fix(#3278): returning to old sha

deps/wazuh_testing/wazuh_testing/fim_module/__init__.py

@@ -0,0 +1,72 @@
+# Copyright (C) 2015-2022, Wazuh Inc.
+# Created by Wazuh, Inc. <info@wazuh.com>.
+# This program is free software; you can redistribute it and/or modify it under the terms of GPLv2
+
+'''
+The purpose of this file is to contain all the variables necessary for FIM in order to be easier to
+maintain if one of them changes in the future.
+'''
+
+# Variables
+SIZE_LIMIT_CONFIGURED_VALUE = 10240
+# Key variables
+WINDOWS_HKEY_LOCAL_MACHINE = 'HKEY_LOCAL_MACHINE'
+MONITORED_KEY = 'SOFTWARE\\random_key'
+MONITORED_KEY_2 = "SOFTWARE\\Classes\\random_key_2"
+WINDOWS_REGISTRY = 'WINDOWS_REGISTRY'
+
+
+# Value key
+SYNC_INTERVAL = 'SYNC_INTERVAL'
+SYNC_INTERVAL_VALUE = MAX_EVENTS_VALUE = 20
+
+# Folders variables
+TEST_DIR_1 = 'testdir1'
+TEST_DIRECTORIES = 'TEST_DIRECTORIES'
+TEST_REGISTRIES = 'TEST_REGISTRIES'
+
+# FIM modules
+SCHEDULE_MODE = 'scheduled'
+
+# Yaml Configuration
+YAML_CONF_REGISTRY_RESPONSE = 'wazuh_conf_registry_responses_win32.yaml'
+YAML_CONF_SYNC_WIN32 = 'wazuh_sync_conf_win32.yaml'
+
+# Synchronization options
+SYNCHRONIZATION_ENABLED = 'SYNCHRONIZATION_ENABLED'
+SYNCHRONIZATION_REGISTRY_ENABLED = 'SYNCHRONIZATION_REGISTRY_ENABLED'
+
+# Callbacks message
+INTEGRITY_CONTROL_MESSAGE = r'.*Sending integrity control message: (.+)$'
+REGISTRY_DBSYNC_NO_DATA = r'.*#!-fim_registry dbsync no_data (.+)'
+CB_FILE_LIMIT_CAPACITY = r".*Sending DB (\d+)% full alert."
+CB_FILE_LIMIT_BACK_TO_NORMAL = r".*(Sending DB back to normal alert)."
+CB_COUNT_REGISTRY_FIM_ENTRIES = r".*Fim registry entries: (\d+)"
+CB_DATABASE_FULL_COULD_NOT_INSERT = r".*Couldn't insert ('.*')? entry into DB\. The DB is full.*"
+CB_DATABASE_FULL_COULD_NOT_INSERT_VALUE = r".*Couldn't insert ('.*')? value entry into DB\. The DB is full.*"
+CB_FILE_LIMIT_VALUE = r".*Maximum number of entries to be monitored: '(\d+)'"
+CB_FILE_SIZE_LIMIT_BIGGER_THAN_DISK_QUOTA = r".*Setting 'disk_quota' to (\d+), 'disk_quota' must be greater than 'file_size'"
+CB_FILE_LIMIT_DISABLED = r".*(No limit set) to maximum number of entries to be monitored"
+CB_INODE_ENTRIES_PATH_COUNT = r".*Fim inode entries: (\d+), path count: (\d+)"
+CB_FIM_ENTRIES_COUNT =r".*Fim entries: (\d+)"
+CB_DETECT_FIM_EVENT = r'.*Sending FIM event: (.+)$'
+
+#Error Messages
+ERR_MSG_DATABASE_PERCENTAGE_FULL_ALERT = 'Did not receive expected "DEBUG: ...: Sending DB ...% full alert." event'
+ERR_MSG_FIM_INODE_ENTRIES = 'Did not receive expected "Fim inode entries: ..., path count: ..." event'
+ERR_MSG_DB_BACK_TO_NORMAL = 'Did not receive expected "DEBUG: ...: Sending DB back to normal alert." event'
+ERR_MSG_DATABASE_FULL_ALERT_EVENT = 'Did not receive expected "DEBUG: ...: Sending DB 100% full alert." event'
+ERR_MSG_DATABASE_FULL_COULD_NOT_INSERT = 'Did not receive expected "DEBUG: ...: Couldn\'t insert \'...\' entry into DB. The DB is full, ..." event'
+ERR_MSG_FILE_LIMIT_VALUES = 'Did not receive expected "DEBUG: ...: Maximum number of entries to be monitored: ..." event'
+ERR_MSG_WRONG_VALUE_FOR_DATABASE_FULL = 'Wrong value for full database alert.'
+ERR_MSG_DISK_QUOTA_MUST_BE_GREATER = "Did not receive expected 'DEBUG: ... disk_quota must be greater than file_size message'"
+ERR_MSG_CONTENT_CHANGES_EMPTY = "content_changes is empty"
+ERR_MSG_CONTENT_CHANGES_NOT_EMPTY = "content_changes isn't empty"
+ERR_MSG_FILE_LIMIT_DISABLED = 'Did not receive expected "DEBUG: ...: No limit set to maximum number of entries to be monitored" event'
+ERR_MSG_NO_EVENTS_EXPECTED = 'No events should be detected.'
+ERR_MSG_DELETED_EVENT_NOT_RECIEVED = 'Did not receive expected deleted event'
+ERR_MSG_WRONG_NUMBER_OF_ENTRIES = 'Wrong number of entries counted.'
+ERR_MSG_WRONG_INODE_PATH_COUNT = 'Wrong number of inodes and path count'
+ERR_MSG_WRONG_FILE_LIMIT_VALUE ='Wrong value for file_limit.'
+ERR_MSG_WRONG_DISK_QUOTA_VALUE ='Wrong value for disk_quota'
+ERR_MSG_WRONG_CAPACITY_LOG_DB_LIMIT= 'Wrong capacity log for DB file_limit'

deps/wazuh_testing/wazuh_testing/fim_module/event_monitor.py

@@ -0,0 +1,37 @@
+# Copyright (C) 2015-2022, Wazuh Inc.
+# Created by Wazuh, Inc. <info@wazuh.com>.
+# This program is free software; you can redistribute it and/or modify it under the terms of GPLv2
+
+
+import re
+import json
+from sys import platform
+from wazuh_testing import logger
+from wazuh_testing.fim_module import (CB_INODE_ENTRIES_PATH_COUNT, CB_FIM_ENTRIES_COUNT, CB_DETECT_FIM_EVENT)
+
+
+def callback_detect_event(line):
+    msg = CB_DETECT_FIM_EVENT
+    match = re.match(msg, line)
+    if not match:
+        return None
+
+    try:
+        json_event = json.loads(match.group(1))
+        if json_event['type'] == 'event':
+            return json_event
+    except (json.JSONDecodeError, AttributeError, KeyError) as e:
+        logger.warning(f"Couldn't load a log line into json object. Reason {e}")
+
+
+def callback_entries_path_count(line):
+    if platform != 'win32':
+        match = re.match(CB_INODE_ENTRIES_PATH_COUNT, line)
+    else:
+        match = re.match(CB_FIM_ENTRIES_COUNT, line)
+
+    if match:
+        if platform != 'win32':
+            return match.group(1), match.group(2)
+        else:
+            return match.group(1), None

deps/wazuh_testing/wazuh_testing/fim_module/fim_synchronization.py

@@ -0,0 +1,63 @@
+# Copyright (C) 2015-2021, Wazuh Inc.
+# Created by Wazuh, Inc. <info@wazuh.com>.
+# This program is free software; you can redistribute it and/or modify it under the terms of GPLv2
+
+from wazuh_testing.fim import LOG_FILE_PATH, callback_detect_registry_integrity_state_event
+from wazuh_testing import global_parameters
+from wazuh_testing.fim_module.fim_variables import MAX_EVENTS_VALUE, CB_REGISTRY_DBSYNC_NO_DATA
+from wazuh_testing.tools.monitoring import FileMonitor, generate_monitoring_callback
+
+
+def get_sync_msgs(tout, new_data=True):
+    """Look for as many synchronization events as possible.
+
+    This function will look for the synchronization messages until a Timeout is raised or 'max_events' is reached.
+
+    Args:
+        tout (int): Timeout that will be used to get the dbsync_no_data message.
+        new_data (bool): Specifies if the test will wait the event `dbsync_no_data`.
+
+    Returns:
+        A list with all the events in json format.
+    """
+    wazuh_log_monitor = FileMonitor(LOG_FILE_PATH)
+    events = []
+    if new_data:
+        wazuh_log_monitor.start(timeout=tout,
+                                callback=generate_monitoring_callback(CB_REGISTRY_DBSYNC_NO_DATA),
+                                error_message='Did not receive expected '
+                                              '"db sync no data" event')
+    for _ in range(0, MAX_EVENTS_VALUE):
+        try:
+            sync_event = wazuh_log_monitor.start(timeout=global_parameters.default_timeout,
+                                                 callback=callback_detect_registry_integrity_state_event,
+                                                 accum_results=1,
+                                                 error_message='Did not receive expected '
+                                                               'Sending integrity control message"').result()
+        except TimeoutError:
+            break
+
+        events.append(sync_event)
+
+    return events
+
+
+def find_value_in_event_list(key_path, value_name, event_list):
+    """Function that looks for a key path and value_name in a list of json events.
+
+    Args:
+        path (str): Path of the registry key.
+        value_name (str): Name of the value.
+        event_list (list): List containing the events in JSON format.
+
+    Returns:
+        The event that matches the specified path. None if no event was found.
+    """
+    for event in event_list:
+        if 'value_name' not in event.keys():
+            continue
+
+        if event['path'] == key_path and event['value_name'] == value_name:
+            return event
+
+    return None

deps/wazuh_testing/wazuh_testing/fim_module/fim_variables.py

@@ -0,0 +1,93 @@
+# Copyright (C) 2015-2021, Wazuh Inc.
+# Created by Wazuh, Inc. <info@wazuh.com>.
+# This program is free software; you can redistribute it and/or modify it under the terms of GPLv2
+
+'''
+The purpose of this file is to contain all the variables necessary for FIM in order to be easier to
+maintain if one of them changes in the future.
+
+UPDATE: This file is deprecated. Add new variables to de fim_module/__init__.py file. If this is used
+in a test, refactor the imports to adhere to the new standard.
+'''
+
+# Variables
+SIZE_LIMIT_CONFIGURED_VALUE = 10 * 1024
+
+# Key Variables
+WINDOWS_HKEY_LOCAL_MACHINE = 'HKEY_LOCAL_MACHINE'
+MONITORED_KEY = 'SOFTWARE\\random_key'
+MONITORED_KEY_2 = "SOFTWARE\\Classes\\random_key_2"
+WINDOWS_REGISTRY = 'WINDOWS_REGISTRY'
+
+
+# Value Key
+SYNC_INTERVAL = 'SYNC_INTERVAL'
+SYNC_INTERVAL_VALUE = MAX_EVENTS_VALUE = 20
+
+
+# Folder Variables
+TEST_DIR_1 = 'testdir1'
+TEST_DIRECTORIES = 'TEST_DIRECTORIES'
+TEST_REGISTRIES = 'TEST_REGISTRIES'
+
+
+# Syscheck Attributes
+REPORT_CHANGES = 'report_changes'
+DIFF_SIZE_LIMIT = 'diff_size_limit'
+FILE_SIZE_ENABLED = 'FILE_SIZE_ENABLED'
+FILE_SIZE_LIMIT = 'FILE_SIZE_LIMIT'
+DISK_QUOTA_ENABLED = 'DISK_QUOTA_ENABLED'
+DISK_QUOTA_LIMIT = 'DISK_QUOTA_LIMIT'
+
+# Syscheck Values
+DIFF_LIMIT_VALUE = 2
+DIFF_DEFAULT_LIMIT_VALUE = 51200
+
+
+# FIM Modes
+SCHEDULE_MODE = 'scheduled'
+
+# Yaml Configuration
+YAML_CONF_REGISTRY_RESPONSE = 'wazuh_conf_registry_responses_win32.yaml'
+YAML_CONF_SYNC_WIN32 = 'wazuh_sync_conf_win32.yaml'
+YAML_CONF_DIFF = 'wazuh_conf_diff.yaml'
+
+# Synchronization Options
+SYNCHRONIZATION_ENABLED = 'SYNCHRONIZATION_ENABLED'
+SYNCHRONIZATION_REGISTRY_ENABLED = 'SYNCHRONIZATION_REGISTRY_ENABLED'
+
+# Callback Messages
+CB_INTEGRITY_CONTROL_MESSAGE = r'.*Sending integrity control message: (.+)$'
+CB_REGISTRY_DBSYNC_NO_DATA = r'.*#!-fim_registry dbsync no_data (.+)'
+CB_FILE_LIMIT_CAPACITY = r".*Sending DB (\d+)% full alert."
+CB_FILE_LIMIT_BACK_TO_NORMAL = r".*(Sending DB back to normal alert)."
+CB_COUNT_REGISTRY_FIM_ENTRIES = r".*Fim registry entries: (\d+)"
+CB_DATABASE_FULL_COULD_NOT_INSERT = r".*Couldn't insert '.*' (value )?entry into DB\. The DB is full.*"
+CB_FILE_LIMIT_VALUE = r".*Maximum number of entries to be monitored: '(\d+)'"
+CB_FILE_SIZE_LIMIT_BIGGER_THAN_DISK_QUOTA = r".*Setting 'disk_quota' to (\d+), 'disk_quota' must be greater than 'file_size'"
+CB_MAXIMUM_FILE_SIZE = r'.*Maximum file size limit to generate diff information configured to \'(\d+) KB\'.*'
+CB_FILE_LIMIT_CAPACITY = r".*Sending DB (\d+)% full alert."
+CB_FILE_LIMIT_BACK_TO_NORMAL = r".*(Sending DB back to normal alert)."
+CB_COUNT_REGISTRY_FIM_ENTRIES = r".*Fim registry entries: (\d+)"
+CB_DATABASE_FULL_COULD_NOT_INSERT = r".*Couldn't insert '.*' (value )?entry into DB\. The DB is full.*"
+CB_FILE_LIMIT_VALUE = r".*Maximum number of entries to be monitored: '(\d+)'"
+CB_FILE_SIZE_LIMIT_BIGGER_THAN_DISK_QUOTA = r".*Setting 'disk_quota' to (\d+), 'disk_quota' must be greater than 'file_size'"
+CB_MAXIMUM_FILE_SIZE = r'.*Maximum file size limit to generate diff information configured to \'(\d+) KB\'.*'
+
+
+#Error Messages
+ERR_MSG_DATABASE_PERCENTAGE_FULL_ALERT = 'Did not receive expected "DEBUG: ...: Sending DB ...% full alert." event'
+ERR_MSG_FIM_INODE_ENTRIES = 'Did not receive expected "Fim inode entries: ..., path count: ..." event'
+ERR_MSG_DB_BACK_TO_NORMAL = 'Did not receive expected "DEBUG: ...: Sending DB back to normal alert." event'
+ERR_MSG_WRONG_NUMBER_OF_ENTRIES = 'Wrong number of entries counted.'
+ERR_MSG_WRONG_FILE_LIMIT_VALUE ='Wrong value for file_limit.'
+ERR_MSG_WRONG_DISK_QUOTA_VALUE ='Wrong value for disk_quota'
+ERR_MSG_DATABASE_FULL_ALERT_EVENT = 'Did not receive expected "DEBUG: ...: Sending DB 100% full alert." event'
+ERR_MSG_DATABASE_FULL_COULD_NOT_INSERT = 'Did not receive expected "DEBUG: ...: Couldn\'t insert \'...\' entry into DB. The DB is full, ..." event'
+ERR_MSG_FILE_LIMIT_VALUES = 'Did not receive expected "DEBUG: ...: Maximum number of entries to be monitored: ..." event'
+ERR_MSG_WRONG_VALUE_FOR_DATABASE_FULL = 'Wrong value for full database alert.'
+ERR_MSG_DISK_QUOTA_MUST_BE_GREATER = "Did not receive expected 'DEBUG: ... disk_quota must be greater than file_size message'"
+ERR_MSG_CONTENT_CHANGES_EMPTY = "content_changes is empty"
+ERR_MSG_CONTENT_CHANGES_NOT_EMPTY = "content_changes isn't empty"
+ERR_MSG_MAXIMUM_FILE_SIZE = 'Did not receive expected "Maximum file size limit configured to \'... KB\'..." event'
+ERR_MSG_WRONG_VALUE_MAXIMUM_FILE_SIZE = 'Wrong value for diff_size_limit'

deps/wazuh_testing/wazuh_testing/wazuh_variables.py

@@ -0,0 +1,20 @@
+# Copyright (C) 2015-2021, Wazuh Inc.
+# Created by Wazuh, Inc. <info@wazuh.com>.
+# This program is free software; you can redistribute it and/or modify it under the terms of GPLv2
+
+'''
+The purpose of this file is to contain all the variables necessary for Wazuh in order to be easier
+to maintain if one of them changes in the future.
+'''
+# Local internal options
+WINDOWS_DEBUG = 'windows.debug'
+SYSCHECK_DEBUG = 'syscheck.debug'
+VERBOSE_DEBUG_OUTPUT = 2
+
+WAZUH_SERVICES_STOP = 'stop'
+WAZUH_SERVICES_START = 'start'
+
+
+# Configurations
+DATA = 'data'
+WAZUH_LOG_MONITOR = 'wazuh_log_monitor'