ReadDecodeXML & Rules_OP_ReadRules - Remove error and warning by juliancnn · Pull Request #5532 · wazuh/wazuh

juliancnn · 2020-07-22T13:19:08Z

Related issue
#5363

Hi team!

The following Analysisd's modifications are necessary to wazuh-logtest,
When analysisd call Rules_OP_ReadRules or ReadDecodeXML functions for read Ruleset and fails, will not write messages in log file instead they now accept a new parameter to store warnings and errors.
This will allow messages to be sent through the socket instead of being written to log

Warning

This PR contains a memory leak, whens fail to add a new rule, this will be fixed by PR:5543

Best regards,
Julian

Tests

Remove merror and mwarn from ReadDecodeXML, Rules_OP_ReadRules and other functions for internal use, instead, errors are returned by parameters

* Remove errors and warnings Remove merror and mwarn from ReadDecodeXML, Rules_OP_ReadRules and other functions for internal use, instead, errors are returned by parameters

* Declare main functions and structures for wazuh-logtest (#5372) Declare main functions and structures for wazuh-logtest * Added structures as parameters in Decoders, Rules and CDBlist functions. * Modify functions and structures of rules, decoders, and CDB lists for wazuh-logtest development. * Change variables names of rules, decoders, and cdblist and document them. * add wazuh-logtest configuration * add function tu get rule_test configuration * Added test for logtest.c file * Added test for Read_Logtest function * add limits to rule_test configuration * Fixed test for Read_Logtest function * Fixed memory leak and unit tests * Added tests for getRuleTestConfig * Fixed unit tests after the merge * Use function get_nproc instead of get_nprocs and modify variable name of logtest configuration * comply with style guide * Minor fixes: - Change type of w_logtest_conf.enabled to boolean - Change warning messages to error messages in Read_Logtest - Change debug2 messages to warning messages in Read_Logtest - Change type of w_logtest_conf.threads and w_logtest_conf.max_sessions to int * Fixed unit tests after review * Changed warning messages to warning_menssage.h * Remove unnecessary mutex * Modified EventList structure * Modified Rules hash table structures and functions * Modify FTS functions and variables to works with wazuh-logtest * Modify accumulate functions and variables to works with wazuh-logtest * - Add function to initialize FTS engine in Wazuh Logtest - Document accumulator.h, logtest.h and fts.h * Checked inactive sessions * - Implement function to initialize and remove Logtest client session - Modify decoders and cdb list flow to work with wazuh-logtest - Document the CDB list, rules list, and decoders list * ReadDecodeXML & Rules_OP_ReadRules - Remove error and warning (#5532) * Remove errors and warnings Remove merror and mwarn from ReadDecodeXML, Rules_OP_ReadRules and other functions for internal use, instead, errors are returned by parameters * Fix compilation error in old versions of GCC * Fix cmake for Analysisd test * Added unit tests for sessions * Modify os_decoder_store to works in wazuh-logtest * I/O processing in Wazuh-Logtest (#5626) * I/O processing in Wazuh-Logtest Co-authored-by: Juan Cabrera <jcabre88@gmail.com> * Fix Memory leak in analysisd when rule is loaded with invalid options * Fix output msg and error code * wazuh-logtest: handle max session * Added w_logtest_remove_old_session function * Logtest max session, doxygen doc * fix memory leak when load analysisd config * Change to free str array shared library * Logs processing in wazuh-logtest (#5680) * Implement the logs processing in wazuh-logtest * Add logtest modules to framework * Declare main functions and structures for wazuh-logtest (#5372) Declare main functions and structures for wazuh-logtest * Added structures as parameters in Decoders, Rules and CDBlist functions. * Modify functions and structures of rules, decoders, and CDB lists for wazuh-logtest development. * Change variables names of rules, decoders, and cdblist and document them. * add wazuh-logtest configuration * add function tu get rule_test configuration * Added test for logtest.c file * Added test for Read_Logtest function * add limits to rule_test configuration * Fixed test for Read_Logtest function * Fixed memory leak and unit tests * Added tests for getRuleTestConfig * Fixed unit tests after the merge * Use function get_nproc instead of get_nprocs and modify variable name of logtest configuration * comply with style guide * Minor fixes: - Change type of w_logtest_conf.enabled to boolean - Change warning messages to error messages in Read_Logtest - Change debug2 messages to warning messages in Read_Logtest - Change type of w_logtest_conf.threads and w_logtest_conf.max_sessions to int * Fixed unit tests after review * Changed warning messages to warning_menssage.h * Remove unnecessary mutex * Modified EventList structure * Modified Rules hash table structures and functions * Modify FTS functions and variables to works with wazuh-logtest * Modify accumulate functions and variables to works with wazuh-logtest * - Add function to initialize FTS engine in Wazuh Logtest - Document accumulator.h, logtest.h and fts.h * Checked inactive sessions * - Implement function to initialize and remove Logtest client session - Modify decoders and cdb list flow to work with wazuh-logtest - Document the CDB list, rules list, and decoders list * ReadDecodeXML & Rules_OP_ReadRules - Remove error and warning (#5532) * Remove errors and warnings Remove merror and mwarn from ReadDecodeXML, Rules_OP_ReadRules and other functions for internal use, instead, errors are returned by parameters * Fix compilation error in old versions of GCC * Fix cmake for Analysisd test * Added unit tests for sessions * Modify os_decoder_store to works in wazuh-logtest * I/O processing in Wazuh-Logtest (#5626) * I/O processing in Wazuh-Logtest Co-authored-by: Juan Cabrera <jcabre88@gmail.com> * Fix Memory leak in analysisd when rule is loaded with invalid options * Fix output msg and error code * wazuh-logtest: handle max session * Added w_logtest_remove_old_session function * Logtest max session, doxygen doc * fix memory leak when load analysisd config * Change to free str array shared library * Logs processing in wazuh-logtest (#5680) * Implement the logs processing in wazuh-logtest * Logtest-memleak-rule-dont-match * Add framework function to end logtest session * Add RBAC to logtest functions * Add wazuh/logtest unit tests * Refactor logtest modules to use OssecSocketJSON * Add wazuh/core/logtest unit tests * Declare main functions and structures for wazuh-logtest (#5372) Declare main functions and structures for wazuh-logtest * Added structures as parameters in Decoders, Rules and CDBlist functions. * Modify functions and structures of rules, decoders, and CDB lists for wazuh-logtest development. * Change variables names of rules, decoders, and cdblist and document them. * add wazuh-logtest configuration * add function tu get rule_test configuration * Added test for logtest.c file * Added test for Read_Logtest function * add limits to rule_test configuration * Fixed test for Read_Logtest function * Fixed memory leak and unit tests * Added tests for getRuleTestConfig * Fixed unit tests after the merge * Use function get_nproc instead of get_nprocs and modify variable name of logtest configuration * comply with style guide * Minor fixes: - Change type of w_logtest_conf.enabled to boolean - Change warning messages to error messages in Read_Logtest - Change debug2 messages to warning messages in Read_Logtest - Change type of w_logtest_conf.threads and w_logtest_conf.max_sessions to int * Fixed unit tests after review * Changed warning messages to warning_menssage.h * Remove unnecessary mutex * Modified EventList structure * Modified Rules hash table structures and functions * Modify FTS functions and variables to works with wazuh-logtest * Modify accumulate functions and variables to works with wazuh-logtest * - Add function to initialize FTS engine in Wazuh Logtest - Document accumulator.h, logtest.h and fts.h * Checked inactive sessions * - Implement function to initialize and remove Logtest client session - Modify decoders and cdb list flow to work with wazuh-logtest - Document the CDB list, rules list, and decoders list * ReadDecodeXML & Rules_OP_ReadRules - Remove error and warning (#5532) * Remove errors and warnings Remove merror and mwarn from ReadDecodeXML, Rules_OP_ReadRules and other functions for internal use, instead, errors are returned by parameters * Fix compilation error in old versions of GCC * Fix cmake for Analysisd test * Added unit tests for sessions * Modify os_decoder_store to works in wazuh-logtest * I/O processing in Wazuh-Logtest (#5626) * I/O processing in Wazuh-Logtest Co-authored-by: Juan Cabrera <jcabre88@gmail.com> * Fix Memory leak in analysisd when rule is loaded with invalid options * Fix output msg and error code * wazuh-logtest: handle max session * Added w_logtest_remove_old_session function * Logtest max session, doxygen doc * fix memory leak when load analysisd config * Change to free str array shared library * Logs processing in wazuh-logtest (#5680) * Implement the logs processing in wazuh-logtest * Logtest-memleak-rule-dont-match * Logtest remove client on demand * Add header to socket messages (#5857) * Fix to wazuh-logtest to support socket header * Add generic function to build wazuh socket messages * Update logtest modules with the new socket request/response structure * Refactor logtest modules with the communication protocol * Update logtest framework unit tests * Add create_wazuh_socket_message unit tests * Update changelog * Add PR requested changes Co-authored-by: Eva López Ruiz <17710550+Lopuiz@users.noreply.github.com> Co-authored-by: FernandoCP <fernando.calvillo@wazuh.com> Co-authored-by: Lopuiz <lopezziur@gmail.com> Co-authored-by: Juan Cabrera <jcabre88@gmail.com> Co-authored-by: Julian Morales <jmorales@unc.edu.ar> Co-authored-by: Julian Morales <julian.morales@wazuh.com> Co-authored-by: Juan Nicolas Asselle <jnasselle@gmail.com>

* Declare main functions and structures for wazuh-logtest (#5372) Declare main functions and structures for wazuh-logtest * Added structures as parameters in Decoders, Rules and CDBlist functions. * Modify functions and structures of rules, decoders, and CDB lists for wazuh-logtest development. * Change variables names of rules, decoders, and cdblist and document them. * add wazuh-logtest configuration * add function tu get rule_test configuration * Added test for logtest.c file * Added test for Read_Logtest function * add limits to rule_test configuration * Fixed test for Read_Logtest function * Fixed memory leak and unit tests * Added tests for getRuleTestConfig * Fixed unit tests after the merge * Use function get_nproc instead of get_nprocs and modify variable name of logtest configuration * comply with style guide * Minor fixes: - Change type of w_logtest_conf.enabled to boolean - Change warning messages to error messages in Read_Logtest - Change debug2 messages to warning messages in Read_Logtest - Change type of w_logtest_conf.threads and w_logtest_conf.max_sessions to int * Fixed unit tests after review * Changed warning messages to warning_menssage.h * Remove unnecessary mutex * Modified EventList structure * Modified Rules hash table structures and functions * Modify FTS functions and variables to works with wazuh-logtest * Modify accumulate functions and variables to works with wazuh-logtest * - Add function to initialize FTS engine in Wazuh Logtest - Document accumulator.h, logtest.h and fts.h * Checked inactive sessions * - Implement function to initialize and remove Logtest client session - Modify decoders and cdb list flow to work with wazuh-logtest - Document the CDB list, rules list, and decoders list * ReadDecodeXML & Rules_OP_ReadRules - Remove error and warning (#5532) * Remove errors and warnings Remove merror and mwarn from ReadDecodeXML, Rules_OP_ReadRules and other functions for internal use, instead, errors are returned by parameters * Fix compilation error in old versions of GCC * Fix cmake for Analysisd test * Added unit tests for sessions * Modify os_decoder_store to works in wazuh-logtest * I/O processing in Wazuh-Logtest (#5626) * I/O processing in Wazuh-Logtest Co-authored-by: Juan Cabrera <jcabre88@gmail.com> * Fix Memory leak in analysisd when rule is loaded with invalid options * Fix output msg and error code * wazuh-logtest: handle max session * Added w_logtest_remove_old_session function * Logtest max session, doxygen doc * fix memory leak when load analysisd config * Change to free str array shared library * Logs processing in wazuh-logtest (#5680) * Implement the logs processing in wazuh-logtest * Add logtest modules to framework * Changes on spec.yaml and Add logtest controller * Declare main functions and structures for wazuh-logtest (#5372) Declare main functions and structures for wazuh-logtest * Added structures as parameters in Decoders, Rules and CDBlist functions. * Modify functions and structures of rules, decoders, and CDB lists for wazuh-logtest development. * Change variables names of rules, decoders, and cdblist and document them. * add wazuh-logtest configuration * add function tu get rule_test configuration * Added test for logtest.c file * Added test for Read_Logtest function * add limits to rule_test configuration * Fixed test for Read_Logtest function * Fixed memory leak and unit tests * Added tests for getRuleTestConfig * Fixed unit tests after the merge * Use function get_nproc instead of get_nprocs and modify variable name of logtest configuration * comply with style guide * Minor fixes: - Change type of w_logtest_conf.enabled to boolean - Change warning messages to error messages in Read_Logtest - Change debug2 messages to warning messages in Read_Logtest - Change type of w_logtest_conf.threads and w_logtest_conf.max_sessions to int * Fixed unit tests after review * Changed warning messages to warning_menssage.h * Remove unnecessary mutex * Modified EventList structure * Modified Rules hash table structures and functions * Modify FTS functions and variables to works with wazuh-logtest * Modify accumulate functions and variables to works with wazuh-logtest * - Add function to initialize FTS engine in Wazuh Logtest - Document accumulator.h, logtest.h and fts.h * Checked inactive sessions * - Implement function to initialize and remove Logtest client session - Modify decoders and cdb list flow to work with wazuh-logtest - Document the CDB list, rules list, and decoders list * ReadDecodeXML & Rules_OP_ReadRules - Remove error and warning (#5532) * Remove errors and warnings Remove merror and mwarn from ReadDecodeXML, Rules_OP_ReadRules and other functions for internal use, instead, errors are returned by parameters * Fix compilation error in old versions of GCC * Fix cmake for Analysisd test * Added unit tests for sessions * Modify os_decoder_store to works in wazuh-logtest * I/O processing in Wazuh-Logtest (#5626) * I/O processing in Wazuh-Logtest Co-authored-by: Juan Cabrera <jcabre88@gmail.com> * Fix Memory leak in analysisd when rule is loaded with invalid options * Fix output msg and error code * wazuh-logtest: handle max session * Added w_logtest_remove_old_session function * Logtest max session, doxygen doc * fix memory leak when load analysisd config * Change to free str array shared library * Logs processing in wazuh-logtest (#5680) * Implement the logs processing in wazuh-logtest * Logtest-memleak-rule-dont-match * Add framework function to end logtest session * Update endpoints and changes.md * Add RBAC to logtest functions * Add wazuh/logtest unit tests * Refactor logtest modules to use OssecSocketJSON * Add wazuh/core/logtest unit tests * Declare main functions and structures for wazuh-logtest (#5372) Declare main functions and structures for wazuh-logtest * Added structures as parameters in Decoders, Rules and CDBlist functions. * Modify functions and structures of rules, decoders, and CDB lists for wazuh-logtest development. * Change variables names of rules, decoders, and cdblist and document them. * add wazuh-logtest configuration * add function tu get rule_test configuration * Added test for logtest.c file * Added test for Read_Logtest function * add limits to rule_test configuration * Fixed test for Read_Logtest function * Fixed memory leak and unit tests * Added tests for getRuleTestConfig * Fixed unit tests after the merge * Use function get_nproc instead of get_nprocs and modify variable name of logtest configuration * comply with style guide * Minor fixes: - Change type of w_logtest_conf.enabled to boolean - Change warning messages to error messages in Read_Logtest - Change debug2 messages to warning messages in Read_Logtest - Change type of w_logtest_conf.threads and w_logtest_conf.max_sessions to int * Fixed unit tests after review * Changed warning messages to warning_menssage.h * Remove unnecessary mutex * Modified EventList structure * Modified Rules hash table structures and functions * Modify FTS functions and variables to works with wazuh-logtest * Modify accumulate functions and variables to works with wazuh-logtest * - Add function to initialize FTS engine in Wazuh Logtest - Document accumulator.h, logtest.h and fts.h * Checked inactive sessions * - Implement function to initialize and remove Logtest client session - Modify decoders and cdb list flow to work with wazuh-logtest - Document the CDB list, rules list, and decoders list * ReadDecodeXML & Rules_OP_ReadRules - Remove error and warning (#5532) * Remove errors and warnings Remove merror and mwarn from ReadDecodeXML, Rules_OP_ReadRules and other functions for internal use, instead, errors are returned by parameters * Fix compilation error in old versions of GCC * Fix cmake for Analysisd test * Added unit tests for sessions * Modify os_decoder_store to works in wazuh-logtest * I/O processing in Wazuh-Logtest (#5626) * I/O processing in Wazuh-Logtest Co-authored-by: Juan Cabrera <jcabre88@gmail.com> * Fix Memory leak in analysisd when rule is loaded with invalid options * Fix output msg and error code * wazuh-logtest: handle max session * Added w_logtest_remove_old_session function * Logtest max session, doxygen doc * fix memory leak when load analysisd config * Change to free str array shared library * Logs processing in wazuh-logtest (#5680) * Implement the logs processing in wazuh-logtest * Logtest-memleak-rule-dont-match * API integration tests and minor changes * Add new rbac actions to rbac_catalog * Logtest remove client on demand * Add header to socket messages (#5857) * Fix to wazuh-logtest to support socket header * Fix security unit test, new rbac actions * Add model for PUT /logtest endpoint * New API integration tests cases, changes on spec examples and minor changes * Minor changes * Minor changes v2 * Add generic function to build wazuh socket messages * Update logtest modules with the new socket request/response structure * Refactor logtest modules with the communication protocol * Update logtest framework unit tests * Add create_wazuh_socket_message unit tests * Minor changes * Update logtest API integration test * Add rbac logtest API integration tests * Update changelog * Review changes * Minor change * Add PR requested changes * Rbac catalog changes * Fix logtest API integration tests * Update changelog.md * Fix rbac white logtest API integration test * Review changes * Minor changes to rbac white logtest test Co-authored-by: Eva López Ruiz <17710550+Lopuiz@users.noreply.github.com> Co-authored-by: FernandoCP <fernando.calvillo@wazuh.com> Co-authored-by: Lopuiz <lopezziur@gmail.com> Co-authored-by: Juan Cabrera <jcabre88@gmail.com> Co-authored-by: Julian Morales <jmorales@unc.edu.ar> Co-authored-by: Julian Morales <julian.morales@wazuh.com> Co-authored-by: Víctor Fernández Poyatos <vicferpoy@gmail.com> Co-authored-by: Juan Nicolas Asselle <jnasselle@gmail.com>

juliancnn added the module/analysis/logtest label Jul 22, 2020

juliancnn self-assigned this Jul 22, 2020

juliancnn changed the title ~~ReadDecideXML - Remove error and warning First approach(draft)~~ ReadDecodeXML - Remove error and warning First approach(draft) Jul 22, 2020

juliancnn changed the title ~~ReadDecodeXML - Remove error and warning First approach(draft)~~ ReadDecodeXML - Remove error and warning First approach Jul 22, 2020

juliancnn changed the title ~~ReadDecodeXML - Remove error and warning First approach~~ ReadDecodeXML & Rules_OP_ReadRules - Remove error and warning Jul 23, 2020

juliancnn requested review from JcabreraC and Lopuiz July 23, 2020 00:31

juliancnn force-pushed the 5363-remove-error-and-warning-messages branch from 404a717 to 0941f3a Compare July 23, 2020 20:48

Remove errors and warnings

41b351e

Remove merror and mwarn from ReadDecodeXML, Rules_OP_ReadRules and other functions for internal use, instead, errors are returned by parameters

juliancnn force-pushed the 5363-remove-error-and-warning-messages branch from 0941f3a to 41b351e Compare July 24, 2020 01:04

juliancnn marked this pull request as ready for review July 24, 2020 01:04

JcabreraC closed this Jul 24, 2020

JcabreraC reopened this Jul 24, 2020

JcabreraC changed the base branch from 5337-logtest-enhancement to feature/5337-logtest-enhancement July 24, 2020 09:06

OS_IsValidDay: clean of merror, now return errn msg by parameter

4193111