def test_get_rules(mock_config, mock_glob, arg): m = mock_open(read_data=rule_contents) with patch('builtins.open', m): result = Rule.get_rules(**arg) assert isinstance(result, dict) assert set(result.keys()) == {'items', 'totalItems'}
# - Use the wazuh sqlite lib # - export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/var/ossec/framework/lib from sys import path, exit # cwd = /var/ossec/api/framework/examples #framework_path = '{0}'.format(path[0][:-9]) # cwd = /var/ossec/api #framework_path = '{0}/framework'.format(path[0]) # Default path framework_path = '/var/ossec/api/framework' path.append(framework_path) try: from wazuh.rule import Rule except Exception as e: print("No module 'wazuh' found.") exit() print("file;id;description;level;status;groups;pci;details") for rule in Rule.get_rules(status='enabled', limit=None, sort={ "fields": ["file"], "order": "asc" })['items']: print("{0};{1};{2};{3};{4};{5};{6};{7}".format(rule.file, rule.id, rule.description, rule.level, rule.status, rule.groups, rule.pci, rule.details))
def test_failed_load_rules_from_file(mock_findall, mocked_config, mocked_glob): m = mock_open(read_data=rule_contents) with patch('builtins.open', m): with pytest.raises(WazuhException, match=".* 1201 .*"): Rule.get_rules()
def test_failed_get_rules(): with pytest.raises(WazuhException, match=".* 1203 .*"): Rule.get_rules(level='2-3-4')
def test_failed_get_rules(): """Test error 1203 in get_rules function.""" with pytest.raises(WazuhException, match=".* 1203 .*"): Rule.get_rules(filters={'level': '2-3-4'})