder syntax: two-level order parenting"
   decoder: "custom_decoder_8.xml"
-  input: '{"version":1,"origin":{"name":"Integration Test","module":"api"},"command":"log_processing","parameters":{"event": "dummy log","log_format": "syslog","location": "master->/var/log/syslog"}}'
+  input: >-
+    {"version":1,"origin":{"name":"Integration Test","module":"api"},"command":"log_processing","parameters":{"event":
+    "dummy log","log_format": "syslog","location": "master->/var/log/syslog"}}
   output_error: 0
   output_data_msg: "(2101): Parent decoder name invalid: 'name1'."
   output_data_codemsg: -1
 -
   name: "Invalid decoder syntax: invalid plugin_decoder"
   decoder: "custom_decoder_9.xml"
-  input: '{"version":1,"origin":{"name":"Integration Test","module":"api"},"command":"log_processing","parameters":{"event": "dummy log","log_format": "syslog","location": "master->/var/log/syslog"}}'
+  input: >-
+    {"version":1,"origin":{"name":"Integration Test","module":"api"},"command":"log_processing","parameters":{"event":
+    "dummy log","log_format": "syslog","location": "master->/var/log/syslog"}}
   output_error: 0
   output_data_msg: "(2110): Invalid decoder argument for plugin_decoder: 'INVALID_Decoder'."
   output_data_codemsg: -1
 -
   name: "Invalid decoder syntax: invalid offset"
   decoder: "custom_decoder_10.xml"
-  input: '{"version":1,"origin":{"name":"Integration Test","module":"api"},"command":"log_processing","parameters":{"event": "dummy log","log_format": "syslog","location": "master->/var/log/syslog"}}'
+  input: >-
+    {"version":1,"origin":{"name":"Integration Test","module":"api"},"command":"log_processing","parameters":{"event":
+    "dummy log","log_format": "syslog","location": "master->/var/log/syslog"}}
   output_error: 0
   output_data_msg: "(2107): Decoder configuration error: 'name'."
   output_data_codemsg: -1
+-
+  name: "Invalid decoder syntax: invalid offset"
+  decoder: "custom_decoder_11.xml"
+  input: >-
+    {"version":1,"origin":{"name":"Integration Test","module":"api"},"command":"log_processing","parameters":{"event":
+    "dummy log","log_format": "syslog","location": "master->/var/log/syslog"}}
+  output_error: 0
+  output_data_msg: "ERROR: (2120): Invalid offset value: 'sudo-fields'"
+  output_data_codemsg: -1