def test_WazuhDBQueryRootcheck_init(mock_info, mock_wazuhDBQuery,
mock_backend):
"""Test if WazuhDBQuery and WazuhDBBackend are called with expected parameters"""
test = rootcheck.WazuhDBQueryRootcheck(agent_id='100',
offset=1,
limit=1,
sort=None,
search='test',
select=['log'],
query='test',
count=True,
get_data=True,
distinct=False,
filters=None,
fields={})
mock_backend.assert_called_with('100')
mock_wazuhDBQuery.assert_called_with(
ANY,
offset=1,
limit=1,
table='pm_event',
sort=None,
search='test',
select=['log'],
fields={},
default_sort_field='date_last',
default_sort_order='DESC',
filters={},
query='test',
backend=ANY,
min_select_fields=set(),
count=True,
get_data=True,
distinct=False,
date_fields={'date_last', 'date_first'})
def test_WazuhDBQueryRootcheck_format_data_into_dictionary(
mock_info, mock_backend):
"""Test if format_data_into_dictionary() returns expected element"""
test = rootcheck.WazuhDBQueryRootcheck(
agent_id='100',
offset=1,
limit=1,
sort=None,
search='test',
select=['log', 'date_first', 'status', 'date_last', 'cis', 'pci_dss'],
query='',
count=True,
get_data=True,
distinct=False,
fields=rootcheck.WazuhDBQueryRootcheck.fields,
filters={
'status': 'all',
'pci_dss': None,
'cis': None
})
test._add_select_to_query()
test._data = [{
'log': 'Testing',
'date_first': 1603645251,
'status': 'solved',
'date_last': 1603648851,
'cis': '2.3 Debian Linux',
'pci_dss': '4.1'
}]
result = test._format_data_into_dictionary()
assert result['items'][0]['date_first'] == datetime.utcfromtimestamp(1603645251).strftime(date_format) and\
result['items'][0]['date_last'] == datetime.utcfromtimestamp(1603648851).strftime(date_format)
def test_WazuhDBQueryRootcheck_filter_status(mock_info, mock_backend, status,
expected_items):
"""Test if the query has the expected items after calling _filter_status() method
Parameters
----------
status : str
Status to filter by
expected_items : list
Items which should be included in the query depending on the selected status
"""
test = rootcheck.WazuhDBQueryRootcheck(agent_id='100',
offset=1,
limit=1,
sort=None,
search='test',
select=['log'],
query='',
count=True,
get_data=True,
distinct=False,
fields={},
filters={
'status': 'all',
'pci_dss': None,
'cis': None
})
test._filter_status({'value': status})
assert all(item in test.query for item in expected_items)
def test_WazuhDBQueryRootcheck_default_query(mock_info, mock_backend,
distinct):
"""Test if default query is changed according to distinct parameter
Parameters
----------
distinct : bool
Whether to apply distinct to query
"""
test = rootcheck.WazuhDBQueryRootcheck(agent_id='100',
offset=1,
limit=1,
sort=None,
search='test',
select=['log'],
query='test',
count=True,
get_data=True,
distinct=distinct,
filters=None,
fields={})
if distinct:
assert test._default_query() == "SELECT DISTINCT {0} FROM "
else:
assert test._default_query() == "SELECT {0} FROM "
def test_WazuhDBQueryRootcheck_filter_status_ko(mock_info, mock_backend):
"""Test if expected exception is raised when status does not exist"""
test = rootcheck.WazuhDBQueryRootcheck(agent_id='100', offset=1, limit=1, sort=None, search='test', select=['log'],
query='', count=True, get_data=True, distinct=False, fields={},
filters={'status': 'all', 'pci_dss': None, 'cis': None})
with pytest.raises(WazuhException, match=".* 1603 .*"):
test._filter_status({'value': 'test'})
def test_WazuhDBQueryRootcheck_parse_filters(mock_info, mock_backend):
"""Test if expected query_filters are created after calling _parse_filters() method."""
expected_query_filters = [{'value': 'all', 'field': 'status$0', 'operator': '=', 'separator': 'AND', 'level': 0},
{'value': None, 'field': 'pci_dss$0', 'operator': '=', 'separator': 'AND', 'level': 0},
{'value': None, 'field': 'cis$0', 'operator': '=', 'separator': '', 'level': 0}]
test = rootcheck.WazuhDBQueryRootcheck(agent_id='100', offset=1, limit=1, sort=None, search='test', select=['log'],
query='', count=True, get_data=True, distinct=False, fields={},
filters={'status': 'all', 'pci_dss': None, 'cis': None})
# Check it is empty before calling _parse_filters()
assert test.query_filters == []
test._parse_filters()
assert test.query_filters == expected_query_filters