Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix CDB list validation when uploading files with the API #14777

Open
wants to merge 3 commits into
base: 4.4
Choose a base branch
from
Open

Fix CDB list validation when uploading files with the API #14777

wants to merge 3 commits into from

Conversation

vicferpoy
Copy link
Contributor

Related issue
closes #14531

Description

This PR adds two new characters to the API CDB list regex when uploading files: / and \. In addition, a bug was found during the manual tests trying to upload lists with whitespaces or line breaks:

key:value

key2:value2

Examples

Having the following file:

"https://wazuh":"wazuh"

"wazuh":"https://wazuh"

It has no issues:

{
  "data": {
    "affected_items": [
      "etc/lists/testing"
    ],
    "total_affected_items": 1,
    "total_failed_items": 0,
    "failed_items": []
  },
  "message": "CDB list file uploaded successfully",
  "error": 0
}
root@wazuh-master:/# cat /var/ossec/etc/lists/testing 
"https://wazuh":"wazuh"

"wazuh":"https://wazuh"
  

root@wazuh-master:/#

Tests performed

Unit tests

==================================================================================================================================================== test session starts ====================================================================================================================================================
platform linux -- Python 3.9.9, pytest-6.2.3, py-1.10.0, pluggy-0.13.1
rootdir: /home/vicferpoy/Desktop/Git/wazuh/framework
plugins: testinfra-5.0.0, metadata-1.11.0, cov-2.12.0, asyncio-0.18.3, aiohttp-0.3.0, html-3.1.1
asyncio: mode=legacy
collected 1970 items                                                                                                                                                                                                                                                                                                        

framework/scripts/tests/test_agent_groups.py ..............                                                                                                                                                                                                                                                           [  0%]
framework/scripts/tests/test_agent_upgrade.py ...............                                                                                                                                                                                                                                                         [  1%]
framework/scripts/tests/test_cluster_control.py ......                                                                                                                                                                                                                                                                [  1%]
framework/scripts/tests/test_wazuh_clusterd.py .......                                                                                                                                                                                                                                                                [  2%]
framework/scripts/tests/test_wazuh_logtest.py ......................                                                                                                                                                                                                                                                  [  3%]
framework/wazuh/core/cluster/dapi/tests/test_dapi.py ................................                                                                                                                                                                                                                                 [  4%]
framework/wazuh/core/cluster/tests/test_client.py ................                                                                                                                                                                                                                                                    [  5%]
framework/wazuh/core/cluster/tests/test_cluster.py ..................................                                                                                                                                                                                                                                 [  7%]
framework/wazuh/core/cluster/tests/test_common.py .............................................................................                                                                                                                                                                                       [ 11%]
framework/wazuh/core/cluster/tests/test_control.py .....                                                                                                                                                                                                                                                              [ 11%]
framework/wazuh/core/cluster/tests/test_local_client.py .............                                                                                                                                                                                                                                                 [ 12%]
framework/wazuh/core/cluster/tests/test_local_server.py .......................                                                                                                                                                                                                                                       [ 13%]
framework/wazuh/core/cluster/tests/test_master.py .................................................                                                                                                                                                                                                                   [ 15%]
framework/wazuh/core/cluster/tests/test_server.py ...................                                                                                                                                                                                                                                                 [ 16%]
framework/wazuh/core/cluster/tests/test_utils.py ...........                                                                                                                                                                                                                                                          [ 17%]
framework/wazuh/core/cluster/tests/test_worker.py .....................................                                                                                                                                                                                                                               [ 19%]
framework/wazuh/core/tests/test_active_response.py ..............                                                                                                                                                                                                                                                     [ 20%]
framework/wazuh/core/tests/test_agent.py ................................................................................................................................................                                                                                                                             [ 27%]
framework/wazuh/core/tests/test_cdb_list.py ......................................                                                                                                                                                                                                                                    [ 29%]
framework/wazuh/core/tests/test_common.py .......                                                                                                                                                                                                                                                                     [ 29%]
framework/wazuh/core/tests/test_configuration.py ....................................                                                                                                                                                                                                                                 [ 31%]
framework/wazuh/core/tests/test_database.py .............                                                                                                                                                                                                                                                             [ 32%]
framework/wazuh/core/tests/test_decoder.py ................                                                                                                                                                                                                                                                           [ 32%]
framework/wazuh/core/tests/test_exception.py ...                                                                                                                                                                                                                                                                      [ 33%]
framework/wazuh/core/tests/test_input_validator.py ...                                                                                                                                                                                                                                                                [ 33%]
framework/wazuh/core/tests/test_logtest.py ..                                                                                                                                                                                                                                                                         [ 33%]
framework/wazuh/core/tests/test_manager.py ...............                                                                                                                                                                                                                                                            [ 34%]
framework/wazuh/core/tests/test_mitre.py .............                                                                                                                                                                                                                                                                [ 34%]
framework/wazuh/core/tests/test_pyDaemonModule.py .....                                                                                                                                                                                                                                                               [ 34%]
framework/wazuh/core/tests/test_results.py ........................................                                                                                                                                                                                                                                   [ 37%]
framework/wazuh/core/tests/test_rootcheck.py .............                                                                                                                                                                                                                                                            [ 37%]
framework/wazuh/core/tests/test_rule.py ......................                                                                                                                                                                                                                                                        [ 38%]
framework/wazuh/core/tests/test_sca.py ............                                                                                                                                                                                                                                                                   [ 39%]
framework/wazuh/core/tests/test_security.py ............                                                                                                                                                                                                                                                              [ 40%]
framework/wazuh/core/tests/test_stats.py ............                                                                                                                                                                                                                                                                 [ 40%]
framework/wazuh/core/tests/test_syscheck.py .......                                                                                                                                                                                                                                                                   [ 40%]
framework/wazuh/core/tests/test_syscollector.py ...                                                                                                                                                                                                                                                                   [ 41%]
framework/wazuh/core/tests/test_task.py ........                                                                                                                                                                                                                                                                      [ 41%]
framework/wazuh/core/tests/test_utils.py .............................................................................................................................................................................................................................................                                [ 53%]
framework/wazuh/core/tests/test_vulnerability.py ..                                                                                                                                                                                                                                                                   [ 53%]
framework/wazuh/core/tests/test_wazuh_queue.py ....................                                                                                                                                                                                                                                                   [ 54%]
framework/wazuh/core/tests/test_wazuh_socket.py ....................                                                                                                                                                                                                                                                  [ 55%]
framework/wazuh/core/tests/test_wdb.py .........................                                                                                                                                                                                                                                                      [ 56%]
framework/wazuh/core/tests/test_wlogging.py .........                                                                                                                                                                                                                                                                 [ 57%]
framework/wazuh/rbac/tests/test_auth_context.py ..                                                                                                                                                                                                                                                                    [ 57%]
framework/wazuh/rbac/tests/test_decorators.py .........................................................................................................                                                                                                                                                               [ 62%]
framework/wazuh/rbac/tests/test_default_configuration.py .......................................................                                                                                                                                                                                                      [ 65%]
framework/wazuh/rbac/tests/test_orm.py ......................................................                                                                                                                                                                                                                         [ 68%]
framework/wazuh/rbac/tests/test_preprocessor.py ...........                                                                                                                                                                                                                                                           [ 68%]
framework/wazuh/tests/test_active_response.py ............                                                                                                                                                                                                                                                            [ 69%]
framework/wazuh/tests/test_agent.py ......................................................................................................................                                                                                                                                                            [ 75%]
framework/wazuh/tests/test_cdb_list.py .....................................................                                                                                                                                                                                                                          [ 78%]
framework/wazuh/tests/test_ciscat.py .................................                                                                                                                                                                                                                                                [ 79%]
framework/wazuh/tests/test_cluster.py ..........                                                                                                                                                                                                                                                                      [ 80%]
framework/wazuh/tests/test_decoder.py ...................................                                                                                                                                                                                                                                             [ 82%]
framework/wazuh/tests/test_group.py .......                                                                                                                                                                                                                                                                           [ 82%]
framework/wazuh/tests/test_logtest.py ......                                                                                                                                                                                                                                                                          [ 82%]
framework/wazuh/tests/test_manager.py ....................................                                                                                                                                                                                                                                            [ 84%]
framework/wazuh/tests/test_mitre.py .......                                                                                                                                                                                                                                                                           [ 85%]
framework/wazuh/tests/test_rootcheck.py ..................................................                                                                                                                                                                                                                            [ 87%]
framework/wazuh/tests/test_rule.py ........................................................                                                                                                                                                                                                                           [ 90%]
framework/wazuh/tests/test_sca.py .......                                                                                                                                                                                                                                                                             [ 90%]
framework/wazuh/tests/test_security.py .........................................................................                                                                                                                                                                                                      [ 94%]
framework/wazuh/tests/test_stats.py .......                                                                                                                                                                                                                                                                           [ 94%]
framework/wazuh/tests/test_syscheck.py ..........................                                                                                                                                                                                                                                                     [ 96%]
framework/wazuh/tests/test_syscollector.py ............                                                                                                                                                                                                                                                               [ 96%]
framework/wazuh/tests/test_task.py ............................                                                                                                                                                                                                                                                       [ 98%]
framework/wazuh/tests/test_vulnerability.py ....................................                                                                                                                                                                                                                                      [100%]

======================================================================================================================================= 1970 passed, 44 warnings in 329.19s (0:05:29) =======================================================================================================================================

Regards,
Víctor

@vicferpoy vicferpoy self-assigned this Aug 31, 2022
@vicferpoy vicferpoy linked an issue Aug 31, 2022 that may be closed by this pull request
CDB list: error when uploading files with / and \ #14531
Closed
@vicferpoy vicferpoy marked this pull request as ready for review August 31, 2022 10:05
mcarmona99
mcarmona99 approved these changes Sep 7, 2022
View reviewed changes
Copy link
Contributor

@mcarmona99 mcarmona99 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mcarmona99 mcarmona99 mcarmona99 approved these changes

@davidjiglesias davidjiglesias Awaiting requested review from davidjiglesias

At least 1 approving review is required to merge this pull request.

Assignees

@vicferpoy vicferpoy

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

CDB list: error when uploading files with / and \
2 participants
@vicferpoy @mcarmona99