merge(#3786): '4.6.0' into 3786-location-wildcards

CHANGELOG.md

@@ -7,16 +7,9 @@ All notable changes to this project will be documented in this file.
 Wazuh commit: TBD \
 Release report: TBD
 
-## Added
+### Added
 
 - Add Windows location wildcards tests ([#4263](https://github.com/wazuh/wazuh-qa/pull/4263)) \- (Tests + Framework)
-
-## [4.5.0] - TBD
-
-Wazuh commit: TBD \
-Release report: TBD
-
-- Add  IT tests FIM registry monitoring using wildcards. ([#4220](https://github.com/wazuh/wazuh-qa/pull/4220)) \- (Framework + Tests)
 - New 'SCA' test suite and framework. ([#3566](https://github.com/wazuh/wazuh-qa/pull/3566)) \- (Framework + Tests)
 - Add integration tests for AWS module. ([#3911](https://github.com/wazuh/wazuh-qa/pull/3911)) \- (Framework + Tests + Documentation)
 - Add tests for msu patches with no associated CVE . ([#4009](https://github.com/wazuh/wazuh-qa/pull/4009)) \- (Framework + Tests)
@@ -28,6 +21,8 @@ Release report: TBD
 - Add new tests for logcollector 'ignore' and 'restrict' options ([#3582](https://github.com/wazuh/wazuh-qa/pull/3582)) \- (Tests)
 - Add 'Force reconnect' feature to agent_simulator tool. ([#3111](https://github.com/wazuh/wazuh-qa/pull/3111)) \- (Tools)
 - Add new module to support migration tool. ([#3837](https://github.com/wazuh/wazuh-qa/pull/3837))
+- Add IT tests FIM registry monitoring using wildcards. ([#4270](https://github.com/wazuh/wazuh-qa/pull/4270)) \- (Framework + Tests)
+- Update schema database version ([#4128](https://github.com/wazuh/wazuh-qa/pull/4128)) \- (Tests)
 
 ### Changed
 
@@ -50,6 +45,7 @@ Release report: TBD
 - Update Authd force_insert tests ([#3379](https://github.com/wazuh/wazuh-qa/pull/3379)) \- (Tests)
 - Update cluster logs in reliability tests ([#2772](https://github.com/wazuh/wazuh-qa/pull/2772)) \- (Tests)
 - Use correct version format in agent_simulator tool ([#3198](https://github.com/wazuh/wazuh-qa/pull/3198)) \- (Tools)
+- Upgrade PyYAML to 6.0.1. ([#4326](https://github.com/wazuh/wazuh-qa/pull/4326)) \- (Framework)
 
 ### Fixed
 
@@ -61,17 +57,27 @@ Release report: TBD
 - Fix an error in the cluster performance tests related to CSV parser ([#2999](https://github.com/wazuh/wazuh-qa/pull/2999)) \- (Framework + Tests)
 - Fix bug in the framework on migration tool ([#4027](https://github.com/wazuh/wazuh-qa/pull/4027)) \- (Framework)
 
-## [4.4.5] - TBD
+## [4.5.1] - TBD
 
 Wazuh commit: TBD \
 Release report: TBD
 
-## [4.4.4] - TBD
+## [4.5.0] - TBD
 
 Wazuh commit: TBD \
 Release report: TBD
 
-## Added
+## [4.4.5] - 10-07-2023
+
+Wazuh commit: https://github.com/wazuh/wazuh/commit/8d17d2c9c11bc10be9a31c83bc7c17dfbac0d2a0 \
+Release report: https://github.com/wazuh/wazuh/issues/17844
+
+## [4.4.4] - 13-06-2023
+
+Wazuh commit: https://github.com/wazuh/wazuh/commit/32b9b4684efb7c21ce71f80d845096549a5b4ed5  \
+Release report: https://github.com/wazuh/wazuh/issues/17520
+
+### Added
 
 - Change test_python_flaws.py to accept branch or commit in the same argument. ([#4209](https://github.com/wazuh/wazuh-qa/pull/4209)) (Tests)
 - Fix test_dependencies.py for the changes in the feature. ([#4210](https://github.com/wazuh/wazuh-qa/pull/4210)) (Tests)

deps/wazuh_testing/wazuh_testing/modules/fim/event_monitor.py

@@ -7,9 +7,8 @@
 
 from sys import platform
 from datetime import datetime
-from wazuh_testing import LOG_FILE_PATH, logger, T_30, T_60
+from wazuh_testing import LOG_FILE_PATH, logger, T_60, T_30
 from wazuh_testing.tools.monitoring import FileMonitor, generate_monitoring_callback
-from wazuh_testing.modules.fim import MAX_EVENTS_VALUE
 
 
 # Variables
@@ -49,9 +48,9 @@
 CB_FILE_EXCEEDS_DISK_QUOTA = r'.*The (.*) of the file size \'(.*)\' exceeds the disk_quota.*'
 CB_FILE_SIZE_LIMIT_REACHED = r'.*File \'(.*)\' is too big for configured maximum size to perform diff operation\.'
 CB_DIFF_FOLDER_DELETED = r'.*Folder \'(.*)\' has been deleted.*'
-CB_FIM_WILDCARD_EXPANDING = r".*Expanding entry '.*' to '(.*)' to monitor FIM events."
 CB_FIM_PATH_CONVERTED = r".*fim_adjust_path.*Convert '(.*) to '(.*)' to process the FIM events."
 CB_STARTING_WINDOWS_AUDIT = r'.*state_checker.*(Starting check of Windows Audit Policies and SACLs)'
+CB_FIM_WILDCARD_EXPANDING = r".*Expanding entry '.*' to '(.*)' to monitor FIM events."
 CB_SWITCHING_DIRECTORIES_TO_REALTIME = r'.*state_checker.*(Audit policy change detected.\
                                          Switching directories to realtime)'
 CB_RECIEVED_EVENT_4719 = r'.*win_whodata.*(Event 4719).*Switching directories to realtime'
@@ -507,6 +506,7 @@ def get_messages(callback, timeout=T_30):
     Args:
         callback (str): Callback to be used to detect the event.
         timeout (int): Timeout that will be used to get the dbsync_no_data message.
+
     Returns:
         A list with all the events in json format.
     """

deps/wazuh_testing/wazuh_testing/modules/fim/utils.py

@@ -213,7 +213,8 @@ def modify_registry(key, subkey, arch):
         logger.info(f"Modifying registry key {print_arch}{os.path.join(fim.registry_class_name[key], subkey)}")
 
         modify_key_perms(key, subkey, arch, win32sec.LookupAccountName(None, f"{platform.node()}\\{os.getlogin()}")[0])
-        modify_registry_owner(key, subkey, arch, win32sec.LookupAccountName(None, f"{platform.node()}\\{os.getlogin()}")[0])
+        modify_registry_owner(key, subkey, arch,
+                              win32sec.LookupAccountName(None, f"{platform.node()}\\{os.getlogin()}")[0])
         modify_registry_key_mtime(key, subkey, arch)
 
 
@@ -299,12 +300,10 @@ def calculate_registry_diff_paths(reg_key, reg_subkey, arch, value_name):
 
 def transform_registry_list(value_list=['test_value'], value_type=fim.REG_SZ, callback=ev.callback_value_event):
     """Transform a list of registry values into a dictionary.
-
     Args:
         value list (List): list of string value names
         value type (str): type of registry value that is expected.
         Callback (object): Callback to pair with the value to be monitored.
-
     Returns:
         Dict: dictionary with the values and the corresponding callbacks to monitor them.
     """
@@ -331,11 +330,9 @@ def transform_registry_list(value_list=['test_value'], value_type=fim.REG_SZ, ca
 
 def transform_registry_key_list(key_list=['test_key'], callback=ev.callback_key_event):
     """Transform a list of registry keys into a dictionary.
-
     Args:
         key_list list (List): list of strings with the key names names
         Callback (object): Callback to pair with the key to be monitored.
-
     Returns:
         Dict: dictionary with the keys and the corresponding callbacks to monitor them.
     """
@@ -350,7 +347,7 @@ def transform_registry_key_list(key_list=['test_key'], callback=ev.callback_key_
                 aux_dict[key] = (elem, callback)
         else:
             raise ValueError('It can only be a list or dictionary')
-        
+
         return aux_dict
 
 

deps/wazuh_testing/wazuh_testing/qa_docs/schema.yaml

@@ -186,7 +186,11 @@ predefined_values:
     - 4.4.1
     - 4.4.2
     - 4.4.3
+    - 4.4.4
+    - 4.4.5
     - 4.5.0
+    - 4.5.1
+    - 4.5.2
     - 4.6.0
   tags:
     - active_response

requirements.txt

@@ -23,7 +23,7 @@ pyOpenSSL==19.1.0
 pytest-html==3.1.1
 pytest==6.2.2 ; python_version <= "3.9"
 pytest==7.1.2 ; python_version >= "3.10"
-pyyaml==5.4
+pyyaml==6.0.1
 requests>=2.23.0
 scipy>=1.0; platform_system == "Linux" or platform_system == "Darwin" or platform_system=='Windows'
 seaborn>=0.11.1; platform_system == "Linux" or platform_system == "Darwin" or platform_system=='Windows'

tests/integration/test_fim/test_registry/test_registry_wildcards/test_registry_wildcards.py

@@ -104,7 +104,7 @@ def test_registry_key_wildcards(configuration, metadata, set_wazuh_configuration
     description: Check the behavior of FIM when using wildcards to configure the path of registry keys, and validate
                  the keys creation, modification and deletion is detected correctly.
 
-    wazuh_min_version: 4.5.0
+    wazuh_min_version: 4.6.0
 
     test_phases:
         - setup:

tests/integration/test_logtest/test_invalid_rule_decoders_syntax/data/custom_decoder_11.xml

@@ -0,0 +1,6 @@
+<!-- Test: invalid regex offset-->
+<decoder name="sudo-fields">
+  <parent>sudo</parent>
+  <regex offset="after_regex">(\S+)</regex>
+  <order>boom</order>
+</decoder>

tests/integration/test_logtest/test_invalid_rule_decoders_syntax/data/invalid_decoder_syntax.yaml

@@ -2,77 +2,111 @@
 -
   name: "Invalid decoder syntax: garbage file"
   decoder: "custom_decoder_0.xml"
-  input: '{"version":1,"origin":{"name":"Integration Test","module":"api"},"command":"log_processing","parameters":{"event": "dummy log","log_format": "syslog","location": "master->/var/log/syslog"}}'
+  input: >-
+    {"version":1,"origin":{"name":"Integration Test","module":"api"},"command":"log_processing","parameters":{"event":
+    "dummy log","log_format": "syslog","location": "master->/var/log/syslog"}}
   output_error: 0
-  output_data_msg: "(1226): Error reading XML file 'etc/decoders/custom_decoder_0.xml': XMLERR: Attribute 'is' has no value. (line 2)."
+  output_data_msg: >-
+    (1226): Error reading XML file 'etc/decoders/custom_decoder_0.xml': XMLERR: Attribute 'is' has no value. (line 2).
   output_data_codemsg: -1
 -
   name: "Invalid decoder syntax: no closing XML tag"
   decoder: "custom_decoder_1.xml"
-  input: '{"version":1,"origin":{"name":"Integration Test","module":"api"},"command":"log_processing","parameters":{"event": "dummy log","log_format": "syslog","location": "master->/var/log/syslog"}}'
+  input: >-
+    {"version":1,"origin":{"name":"Integration Test","module":"api"},"command":"log_processing","parameters":{"event":
+    "dummy log","log_format": "syslog","location": "master->/var/log/syslog"}}
   output_error: 0
-  output_data_msg: "(1226): Error reading XML file 'etc/decoders/custom_decoder_1.xml': XMLERR: End of file and some elements were not closed. (line 3)."
+  output: >-
+    ata_msg: "(1226): Error reading XML file 'etc/decoders/custom_decoder_1.xml': XMLERR: End of file and some elements
+    were not closed. (line 3).
   output_data_codemsg: -1
 -
   name: "Invalid decoder syntax: no existing parent"
   decoder: "custom_decoder_2.xml"
-  input: '{"version":1,"origin":{"name":"Integration Test","module":"api"},"command":"log_processing","parameters":{"event": "dummy log","log_format": "syslog","location": "master->/var/log/syslog"}}'
+  input: >-
+    {"version":1,"origin":{"name":"Integration Test","module":"api"},"command":"log_processing","parameters":{"event":
+    "dummy log","log_format": "syslog","location": "master->/var/log/syslog"}}
   output_error: 0
   output_data_msg: "(2101): Parent decoder name invalid: 'test-parent'."
   output_data_codemsg: -1
 -
   name: "Invalid decoder syntax: no existing attribute"
   decoder: "custom_decoder_3.xml"
-  input: '{"version":1,"origin":{"name":"Integration Test","module":"api"},"command":"log_processing","parameters":{"event": "dummy log","log_format": "syslog","location": "master->/var/log/syslog"}}'
+  input: >-
+    {"version":1,"origin":{"name":"Integration Test","module":"api"},"command":"log_processing","parameters":{"event":
+    "dummy log","log_format": "syslog","location": "master->/var/log/syslog"}}
   output_error: 0
   output_data_msg: "Invalid element 'invalid_field' for decoder 'decoder'"
   output_data_codemsg: -1
 -
   name: "Invalid decoder syntax: decoder with no name"
   decoder: "custom_decoder_4.xml"
-  input: '{"version":1,"origin":{"name":"Integration Test","module":"api"},"command":"log_processing","parameters":{"event": "dummy log","log_format": "syslog","location": "master->/var/log/syslog"}}'
+  input: >-
+    {"version":1,"origin":{"name":"Integration Test","module":"api"},"command":"log_processing","parameters":{"event":
+    "dummy log","log_format": "syslog","location": "master->/var/log/syslog"}}
   output_error: 0
   output_data_msg: "(1230): Invalid element in the configuration: 'decoder'."
   output_data_codemsg: -1
 -
   name: "Invalid decoder syntax: regex attribute without order attribute"
   decoder: "custom_decoder_5.xml"
-  input: '{"version":1,"origin":{"name":"Integration Test","module":"api"},"command":"log_processing","parameters":{"event": "dummy log","log_format": "syslog","location": "master->/var/log/syslog"}}'
+  input: >-
+    {"version":1,"origin":{"name":"Integration Test","module":"api"},"command":"log_processing","parameters":{"event":
+    "dummy log","log_format": "syslog","location": "master->/var/log/syslog"}}
   output_error: 0
   output_data_msg: "(2107): Decoder configuration error: 'test'."
   output_data_codemsg: -1
 -
   name: "Invalid decoder syntax: regex attribute without prematch/program_name/parent attribute"
   decoder: "custom_decoder_6.xml"
-  input: '{"version":1,"origin":{"name":"Integration Test","module":"api"},"command":"log_processing","parameters":{"event": "dummy log","log_format": "syslog","location": "master->/var/log/syslog"}}'
+  input: >-
+    {"version":1,"origin":{"name":"Integration Test","module":"api"},"command":"log_processing","parameters":{"event":
+    "dummy log","log_format": "syslog","location": "master->/var/log/syslog"}}
   output_error: 0
   output_data_msg: "(2108): No 'prematch' found in decoder: 'test'."
   output_data_codemsg: -1
 -
   name: "Invalid decoder syntax: order attribute without regex attribute"
   decoder: "custom_decoder_7.xml"
-  input: '{"version":1,"origin":{"name":"Integration Test","module":"api"},"command":"log_processing","parameters":{"event": "dummy log","log_format": "syslog","location": "master->/var/log/syslog"}}'
+  input: >-
+    {"version":1,"origin":{"name":"Integration Test","module":"api"},"command":"log_processing","parameters":{"event":
+    "dummy log","log_format": "syslog","location": "master->/var/log/syslog"}}
   output_error: 0
   output_data_msg: "(2107): Decoder configuration error: 'test'."
   output_data_codemsg: -1
 -
   name: "Invalid decoder syntax: two-level order parenting"
   decoder: "custom_decoder_8.xml"
-  input: '{"version":1,"origin":{"name":"Integration Test","module":"api"},"command":"log_processing","parameters":{"event": "dummy log","log_format": "syslog","location": "master->/var/log/syslog"}}'
+  input: >-
+    {"version":1,"origin":{"name":"Integration Test","module":"api"},"command":"log_processing","parameters":{"event":
+    "dummy log","log_format": "syslog","location": "master->/var/log/syslog"}}
   output_error: 0
   output_data_msg: "(2101): Parent decoder name invalid: 'name1'."
   output_data_codemsg: -1
 -
   name: "Invalid decoder syntax: invalid plugin_decoder"
   decoder: "custom_decoder_9.xml"
-  input: '{"version":1,"origin":{"name":"Integration Test","module":"api"},"command":"log_processing","parameters":{"event": "dummy log","log_format": "syslog","location": "master->/var/log/syslog"}}'
+  input: >-
+    {"version":1,"origin":{"name":"Integration Test","module":"api"},"command":"log_processing","parameters":{"event":
+    "dummy log","log_format": "syslog","location": "master->/var/log/syslog"}}
   output_error: 0
   output_data_msg: "(2110): Invalid decoder argument for plugin_decoder: 'INVALID_Decoder'."
   output_data_codemsg: -1
 -
   name: "Invalid decoder syntax: invalid offset"
   decoder: "custom_decoder_10.xml"
-  input: '{"version":1,"origin":{"name":"Integration Test","module":"api"},"command":"log_processing","parameters":{"event": "dummy log","log_format": "syslog","location": "master->/var/log/syslog"}}'
+  input: >-
+    {"version":1,"origin":{"name":"Integration Test","module":"api"},"command":"log_processing","parameters":{"event":
+    "dummy log","log_format": "syslog","location": "master->/var/log/syslog"}}
   output_error: 0
   output_data_msg: "(2107): Decoder configuration error: 'name'."
   output_data_codemsg: -1
+-
+  name: "Invalid decoder syntax: invalid offset"
+  decoder: "custom_decoder_11.xml"
+  input: >-
+    {"version":1,"origin":{"name":"Integration Test","module":"api"},"command":"log_processing","parameters":{"event":
+    "dummy log","log_format": "syslog","location": "master->/var/log/syslog"}}
+  output_error: 0
+  output_data_msg: "ERROR: (2120): Invalid offset value: 'sudo-fields'"
+  output_data_codemsg: -1

tests/integration/test_wazuh_db/test_agent_database_version.py

@@ -9,7 +9,7 @@
 pytestmark = [TIER0, LINUX, SERVER]
 
 # Variables
-expected_database_version = '10'
+expected_database_version = '11'
 
 
 # Fixtures
@@ -34,7 +34,7 @@ def test_agent_database_version(restart_wazuh_daemon, remove_agents):
             - Check that the manager database version is the expected one.
             - Check that the agent database version is the expected one.
 
-    wazuh_min_version: 4.4.0
+    wazuh_min_version: 4.6.0
 
     parameters:
         - restart_wazuh_daemon:
@@ -45,7 +45,7 @@ def test_agent_database_version(restart_wazuh_daemon, remove_agents):
         - Verify that database version is the expected one.
 
     expected_output:
-        - Database version: 10
+        - Database version: 11
 
     tags:
         - wazuh_db

tests/system/requirements.txt

@@ -9,5 +9,5 @@ pandas>=1.1.5
 psutil==5.6.6
 pytest==4.5.0
 pytest-html==2.0.1
-PyYAML==5.4
+PyYAML==6.0.1
 testinfra==5.0.0

tests/system/test_jwt_invalidation/requirements.txt

@@ -8,5 +8,5 @@ lockfile==0.12.2
 psutil==5.6.6
 pytest==4.5.0
 pytest-html==2.0.1
-PyYAML==5.4
+PyYAML==6.0.1
 testinfra==5.0.0