Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Vulnerability detector test module refactor: test_general_settings_min_full_scan_interval #2461

Closed
10 tasks done
Tracked by #2460
jmv74211 opened this issue Jan 21, 2022 · 2 comments · Fixed by #2540
Closed
10 tasks done
Tracked by #2460

Vulnerability detector test module refactor: test_general_settings_min_full_scan_interval #2461

jmv74211 opened this issue Jan 21, 2022 · 2 comments · Fixed by #2540
Assignees
@roronoasins
Labels
feature/vuln-detector refactor Redesign and implement an existing development/feature test/integration

Comments

@jmv74211
Copy link
Contributor

jmv74211 commented Jan 21, 2022
edited by roronoasins
Loading

It is asked to refactor the test module named test_general_settings_min_full_scan_interval.py.

It is disabled for now, as it was failing or unstable, causing false positives.

Tasks

  • Make a study of the objectives of the test, and what is being tested.
  • Refactor the test. Clean and modularizable code.
  • Check that the test always starts from the same state and restores it completely at the end of the test (independent of the tests previously executed in that environment).
  • Review test documentation, and modify if necessary.
  • Proven that tests pass when they have to pass.
  • Proven that tests fail when they have to fail.
  • Test in 5-10 rounds of execution that the test always shows the same result.

Checks

  • The code complies with the standard PEP-8 format.
  • Python codebase is documented following the Google Style for Python docstrings.
  • The test is processed by qa-docs tool without errors.
@jmv74211 jmv74211 added team/qa refactor Redesign and implement an existing development/feature test/integration feature/vuln-detector labels Jan 21, 2022
@jmv74211 jmv74211 mentioned this issue Jan 21, 2022
Closed
8 tasks
@roronoasins
Copy link
Contributor

roronoasins commented Jan 26, 2022
edited
Loading

Test design

Name

test_general_settings_min_full_scan_interval.py

Objective

Check that a full scan is performed when min_full_scan_interval expires and the CVEs database is updated with new
information.

Test checks

  • A full scan starts after the min_full_scan_interval as expected.
  • The vulnerabilities are set as pending.
  • Every package is set as triaged.
  • The sys_osinfo rows are set as triaged.
  • The inserts/updates from pending to valid are performed.
  • The vulnerabilities alerts are logged correctly.
  • The pending/obsolete alerts are deleted.
  • The delete event is logged correctly.

Initial stage (setup)

  • All modules except vulnerability detector must be disabled.
  • Set the ossec.conf configuration.
  • Insert packages and vulnerabilities in order to trigger a full scan.

Test phases

Enabled cases

  • Restart wazuh-modulesd daemon.
  • Monitor ossec.log and check the full scan log.
  • Query the CVEs databases for PENDING vulnerabilities(should be all of them at this point).
  • Query the CVEs databases for VALID vulnerabilities(some test cases should be VALID).
  • Query the CVEs databases for OBSOLETE vulnerabilities(some test cases should be OBSOLETE)
  • Monitor ossec.log and check that new vulnerabilities alerts are logged.
  • Monitor ossec.log and check that removed vulnerabilities alerts are logged.

Disabled cases

  • Restart wazuh-modulesd daemon
  • Monitor ossec.log and check that the full scan log does not appear.

Final stage (teardown)

  • Remove the packages and vulnerabilities used.
  • Restore initial ossec.conf file.
  • Clean the ossec.log file.

Test cases:

ossec.conf

{min_full_scan_interval : 30s}

Packages and vulnerabilities

Not determined.

As the TimeTravel will be deprecated soon, we can't have a test that spent minutes or hours for each case.

roronoasins pushed a commit that referenced this issue Jan 26, 2022
fix: Fix the wrong query format. #2461
fb69802
roronoasins pushed a commit that referenced this issue Jan 27, 2022
fix: Fix the wrong query format. #2461
8c6f2ab
@roronoasins
Copy link
Contributor

roronoasins commented Jan 27, 2022
edited
Loading

For now, there are two tiers for this test:

Tier 0

This test will check the minimal behavior and using short amounts of min_full_scan_interval

Tier 5

This test will check the same than the tier 0 but with some additions:

  • Check pending vulns in vuln_cve db
  • Every package is set as triaged.
  • The sys_osinfo rows are set as triaged.
  • Check valid changes in vuln_cve db
  • Monitor new vuln alert event
  • Check obsolete vuln
  • Check obsolete vuln deletion
  • Monitor vulns removed from vuln_cve db

Also, a method has been added to run the test by tier: If you specify a tier like --tier=0, the simple test will be executed. If you don't specify a tier, the complex test will be executed by default.

@roronoasins roronoasins reopened this Jan 27, 2022
roronoasins pushed a commit that referenced this issue Jan 28, 2022
refac: test_general_settings_min_full_scan_interval.py refactor. #2461
4ddf1ca 


New logic:

- Tier 0:
  - A full scan starts after the min_full_scan_interval as expected.
  - The full scan ends.

- Tier 5:
  - A full scan starts after the min_full_scan_interval as expected.
  - The vulnerabilities are set as pending. (working on it)
  - Every package is set as triaged. (working on it)
  - The sys_osinfo rows are set as triaged. (working on it)
  - The inserts/updates from pending to valid are performed.
  - The vulnerabilities alerts are logged correctly.
  - The pending/obsolete alerts are deleted. (working on it)
  - The delete event is logged correctly. (working on it)
roronoasins pushed a commit that referenced this issue Feb 2, 2022
refac: Update tier 5 behavior. #2461
a85abbd 
Also added:
- `data/configuration_template`
- `data/test_cases`
- `tools/configuration.py` method to update `configuration_template` from test
- A few checks in `event_monitor.py`
@roronoasins roronoasins mentioned this issue Feb 2, 2022
Merged
2 tasks
roronoasins pushed a commit that referenced this issue Feb 3, 2022
refac: Remove the extended behavior. #2461
6a6cfc7 
The extended behavior will be used for the full scan test refactor.
@jmv74211 jmv74211 closed this as completed Feb 4, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@roronoasins roronoasins

Labels
feature/vuln-detector refactor Redesign and implement an existing development/feature test/integration
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Vulnerability detector test module refactor: test_min_full_scan_interval wazuh/wazuh-qa
2 participants
@jmv74211 @roronoasins