def test_load_rules_from_file(rule_file, rule_path, rule_status, exception):
"""Test set_groups rule core function."""
try:
result = rule.load_rules_from_file(rule_file, rule_path, rule_status)
for r in result:
assert r['filename'] == rule_file
assert r['relative_dirname'] == rule_path
assert r['status'] == rule_status
except WazuhError as e:
assert e.code == exception.code
def test_load_rules_from_file_details():
"""Test set_groups rule core function."""
rule_file = '9999-rules_regex_test.xml'
rule_path = 'tests/data/rules'
details_result = {
'id': {
'pattern': 'this is a wildcard'
},
'test_field_name': {
'pattern': 'test_field_value',
'type': 'osmatch'
},
'match': {
'pattern': 'test_match_1test_match_2test_match_3',
'negate': 'yes'
},
'regex': {
'pattern': 'test_regex',
'type': 'osregex'
}
}
result = rule.load_rules_from_file(rule_file, rule_path, 'enabled')
assert result[0]['details'] == details_result
def test_load_rules_from_file_permissions(mock_load):
"""Test set_groups rule core function."""
with pytest.raises(WazuhError, match='.* 1207 .*'):
rule.load_rules_from_file('nopermissions.xml', 'tests/data/rules',
'disabled')
def test_load_rules_from_file_unknown(mock_load):
"""Test set_groups rule core function."""
with pytest.raises(OSError, match='.*[Errno 8].*'):
rule.load_rules_from_file('unknown.xml', 'tests/data/rules',
'disabled')
def get_rules(rule_ids=None,
status=None,
group=None,
pci_dss=None,
gpg13=None,
gdpr=None,
hipaa=None,
nist_800_53=None,
tsc=None,
mitre=None,
relative_dirname=None,
filename=None,
level=None,
offset=0,
limit=common.database_limit,
select=None,
sort_by=None,
sort_ascending=True,
search_text=None,
complementary_search=False,
search_in_fields=None,
q=''):
"""Gets a list of rules.
:param rule_ids: IDs of rules.
:param status: Filters the rules by status.
:param group: Filters the rules by group.
:param pci_dss: Filters the rules by pci_dss requirement.
:param gpg13: Filters the rules by gpg13 requirement.
:param gdpr: Filters the rules by gdpr requirement.
:param hipaa: Filters the rules by hipaa requirement.
:param nist_800_53: Filters the rules by nist_800_53 requirement.
:param tsc: Filters the rules by tsc requirement.
:param mitre: Filters the rules by mitre attack ID.
:param relative_dirname: Filters the relative dirname.
:param filename: List of filenames to filter by.
:param level: Filters the rules by level. level=2 or level=2-5.
:param offset: First item to return.
:param limit: Maximum number of items to return.
:param select: List of selected fields to return
:param sort_by: Fields to sort the items by
:param sort_ascending: Sort in ascending (true) or descending (false) order
:param search_text: Text to search
:param complementary_search: Find items without the text to search
:param search_in_fields: Fields to search in
:param q: Defines query to filter.
:return: Dictionary: {'items': array of items, 'totalItems': Number of items (without applying the limit)}
"""
result = AffectedItemsWazuhResult(
none_msg='No rule was returned',
some_msg='Some rules were not returned',
all_msg='All selected rules were returned')
rules = list()
if rule_ids is None:
rule_ids = list()
levels = None
if level:
levels = level.split('-')
if len(levels) < 0 or len(levels) > 2:
raise WazuhError(1203)
for rule_file in get_rules_files(limit=None).affected_items:
rules.extend(
load_rules_from_file(rule_file['filename'],
rule_file['relative_dirname'],
rule_file['status']))
status = check_status(status)
status = ['enabled', 'disabled'] if status == 'all' else [status]
parameters = {
'groups': group,
'pci_dss': pci_dss,
'gpg13': gpg13,
'gdpr': gdpr,
'hipaa': hipaa,
'nist_800_53': nist_800_53,
'tsc': tsc,
'mitre': mitre,
'relative_dirname': relative_dirname,
'filename': filename,
'id': rule_ids,
'level': levels,
'status': status
}
original_rules = list(rules)
no_existent_ids = rule_ids[:]
for r in original_rules:
if r['id'] in no_existent_ids:
no_existent_ids.remove(r['id'])
for key, value in parameters.items():
if value:
if key == 'level' and (len(value) == 1 and int(value[0]) != r['level'] or len(value) == 2
and not int(value[0]) <= r['level'] <= int(value[1])) or \
(key == 'id' and r[key] not in value) or \
(key == 'filename' and r[key] not in filename) or \
(key == 'status' and r[key] not in value) or \
(not isinstance(value, list) and value not in r[key]):
rules.remove(r)
break
for rule_id in no_existent_ids:
result.add_failed_item(id_=rule_id, error=WazuhError(1208))
data = process_array(rules,
search_text=search_text,
search_in_fields=search_in_fields,
complementary_search=complementary_search,
select=select,
sort_by=sort_by,
sort_ascending=sort_ascending,
allowed_sort_fields=SORT_FIELDS,
offset=offset,
limit=limit,
q=q,
required_fields=REQUIRED_FIELDS)
result.affected_items = data['items']
result.total_affected_items = data['totalItems']
return result
