def test_get_rules(mock_config, mock_glob, arg):
m = mock_open(read_data=rule_contents)
with patch('builtins.open', m):
result = Rule.get_rules(**arg)
assert isinstance(result, dict)
assert set(result.keys()) == {'items', 'totalItems'}
# - Use the wazuh sqlite lib
# - export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/var/ossec/framework/lib
from sys import path, exit
# cwd = /var/ossec/api/framework/examples
#framework_path = '{0}'.format(path[0][:-9])
# cwd = /var/ossec/api
#framework_path = '{0}/framework'.format(path[0])
# Default path
framework_path = '/var/ossec/api/framework'
path.append(framework_path)
try:
from wazuh.rule import Rule
except Exception as e:
print("No module 'wazuh' found.")
exit()
print("file;id;description;level;status;groups;pci;details")
for rule in Rule.get_rules(status='enabled',
limit=None,
sort={
"fields": ["file"],
"order": "asc"
})['items']:
print("{0};{1};{2};{3};{4};{5};{6};{7}".format(rule.file, rule.id,
rule.description,
rule.level, rule.status,
rule.groups, rule.pci,
rule.details))
def test_failed_load_rules_from_file(mock_findall, mocked_config, mocked_glob):
m = mock_open(read_data=rule_contents)
with patch('builtins.open', m):
with pytest.raises(WazuhException, match=".* 1201 .*"):
Rule.get_rules()
def test_failed_get_rules():
with pytest.raises(WazuhException, match=".* 1203 .*"):
Rule.get_rules(level='2-3-4')
def test_failed_get_rules():
"""Test error 1203 in get_rules function."""
with pytest.raises(WazuhException, match=".* 1203 .*"):
Rule.get_rules(filters={'level': '2-3-4'})
