Error in WazuhDBQueryTask's date_fields

[noise-kngdm]

Component
Framework

Description

In the __init__ method of the class WazuhDBQueryTask, superclass' __init__ method is being called like this:

wazuh/framework/wazuh/core/task.py

Lines 33 to 38 in af255be

	WazuhDBQuery.__init__(self, offset=offset, limit=limit, table=table, sort=sort, search=search, select=select,
	fields=fields, default_sort_field=default_sort_field, default_sort_order='ASC',
	filters=filters, query=query, count=count, get_data=get_data,
	date_fields={'create_time', 'last_update_time'},
	min_select_fields=min_select_fields, backend=WazuhDBBackend(query_format='task'))

As of now, the database fields create_time and last_update_time are not in lowercase but uppercase. This shouldn't be an issue, since in SQLite field names are case insensitive.

The problem is in WazuhDBQueryTask's _format_data_into_dictionary method, which is the following:

wazuh/framework/wazuh/core/task.py

Lines 55 to 60 in af255be

	def _format_data_into_dictionary(self):
	"""Standardization of dates to the ISO 8601 format."""
	[t.update((k, datetime.utcfromtimestamp(v).strftime(common.date_format))
	for k, v in t.items() if k in self.date_fields) for t in self._data]
	return {'items': self._data, 'totalItems': self.total_items}

Even though field names are case insensitive, the DBMS will return then as uppercase, like they're in the DB, and the aforementioned method won't work, since create_time != CREATE_TIME and last_update_time != LAST_UPDATE_TIME; and so the timestamp won't be formatted into UTC.

Checks

wazuh/wazuh

• Unit tests without failures. Updated and/or expanded if there are new functions/methods/outputs:
  • Cluster (framework/wazuh/core/cluster/tests/ & framework/wazuh/core/cluster/dapi/tests/)
  • Core (framework/wazuh/core/tests/)
  • SDK (framework/wazuh/tests/)
  • RBAC (framework/wazuh/rbac/tests/)
  • API (api/api/tests/)
• API tavern integration tests without failures. Updated and/or expanded if needed (api/test/integration/):
  • Affected tests
  • Affected RBAC (black and white) tests
• Review integration test mapping using the script (api/test/integration/mapping/integration_test_api_endpoints.json)
• Review of spec.yaml examples and schemas (api/api/spec/spec.yaml)
• Review exceptions remediation when any endpoint path changes or is removed (framework/wazuh/core/exception.py)
• Changelog (CHANGELOG.md)

wazuh/wazuh-documentation

• Migration from 3.X for changed endpoints (source/user-manual/api/equivalence.rst)
• Update RBAC reference with new/modified actions/resources/relationships (source/user-manual/api/rbac/reference.rst)

[Kondent]

Issue update

I've doing research about _format_data_into_dictionary function and how it's overwritten on each WazuhDB's child class.
Easiest way to fix this error is lower() keys. But I want to do more research before making changes.
Regards,
Alexis.

[Kondent]

Issue Update

I've been checking on this again and seems like everything is working properly with _format_data_into_dictionary as is.
More specifically, _format_data_into_dictionary is currently formatting utc as planned.
It appears to be an error related to unit tests. Its fixed at issue #9424 / pr #9733.
Regards,
Alexis