def test_protected_get_requirement(mocked_config, mocked_glob, requirement, sort, search):
m = mock_open(read_data=rule_contents)
with patch('builtins.open', m):
if requirement == 'wrong':
with pytest.raises(WazuhException, match='.* 1205 .*'):
Rule._get_requirement(requirement)
else:
assert isinstance(Rule._get_requirement(requirement, sort=sort, search=search), dict)
def test_add_details(detail, value, details):
rule = Rule()
rule.details = dict(frozenset(details.items()))
rule.add_detail(detail, value)
if not details:
assert isinstance(rule.details[detail], str)
else:
assert isinstance(rule.details[detail], list)
def test_failed_get_rules_file(mock_config):
"""
Test failed get_rules_file function when ossec.conf don't have ruleset section
"""
m = mock_open(read_data=rule_contents)
with patch('builtins.open', m):
with pytest.raises(WazuhException, match=".* 1200 .*"):
Rule.get_rules_files()
def test_get_rules_file_pagination(mock_config, mock_glob, offset, limit, func):
"""
Tests getting rules files using offset and limit
"""
if limit > 0:
m = mock_open(read_data=rule_contents)
with patch('builtins.open', m):
d_files = func(offset=offset, limit=limit)
limit = d_files['totalItems'] if limit > d_files['totalItems'] else limit
assert d_files['totalItems'] == 3
assert len(d_files['items']) == (limit - offset if limit > offset else 0)
else:
with pytest.raises(WazuhException, match='.* 1406 .*'):
Rule.get_rules_files(offset=offset, limit=limit)
def test_get_groups(mock_config, mock_glob, arg):
m = mock_open(read_data=rule_contents)
with patch('builtins.open', m):
result = Rule.get_groups(**arg)
assert isinstance(result, dict)
assert set(result.keys()) == {'items', 'totalItems'}
def test_rule__compare__():
rule = Rule()
rule.id = '001'
rule_to_compare = Rule()
rule_to_compare.id = '002'
result = rule.__lt__(rule_to_compare)
assert isinstance(result, bool)
result = rule.__le__(rule_to_compare)
assert isinstance(result, bool)
result = rule.__gt__(rule_to_compare)
assert isinstance(result, bool)
result = rule.__ge__(rule_to_compare)
assert isinstance(result, bool)
def test_get_rules_file_search(mock_config, mock_glob, search, func):
"""
Tests getting rules files and searching results
"""
m = mock_open(read_data=rule_contents)
with patch('builtins.open', m):
d_files = Rule.get_rules_files(search=search)
if isinstance(d_files['items'][0], Rule):
d_files['items'] = list(
map(lambda x: x.to_dict(), d_files['items']))
if search is not None:
assert d_files['items'][0][
'file'] == f"rules{'0' if search['negation'] else '1'}.xml"
def test_rule__init__():
rule = Rule()
assert rule.file is None
assert rule.path is None
assert rule.description is ""
assert rule.id is None
assert rule.level is None
assert rule.status is None
assert isinstance(rule.groups, list)
assert isinstance(rule.pci, list)
assert isinstance(rule.gpg13, list)
assert isinstance(rule.gdpr, list)
assert isinstance(rule.hipaa, list)
assert isinstance(rule.nist_800_53, list)
assert isinstance(rule.details,dict)
def test_failed_load_rules_from_file(mock_findall, mocked_config, mocked_glob):
m = mock_open(read_data=rule_contents)
with patch('builtins.open', m):
with pytest.raises(WazuhException, match=".* 1201 .*"):
Rule.get_rules()
def test_get_nist_800_53(mocked_config, mocked_glob):
m = mock_open(read_data=rule_contents)
with patch('builtins.open', m):
result = Rule.get_nist_800_53()
assert isinstance(result, dict)
assert 'AU.3' in result['items'][0]
def test_failed_get_rules():
"""Test error 1203 in get_rules function."""
with pytest.raises(WazuhException, match=".* 1203 .*"):
Rule.get_rules(filters={'level': '2-3-4'})
def test_set_gdpr():
Rule().set_gdpr('test')
def test_get_hipaa(mocked_config, mocked_glob):
m = mock_open(read_data=rule_contents)
with patch('builtins.open', m):
result = Rule.get_hipaa()
assert isinstance(result, dict)
assert '164.312.b' in result['items'][0]
def test_failed_get_rules():
with pytest.raises(WazuhException, match=".* 1203 .*"):
Rule.get_rules(level='2-3-4')
def test_failed_rule__compare__():
rule = Rule()
rule.id = '001'
with pytest.raises(WazuhException, match=".* 1204 .*"):
rule.__lt__('bad_rule')
with pytest.raises(WazuhException, match=".* 1204 .*"):
rule.__le__('bad_rule')
with pytest.raises(WazuhException, match=".* 1204 .*"):
rule.__gt__('bad_rule')
with pytest.raises(WazuhException, match=".* 1204 .*"):
rule.__ge__('bad_rule')
def test_set_group():
Rule().set_group('test')
def test_tsc():
Rule().set_tsc('test')
def test_set_pci():
Rule().set_pci('test')
def test_nist_800_53():
Rule().set_nist_800_53('test')
def test_set_hippa():
Rule().set_hipaa('test')
def test_rule__str__():
result = Rule().__str__()
assert isinstance(result, str)
def test_rule_to_dict():
result = Rule().to_dict()
assert isinstance(result, dict)
def test_mitre():
Rule().set_mitre('test')
def test_get_gdpr(mocked_config, mocked_glob):
m = mock_open(read_data=rule_contents)
with patch('builtins.open', m):
result = Rule.get_gdpr()
assert isinstance(result, dict)
assert 'IV_35.7.d' in result['items'][0]
# - Use the wazuh sqlite lib
# - export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/var/ossec/framework/lib
from sys import path, exit
# cwd = /var/ossec/api/framework/examples
#framework_path = '{0}'.format(path[0][:-9])
# cwd = /var/ossec/api
#framework_path = '{0}/framework'.format(path[0])
# Default path
framework_path = '/var/ossec/api/framework'
path.append(framework_path)
try:
from wazuh.rule import Rule
except Exception as e:
print("No module 'wazuh' found.")
exit()
print("file;id;description;level;status;groups;pci;details")
for rule in Rule.get_rules(status='enabled',
limit=None,
sort={
"fields": ["file"],
"order": "asc"
})['items']:
print("{0};{1};{2};{3};{4};{5};{6};{7}".format(rule.file, rule.id,
rule.description,
rule.level, rule.status,
rule.groups, rule.pci,
rule.details))
def test_set_gpg13():
Rule().set_gpg13('test')
