-
Notifications
You must be signed in to change notification settings - Fork 30
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #2358 from wazuh/2320-refactor-test-synchronization
Refactor FIM `test_synchronization` according to new standard (1)
- Loading branch information
Showing
14 changed files
with
695 additions
and
263 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Empty file.
58 changes: 58 additions & 0 deletions
58
deps/wazuh_testing/wazuh_testing/fim_module/fim_synchronization.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,58 @@ | ||
# Copyright (C) 2015-2021, Wazuh Inc. | ||
# Created by Wazuh, Inc. <info@wazuh.com>. | ||
# This program is free software; you can redistribute it and/or modify it under the terms of GPLv2 | ||
|
||
from wazuh_testing.fim import LOG_FILE_PATH, callback_detect_registry_integrity_state_event | ||
from wazuh_testing import global_parameters | ||
from wazuh_testing.fim_module.fim_variables import MAX_EVENTS_VALUE, REGISTRY_DBSYNC_NO_DATA | ||
from wazuh_testing.tools.monitoring import FileMonitor, callback_generator | ||
|
||
|
||
def get_sync_msgs(tout, new_data=True): | ||
"""Look for as many synchronization events as possible. | ||
This function will look for the synchronization messages until a Timeout is raised or 'max_events' is reached. | ||
Params: | ||
tout (int): Timeout that will be used to get the dbsync_no_data message. | ||
new_data (bool): Specifies if the test will wait the event `dbsync_no_data` | ||
Returns: | ||
A list with all the events in json format. | ||
""" | ||
wazuh_log_monitor = FileMonitor(LOG_FILE_PATH) | ||
events = [] | ||
if new_data: | ||
wazuh_log_monitor.start(timeout=tout, | ||
callback=callback_generator(REGISTRY_DBSYNC_NO_DATA), | ||
error_message='Did not receive expected ' | ||
'"db sync no data" event') | ||
for _ in range(0, MAX_EVENTS_VALUE): | ||
try: | ||
sync_event = wazuh_log_monitor.start(timeout=global_parameters.default_timeout, | ||
callback=callback_detect_registry_integrity_state_event, | ||
accum_results=1, | ||
error_message='Did not receive expected ' | ||
'Sending integrity control message"').result() | ||
except TimeoutError: | ||
break | ||
|
||
events.append(sync_event) | ||
|
||
return events | ||
|
||
|
||
def find_value_in_event_list(key_path, value_name, event_list): | ||
"""Function that looks for a key path and value_name in a list of json events. | ||
Params: | ||
path (str): Path of the registry key. | ||
value_name (str): Name of the value | ||
event_list (list): List containing the events in JSON format. | ||
Returns: | ||
The event that matches the specified path. None if no event was found. | ||
""" | ||
for event in event_list: | ||
if 'value_name' not in event.keys(): | ||
continue | ||
|
||
if event['path'] == key_path and event['value_name'] == value_name: | ||
return event | ||
|
||
return None |
40 changes: 40 additions & 0 deletions
40
deps/wazuh_testing/wazuh_testing/fim_module/fim_variables.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,40 @@ | ||
# Copyright (C) 2015-2021, Wazuh Inc. | ||
# Created by Wazuh, Inc. <info@wazuh.com>. | ||
# This program is free software; you can redistribute it and/or modify it under the terms of GPLv2 | ||
|
||
''' | ||
The purpose of this file is to contain all the variables necessary for FIM in order to be easier to | ||
maintain if one of them changes in the future. | ||
''' | ||
|
||
# Variables | ||
|
||
# Key variables | ||
WINDOWS_HKEY_LOCAL_MACHINE = 'HKEY_LOCAL_MACHINE' | ||
MONITORED_KEY = 'SOFTWARE\\random_key' | ||
WINDOWS_REGISTRY = 'WINDOWS_REGISTRY' | ||
|
||
|
||
# Value key | ||
SYNC_INTERVAL = 'SYNC_INTERVAL' | ||
SYNC_INTERVAL_VALUE = MAX_EVENTS_VALUE = 20 | ||
|
||
# Folders variables | ||
TEST_DIR_1 = 'testdir1' | ||
TEST_DIRECTORIES = 'TEST_DIRECTORIES' | ||
TEST_REGISTRIES = 'TEST_REGISTRIES' | ||
|
||
# FIM modules | ||
SCHEDULE_MODE = 'scheduled' | ||
|
||
# Yaml Configuration | ||
YAML_CONF_REGISTRY_RESPONSE = 'wazuh_conf_registry_responses_win32.yaml' | ||
YAML_CONF_SYNC_WIN32 = 'wazuh_sync_conf_win32.yaml' | ||
|
||
# Synchronization options | ||
SYNCHRONIZATION_ENABLED = 'SYNCHRONIZATION_ENABLED' | ||
SYNCHRONIZATION_REGISTRY_ENABLED = 'SYNCHRONIZATION_REGISTRY_ENABLED' | ||
|
||
# Callbacks message | ||
INTEGRITY_CONTROL_MESSAGE = r'.*Sending integrity control message: (.+)$' | ||
REGISTRY_DBSYNC_NO_DATA = r'.*#!-fim_registry dbsync no_data (.+)' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,18 @@ | ||
# Copyright (C) 2015-2021, Wazuh Inc. | ||
# Created by Wazuh, Inc. <info@wazuh.com>. | ||
# This program is free software; you can redistribute it and/or modify it under the terms of GPLv2 | ||
|
||
''' | ||
The purpose of this file is to contain all the variables necessary for Wazuh in order to be easier | ||
to maintain if one of them changes in the future. | ||
''' | ||
# Local internal options | ||
WINDOWS_DEBUG = 'windows.debug' | ||
VERBOSE_DEBUG_OUTPUT = 2 | ||
|
||
WAZUH_SERVICES_STOP = 'stop' | ||
WAZUH_SERVICES_START = 'start' | ||
|
||
# Configurations | ||
DATA = 'data' | ||
WAZUH_LOG_MONITOR = 'wazuh_log_monitor' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,36 @@ | ||
# Copyright (C) 2015-2021, Wazuh Inc. | ||
# Created by Wazuh, Inc. <info@wazuh.com>. | ||
# This program is free software; you can redistribute it and/or modify it under the terms of GPLv2 | ||
|
||
import pytest | ||
from wazuh_testing import global_parameters | ||
from wazuh_testing.tools.services import control_service | ||
from wazuh_testing.fim import (create_registry, registry_parser, KEY_WOW64_64KEY, delete_registry, | ||
LOG_FILE_PATH, callback_detect_registry_integrity_clear_event) | ||
from wazuh_testing.tools.file import truncate_file | ||
from wazuh_testing.fim_module.fim_variables import WINDOWS_HKEY_LOCAL_MACHINE, MONITORED_KEY, SYNC_INTERVAL_VALUE | ||
from wazuh_testing.wazuh_variables import WAZUH_SERVICES_START, WAZUH_SERVICES_STOP, WAZUH_LOG_MONITOR | ||
from wazuh_testing.tools.monitoring import FileMonitor | ||
|
||
|
||
@pytest.fixture(scope='function') | ||
def create_key(request): | ||
"""Fixture that create the test key And then delete the key and truncate the file. The aim of this | ||
fixture is to avoid false positives if the manager still has the test key | ||
in it's DB. | ||
""" | ||
control_service(WAZUH_SERVICES_STOP) | ||
create_registry(registry_parser[WINDOWS_HKEY_LOCAL_MACHINE], MONITORED_KEY, KEY_WOW64_64KEY) | ||
|
||
yield | ||
delete_registry(registry_parser[WINDOWS_HKEY_LOCAL_MACHINE], MONITORED_KEY, KEY_WOW64_64KEY) | ||
control_service(WAZUH_SERVICES_STOP) | ||
truncate_file(LOG_FILE_PATH) | ||
file_monitor = FileMonitor(LOG_FILE_PATH) | ||
setattr(request.module, WAZUH_LOG_MONITOR, file_monitor) | ||
control_service(WAZUH_SERVICES_START) | ||
|
||
# wait until the sync is done. | ||
file_monitor.start(timeout=SYNC_INTERVAL_VALUE + global_parameters.default_timeout, | ||
callback=callback_detect_registry_integrity_clear_event, | ||
error_message='Did not receive expected "integrity clear" event') |
71 changes: 0 additions & 71 deletions
71
tests/integration/test_fim/test_synchronization/data/wazuh_disabled_sync_conf_win32.yaml
This file was deleted.
Oops, something went wrong.
28 changes: 28 additions & 0 deletions
28
tests/integration/test_fim/test_synchronization/data/wazuh_sync_conf_win32.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,28 @@ | ||
|
||
# Configuration for sync disabled | ||
- tags: | ||
- sync_disabled | ||
apply_to_modules: | ||
- test_sync_disabled_win32 | ||
- test_sync_enabled_win32 | ||
- test_sync_registry_disabled_win32 | ||
- test_sync_registry_enabled_win32 | ||
sections: | ||
- section: syscheck | ||
elements: | ||
- disabled: | ||
value: 'no' | ||
- synchronization: | ||
elements: | ||
- enabled: | ||
value: SYNCHRONIZATION_ENABLED | ||
- registry_enabled: | ||
value: SYNCHRONIZATION_REGISTRY_ENABLED | ||
- directories: | ||
value: TEST_DIRECTORIES | ||
attributes: | ||
- FIM_MODE | ||
- windows_registry: | ||
value: TEST_REGISTRIES | ||
attributes: | ||
- arch: "both" |
Oops, something went wrong.