def test_agent_elements(mock_agent_attr, mock_basic_info, mock_agents_info, element_type):
"""Tests every possible type of agent element
Iterate over each element type, call the get_item_agent function with that
parameter and verify that the response obtained contains all the expected
fields (found in core.get_valid_fields ()).
Parameters
----------
element_type : string
Type of element to get syscollector information from
"""
def valid_fields_asserter(rendered_result):
"""Check that all expected keys and subkeys are in the result."""
fields = get_valid_fields(Type(element_type))[1]
for field in fields.keys():
if field.__contains__('.'):
key, subkey = field.split('.')
results_subdict = rendered_result['data']['affected_items'][0][key]
assert subkey in results_subdict.keys(), f'Subkey "{subkey}" not found in result'
else:
assert field in rendered_result['data']['affected_items'][0].keys(), f'Key "{field}" not found in result'
with patch('wazuh.core.utils.WazuhDBConnection') as mock_wdb:
mock_wdb.return_value = InitWDBSocketMock(sql_schema_file='schema_syscollector_000.sql')
results = syscollector.get_item_agent(agent_list=['000'], element_type=element_type)
assert isinstance(results, AffectedItemsWazuhResult)
valid_fields_asserter(results.render())
def test_syscheck_files(socket_mock, agent_id, select, filters, distinct):
"""Test function `files` from syscheck module.
Parameters
----------
agent_id : list
Agent ID.
select :
List of parameters to show from the query.
filters : dict
Dict to filter out the result.
distinct : bool
True if all response items must be unique
"""
select_list = [
'date', 'mtime', 'file', 'size', 'perm', 'uname', 'gname', 'md5',
'sha1', 'sha256', 'inode', 'gid', 'uid', 'type', 'changes',
'attributes'
]
with patch('wazuh.core.utils.WazuhDBConnection') as mock_wdb:
mock_wdb.return_value = InitWDBSocketMock(
sql_schema_file='schema_syscheck_test.sql')
result = files(agent_id, select=select, filters=filters)
assert isinstance(result, AffectedItemsWazuhResult)
assert isinstance(result.affected_items, list)
select = select if select else select_list
for item in result.affected_items:
assert len(select) == len(item.keys())
assert (param in select for param in item.keys())
assert not any(
result.affected_items.count(item) > 1
for item in result.affected_items) if distinct else True
if filters:
for key, value in filters.items():
assert (item[key] == value for item in result.affected_items)
def test_get_item_agent(mock_agent_attr, mock_basic_info, mock_agents_info,
select, search):
"""Test get_item_agent method.
Verify that the get_item method returns an appropriate
and expected result after searching in the database.
Parameters
----------
select : list
Fields to be returned when searching in DB
search : dict
Looks for items with the specified string in DB.
"""
with patch('wazuh.core.utils.WazuhDBConnection') as mock_wdb:
mock_wdb.return_value = InitWDBSocketMock(
sql_schema_file='schema_syscollector_000.sql')
results = syscollector.get_item_agent(agent_list=['000'],
offset=0,
select=select,
search=search)
assert isinstance(results, AffectedItemsWazuhResult)
assert results.render(
)['data']['failed_items'] == [], 'No failed_items should be returned'
for result in results.render()['data']['affected_items']:
if select:
assert len(result.keys()) == len(
select
) + 1, f'"Select" not returning {len(select)} +1 elements.'
if search:
assert search['value'] in result['os'][
'name'], f'{search["value"]} not in result.'
def test_get_ciscat_results_select(agents_info_mock, socket_mock, select):
"""Check that only selected elements are returned
Parameters
----------
select : list
Fields to be returned.
"""
valid_fields = {
'scan', 'benchmark', 'profile', 'pass', 'fail', 'error', 'notchecked',
'unknown', 'score'
}
with patch('wazuh.core.utils.WazuhDBConnection') as mock_wdb:
mock_wdb.return_value = InitWDBSocketMock(sql_schema_file=db_file)
result = get_ciscat_results(agent_list=['001'],
select=select).render()['data']
# Check returned keys are the ones specified inside 'select' field
for item in result['affected_items']:
if select:
for select_item in select:
if '.' in select_item:
key, subkey = select_item.split('.')
assert subkey in item[key]
else:
assert select_item in item
for key in item.keys():
assert key in valid_fields if key != 'agent_id' else True
def test_get_ciscat_results_select_ko(agents_info_mock, socket_mock):
"""Check that expected exception is raised when select field is not allowed."""
with patch('wazuh.core.utils.WazuhDBConnection') as mock_wdb:
mock_wdb.return_value = InitWDBSocketMock(sql_schema_file=db_file)
with pytest.raises(WazuhError, match=r'\b1724\b'):
result = get_ciscat_results(agent_list=['001'],
select=['random']).render()['data']
def test_get_sca_list_search_param(mock_agent, mock_sca_agent):
"""
Checks only selected fields are loaded from database
"""
with patch('wazuh.core.utils.WazuhDBConnection') as mock_wdb:
mock_wdb.return_value = InitWDBSocketMock(
sql_schema_file='schema_sca_test.sql')
search = {'value': 'debian', 'negation': False}
result = get_sca_list(agent_list=['000'], search=search)
assert isinstance(result, AffectedItemsWazuhResult)
result = result.to_dict()
assert isinstance(result['total_affected_items'], int)
assert len(result['affected_items']) > 0
search = {'value': 'foo', 'negation': False}
result = get_sca_list(agent_list=['000'], search=search)
assert isinstance(result, AffectedItemsWazuhResult)
result = result.to_dict()
assert isinstance(result['total_affected_items'], int)
assert len(result['affected_items']) == 0
search = {'value': 'foo', 'negation': True}
result = get_sca_list(agent_list=['000'], search=search)
assert isinstance(result, AffectedItemsWazuhResult)
result = result.to_dict()
assert isinstance(result['total_affected_items'], int)
assert len(result['affected_items']) > 0
def test_get_sca_list(mock_agent, mock_sca_agent):
"""
Checks data are properly loaded from database
"""
with patch('wazuh.core.utils.WazuhDBConnection') as mock_wdb:
mock_wdb.return_value = InitWDBSocketMock(
sql_schema_file='schema_sca_test.sql')
result = get_sca_list(agent_list=['000'])
assert isinstance(result, AffectedItemsWazuhResult)
result = result.to_dict()
assert isinstance(result['total_affected_items'], int)
assert len(result['affected_items']) > 0
sca = result['affected_items'][0]
assert isinstance(sca, dict)
assert set(sca.keys()) == set(cols_returned_from_db_sca)
result = get_sca_list(agent_list=['999'])
assert isinstance(result, AffectedItemsWazuhResult)
result = result.to_dict()
assert isinstance(result['total_affected_items'], int)
assert result['total_affected_items'] == 0
assert len(result['affected_items']) == 0
assert result['total_failed_items'] == 1
assert len(result['failed_items']) == 1
failed = result['failed_items']
assert isinstance(list(failed.keys())[0], WazuhResourceNotFound)
assert list(failed.keys())[0].to_dict()['code'] == 1701
assert failed[list(failed.keys())[0]] == {'999'}
def test_sca_checks_select_and_q(mock_agent, mock_sca_agent):
"""
Tests filtering using q parameter and selecting multiple fields
"""
with patch('wazuh.core.utils.WazuhDBConnection') as mock_wdb:
mock_wdb.return_value = InitWDBSocketMock(
sql_schema_file='schema_sca_test.sql')
result = get_sca_checks(
'cis_debian',
agent_list=['000'],
q="rules.type!=file",
select=['compliance', 'policy_id', 'result', 'rules']).to_dict()
assert result['affected_items'][0]['rules'][0]['type'] != 'file'
assert set(result['affected_items'][0].keys()).issubset(
{'compliance', 'policy_id', 'result', 'rules'})
def test_get_sca_list_select_param(mock_agent, mock_sca_agent):
"""
Checks only selected fields are loaded from database
"""
with patch('wazuh.core.utils.WazuhDBConnection') as mock_wdb:
mock_wdb.return_value = InitWDBSocketMock(
sql_schema_file='schema_sca_test.sql')
fields = ['name', 'policy_id']
result = get_sca_list(agent_list=['000'], select=fields)
assert isinstance(result, AffectedItemsWazuhResult)
result = result.to_dict()
assert isinstance(result['total_affected_items'], int)
assert len(result['affected_items']) > 0
sca = result['affected_items'][0]
assert isinstance(sca, dict)
assert set(sca.keys()) == set(fields)
def test_failed_get_item_agent(mock_agent_attr, mock_basic_info, mock_agents_info, agent_list, expected_exception):
"""Test if get_item_agent method handle exceptions properly.
Parameters
----------
agent_list : list
List of agents IDs to search
expected_exception : int
Expected error code when triggering the exception.
"""
with patch('wazuh.core.utils.WazuhDBConnection') as mock_wdb:
mock_wdb.return_value = InitWDBSocketMock(sql_schema_file='schema_syscollector_000.sql')
results = syscollector.get_item_agent(agent_list=agent_list, offset=0, limit=500, nested=False)
assert expected_exception == results.render()['data']['failed_items'][0]['error']['code'], \
'Error code not expected'
def test_get_ciscat_results_filters(agents_info_mock, socket_mock, filters,
expected_scan_id):
"""Check that filters are correctly applied.
Parameters
----------
filters : dict
Filters to be applied and their values.
expected_scan_id : list
Expected IDs of the returned items.
"""
with patch('wazuh.core.utils.WazuhDBConnection') as mock_wdb:
mock_wdb.return_value = InitWDBSocketMock(sql_schema_file=db_file)
result = get_ciscat_results(agent_list=['001'],
filters=filters).render()['data']
for item in result['affected_items']:
assert item['scan']['id'] in expected_scan_id
def test_get_ciscat_results_sort(agents_info_mock, socket_mock, sort,
first_item):
"""Check if the the first item returned is expected when using sort parameter
Parameters
----------
sort : str
Field and order to sort by
first_item : int
Expected string to be contained in the log of the first returned element.
"""
with patch('wazuh.core.utils.WazuhDBConnection') as mock_wdb:
mock_wdb.return_value = InitWDBSocketMock(sql_schema_file=db_file)
result = get_ciscat_results(agent_list=['001'],
sort=parse_api_param(
sort, 'sort')).render()['data']
assert result['affected_items'][0]['scan']['id'] == first_item
def test_get_ciscat_results_search(agents_info_mock, socket_mock, search,
total_expected_items):
"""Check if the number of items returned is as expected when using the search parameter.
Parameters
----------
search : str
String to be searched in the database.
total_expected_items : int
Number of expected items to be returned.
"""
with patch('wazuh.core.utils.WazuhDBConnection') as mock_wdb:
mock_wdb.return_value = InitWDBSocketMock(sql_schema_file=db_file)
result = get_ciscat_results(agent_list=['001'],
search=parse_api_param(
search, 'search')).render()['data']
assert result['total_affected_items'] == total_expected_items
def test_syscheck_files(socket_mock, agent_id, select, filters, distinct):
"""Test function `files` from syscheck module.
Parameters
----------
agent_id : list
Agent ID.
select :
List of parameters to show from the query.
filters : dict
Dict to filter out the result.
distinct : bool
True if all response items must be unique
"""
select_list = [
'date', 'mtime', 'file', 'size', 'perm', 'uname', 'gname', 'md5',
'sha1', 'sha256', 'inode', 'gid', 'uid', 'type', 'changes',
'attributes', 'arch', 'value.name', 'value.type'
]
nested_fields = ['value']
with patch('wazuh.core.utils.WazuhDBConnection') as mock_wdb:
mock_wdb.return_value = InitWDBSocketMock(
sql_schema_file='schema_syscheck_test.sql')
select = select if select else select_list
result = files(agent_id, select=select, filters=filters)
assert isinstance(result, AffectedItemsWazuhResult)
assert isinstance(result.affected_items, list)
# Use flag for min_select_field, if file not in select, len(item.keys()) = len(select) + 1
flag_select_min = 1 if 'file' not in select else 0
for item in result.affected_items:
# Use flag for nested_fields in order to compare select and item.keys() lengths
flag_nested = 0
for nested_field in nested_fields:
if nested_field in item.keys():
flag_nested += sum(
1 for i in select if i.startswith(nested_field)) - 1
assert len(select) + flag_select_min == len(
item.keys()) + flag_nested
assert (param in select for param in item.keys())
assert not any(
result.affected_items.count(item) > 1
for item in result.affected_items) if distinct else True
if filters:
for key, value in filters.items():
assert (item[key] == value for item in result.affected_items)
def test_get_ciscat_results(agents_info_mock, socket_mock, limit):
"""Check if limit is correctly applied to get_ciscat_results() function
Parameters
----------
limit : int
Number of items to be returned.
"""
with patch('wazuh.core.utils.WazuhDBConnection') as mock_wdb:
mock_wdb.return_value = InitWDBSocketMock(sql_schema_file=db_file)
result = get_ciscat_results(agent_list=['001'],
limit=limit).render()['data']
limit = limit if limit else 2
assert len(result['affected_items']
) == limit and result['total_affected_items'] == 2
assert len(
result['failed_items']) == 0 and result['total_failed_items'] == 0
def test_get_sca_checks(mock_agent, mock_sca_agent):
"""
Checks sca checks data are properly loaded from database
"""
with patch('wazuh.core.utils.WazuhDBConnection') as mock_wdb:
mock_wdb.return_value = InitWDBSocketMock(
sql_schema_file='schema_sca_test.sql')
result = get_sca_checks('cis_debian', agent_list=['000'])
assert isinstance(result, AffectedItemsWazuhResult)
result = result.to_dict()
assert isinstance(result['total_affected_items'], int)
sca = result['affected_items']
assert isinstance(sca, list)
assert len(sca) > 0
assert set(sca[0].keys()).issubset(
set(fields_translation_sca_check.keys()) | {'compliance', 'rules'})
compliance = sca[0]['compliance']
assert isinstance(compliance, list)
assert len(compliance) > 0
assert set(compliance[0].keys()) == set(
fields_translation_sca_check_compliance.values())
# Check 0 result
result = get_sca_checks('not_exists', agent_list=['000'])
assert isinstance(result, AffectedItemsWazuhResult)
result = result.to_dict()
assert isinstance(result['total_affected_items'], int)
sca = result['affected_items']
assert isinstance(sca, list)
assert len(sca) == 0
result = get_sca_checks('cis_debian', agent_list=['999'])
assert isinstance(result, AffectedItemsWazuhResult)
result = result.to_dict()
assert isinstance(result['total_affected_items'], int)
assert result['total_affected_items'] == 0
assert len(result['affected_items']) == 0
assert result['total_failed_items'] == 1
assert len(result['failed_items']) == 1
failed = result['failed_items']
assert isinstance(list(failed.keys())[0], WazuhResourceNotFound)
assert list(failed.keys())[0].to_dict()['code'] == 1701
assert failed[list(failed.keys())[0]] == {'999'}
def test_get_ciscat_results_query(agents_info_mock, socket_mock, query,
total_expected_items, expected_scan_id):
"""Check if the number of items returned is as expected when using query parameter.
Parameters
----------
query : str
Query to be applied in the database
total_expected_items : int
Number of expected items to be returned.
expected_scan_id : list
Expected IDs of the returned items.
"""
with patch('wazuh.core.utils.WazuhDBConnection') as mock_wdb:
mock_wdb.return_value = InitWDBSocketMock(sql_schema_file=db_file)
result = get_ciscat_results(agent_list=['001'],
q=query).render()['data']
assert result['total_affected_items'] == total_expected_items
for item in result['affected_items']:
assert item['scan']['id'] in expected_scan_id
def test_get_ciscat_results(agents_info_mock, socket_mock, agent_id, exception):
"""Test function `get_ciscat_results` from ciscat module.
Parameters
----------
agent_id : list
List of agent IDs.
exception : bool
True if the code will go through an exception. False otherwise.
"""
with patch('wazuh.core.utils.WazuhDBConnection') as mock_wdb:
mock_wdb.return_value = InitWDBSocketMock(sql_schema_file='schema_ciscat_test.sql')
result = get_ciscat_results(agent_id)
assert isinstance(result, AffectedItemsWazuhResult)
if not exception:
assert result.affected_items
assert result.total_affected_items == 2
assert result.total_failed_items == 0
else:
assert not result.affected_items
assert result.total_failed_items == 1
assert result.total_affected_items == 0
def test_WazuhDBQuerySyscollector(mock_basic_info, mock_agents_info):
"""Verify that the method connects correctly to the database and returns the correct type."""
with patch('wazuh.core.utils.WazuhDBConnection') as mock_wdb:
mock_wdb.return_value = InitWDBSocketMock(
sql_schema_file='schema_syscollector_000.sql')
db_query = WazuhDBQuerySyscollector(agent_id='000',
offset=0,
limit=common.database_limit,
select=None,
search=None,
sort=None,
filters=None,
fields=get_valid_fields(
Type.OS, '000')[1],
table='sys_osinfo',
array=True,
nested=True,
query='')
db_query._filter_status(None)
data = db_query.run()
assert isinstance(db_query, WazuhDBQuerySyscollector) and isinstance(
data, dict)
(34, 8),
(49, 7),
(51, 1),
(67, 7),
(122, 9),
(149, 10),
(167, 6),
(171, 11),
(183, 35),
(230, 20),
(342, 58),
(521, 3),
(759, 9),
(893, 13),
])
@patch('wazuh.core.utils.WazuhDBConnection', return_value=InitWDBSocketMock(
sql_schema_file='schema_mitre_test.sql'))
def test_get_attack(mock_wdb, offset, limit):
"""Test if data are retrieved properly from Mitre database."""
# check error when limit = 0
try:
result = get_attack(offset=offset, limit=limit)
except Exception as e:
if e.code == 1406:
return
else:
raise e
# check result length
try:
assert len(result.affected_items) == limit
except AssertionError:
(49, 7),
(51, 1),
(67, 7),
(122, 9),
(149, 10),
(167, 6),
(171, 11),
(183, 35),
(230, 20),
(342, 58),
(521, 3),
(759, 9),
(893, 13),
])
@patch('wazuh.core.utils.WazuhDBConnection',
return_value=InitWDBSocketMock(sql_schema_file='schema_mitre_test.sql'))
def test_get_attack(mock_wdb, offset, limit):
"""Test if data are retrieved properly from Mitre database."""
# check error when limit = 0
try:
result = get_attack(offset=offset, limit=limit)
except Exception as e:
if e.code == 1406:
return
else:
raise e
# check result lenght
try:
assert len(result.affected_items) == limit
except AssertionError:
'data')
def fake_final_query(self):
"""
:return: The final task query
"""
return self._default_query(
) + f" WHERE task_id IN ({self.query}) LIMIT {self.limit} OFFSET :offset"
# Tests
@patch('wazuh.core.utils.WazuhDBConnection',
return_value=InitWDBSocketMock(sql_schema_file='schema_tasks_test.sql'))
@patch.object(WazuhDBQueryTask, '_final_query', fake_final_query)
def test_get_task_status_no_filter(mock_task_db):
"""Check system's tasks (No filters)
"""
result = task.get_task_status()
cur = get_fake_database_data('schema_tasks_test.sql').cursor()
cur.execute("SELECT COUNT(DISTINCT task_id) FROM tasks")
rows = cur.fetchone()
assert result.total_affected_items == rows[0]
@patch('wazuh.core.utils.WazuhDBConnection',
return_value=InitWDBSocketMock(sql_schema_file='schema_tasks_test.sql'))
@patch.object(WazuhDBQueryTask, '_final_query', fake_final_query)
def test_get_ciscat_results_ko(agents_info_mock, socket_mock):
"""Check that expected exception is raised when agent does not exist."""
with patch('wazuh.core.utils.WazuhDBConnection') as mock_wdb:
mock_wdb.return_value = InitWDBSocketMock(sql_schema_file=db_file)
result = get_ciscat_results(agent_list=['002']).render()['data']
assert result['total_failed_items'] == 1
