Add SCA Test support

CHANGELOG.md

@@ -9,6 +9,7 @@ Release report: TBD
 
 ### Added
 
+- New 'SCA' test suite and framework. ([#3566](https://github.com/wazuh/wazuh-qa/pull/3566)) \- (Framework + Tests)
 - Add 'Force reconnect' feature to agent_simulator tool. ([#3111](https://github.com/wazuh/wazuh-qa/pull/3111)) \- (Tools)
 
 ### Changed

deps/wazuh_testing/wazuh_testing/__init__.py

@@ -20,7 +20,6 @@
         WAZUH_PATH = os.path.join("/var", "ossec")
     LOG_FILE_PATH = os.path.join(WAZUH_PATH, 'logs', 'ossec.log')
 
-
 WAZUH_CONF_PATH = os.path.join(WAZUH_PATH, 'etc', 'ossec.conf')
 WAZUH_LOGS_PATH = os.path.join(WAZUH_PATH, 'logs')
 CLIENT_KEYS_PATH = os.path.join(WAZUH_PATH, 'etc' if platform.system() == 'Linux' else '', 'client.keys')
@@ -39,6 +38,7 @@
 API_JSON_LOG_FILE_PATH = os.path.join(WAZUH_PATH, 'logs', 'api.json')
 API_LOG_FOLDER = os.path.join(WAZUH_PATH, 'logs', 'api')
 WAZUH_TESTING_PATH = os.path.dirname(os.path.abspath(__file__))
+CIS_RULESET_PATH = os.path.join(WAZUH_PATH, 'ruleset', 'sca')
 
 # Daemons
 LOGCOLLECTOR_DAEMON = 'wazuh-logcollector'

deps/wazuh_testing/wazuh_testing/modules/sca/__init__.py

@@ -0,0 +1,27 @@
+# Copyright (C) 2015-2022, Wazuh Inc.
+# Created by Wazuh, Inc. <info@wazuh.com>.
+# This program is free software; you can redistribute it and/or modify it under the terms of GPLv2
+
+# Variables
+TEMP_FILE_PATH = '/tmp'
+
+
+# Callback Messages
+CB_SCA_ENABLED = r".*sca.*INFO: (Module started.)"
+CB_SCA_DISABLED = r".*sca.*INFO: (Module disabled). Exiting."
+CB_SCA_SCAN_STARTED = r".*sca.*INFO: (Starting Security Configuration Assessment scan)."
+CB_SCA_SCAN_ENDED = r".*sca.*INFO: Security Configuration Assessment scan finished. Duration: (\d+) seconds."
+CB_SCA_OSREGEX_ENGINE = r".*sca.*DEBUG: SCA will use '(.*)' engine to check the rules."
+CB_POLICY_EVALUATION_FINISHED = r".*sca.*INFO: Evaluation finished for policy '(.*)'."
+CB_SCAN_DB_DUMP_FINISHED = r".*sca.*DEBUG: Finished dumping scan results to SCA DB for policy '(.*)'.*"
+CB_SCAN_RULE_RESULT = r".*sca.*wm_sca_hash_integrity.*DEBUG: ID: (\d+); Result: '(.*)'"
+CB_SCA_SCAN_EVENT = r".*sca_send_alert.*Sending event: (.*)"
+
+
+# Error Messages
+ERR_MSG_REGEX_ENGINE = "Did not receive the expected 'SCA will use '.*' engine to check the rules' event"
+ERR_MSG_ID_RESULTS = 'Expected sca_has_integrity Result events not found'
+ERR_MSG_SCA_SUMMARY = 'Expected SCA Scan Summary type event not found.'
+
+# Setting Local_internal_option file
+SCA_DEFAULT_LOCAL_INTERNAL_OPTIONS = {'wazuh_modules.debug': '2'}

deps/wazuh_testing/wazuh_testing/modules/sca/event_monitor.py

@@ -0,0 +1,121 @@
+# Copyright (C) 2015-2022, Wazuh Inc.
+# Created by Wazuh, Inc. <info@wazuh.com>.
+# This program is free software; you can redistribute it and/or modify it under the terms of GPLv2
+
+import re
+import json
+
+from wazuh_testing import T_60, T_10, T_20
+from wazuh_testing.tools import LOG_FILE_PATH
+from wazuh_testing.modules import sca
+from wazuh_testing.tools.monitoring import FileMonitor, generate_monitoring_callback
+
+
+# Callbacks
+def callback_scan_id_result(line):
+    '''Callback that returns the ID an result of a SCA check
+    Args:
+        line (str): line string to check for match.
+    '''
+    match = re.match(sca.CB_SCAN_RULE_RESULT, line)
+    if match:
+        return [match.group(1), match.group(2)]
+
+
+def callback_detect_sca_scan_summary(line):
+    '''Callback that return the json from a SCA summary event.
+    Args:
+        line (str): line string to check for match.
+    '''
+    match = re.match(sca.CB_SCA_SCAN_EVENT, line)
+    if match:
+        if json.loads(match.group(1))['type'] == 'summary':
+            return json.loads(match.group(1))
+
+
+# Event checkers
+def check_sca_event(file_monitor=None, callback='.*', error_message=None, update_position=False,
+                    timeout=T_60, accum_results=1, file_to_monitor=LOG_FILE_PATH):
+    """Check if a sca event occurs
+
+    Args:
+        file_monitor (FileMonitor): FileMonitor object to monitor the file content.
+        callback (str): log regex to check in Wazuh log
+        error_message (str): error message to show in case of expected event does not occur
+        update_position (boolean): filter configuration parameter to search in Wazuh log
+        timeout (str): timeout to check the event in Wazuh log
+        accum_results (int): Accumulation of matches.
+        file_to_monitor (str): Path of the file where to check for the expected events
+    """
+    file_monitor = FileMonitor(file_to_monitor) if file_monitor is None else file_monitor
+    error_message = f"Could not find this event in {file_to_monitor}: {callback}" if error_message is None else \
+        error_message
+
+    file_monitor.start(timeout=timeout, update_position=update_position, accum_results=accum_results,
+                       callback=generate_monitoring_callback(callback), error_message=error_message)
+
+
+def check_sca_enabled(file_monitor=None):
+    """Check if the sca module is enabled
+    Args:
+        file_monitor (FileMonitor): FileMonitor object to monitor the file content.
+    """
+    check_sca_event(callback=sca.CB_SCA_ENABLED, timeout=T_10, file_monitor=file_monitor)
+
+
+def check_sca_disabled(file_monitor=None):
+    """Check if the sca module is disabled
+    Args:
+        file_monitor (FileMonitor): FileMonitor object to monitor the file content.
+    """
+    check_sca_event(callback=sca.CB_SCA_DISABLED, timeout=T_10, file_monitor=file_monitor)
+
+
+def check_sca_scan_started(file_monitor=None):
+    """Check if the sca scan has started
+    Args:
+        file_monitor (FileMonitor): FileMonitor object to monitor the file content.
+    """
+    check_sca_event(callback=sca.CB_SCA_SCAN_STARTED, timeout=T_10, file_monitor=file_monitor)
+
+
+def check_sca_scan_ended(file_monitor=None):
+    """Check if the sca scan has ended
+    Args:
+        file_monitor (FileMonitor): FileMonitor object to monitor the file content.
+    """
+    check_sca_event(callback=sca.CB_SCA_SCAN_ENDED, timeout=T_10, file_monitor=file_monitor)
+
+
+def check_scan_regex_engine(file_monitor=None):
+    """Check returns the regex engine used on a SCA scan.
+    Args:
+        file_monitor (FileMonitor): FileMonitor object to monitor the file content.
+    """
+    file_monitor = FileMonitor(LOG_FILE_PATH) if file_monitor is None else file_monitor
+    engine = file_monitor.start(callback=generate_monitoring_callback(sca.CB_SCA_OSREGEX_ENGINE), timeout=T_10,
+                                error_message=sca.ERR_MSG_REGEX_ENGINE, update_position=False).result()
+    return engine
+
+
+def get_sca_scan_rule_id_results(file_monitor=None, results_num=1):
+    """Check the expected ammount of check results have been recieved
+    Args:
+        file_monitor (FileMonitor): FileMonitor object to monitor the file content.
+        results_num (int): Ammount of rule check results that should be recieved.
+    """
+    file_monitor = FileMonitor(LOG_FILE_PATH) if file_monitor is None else file_monitor
+    results = file_monitor.start(callback=callback_scan_id_result, timeout=T_20, accum_results=results_num,
+                                 error_message=sca.ERR_MSG_ID_RESULTS).result()
+    return results
+
+
+def get_sca_scan_summary(file_monitor=None):
+    """Get the scan summary event
+    Args:
+        file_monitor (FileMonitor): FileMonitor object to monitor the file content.
+    """
+    file_monitor = FileMonitor(LOG_FILE_PATH) if file_monitor is None else file_monitor
+    results = file_monitor.start(callback=callback_detect_sca_scan_summary, timeout=T_20,
+                                 error_message=sca.ERR_MSG_SCA_SUMMARY).result()
+    return results

deps/wazuh_testing/wazuh_testing/tools/file.py

@@ -242,6 +242,30 @@ def remove_file(file_path):
             delete_path_recursively(file_path)
 
 
+def copy_files_in_folder(folder, target_folder='/tmp', files_to_move=None):
+    """Copy files from a folder to target folder
+
+    Args:
+        folder (str): directory path from where to copy files.
+        target_folder (str): directory path where files will be copied to.
+        files_to_move (list): List with files to move copy from a folder.
+    """
+    file_list = []
+    if os.path.isdir(folder):
+        if files_to_move is None:
+            for file in os.listdir(folder):
+                file_list.append(file)
+                copy(os.path.join(folder, file), target_folder)
+                remove_file(os.path.join(folder, file))
+        else:
+            for file in files_to_move:
+                if os.path.isfile(os.path.join(folder, file)):
+                    file_list.append(file)
+                    copy(os.path.join(folder, file), target_folder)
+                    remove_file(os.path.join(folder, file))
+    return file_list
+
+
 def validate_json_file(file_path):
     try:
         with open(file_path) as file:

tests/integration/conftest.py

@@ -1018,9 +1018,73 @@ def set_wazuh_configuration(configuration):
 
 
 @pytest.fixture(scope='function')
+def set_wazuh_configuration_with_local_internal_options(configuration, set_wazuh_configuration,
+                                                        set_local_internal_options, local_internal_options):
+    """Set wazuh configuration
+
+    Args:
+        configuration (dict): Configuration template data to write in the ossec.conf.
+        local_internal_options(dict): Object containing the local_internal_options_values to be configured.
+        set_wazuh_configuration (fixture): Set the wazuh configuration according to the configuration data.
+        set_local_internal_options (fixture): Set the local_internal_options.conf file.
+    """
+    yield
+
+
+@pytest.fixture(scope='function')
+def set_local_internal_options(local_internal_options):
+    """Fixture to configure the local internal options file.
+
+    Args:
+        local_internal_options(dict): Object containing the local_internal_options_values to be configured.
+    """
+
+    # Backup the old local internal options
+    backup_local_internal_options = conf.get_wazuh_local_internal_options()
+
+    # Set the new local internal options configuration
+    conf.set_wazuh_local_internal_options(conf.create_local_internal_options(local_internal_options))
+
+    yield
+
+    # Backup the old local internal options cofiguration
+    conf.set_wazuh_local_internal_options(backup_local_internal_options)
+
+
+@pytest.fixture(scope='function')
+def configure_local_internal_options_function(request):
+    """Fixture to configure the local internal options file.
+
+    It uses the test variable local_internal_options. This should be
+    a dictionary wich keys and values corresponds to the internal option configuration, For example:
+    local_internal_options = {'monitord.rotate_log': '0', 'syscheck.debug': '0' }
+    """
+    try:
+        local_internal_options = getattr(request.module, 'local_internal_options')
+        print("LOCAL_INTERNAL_OPTIONS" + str(local_internal_options))
+    except AttributeError as local_internal_configuration_not_set:
+        logger.debug('local_internal_options is not set')
+        raise local_internal_configuration_not_set
+
+    backup_local_internal_options = conf.get_local_internal_options_dict()
+
+    logger.debug(f"Set local_internal_option to {str(local_internal_options)}")
+    conf.set_local_internal_options_dict(local_internal_options)
+
+    yield
+
+    logger.debug(f"Restore local_internal_option to {str(backup_local_internal_options)}")
+    conf.set_local_internal_options_dict(backup_local_internal_options)
+
+
+@pytest.fixture()
 def truncate_monitored_files():
     """Truncate all the log files and json alerts files before and after the test execution"""
-    log_files = [LOG_FILE_PATH, ALERT_FILE_PATH]
+
+    if 'agent' in get_service():
+        log_files = [LOG_FILE_PATH]
+    else:
+        log_files = [LOG_FILE_PATH, ALERT_FILE_PATH]
 
     for log_file in log_files:
         truncate_file(log_file)

tests/integration/test_sca/conftest.py

@@ -0,0 +1,38 @@
+import os
+import pytest
+
+from wazuh_testing import LOG_FILE_PATH, CIS_RULESET_PATH
+from wazuh_testing.modules import sca
+from wazuh_testing.modules.sca import event_monitor as evm
+from wazuh_testing.tools.file import copy, delete_file, copy_files_in_folder
+from wazuh_testing.tools.monitoring import FileMonitor
+
+
+# Variables
+TEST_DATA_PATH = os.path.join(os.path.dirname(os.path.realpath(__file__)), 'data')
+
+
+# Fixtures
+@pytest.fixture(scope='function')
+def wait_for_sca_enabled():
+    '''
+    Wait for the sca module to start.
+    '''
+    wazuh_monitor = FileMonitor(LOG_FILE_PATH)
+    evm.check_sca_enabled(wazuh_monitor)
+
+
+@pytest.fixture(scope='function')
+def prepare_cis_policies_file(metadata):
+    '''
+    Copies policy file from named by metadata into agent's ruleset path. Deletes file after test.
+    Args:
+        metadata (dict): contains the test metadata. Must contain policy_file key with file name.
+    '''
+    files_to_restore = copy_files_in_folder(folder=CIS_RULESET_PATH, target_folder=sca.TEMP_FILE_PATH)
+    filename = metadata['policy_file']
+    filepath = os.path.join(TEST_DATA_PATH, 'policies', filename)
+    copy(filepath, CIS_RULESET_PATH)
+    yield
+    copy_files_in_folder(folder=sca.TEMP_FILE_PATH, target_folder=CIS_RULESET_PATH, files_to_move=files_to_restore)
+    delete_file(os.path.join(CIS_RULESET_PATH, filename))

tests/integration/test_sca/data/configuration_template/configuration_enabled.yaml

@@ -0,0 +1,30 @@
+- sections:
+    - section: sca
+      elements:
+        - enabled:
+            value: ENABLED
+        - scan_on_start:
+            value: 'yes'
+        - interval:
+            value: INTERVAL
+        - policies:
+            elements:
+              - policy:
+                  value: POLICY_FILE
+
+    - section: rootcheck
+      elements:
+        - disabled:
+            value: 'yes'
+
+    - section: syscheck
+      elements:
+        - disabled:
+            value: 'yes'
+
+    - section: wodle
+      attributes:
+        - name: syscollector
+      elements:
+        - disabled:
+            value: 'yes'

tests/integration/test_sca/data/configuration_template/configuration_scan_results.yaml

@@ -0,0 +1,30 @@
+- sections:
+    - section: sca
+      elements:
+        - enabled:
+            value: ENABLED
+        - scan_on_start:
+            value: 'yes'
+        - interval:
+            value: INTERVAL
+        - policies:
+            elements:
+              - policy:
+                  value: POLICY_FILE
+
+    - section: rootcheck
+      elements:
+        - disabled:
+            value: 'yes'
+
+    - section: syscheck
+      elements:
+        - disabled:
+            value: 'yes'
+
+    - section: wodle
+      attributes:
+        - name: syscollector
+      elements:
+        - disabled:
+            value: 'yes'