-
Notifications
You must be signed in to change notification settings - Fork 32
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add Vulnerability Detector integration tests for SUSE Linux Enterprise
#2792
Comments
5 tasks
This was referenced Apr 21, 2022
This was referenced Apr 22, 2022
2 tasks
This was referenced Jun 1, 2022
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
For Wazuh
v4.4.0
we want to addSUSE Linux Enterprise
support for the Wazuh Vulnerability Detector module.Therefore, we want to add the related testing to test this new integration. During this development, we were working on the construction of new integration tests (see this PR #1472), but these tests have already been deprecated, because we recently made a refactor of all the integration tests of vulnerability detector.
A study has been made of what would need to be added, being the following:
Documentation
Feed
Suite test_feeds
Test download feeds
: Prove that it is downloaded, and that the update date is recent.Test duplicate feeds
: Test that after downloading the feed again, the vulnerabilities of the feeds are not duplicatedTest import invalid feed type
: Test behavior when an invalid feed URL is enteredTest validate feed content
: It downloads the feed files and checks that they are parseable (XML or JSON).Suite test_providers
Test enabled/disabled
: Check that the provider's feeds start downloading when activated.Test missing os
: Test the behavior when the tag is omitted. Check failure if the tag is required, and in case it is not, it starts downloading the feeds as normalTest OS
: Test that it starts downloading the feeds of the specified OS.Test update from year
: Test if the feed is updated from a specific date. If the option does not apply, check warning warning.Test update interval
: Test that the feed is updated at the specified intervalSuite test_scan_results
Test scan provider and NVD vulnerabilities
: Test that vulnerable packages are reported using the OVAL and NVD feed.Test scan provider vulnerabilities
: Test that vulnerable packages are reported using the OVAL feed (NVD contains different vulnerabilities).Test scan vulnerability removal
: Check that it generates vulnerability alert fixed after removing or updating a vulnerable package.It is requested to add and modify what is necessary in the integration tests for the integration of SUSE in vulnerability detector.
The text was updated successfully, but these errors were encountered: