Fix agents purge (#82)

Author: Lifka

CHANGELOG.md

@@ -10,15 +10,26 @@ All notable changes to this project will be documented in this file.
     * `GET/cluster/nodes/:node_name`.
 - A parameter in request `GET/rules` to filter by GDPR requirements ([#78](https://github.com/wazuh/wazuh-api/pull/78)).
 - Parameters in `GET/cluster/nodes`: `search`, `sort`, `offset`, `limit`, `select`. And a new filter: `type`.
-- A parameter in request `GET/agents` to filter agents by cluster nodes.
+- Parameters in request `GET/agents`:
+    * `node_name`: Filters agents by cluster nodes.
+    - `older_than`: Filters by agents not connected in a specific time ([#82](https://github.com/wazuh/wazuh-api/pull/82)).
+    - `status`: Filters agents with a specific status ([#82](https://github.com/wazuh/wazuh-api/pull/82)).
+- New filters in request `DELETE/agents`:
+    - `older_than`: Filters by agents not connected in a specific time ([#82](https://github.com/wazuh/wazuh-api/pull/82)).
+    - `status`: Filters agents with a specific status ([#82](https://github.com/wazuh/wazuh-api/pull/82)).
+
 ### Changed
-- Output of `GET/nodes`: Added a new attribute `version`.
+- Output of `GET/nodes`: Added new attribute `version`.
+- Output of `DELETE/agents`: Added new attribute `older_than`.
+- Filter `status` in `GET/agents` can filter by several status separated by commas ([#82](https://github.com/wazuh/wazuh-api/pull/82)).
 
 ### Removed
 - The following requests have been removed: 
     - `GET/cluster/agents`: Duplicated request (`GET/agents`).
     - `GET/cluster/node`: Duplicated request (`GET/cluster/config`).
     - `GET/cluster/files`: It will not be available in this version of the cluster.
+    - `POST/agents/purge`: Replaced by `DELETE/agents` ([#82](https://github.com/wazuh/wazuh-api/pull/82)).
+    - `GET/agents/purgeable`: Replaced by `GET/agents` ([#82](https://github.com/wazuh/wazuh-api/pull/82)).
 
 ## [v3.2.2]
 ### Added

controllers/agents.js

@@ -21,7 +21,8 @@ var router = require('express').Router();
  * @apiParam {Number} [limit=500] Maximum number of elements to return.
  * @apiParam {String} [sort] Sorts the collection by a field or fields (separated by comma). Use +/- at the beginning to list in ascending or descending order.
  * @apiParam {String} [search] Looks for elements with the specified string.
- * @apiParam {String="active","pending","never connected", "disconnected"} [status] Filters by agent status.
+ * @apiParam {String="active", "pending", "neverconnected", "disconnected"} [status] Filters by agent status. Use commas to enter multiple statuses.
+ * @apiParam {String} older_than Filters out disconnected agents for longer than specified. Time in seconds | "[n_days]d" | "[n_hours]h" | "[n_minutes]m" | "[n_seconds]s". For never connected agents, uses the register date.
  * @apiParam {String} [os.platform] Filters by OS platform.
  * @apiParam {String} [os.version] Filters by OS version.
  * @apiParam {String} [manager] Filters by manager hostname to which agents are connected.
@@ -41,9 +42,10 @@ router.get('/', cache(), function(req, res) {
     var data_request = {'function': '/agents', 'arguments': {}};
     var filters = {'offset': 'numbers', 'limit': 'numbers', 'sort':'sort_param',
                    'select':'select_param', 'search':'search_param',
-                   'status':'alphanumeric_param', 'os.platform':'alphanumeric_param',
+                    'status':'alphanumeric_param', 'os.platform':'alphanumeric_param',
                    'os.version':'alphanumeric_param', 'manager':'alphanumeric_param',
-                   'version':'alphanumeric_param', 'node': 'alphanumeric_param'};
+                   'version':'alphanumeric_param', 'node': 'alphanumeric_param',
+                    'older_than':'timeframe_type'};
 
     if (!filter.check(req.query, filters, req, res))  // Filter with error
         return;
@@ -70,6 +72,8 @@ router.get('/', cache(), function(req, res) {
         data_request['arguments']['node_name'] = req.query['node'];
     if ('version' in req.query)
         data_request['arguments']['version'] = req.query['version'];
+    if ('older_than' in req.query)
+        data_request['arguments']['older_than'] = req.query['older_than'];
 
     execute.exec(python_bin, [wazuh_control], data_request, function (data) { res_h.send(req, res, data); });
 })
@@ -426,44 +430,6 @@ router.get('/outdated', cache(), function(req, res) {
     execute.exec(python_bin, [wazuh_control], data_request, function (data) { res_h.send(req, res, data); });
 })
 
-/**
- * @api {get} /purgeable/:timeframe Get list of purgeable agents
- * @apiName GetAgentsPurgeable
- * @apiGroup Info
- *
- * @apiParam {String} timeframe Time from last connection in seconds or [n_days]d[n_hours]h[n_minutes]m[n_seconds]s.
- * @apiParam {Number} [offset] First element to return in the collection.
- * @apiParam {Number} [limit=500] Maximum number of elements to return.
- *
- * @apiDescription Returns a list of agents that can be purged.
- *
- * @apiExample {curl} Example usage*:
- *     curl -u foo:bar -k -X GET "https://127.0.0.1:55000/agents/purgeable/1d5h?pretty"
- *
- */
-router.get('/purgeable/:timeframe', cache(), function(req, res) {
-
-    logger.debug(req.connection.remoteAddress + " GET /agents/purgeable/:timeframe");
-
-    var data_request = {'function': '/agents/purgeable/:timeframe', 'arguments': {}};
-    var filters = {'timeframe':'timeframe_type', 'offset': 'numbers', 'limit': 'numbers'};
-
-    if (!filter.check(req.params, filters, req, res))  // Filter with error
-        return;
-
-    if ('timeframe' in req.params)
-        data_request['arguments']['timeframe'] = req.params.timeframe;
-    else
-        res_h.bad_request(req, res, 604, "Missing field: 'timeframe'");
-
-    if ('offset' in req.query)
-        data_request['arguments']['offset'] = req.query.offset;
-
-    if ('limit' in req.query)
-        data_request['arguments']['limit'] = req.query.limit;
-
-    execute.exec(python_bin, [wazuh_control], data_request, function (data) { res_h.send(req, res, data); });
-})
 
 /**
  * @api {get} /agents/name/:agent_name Get an agent by its name
@@ -942,14 +908,16 @@ router.delete('/groups/:group_id', function(req, res) {
 })
 
 /**
- * @api {delete} /agents Delete a list of agents
+ * @api {delete} /agents Delete agents
  * @apiName DeleteAgents
  * @apiGroup Delete
  *
  * @apiParam {String[]} ids Array of agent ID's.
  * @apiParam {Boolean} purge Delete an agent from the key store.
+ * @apiParam {String="active", "pending", "neverconnected", "disconnected"} [status] Filters by agent status. Use commas to enter multiple statuses.
+ * @apiParam {String} older_than Filters out disconnected agents for longer than specified. Time in seconds | "[n_days]d" | "[n_hours]h" | "[n_minutes]m" | "[n_seconds]s". For never connected agents, uses the register date.
  *
- * @apiDescription Removes a list of agents. The Wazuh API must be restarted after removing an agent.
+ * @apiDescription Removes agents, using a list of them or a criterion based on the status or time of the last connection. The Wazuh API must be restarted after removing an agent.
  *
  * @apiExample {curl} Example usage:
  *     curl -u foo:bar -k -X DELETE -H "Content-Type:application/json" -d '{"ids":["003","005"]}' "https://127.0.0.1:55000/agents?pretty"
@@ -958,18 +926,33 @@ router.delete('/groups/:group_id', function(req, res) {
 router.delete('/', function(req, res) {
     logger.debug(req.connection.remoteAddress + " DELETE /agents");
 
-    var data_request = {'function': 'DELETE/agents/', 'arguments': {}};
+    var data_request = { 'function': 'DELETE/agents/', 'arguments': {} };
+    var filter_body = { 'ids': 'array_numbers', 'purge': 'boolean' };
+    var filter_query = { 'older_than': 'timeframe_type', 'status': 'alphanumeric_param'};
+
+    if (!filter.check(req.body, filter_body, req, res))  // Filter with error
+        return;
+
+    if (!filter.check(req.query, filter_query, req, res))  // Filter with error
+        return;
 
-    if (!filter.check(req.body, {'ids':'array_numbers', 'purge':'boolean'}, req, res))  // Filter with error
+    if (!('ids' in req.body) && !('status' in req.query))
+        res_h.bad_request(req, res, 604, "Missing field: You have to specified 'ids' or status.");
         return;
 
     data_request['arguments']['purge'] = 'purge' in req.body && (req.body['purge'] == true || req.body['purge'] == 'true');
 
-    if ('ids' in req.body){
-        data_request['arguments']['agent_id'] = req.body.ids;
-        execute.exec(python_bin, [wazuh_control], data_request, function (data) { res_h.send(req, res, data); });
-    }else
-        res_h.bad_request(req, res, 604, "Missing field: 'ids'");
+    if ('ids' in req.body)
+        data_request['arguments']['list_agent_ids'] = req.body.ids;
+
+    if ('older_than' in req.query)
+        data_request['arguments']['older_than'] = req.query.older_than;
+
+    if ('status' in req.query)
+        data_request['arguments']['status'] = req.query.status;
+
+    
+    execute.exec(python_bin, [wazuh_control], data_request, function (data) { res_h.send(req, res, data); });
 })
 
 
@@ -1098,37 +1081,4 @@ router.post('/insert', function(req, res) {
         res_h.bad_request(req, res, 604, "Missing fields. Mandatory fields: id, name, ip, key");
 })
 
-/**
- * @api {post} /agents/purge Purge old agents from manager
- * @apiName PostAgentsPurge
- * @apiGroup Purge
- *
- * @apiParam {String} timeframe Time from last connection in seconds or [n_days]d[n_hours]h[n_minutes]m[n_seconds]s.
- * @apiParam {Boolean} verbose Return information about agents purged.
- *
- * @apiDescription Deletes all agents that did not connect in the last timeframe seconds.
- *
- * @apiExample {curl} Example usage*:
- *     curl -u foo:bar -k -X POST -H "Content-Type:application/json" -d '{"timeframe":"1d5h","verbose":true}' "https://127.0.0.1:55000/agents/purge?pretty"
- *
- */
-router.post('/purge', function(req, res) {
-    logger.debug(req.connection.remoteAddress + " POST /agents/purge");
-
-    var data_request = {'function': 'POST/agents/purge', 'arguments': {}};
-    var filters = {'timeframe':'timeframe_type', 'verbose':'boolean'};
-
-    if (!filter.check(req.body, filters, req, res))  // Filter with error
-        return;
-
-    if ('verbose' in req.body)
-        data_request['arguments']['verbose'] = req.body.verbose;
-
-    if ('timeframe' in req.body){
-        data_request['arguments']['timeframe'] = req.body.timeframe;
-        execute.exec(python_bin, [wazuh_control], data_request, function (data) { res_h.send(req, res, data); });
-    }else
-        res_h.bad_request(req, res, 604, "Missing field: 'timeframe'");
-})
-
 module.exports = router;

helpers/errors.js

@@ -49,7 +49,7 @@ errors['ossec_key'] = 615;
 errors['616'] = "Param not valid. Valid characters: array of numbers";
 errors['array_numbers'] = 616;
 errors['timeframe_type'] = 617;
-errors['617'] = "Param not valid. Valid characters: \"[0-9]d[0-9]h[0-9]m[0-9]s\" or 0-9"
+errors['617'] = "Param not valid. Valid characters: [0-9]d|[0-9]h|[0-9]m|[0-9]s|0-9"
 errors['boolean'] = 618;
 errors['618'] = "Param not valid. Valid characters: true or false"
 

helpers/input_validation.js

@@ -72,7 +72,7 @@ exports.ips = function(ip) {
 
 exports.alphanumeric_param = function(param) {
     if (typeof param != 'undefined'){
-        var regex = /^[a-zA-Z0-9_\-\.\+\s]+$/;
+        var regex = /^[a-zA-Z0-9_,\-\.\+\s]+$/;
         return regex.test(param);
     }
     else
@@ -136,7 +136,7 @@ exports.ossec_key = function(param) {
 // [n_days]d[n_hours]h[n_minutes]m[n_seconds]s
 exports.timeframe_type = function(param) {
     if (typeof param != 'undefined'){
-        var regex = /^((\d{1,}[d]){0,1}(\d{1,}[h]){0,1}(\d{1,}[m]){0,1}(\d{1,}[s]){0,1}){1}$|^\d{1,}$/;
+        var regex = /^(\d{1,}[d|h|m|s]?){1}$/;
         return regex.test(param);
     }
     else

models/wazuh-api.py

@@ -191,7 +191,7 @@ def usage():
             'POST/agents/insert': Agent.insert_agent,
             'DELETE/agents/groups': Agent.remove_group,
             'DELETE/agents/:agent_id': Agent.remove_agent,
-            'DELETE/agents/': Agent.remove_agent,
+            'DELETE/agents/': Agent.remove_agents,
 
             # Groups
             '/agents/groups': Agent.get_all_groups,
@@ -204,8 +204,6 @@ def usage():
             'PUT/agents/groups/:group_id': Agent.create_group,
             'DELETE/agents/groups/:group_id':Agent.remove_group,
             'DELETE/agents/:agent_id/group':Agent.unset_group,
-            'POST/agents/purge': Agent.purge_agents,
-            '/agents/purgeable/:timeframe': Agent.get_purgeable_agents_json,
 
             # Decoders
             '/decoders': Decoder.get_decoders,

test/README.md

@@ -3,9 +3,12 @@
 ## Requirements
 
  * API installed and configurated (Configure API: https and auth (foo:bar)).
- * Packages npm installed: `glob`, `supertest`, `mocha`, `should`, `moment` and `getos`.
+ * Packages npm installed: `glob`, `supertest`, `mocha`, `should`, `moment`, `sleep` and `getos`.
 
-    ``` npm install glob supertest mocha should moment getos ```
+    ``` 
+    npm install mocha -g
+    npm install glob supertest mocha should moment getos sleep
+    ```
 
  * Cluster configurated and running with 2 connected nodes: `master` and `client`.
  * A connected agent with id `001`.