def test_load_rules_from_file(rule_file, rule_path, rule_status, exception): """Test set_groups rule core function.""" try: result = rule.load_rules_from_file(rule_file, rule_path, rule_status) for r in result: assert r['filename'] == rule_file assert r['relative_dirname'] == rule_path assert r['status'] == rule_status except WazuhError as e: assert e.code == exception.code
def test_load_rules_from_file_details(): """Test set_groups rule core function.""" rule_file = '9999-rules_regex_test.xml' rule_path = 'tests/data/rules' details_result = { 'id': { 'pattern': 'this is a wildcard' }, 'test_field_name': { 'pattern': 'test_field_value', 'type': 'osmatch' }, 'match': { 'pattern': 'test_match_1test_match_2test_match_3', 'negate': 'yes' }, 'regex': { 'pattern': 'test_regex', 'type': 'osregex' } } result = rule.load_rules_from_file(rule_file, rule_path, 'enabled') assert result[0]['details'] == details_result
def test_load_rules_from_file_permissions(mock_load): """Test set_groups rule core function.""" with pytest.raises(WazuhError, match='.* 1207 .*'): rule.load_rules_from_file('nopermissions.xml', 'tests/data/rules', 'disabled')
def test_load_rules_from_file_unknown(mock_load): """Test set_groups rule core function.""" with pytest.raises(OSError, match='.*[Errno 8].*'): rule.load_rules_from_file('unknown.xml', 'tests/data/rules', 'disabled')
def get_rules(rule_ids=None, status=None, group=None, pci_dss=None, gpg13=None, gdpr=None, hipaa=None, nist_800_53=None, tsc=None, mitre=None, relative_dirname=None, filename=None, level=None, offset=0, limit=common.database_limit, select=None, sort_by=None, sort_ascending=True, search_text=None, complementary_search=False, search_in_fields=None, q=''): """Gets a list of rules. :param rule_ids: IDs of rules. :param status: Filters the rules by status. :param group: Filters the rules by group. :param pci_dss: Filters the rules by pci_dss requirement. :param gpg13: Filters the rules by gpg13 requirement. :param gdpr: Filters the rules by gdpr requirement. :param hipaa: Filters the rules by hipaa requirement. :param nist_800_53: Filters the rules by nist_800_53 requirement. :param tsc: Filters the rules by tsc requirement. :param mitre: Filters the rules by mitre attack ID. :param relative_dirname: Filters the relative dirname. :param filename: List of filenames to filter by. :param level: Filters the rules by level. level=2 or level=2-5. :param offset: First item to return. :param limit: Maximum number of items to return. :param select: List of selected fields to return :param sort_by: Fields to sort the items by :param sort_ascending: Sort in ascending (true) or descending (false) order :param search_text: Text to search :param complementary_search: Find items without the text to search :param search_in_fields: Fields to search in :param q: Defines query to filter. :return: Dictionary: {'items': array of items, 'totalItems': Number of items (without applying the limit)} """ result = AffectedItemsWazuhResult( none_msg='No rule was returned', some_msg='Some rules were not returned', all_msg='All selected rules were returned') rules = list() if rule_ids is None: rule_ids = list() levels = None if level: levels = level.split('-') if len(levels) < 0 or len(levels) > 2: raise WazuhError(1203) for rule_file in get_rules_files(limit=None).affected_items: rules.extend( load_rules_from_file(rule_file['filename'], rule_file['relative_dirname'], rule_file['status'])) status = check_status(status) status = ['enabled', 'disabled'] if status == 'all' else [status] parameters = { 'groups': group, 'pci_dss': pci_dss, 'gpg13': gpg13, 'gdpr': gdpr, 'hipaa': hipaa, 'nist_800_53': nist_800_53, 'tsc': tsc, 'mitre': mitre, 'relative_dirname': relative_dirname, 'filename': filename, 'id': rule_ids, 'level': levels, 'status': status } original_rules = list(rules) no_existent_ids = rule_ids[:] for r in original_rules: if r['id'] in no_existent_ids: no_existent_ids.remove(r['id']) for key, value in parameters.items(): if value: if key == 'level' and (len(value) == 1 and int(value[0]) != r['level'] or len(value) == 2 and not int(value[0]) <= r['level'] <= int(value[1])) or \ (key == 'id' and r[key] not in value) or \ (key == 'filename' and r[key] not in filename) or \ (key == 'status' and r[key] not in value) or \ (not isinstance(value, list) and value not in r[key]): rules.remove(r) break for rule_id in no_existent_ids: result.add_failed_item(id_=rule_id, error=WazuhError(1208)) data = process_array(rules, search_text=search_text, search_in_fields=search_in_fields, complementary_search=complementary_search, select=select, sort_by=sort_by, sort_ascending=sort_ascending, allowed_sort_fields=SORT_FIELDS, offset=offset, limit=limit, q=q, required_fields=REQUIRED_FIELDS) result.affected_items = data['items'] result.total_affected_items = data['totalItems'] return result