def test_agent_elements(mock_agent_attr, mock_basic_info, mock_agents_info, element_type): """Tests every possible type of agent element Iterate over each element type, call the get_item_agent function with that parameter and verify that the response obtained contains all the expected fields (found in core.get_valid_fields ()). Parameters ---------- element_type : string Type of element to get syscollector information from """ def valid_fields_asserter(rendered_result): """Check that all expected keys and subkeys are in the result.""" fields = get_valid_fields(Type(element_type))[1] for field in fields.keys(): if field.__contains__('.'): key, subkey = field.split('.') results_subdict = rendered_result['data']['affected_items'][0][key] assert subkey in results_subdict.keys(), f'Subkey "{subkey}" not found in result' else: assert field in rendered_result['data']['affected_items'][0].keys(), f'Key "{field}" not found in result' with patch('wazuh.core.utils.WazuhDBConnection') as mock_wdb: mock_wdb.return_value = InitWDBSocketMock(sql_schema_file='schema_syscollector_000.sql') results = syscollector.get_item_agent(agent_list=['000'], element_type=element_type) assert isinstance(results, AffectedItemsWazuhResult) valid_fields_asserter(results.render())
def test_syscheck_files(socket_mock, agent_id, select, filters, distinct): """Test function `files` from syscheck module. Parameters ---------- agent_id : list Agent ID. select : List of parameters to show from the query. filters : dict Dict to filter out the result. distinct : bool True if all response items must be unique """ select_list = [ 'date', 'mtime', 'file', 'size', 'perm', 'uname', 'gname', 'md5', 'sha1', 'sha256', 'inode', 'gid', 'uid', 'type', 'changes', 'attributes' ] with patch('wazuh.core.utils.WazuhDBConnection') as mock_wdb: mock_wdb.return_value = InitWDBSocketMock( sql_schema_file='schema_syscheck_test.sql') result = files(agent_id, select=select, filters=filters) assert isinstance(result, AffectedItemsWazuhResult) assert isinstance(result.affected_items, list) select = select if select else select_list for item in result.affected_items: assert len(select) == len(item.keys()) assert (param in select for param in item.keys()) assert not any( result.affected_items.count(item) > 1 for item in result.affected_items) if distinct else True if filters: for key, value in filters.items(): assert (item[key] == value for item in result.affected_items)
def test_get_item_agent(mock_agent_attr, mock_basic_info, mock_agents_info, select, search): """Test get_item_agent method. Verify that the get_item method returns an appropriate and expected result after searching in the database. Parameters ---------- select : list Fields to be returned when searching in DB search : dict Looks for items with the specified string in DB. """ with patch('wazuh.core.utils.WazuhDBConnection') as mock_wdb: mock_wdb.return_value = InitWDBSocketMock( sql_schema_file='schema_syscollector_000.sql') results = syscollector.get_item_agent(agent_list=['000'], offset=0, select=select, search=search) assert isinstance(results, AffectedItemsWazuhResult) assert results.render( )['data']['failed_items'] == [], 'No failed_items should be returned' for result in results.render()['data']['affected_items']: if select: assert len(result.keys()) == len( select ) + 1, f'"Select" not returning {len(select)} +1 elements.' if search: assert search['value'] in result['os'][ 'name'], f'{search["value"]} not in result.'
def test_get_ciscat_results_select(agents_info_mock, socket_mock, select): """Check that only selected elements are returned Parameters ---------- select : list Fields to be returned. """ valid_fields = { 'scan', 'benchmark', 'profile', 'pass', 'fail', 'error', 'notchecked', 'unknown', 'score' } with patch('wazuh.core.utils.WazuhDBConnection') as mock_wdb: mock_wdb.return_value = InitWDBSocketMock(sql_schema_file=db_file) result = get_ciscat_results(agent_list=['001'], select=select).render()['data'] # Check returned keys are the ones specified inside 'select' field for item in result['affected_items']: if select: for select_item in select: if '.' in select_item: key, subkey = select_item.split('.') assert subkey in item[key] else: assert select_item in item for key in item.keys(): assert key in valid_fields if key != 'agent_id' else True
def test_get_ciscat_results_select_ko(agents_info_mock, socket_mock): """Check that expected exception is raised when select field is not allowed.""" with patch('wazuh.core.utils.WazuhDBConnection') as mock_wdb: mock_wdb.return_value = InitWDBSocketMock(sql_schema_file=db_file) with pytest.raises(WazuhError, match=r'\b1724\b'): result = get_ciscat_results(agent_list=['001'], select=['random']).render()['data']
def test_get_sca_list_search_param(mock_agent, mock_sca_agent): """ Checks only selected fields are loaded from database """ with patch('wazuh.core.utils.WazuhDBConnection') as mock_wdb: mock_wdb.return_value = InitWDBSocketMock( sql_schema_file='schema_sca_test.sql') search = {'value': 'debian', 'negation': False} result = get_sca_list(agent_list=['000'], search=search) assert isinstance(result, AffectedItemsWazuhResult) result = result.to_dict() assert isinstance(result['total_affected_items'], int) assert len(result['affected_items']) > 0 search = {'value': 'foo', 'negation': False} result = get_sca_list(agent_list=['000'], search=search) assert isinstance(result, AffectedItemsWazuhResult) result = result.to_dict() assert isinstance(result['total_affected_items'], int) assert len(result['affected_items']) == 0 search = {'value': 'foo', 'negation': True} result = get_sca_list(agent_list=['000'], search=search) assert isinstance(result, AffectedItemsWazuhResult) result = result.to_dict() assert isinstance(result['total_affected_items'], int) assert len(result['affected_items']) > 0
def test_get_sca_list(mock_agent, mock_sca_agent): """ Checks data are properly loaded from database """ with patch('wazuh.core.utils.WazuhDBConnection') as mock_wdb: mock_wdb.return_value = InitWDBSocketMock( sql_schema_file='schema_sca_test.sql') result = get_sca_list(agent_list=['000']) assert isinstance(result, AffectedItemsWazuhResult) result = result.to_dict() assert isinstance(result['total_affected_items'], int) assert len(result['affected_items']) > 0 sca = result['affected_items'][0] assert isinstance(sca, dict) assert set(sca.keys()) == set(cols_returned_from_db_sca) result = get_sca_list(agent_list=['999']) assert isinstance(result, AffectedItemsWazuhResult) result = result.to_dict() assert isinstance(result['total_affected_items'], int) assert result['total_affected_items'] == 0 assert len(result['affected_items']) == 0 assert result['total_failed_items'] == 1 assert len(result['failed_items']) == 1 failed = result['failed_items'] assert isinstance(list(failed.keys())[0], WazuhResourceNotFound) assert list(failed.keys())[0].to_dict()['code'] == 1701 assert failed[list(failed.keys())[0]] == {'999'}
def test_sca_checks_select_and_q(mock_agent, mock_sca_agent): """ Tests filtering using q parameter and selecting multiple fields """ with patch('wazuh.core.utils.WazuhDBConnection') as mock_wdb: mock_wdb.return_value = InitWDBSocketMock( sql_schema_file='schema_sca_test.sql') result = get_sca_checks( 'cis_debian', agent_list=['000'], q="rules.type!=file", select=['compliance', 'policy_id', 'result', 'rules']).to_dict() assert result['affected_items'][0]['rules'][0]['type'] != 'file' assert set(result['affected_items'][0].keys()).issubset( {'compliance', 'policy_id', 'result', 'rules'})
def test_get_sca_list_select_param(mock_agent, mock_sca_agent): """ Checks only selected fields are loaded from database """ with patch('wazuh.core.utils.WazuhDBConnection') as mock_wdb: mock_wdb.return_value = InitWDBSocketMock( sql_schema_file='schema_sca_test.sql') fields = ['name', 'policy_id'] result = get_sca_list(agent_list=['000'], select=fields) assert isinstance(result, AffectedItemsWazuhResult) result = result.to_dict() assert isinstance(result['total_affected_items'], int) assert len(result['affected_items']) > 0 sca = result['affected_items'][0] assert isinstance(sca, dict) assert set(sca.keys()) == set(fields)
def test_failed_get_item_agent(mock_agent_attr, mock_basic_info, mock_agents_info, agent_list, expected_exception): """Test if get_item_agent method handle exceptions properly. Parameters ---------- agent_list : list List of agents IDs to search expected_exception : int Expected error code when triggering the exception. """ with patch('wazuh.core.utils.WazuhDBConnection') as mock_wdb: mock_wdb.return_value = InitWDBSocketMock(sql_schema_file='schema_syscollector_000.sql') results = syscollector.get_item_agent(agent_list=agent_list, offset=0, limit=500, nested=False) assert expected_exception == results.render()['data']['failed_items'][0]['error']['code'], \ 'Error code not expected'
def test_get_ciscat_results_filters(agents_info_mock, socket_mock, filters, expected_scan_id): """Check that filters are correctly applied. Parameters ---------- filters : dict Filters to be applied and their values. expected_scan_id : list Expected IDs of the returned items. """ with patch('wazuh.core.utils.WazuhDBConnection') as mock_wdb: mock_wdb.return_value = InitWDBSocketMock(sql_schema_file=db_file) result = get_ciscat_results(agent_list=['001'], filters=filters).render()['data'] for item in result['affected_items']: assert item['scan']['id'] in expected_scan_id
def test_get_ciscat_results_sort(agents_info_mock, socket_mock, sort, first_item): """Check if the the first item returned is expected when using sort parameter Parameters ---------- sort : str Field and order to sort by first_item : int Expected string to be contained in the log of the first returned element. """ with patch('wazuh.core.utils.WazuhDBConnection') as mock_wdb: mock_wdb.return_value = InitWDBSocketMock(sql_schema_file=db_file) result = get_ciscat_results(agent_list=['001'], sort=parse_api_param( sort, 'sort')).render()['data'] assert result['affected_items'][0]['scan']['id'] == first_item
def test_get_ciscat_results_search(agents_info_mock, socket_mock, search, total_expected_items): """Check if the number of items returned is as expected when using the search parameter. Parameters ---------- search : str String to be searched in the database. total_expected_items : int Number of expected items to be returned. """ with patch('wazuh.core.utils.WazuhDBConnection') as mock_wdb: mock_wdb.return_value = InitWDBSocketMock(sql_schema_file=db_file) result = get_ciscat_results(agent_list=['001'], search=parse_api_param( search, 'search')).render()['data'] assert result['total_affected_items'] == total_expected_items
def test_syscheck_files(socket_mock, agent_id, select, filters, distinct): """Test function `files` from syscheck module. Parameters ---------- agent_id : list Agent ID. select : List of parameters to show from the query. filters : dict Dict to filter out the result. distinct : bool True if all response items must be unique """ select_list = [ 'date', 'mtime', 'file', 'size', 'perm', 'uname', 'gname', 'md5', 'sha1', 'sha256', 'inode', 'gid', 'uid', 'type', 'changes', 'attributes', 'arch', 'value.name', 'value.type' ] nested_fields = ['value'] with patch('wazuh.core.utils.WazuhDBConnection') as mock_wdb: mock_wdb.return_value = InitWDBSocketMock( sql_schema_file='schema_syscheck_test.sql') select = select if select else select_list result = files(agent_id, select=select, filters=filters) assert isinstance(result, AffectedItemsWazuhResult) assert isinstance(result.affected_items, list) # Use flag for min_select_field, if file not in select, len(item.keys()) = len(select) + 1 flag_select_min = 1 if 'file' not in select else 0 for item in result.affected_items: # Use flag for nested_fields in order to compare select and item.keys() lengths flag_nested = 0 for nested_field in nested_fields: if nested_field in item.keys(): flag_nested += sum( 1 for i in select if i.startswith(nested_field)) - 1 assert len(select) + flag_select_min == len( item.keys()) + flag_nested assert (param in select for param in item.keys()) assert not any( result.affected_items.count(item) > 1 for item in result.affected_items) if distinct else True if filters: for key, value in filters.items(): assert (item[key] == value for item in result.affected_items)
def test_get_ciscat_results(agents_info_mock, socket_mock, limit): """Check if limit is correctly applied to get_ciscat_results() function Parameters ---------- limit : int Number of items to be returned. """ with patch('wazuh.core.utils.WazuhDBConnection') as mock_wdb: mock_wdb.return_value = InitWDBSocketMock(sql_schema_file=db_file) result = get_ciscat_results(agent_list=['001'], limit=limit).render()['data'] limit = limit if limit else 2 assert len(result['affected_items'] ) == limit and result['total_affected_items'] == 2 assert len( result['failed_items']) == 0 and result['total_failed_items'] == 0
def test_get_sca_checks(mock_agent, mock_sca_agent): """ Checks sca checks data are properly loaded from database """ with patch('wazuh.core.utils.WazuhDBConnection') as mock_wdb: mock_wdb.return_value = InitWDBSocketMock( sql_schema_file='schema_sca_test.sql') result = get_sca_checks('cis_debian', agent_list=['000']) assert isinstance(result, AffectedItemsWazuhResult) result = result.to_dict() assert isinstance(result['total_affected_items'], int) sca = result['affected_items'] assert isinstance(sca, list) assert len(sca) > 0 assert set(sca[0].keys()).issubset( set(fields_translation_sca_check.keys()) | {'compliance', 'rules'}) compliance = sca[0]['compliance'] assert isinstance(compliance, list) assert len(compliance) > 0 assert set(compliance[0].keys()) == set( fields_translation_sca_check_compliance.values()) # Check 0 result result = get_sca_checks('not_exists', agent_list=['000']) assert isinstance(result, AffectedItemsWazuhResult) result = result.to_dict() assert isinstance(result['total_affected_items'], int) sca = result['affected_items'] assert isinstance(sca, list) assert len(sca) == 0 result = get_sca_checks('cis_debian', agent_list=['999']) assert isinstance(result, AffectedItemsWazuhResult) result = result.to_dict() assert isinstance(result['total_affected_items'], int) assert result['total_affected_items'] == 0 assert len(result['affected_items']) == 0 assert result['total_failed_items'] == 1 assert len(result['failed_items']) == 1 failed = result['failed_items'] assert isinstance(list(failed.keys())[0], WazuhResourceNotFound) assert list(failed.keys())[0].to_dict()['code'] == 1701 assert failed[list(failed.keys())[0]] == {'999'}
def test_get_ciscat_results_query(agents_info_mock, socket_mock, query, total_expected_items, expected_scan_id): """Check if the number of items returned is as expected when using query parameter. Parameters ---------- query : str Query to be applied in the database total_expected_items : int Number of expected items to be returned. expected_scan_id : list Expected IDs of the returned items. """ with patch('wazuh.core.utils.WazuhDBConnection') as mock_wdb: mock_wdb.return_value = InitWDBSocketMock(sql_schema_file=db_file) result = get_ciscat_results(agent_list=['001'], q=query).render()['data'] assert result['total_affected_items'] == total_expected_items for item in result['affected_items']: assert item['scan']['id'] in expected_scan_id
def test_get_ciscat_results(agents_info_mock, socket_mock, agent_id, exception): """Test function `get_ciscat_results` from ciscat module. Parameters ---------- agent_id : list List of agent IDs. exception : bool True if the code will go through an exception. False otherwise. """ with patch('wazuh.core.utils.WazuhDBConnection') as mock_wdb: mock_wdb.return_value = InitWDBSocketMock(sql_schema_file='schema_ciscat_test.sql') result = get_ciscat_results(agent_id) assert isinstance(result, AffectedItemsWazuhResult) if not exception: assert result.affected_items assert result.total_affected_items == 2 assert result.total_failed_items == 0 else: assert not result.affected_items assert result.total_failed_items == 1 assert result.total_affected_items == 0
def test_WazuhDBQuerySyscollector(mock_basic_info, mock_agents_info): """Verify that the method connects correctly to the database and returns the correct type.""" with patch('wazuh.core.utils.WazuhDBConnection') as mock_wdb: mock_wdb.return_value = InitWDBSocketMock( sql_schema_file='schema_syscollector_000.sql') db_query = WazuhDBQuerySyscollector(agent_id='000', offset=0, limit=common.database_limit, select=None, search=None, sort=None, filters=None, fields=get_valid_fields( Type.OS, '000')[1], table='sys_osinfo', array=True, nested=True, query='') db_query._filter_status(None) data = db_query.run() assert isinstance(db_query, WazuhDBQuerySyscollector) and isinstance( data, dict)
(34, 8), (49, 7), (51, 1), (67, 7), (122, 9), (149, 10), (167, 6), (171, 11), (183, 35), (230, 20), (342, 58), (521, 3), (759, 9), (893, 13), ]) @patch('wazuh.core.utils.WazuhDBConnection', return_value=InitWDBSocketMock( sql_schema_file='schema_mitre_test.sql')) def test_get_attack(mock_wdb, offset, limit): """Test if data are retrieved properly from Mitre database.""" # check error when limit = 0 try: result = get_attack(offset=offset, limit=limit) except Exception as e: if e.code == 1406: return else: raise e # check result length try: assert len(result.affected_items) == limit except AssertionError:
(49, 7), (51, 1), (67, 7), (122, 9), (149, 10), (167, 6), (171, 11), (183, 35), (230, 20), (342, 58), (521, 3), (759, 9), (893, 13), ]) @patch('wazuh.core.utils.WazuhDBConnection', return_value=InitWDBSocketMock(sql_schema_file='schema_mitre_test.sql')) def test_get_attack(mock_wdb, offset, limit): """Test if data are retrieved properly from Mitre database.""" # check error when limit = 0 try: result = get_attack(offset=offset, limit=limit) except Exception as e: if e.code == 1406: return else: raise e # check result lenght try: assert len(result.affected_items) == limit except AssertionError:
'data') def fake_final_query(self): """ :return: The final task query """ return self._default_query( ) + f" WHERE task_id IN ({self.query}) LIMIT {self.limit} OFFSET :offset" # Tests @patch('wazuh.core.utils.WazuhDBConnection', return_value=InitWDBSocketMock(sql_schema_file='schema_tasks_test.sql')) @patch.object(WazuhDBQueryTask, '_final_query', fake_final_query) def test_get_task_status_no_filter(mock_task_db): """Check system's tasks (No filters) """ result = task.get_task_status() cur = get_fake_database_data('schema_tasks_test.sql').cursor() cur.execute("SELECT COUNT(DISTINCT task_id) FROM tasks") rows = cur.fetchone() assert result.total_affected_items == rows[0] @patch('wazuh.core.utils.WazuhDBConnection', return_value=InitWDBSocketMock(sql_schema_file='schema_tasks_test.sql')) @patch.object(WazuhDBQueryTask, '_final_query', fake_final_query)
def test_get_ciscat_results_ko(agents_info_mock, socket_mock): """Check that expected exception is raised when agent does not exist.""" with patch('wazuh.core.utils.WazuhDBConnection') as mock_wdb: mock_wdb.return_value = InitWDBSocketMock(sql_schema_file=db_file) result = get_ciscat_results(agent_list=['002']).render()['data'] assert result['total_failed_items'] == 1