Minor fixes to fit wazuh-qa repository file structure

wazuh · Sep 10, 2021 · d32417f · d32417f
1 parent 0269441
commit d32417f
Show file tree

Hide file tree

Showing 7 changed files with 98 additions and 144 deletions.
diff --git a/deps/wazuh_testing/wazuh_testing/tools/scans/__init__.py b/deps/wazuh_testing/wazuh_testing/tools/scans/__init__.py
diff --git a/...es_vuln_scan/python_packages_vuln_scan.py → ...wazuh_testing/tools/scans/dependencies.py b/...es_vuln_scan/python_packages_vuln_scan.py → ...wazuh_testing/tools/scans/dependencies.py
@@ -3,7 +3,6 @@
 # This program is free software; you can redistribute it and/or modify it under the terms of GPLv2
 import re
 import subprocess
-from argparse import ArgumentParser
 from collections import namedtuple
 from datetime import datetime
 from json import dumps, loads
@@ -17,20 +16,6 @@
 package_tuple = namedtuple('Package', ['key', 'version'])
 
 
-def get_args():
- """Command line argument parsing method
-
- Returns:
- Namespace(args*): Optional and Positional Parsing
- """
- parser = ArgumentParser()
- input_group = parser.add_mutually_exclusive_group(required=True)
- input_group.add_argument('-r', dest='input', type=str, help='specify requirements file path.')
- input_group.add_argument('-p', dest='pip_mode', action='store_true', help='enable pip scan mode.')
- parser.add_argument('-o', dest='output', type=str, help='specify output file.')
- return parser.parse_args()
-
-
 def run_report():
  """Perform vulnerability scan using Safety to check all packages listed.
 
@@ -103,7 +88,7 @@ def export_report(output, output_file_path):
 
 
 def report_for_pytest(requirements_file):
- """Method used by pytest since it does not use this as a script.
+ """Method used by pytest to generate a report.
 
  Args:
  requirements_file (str): path to the input file.
@@ -113,14 +98,3 @@ def report_for_pytest(requirements_file):
  """
  prepare_input(False, requirements_file)
  return run_report()
-
-
-if __name__ == '__main__':
- options = get_args()
- opt_pip_mode = options.pip_mode
- opt_output_file_path = options.output
- opt_input_file_path = options.input
-
- prepare_input(opt_pip_mode, opt_input_file_path)
- output_data = run_report()
- export_report(output_data, opt_output_file_path)
diff --git a/tests/security/conftest.py → tests/scans/conftest.py b/tests/security/conftest.py → tests/scans/conftest.py
diff --git a/tests/scans/dependencies/README.md b/tests/scans/dependencies/README.md
@@ -0,0 +1,95 @@
+# Dependencies Scanner
+
+## Description
+It's a tool used to scan for vulnerabilities in a requirements.txt file.\
+It can generate reports via console output or json file. Can be run with `pytest` and manage to handle remote files under github repositories. Requirements file can be specified with `repo`, `branch`, `requirements-path` parameters giving flexibility on file location.
+Output file in which the report will be generated can be specified with `report-path` parameter.
+
+## How to use - Pytest
+```
+Parameters:
+ --repo: repository name. Default: 'wazuh'.
+ --branch: branch name of specified repository. Default: 'master'.
+ --requirements-path: requirements file path. Default: 'framework/requirements.txt'.
+ --report-path: output file path. Default: 'dependencies/report_file.json'.
+```
+### scanning wazuh-qa requirements file:
+```
+↪ ~/git/wazuh-qa/tests/scans ⊶ feature/1612-package-vuln-scanner ⨘ python3 -m pytest -vv -x --disable-warnings dependencies/ --repo wazuh-qa --branch master --requirements-path requirements.txt
+==================================================================================== test session starts =====================================================================================
+platform linux -- Python 3.9.5, pytest-6.2.3, py-1.10.0, pluggy-0.13.1 -- /home/kondent/pythonEnv/qa-env/bin/python3
+cachedir: .pytest_cache
+metadata: {'Python': '3.9.5', 'Platform': 'Linux-5.11.0-34-generic-x86_64-with-glibc2.31', 'Packages': {'pytest': '6.2.3', 'py': '1.10.0', 'pluggy': '0.13.1'}, 'Plugins': {'html': '3.1.1', 'metadata': '1.11.0', 'testinfra': '5.0.0'}}
+rootdir: /home/kondent/git/wazuh-qa/tests/scans
+plugins: html-3.1.1, metadata-1.11.0, testinfra-5.0.0
+collected 1 item 
+
+dependencies/test_dependencies.py::test_python_dependencies_vuln_scan FAILED [100%]
+
+========================================================================================== FAILURES ==========================================================================================
+_______________________________________________________________________________ test_python_dependencies_vuln_scan _______________________________________________________________________________
+
+pytestconfig = <_pytest.config.Config object at 0x7f721b4c4eb0>
+
+ def test_python_dependencies_vuln_scan(pytestconfig):
+ branch = pytestconfig.getoption('--branch')
+ repo = pytestconfig.getoption('--repo')
+ requirements_path = pytestconfig.getoption('--requirements-path')
+ report_path = pytestconfig.getoption('--report-path')
+ requirements_url = f'https://raw.githubusercontent.com/wazuh/{repo}/{branch}/{requirements_path}'
+ urlretrieve(requirements_url, REQUIREMENTS_TEMP_FILE.name)
+ result = report_for_pytest(REQUIREMENTS_TEMP_FILE.name)
+ REQUIREMENTS_TEMP_FILE.close()
+ export_report(result, report_path)
+> assert loads(result)['vulnerabilities_found'] == 0, f'Vulnerables packages were found, full report at: ' \
+ f'{report_path}'
+E AssertionError: Vulnerables packages were found, full report at: /home/kondent/git/wazuh-qa/tests/scans/dependencies/report_file.json
+E assert 28 == 0
+E +28
+E -0
+
+dependencies/test_dependencies.py:23: AssertionError
+================================================================================== short test summary info ===================================================================================
+FAILED dependencies/test_dependencies.py::test_python_dependencies_vuln_scan - AssertionError: Vulnerables packages were found, full report at: /home/kondent/git/wazuh-qa/tests/scans/dependen...
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! stopping after 1 failures !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+===================================================================================== 1 failed in 1.87s ======================================================================================
+↪ ~/git/wazuh-qa/tests/scans ⊶ feature/1612-package-vuln-scanner ⨘ cat dependencies/report_file.json 
+{
+ "report_date": "2021-09-10T09:49:43.471148",
+ "vulnerabilities_found": 28,
+ "packages": [
+ {
+ "package_name": "pillow",
+ "package_version": "6.2.0",
+ "package_affected_version": "<6.2.2",
+ "vuln_description": "libImaging/TiffDecode.c in Pillow before 6.2.2 has a TIFF decoding integer overflow, related to realloc. See: CVE-2020-5310.",
+ "safety_id": "37779"
+ },
+ ...
+ ...
+ ...
+ ]
+}
+```
+
+### scanning wazuh requirements file with a specific output path:
+```
+↪ ~/git/wazuh-qa/tests/scans ⊶ feature/1612-package-vuln-scanner ⨘ python3 -m pytest -vv -x --disable-warnings dependencies/ --repo wazuh --branch master --requirements-path framework/requirements.txt --report-path ~/Desktop/report_file.json
+==================================================================================== test session starts =====================================================================================
+platform linux -- Python 3.9.5, pytest-6.2.3, py-1.10.0, pluggy-0.13.1 -- /home/kondent/pythonEnv/qa-env/bin/python3
+cachedir: .pytest_cache
+metadata: {'Python': '3.9.5', 'Platform': 'Linux-5.11.0-34-generic-x86_64-with-glibc2.31', 'Packages': {'pytest': '6.2.3', 'py': '1.10.0', 'pluggy': '0.13.1'}, 'Plugins': {'html': '3.1.1', 'metadata': '1.11.0', 'testinfra': '5.0.0'}}
+rootdir: /home/kondent/git/wazuh-qa/tests/scans
+plugins: html-3.1.1, metadata-1.11.0, testinfra-5.0.0
+collected 1 item 
+
+dependencies/test_dependencies.py::test_python_dependencies_vuln_scan PASSED [100%]
+
+===================================================================================== 1 passed in 0.68s ======================================================================================
+↪ ~/git/wazuh-qa/tests/scans ⊶ feature/1612-package-vuln-scanner ⨘ cat ~/Desktop/report_file.json 
+{
+ "report_date": "2021-09-10T09:53:39.284082",
+ "vulnerabilities_found": 0,
+ "packages": []
+}
+```
diff --git a/...est_python_packages_vuln_scan/conftest.py → tests/scans/dependencies/conftest.py b/...est_python_packages_vuln_scan/conftest.py → tests/scans/dependencies/conftest.py
diff --git a/...ln_scan/test_python_packages_vuln_scan.py → ...s/scans/dependencies/test_dependencies.py b/...ln_scan/test_python_packages_vuln_scan.py → ...s/scans/dependencies/test_dependencies.py
@@ -5,12 +5,12 @@
 from json import loads
 from urllib.request import urlretrieve
 
-from python_packages_vuln_scan import export_report, report_for_pytest
+from wazuh_testing.tools.scans.dependencies import export_report, report_for_pytest
 
 REQUIREMENTS_TEMP_FILE = tempfile.NamedTemporaryFile()
 
 
-def test_python_packages_vuln_scan(pytestconfig):
+def test_python_dependencies_vuln_scan(pytestconfig):
  branch = pytestconfig.getoption('--branch')
  repo = pytestconfig.getoption('--repo')
  requirements_path = pytestconfig.getoption('--requirements-path')

diff --git a/tests/security/test_python_packages_vuln_scan/README.md b/tests/security/test_python_packages_vuln_scan/README.md