Migrate test_scan_results documentation to qa-docs #2398
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Closed
16 tasks
roronoasins
reviewed
Dec 23, 2021
...s/integration/test_vulnerability_detector/test_scan_results/test_alas_inventory_alas_feed.py
Show resolved
Hide resolved
roronoasins
reviewed
Dec 24, 2021
tests/integration/test_vulnerability_detector/test_scan_results/test_msu_inventory_msu_feed.py
Outdated
Show resolved
Hide resolved
roronoasins
reviewed
Dec 24, 2021
tests/integration/test_vulnerability_detector/test_scan_results/test_scan_different_cves.py
Outdated
Show resolved
Hide resolved
roronoasins
reviewed
Dec 24, 2021
tests/integration/test_vulnerability_detector/test_scan_results/test_scan_different_cves.py
Outdated
Show resolved
Hide resolved
roronoasins
reviewed
Dec 24, 2021
tests/integration/test_vulnerability_detector/test_scan_results/test_scan_nvd_feed.py
Show resolved
Hide resolved
roronoasins
suggested changes
Dec 24, 2021
58 tasks
1 task
snaow
previously approved these changes
Jan 7, 2022
snaow
approved these changes
Jan 7, 2022
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
As part of epic #1796, this PR adds the missing documentation and migrates the current documentation to the new format used by qa-docs.
The schema used is the one defined in issue #1694
Generated documentation
test_alas_inventory_alas_feed.json
{ "copyright": "Copyright (C) 2015-2021, Wazuh Inc.\nCreated by Wazuh, Inc. <[email protected]>.\nThis program is free software; you can redistribute it and/or modify it under the terms of GPLv2", "type": "integration", "brief": "Wazuh is able to detect vulnerabilities in the applications installed in agents using the Vulnerability Detector module. This software audit is performed through the integration of vulnerability feeds indexed by Redhat, Canonical, Debian, Amazon Linux and NVD Database.", "tier": 1, "modules": [ "vulnerability_detector" ], "components": [ "manager" ], "daemons": [ "wazuh-modulesd", "wazuh-db", "wazuh-analysisd" ], "os_platform": [ "linux" ], "os_version": [ "Arch Linux", "Amazon Linux 2", "Amazon Linux 1", "CentOS 8", "CentOS 7", "CentOS 6", "Ubuntu Focal", "Ubuntu Bionic", "Ubuntu Xenial", "Ubuntu Trusty", "Debian Buster", "Debian Stretch", "Debian Jessie", "Debian Wheezy", "Red Hat 8", "Red Hat 7", "Red Hat 6" ], "references": [ "https://documentation.wazuh.com/current/user-manual/capabilities/vulnerability-detection/index.html" ], "tags": [ "settings", "vulnerability", "vulnerability_detector" ], "name": "test_alas_inventory_alas_feed.py", "id": 1, "group_id": 0, "path": "tests/integration/test_vulnerability_detector/test_scan_results/test_alas_inventory_alas_feed.py", "tests": [ { "description": "Check if inserted vulnerable packages are reported by vulnerability detector. To do this, it checks a report of the corresponding vulnerabilities are generated in the logs file.", "wazuh_min_version": "4.3.0", "parameters": [ { "configure_local_internal_options_module": { "type": "fixture", "brief": "Configure the local internal options file." } }, { "get_configuration": { "type": "fixture", "brief": "Get configurations from the module." } }, { "configure_environment": { "type": "fixture", "brief": "Configure a custom environment for testing." } }, { "restart_modulesd": { "type": "fixture", "brief": "Reset the logs file and start a new monitor." } }, { "check_cve_db": { "type": "fixture", "brief": "Check if the CVE database exists and its tables are created." } }, { "mock_vulnerability_scan": { "type": "fixture", "brief": "It allows to mock the vulnerability scan inserting custom packages, feeds and changing the host system." } } ], "assertions": [ "Verify that the number of OVAL vulnerabilities is the expected.", "Verify the vulnerabilities of inserted packages.", "Verify that the modulesd daemon is running." ], "input_description": [ "Test cases are found in the test module. The `wazuh_alas_inventory.yaml` file provides the configuration of this module for this test. Feeds are got from custom_alas_feed.json, and custom_alas2_feed.json files. Vulnerabilities are got from alas_vulnerabilities.json file." ], "expected_output": [ "r'The .* found a total of .* potential vulnerabilities for agent .*'", "r'The .* package .* from agent .* is vulnerable to .*'" ], "name": "test_amazon_linux_vulnerabilities_report", "inputs": [ "alas_feed-amazonlinux", "alas_feed-amazonlinux2" ] } ] }test_archliux_inventory_archlinux_feed.json
{ "copyright": "Copyright (C) 2015-2021, Wazuh Inc.\nCreated by Wazuh, Inc. <[email protected]>.\nThis program is free software; you can redistribute it and/or modify it under the terms of GPLv2", "type": "integration", "brief": "Wazuh is able to detect vulnerabilities in the applications installed in agents using the Vulnerability Detector module. This software audit is performed through the integration of vulnerability feeds indexed by Redhat, Canonical, Debian, Amazon Linux and NVD Database.", "tier": 1, "modules": [ "vulnerability_detector" ], "components": [ "manager" ], "daemons": [ "wazuh-modulesd", "wazuh-db", "wazuh-analysisd" ], "os_platform": [ "linux" ], "os_version": [ "Arch Linux", "Amazon Linux 2", "Amazon Linux 1", "CentOS 8", "CentOS 7", "CentOS 6", "Ubuntu Focal", "Ubuntu Bionic", "Ubuntu Xenial", "Ubuntu Trusty", "Debian Buster", "Debian Stretch", "Debian Jessie", "Debian Wheezy", "Red Hat 8", "Red Hat 7", "Red Hat 6" ], "references": [ "https://documentation.wazuh.com/current/user-manual/capabilities/vulnerability-detection/index.html" ], "tags": [ "settings", "vulnerability", "vulnerability_detector" ], "name": "test_archliux_inventory_archlinux_feed.py", "id": 1, "group_id": 0, "path": "tests/integration/test_vulnerability_detector/test_scan_results/test_archliux_inventory_archlinux_feed.py", "tests": [ { "description": "Check if inserted vulnerable packages are reported by vulnerability detector. To do this, it checks a report of the corresponding vulnerabilities are generated in the logs file.", "wazuh_min_version": "4.3.0", "parameters": [ { "get_configuration": { "type": "fixture", "brief": "Get configurations from the module." } }, { "configure_environment": { "type": "fixture", "brief": "Configure a custom environment for testing." } }, { "restart_modulesd": { "type": "fixture", "brief": "Reset the logs file and start a new monitor." } }, { "check_cve_db": { "type": "fixture", "brief": "Check if the CVE database exists and its tables are created." } }, { "mock_vulnerability_scan": { "type": "fixture", "brief": "It allows to mock the vulnerability scan inserting custom packages, feeds and changing the host system." } } ], "assertions": [ "Verify that the number of OVAL vulnerabilities is the expected.", "Verify the vulnerabilities of inserted packages.", "Verify that the modulesd daemon is running." ], "input_description": [ "Test cases are found in the test module. The `wazuh_archlinux_inventory.yaml` file provides the configuration of this module for this test. Feeds are got from custom_archlinux_feed.json file." ], "expected_output": [ "r'The .* found a total of .* potential vulnerabilities for agent .*'", "r'The .* package .* from agent .* is vulnerable to .*'" ], "name": "test_arch_linux_vulnerabilities_report", "inputs": [ "arch_feed-AVG-1794", "arch_feed-AVG-1643" ] } ] }test_debian_inventory_debian_feed.json
{ "copyright": "Copyright (C) 2015-2021, Wazuh Inc.\nCreated by Wazuh, Inc. <[email protected]>.\nThis program is free software; you can redistribute it and/or modify it under the terms of GPLv2", "type": "integration", "brief": "Wazuh is able to detect vulnerabilities in the applications installed in agents using the Vulnerability Detector module. This software audit is performed through the integration of vulnerability feeds indexed by Redhat, Canonical, Debian, Amazon Linux and NVD Database.", "tier": 0, "modules": [ "vulnerability_detector" ], "components": [ "manager" ], "daemons": [ "wazuh-modulesd", "wazuh-db", "wazuh-analysisd" ], "os_platform": [ "linux" ], "os_version": [ "Arch Linux", "Amazon Linux 2", "Amazon Linux 1", "CentOS 8", "CentOS 7", "CentOS 6", "Ubuntu Focal", "Ubuntu Bionic", "Ubuntu Xenial", "Ubuntu Trusty", "Debian Buster", "Debian Stretch", "Debian Jessie", "Debian Wheezy", "Red Hat 8", "Red Hat 7", "Red Hat 6" ], "references": [ "https://documentation.wazuh.com/current/user-manual/capabilities/vulnerability-detection/index.html" ], "tags": [ "settings", "vulnerability", "vulnerability_detector" ], "name": "test_debian_inventory_debian_feed.py", "id": 1, "group_id": 0, "path": "tests/integration/test_vulnerability_detector/test_scan_results/test_debian_inventory_debian_feed.py", "tests": [ { "description": "Check if inserted vulnerable packages are reported by vulnerability detector. To do this, it checks a report of the corresponding vulnerabilities are generated in the logs file.", "wazuh_min_version": "4.2.0", "parameters": [ { "get_configuration": { "type": "fixture", "brief": "Get configurations from the module." } }, { "configure_environment": { "type": "fixture", "brief": "Configure a custom environment for testing." } }, { "restart_modulesd": { "type": "fixture", "brief": "Reset the logs file and start a new monitor." } }, { "check_cve_db": { "type": "fixture", "brief": "Check if the CVE database exists and its tables are created." } }, { "mock_vulnerability_scan": { "type": "fixture", "brief": "It allows to mock the vulnerability scan inserting custom packages, feeds and changing the host system." } } ], "assertions": [ "Verify that the number of OVAL vulnerabilities is the expected.", "Verify the vulnerabilities of inserted packages.", "Verify that the modulesd daemon is running." ], "input_description": [ "Test cases are found in the test module. The `wazuh_debian_inventory.yaml` file provides the configuration of this module for this test. Vulnerabilities are got from debian_vulnerabilities.json file." ], "expected_output": [ "r'The .* found a total of .* potential vulnerabilities for agent .*'", "r'The .* package .* from agent .* is vulnerable to .*'" ], "name": "test_debian_vulnerabilities_report", "inputs": [ "debian_scan_configuration-BUSTER", "debian_scan_configuration-STRETCH" ] } ] }test_macos_inventory.json
{ "copyright": "Copyright (C) 2015-2021, Wazuh Inc.\nCreated by Wazuh, Inc. <[email protected]>.\nThis program is free software; you can redistribute it and/or modify it under the terms of GPLv2", "type": "integration", "brief": "Wazuh is able to detect vulnerabilities in the applications installed in agents using the Vulnerability Detector module. This software audit is performed through the integration of vulnerability feeds indexed by Redhat, Canonical, Debian, Amazon Linux and NVD Database.", "tier": 0, "modules": [ "vulnerability_detector" ], "components": [ "manager" ], "daemons": [ "wazuh-modulesd", "wazuh-db", "wazuh-analysisd" ], "os_platform": [ "linux" ], "os_version": [ "Arch Linux", "Amazon Linux 2", "Amazon Linux 1", "CentOS 8", "CentOS 7", "CentOS 6", "Ubuntu Focal", "Ubuntu Bionic", "Ubuntu Xenial", "Ubuntu Trusty", "Debian Buster", "Debian Stretch", "Debian Jessie", "Debian Wheezy", "Red Hat 8", "Red Hat 7", "Red Hat 6" ], "references": [ "https://documentation.wazuh.com/current/user-manual/capabilities/vulnerability-detection/index.html" ], "tags": [ "settings", "vulnerability", "vulnerability_detector" ], "name": "test_macos_inventory.py", "id": 1, "group_id": 0, "path": "tests/integration/test_vulnerability_detector/test_scan_results/test_macos_inventory.py", "tests": [ { "description": "Check if inserted vulnerable packages are reported by vulnerability detector. To do this, it checks a report of the corresponding vulnerabilities are generated in the logs file.", "wazuh_min_version": "4.2.0", "parameters": [ { "get_configuration": { "type": "fixture", "brief": "Get configurations from the module." } }, { "configure_environment": { "type": "fixture", "brief": "Configure a custom environment for testing." } }, { "restart_modulesd": { "type": "fixture", "brief": "Reset the logs file and start a new monitor." } }, { "check_cve_db": { "type": "fixture", "brief": "Check if the CVE database exists and its tables are created." } }, { "mock_vulnerability_scan": { "type": "fixture", "brief": "It allows to mock the vulnerability scan inserting custom packages, feeds and changing the host system." } } ], "assertions": [ "Verify the vulnerabilities of inserted packages.", "Verify that the modulesd daemon is running." ], "input_description": [ "Test cases are found in the test module. The `wazuh_macos_inventory.yaml` file provides the configuration of this module for this test. Vulnerabilities are got from macos_vulnerabilities.json file." ], "expected_output": [ "r'The .* package .* from agent .* is vulnerable to .*'" ], "name": "test_macos_vulnerabilities_report", "inputs": [ "macos_scan_configuration-MAC0", "macos_scan_configuration-MAC1" ] } ] }test_msu_inventory_msu_feed.json
{ "copyright": "Copyright (C) 2015-2021, Wazuh Inc.\nCreated by Wazuh, Inc. <[email protected]>.\nThis program is free software; you can redistribute it and/or modify it under the terms of GPLv2", "type": "integration", "brief": "Wazuh is able to detect vulnerabilities in the applications installed in agents using the Vulnerability Detector module. This software audit is performed through the integration of vulnerability feeds indexed by Redhat, Canonical, Debian, Amazon Linux and NVD Database.", "tier": 1, "modules": [ "vulnerability_detector" ], "components": [ "manager" ], "daemons": [ "wazuh-modulesd", "wazuh-db", "wazuh-analysisd" ], "os_platform": [ "linux" ], "os_version": [ "Arch Linux", "Amazon Linux 2", "Amazon Linux 1", "CentOS 8", "CentOS 7", "CentOS 6", "Ubuntu Focal", "Ubuntu Bionic", "Ubuntu Xenial", "Ubuntu Trusty", "Debian Buster", "Debian Stretch", "Debian Jessie", "Debian Wheezy", "Red Hat 8", "Red Hat 7", "Red Hat 6" ], "references": [ "https://documentation.wazuh.com/current/user-manual/capabilities/vulnerability-detection/index.html" ], "tags": [ "settings", "vulnerability", "vulnerability_detector" ], "name": "test_msu_inventory_msu_feed.py", "id": 1, "group_id": 0, "path": "tests/integration/test_vulnerability_detector/test_scan_results/test_msu_inventory_msu_feed.py", "tests": [ { "description": "Check if a missing patch triggers a vulnerability(only windows).. To do this, it checks that the given CVE's hotfix is installed and the report of the corresponding vulnerabilities are generated in the logs file.", "wazuh_min_version": "4.2.0", "parameters": [ { "get_configuration": { "type": "fixture", "brief": "Get configurations from the module." } }, { "configure_environment": { "type": "fixture", "brief": "Configure a custom environment for testing." } }, { "restart_modulesd": { "type": "fixture", "brief": "Reset the logs file and start a new monitor." } }, { "check_cve_db": { "type": "fixture", "brief": "Check if the CVE database exists and its tables are created." } }, { "mock_agent": { "type": "callable", "brief": "It allows to mock an agent." } }, { "mock_vulnerability_scan": { "type": "fixture", "brief": "It allows to mock the vulnerability scan inserting custom packages, feeds and changing the host. system." } } ], "assertions": [ "Verify that the given CVE's hotfix is installed.", "Verify that the modulesd daemon is running." ], "input_description": [ "Test cases are found in the test module. The `wazuh_msu_inventory.yaml` file provides the configuration of this module for this test. Feeds are got from custom_msu.json file." ], "expected_output": [ "r'Agent .* has installed .* that corrects the vulnerability .*'", "r'Agent .* is vulnerable to .*. Condition `KB.* patch is not installed`'" ], "name": "test_vulnerabilities_report", "inputs": [ "msu_scan_configuration-WINDOWS10", "msu_scan_configuration-WINDOWS_SERVER_2016", "msu_scan_configuration-WINDOWS_SERVER_2019" ] } ] }test_redhat_duplicate_vulns.json
{ "copyright": "Copyright (C) 2015-2021, Wazuh Inc.\nCreated by Wazuh, Inc. <[email protected]>.\nThis program is free software; you can redistribute it and/or modify it under the terms of GPLv2", "type": "integration", "brief": "Wazuh is able to detect vulnerabilities in the applications installed in agents using the Vulnerability Detector module. This software audit is performed through the integration of vulnerability feeds indexed by Redhat, Canonical, Debian, Amazon Linux and NVD Database.", "tier": 1, "modules": [ "vulnerability_detector" ], "components": [ "manager" ], "daemons": [ "wazuh-modulesd", "wazuh-db", "wazuh-analysisd" ], "os_platform": [ "linux" ], "os_version": [ "Arch Linux", "Amazon Linux 2", "Amazon Linux 1", "CentOS 8", "CentOS 7", "CentOS 6", "Ubuntu Focal", "Ubuntu Bionic", "Ubuntu Xenial", "Ubuntu Trusty", "Debian Buster", "Debian Stretch", "Debian Jessie", "Debian Wheezy", "Red Hat 8", "Red Hat 7", "Red Hat 6" ], "references": [ "https://documentation.wazuh.com/current/user-manual/capabilities/vulnerability-detection/index.html" ], "tags": [ "settings", "vulnerability", "vulnerability_detector" ], "name": "test_redhat_duplicate_vulns.py", "id": 1, "group_id": 0, "path": "tests/integration/test_vulnerability_detector/test_scan_results/test_redhat_duplicate_vulns.py", "tests": [ { "description": "Check that the vulnerabilities are not repeated in the database when it is updated. To do this, it modifies the feed timestamp metadata to download again the feed and update the database.", "wazuh_min_version": "4.2.0", "parameters": [ { "clean_vuln_tables": { "type": "fixture", "brief": "Clean vulnerabilities tables." } }, { "get_configuration": { "type": "fixture", "brief": "Get configurations from the module." } }, { "configure_environment": { "type": "fixture", "brief": "Configure a custom environment for testing." } }, { "restart_modulesd": { "type": "fixture", "brief": "Reset the logs file and start a new monitor." } } ], "assertions": [ "Verify that the number of vulnerabilities inserted in the VULNERABILITIES table of CVE DB is not duplicated." ], "input_description": [ "Test cases are found in the test module. The `wazuh_redhat_duplicate_vulns.yaml` file provides the configuration of this module for this test. Vulnerabilities are got from custom_redhat_oval_feed.xml file." ], "expected_output": [ "r'Starting preparse step of feed .*'", "The update of the `JSON Red Hat Enterprise Linux` feed finished successfully." ], "name": "test_redhat_duplicate_vulns", "inputs": [ "RedHat_6_feed", "RedHat_7_feed", "RedHat_8_feed" ] } ] }test_redhat_inventory_redhat_feed.json
{ "copyright": "Copyright (C) 2015-2021, Wazuh Inc.\nCreated by Wazuh, Inc. <[email protected]>.\nThis program is free software; you can redistribute it and/or modify it under the terms of GPLv2", "type": "integration", "brief": "Wazuh is able to detect vulnerabilities in the applications installed in agents using the Vulnerability Detector module. This software audit is performed through the integration of vulnerability feeds indexed by Redhat, Canonical, Debian, Amazon Linux and NVD Database.", "tier": 0, "modules": [ "vulnerability_detector" ], "components": [ "manager" ], "daemons": [ "wazuh-modulesd", "wazuh-db", "wazuh-analysisd" ], "os_platform": [ "linux" ], "os_version": [ "Arch Linux", "Amazon Linux 2", "Amazon Linux 1", "CentOS 8", "CentOS 7", "CentOS 6", "Ubuntu Focal", "Ubuntu Bionic", "Ubuntu Xenial", "Ubuntu Trusty", "Debian Buster", "Debian Stretch", "Debian Jessie", "Debian Wheezy", "Red Hat 8", "Red Hat 7", "Red Hat 6" ], "references": [ "https://documentation.wazuh.com/current/user-manual/capabilities/vulnerability-detection/index.html" ], "tags": [ "settings", "vulnerability", "vulnerability_detector" ], "name": "test_redhat_inventory_redhat_feed.py", "id": 1, "group_id": 0, "path": "tests/integration/test_vulnerability_detector/test_scan_results/test_redhat_inventory_redhat_feed.py", "tests": [ { "description": "Check if inserted vulnerable packages are reported by vulnerability detector. To do this, it checks a report of the corresponding vulnerabilities are generated in the logs file.", "wazuh_min_version": "4.2.0", "parameters": [ { "get_configuration": { "type": "fixture", "brief": "Get configurations from the module." } }, { "configure_environment": { "type": "fixture", "brief": "Configure a custom environment for testing." } }, { "restart_modulesd": { "type": "fixture", "brief": "Reset the logs file and start a new monitor." } }, { "check_cve_db": { "type": "fixture", "brief": "Check if the CVE database exists and its tables are created." } }, { "mock_vulnerability_scan": { "type": "fixture", "brief": "It allows to mock the vulnerability scan inserting custom packages, feeds and changing the host system." } } ], "assertions": [ "Verify that the number of OVAL vulnerabilities is the expected.", "Verify the vulnerabilities of inserted packages.", "Verify that the modulesd daemon is running." ], "input_description": [ "Test cases are found in the test module. The `wazuh_redhat_inventory.yaml` file provides the configuration of this module for this test. Vulnerabilities are got from redhat_vulnerabilities.json file." ], "expected_output": [ "r'The .* found a total of .* potential vulnerabilities for agent .*'", "r'The .* package .* from agent .* is vulnerable to .*'" ], "name": "test_redhat_vulnerabilities_report", "inputs": [ "redhat_scan_configuration-RHEL8", "redhat_scan_configuration-RHEL7", "redhat_scan_configuration-RHEL6", "redhat_scan_configuration-RHEL5" ] } ] }test_scan_different_cves.json
{ "copyright": "Copyright (C) 2015-2021, Wazuh Inc.\nCreated by Wazuh, Inc. <[email protected]>.\nThis program is free software; you can redistribute it and/or modify it under the terms of GPLv2", "type": "integration", "brief": "Wazuh is able to detect vulnerabilities in the applications installed in agents using the Vulnerability Detector module. This software audit is performed through the integration of vulnerability feeds indexed by Redhat, Canonical, Debian, Amazon Linux and NVD Database.", "tier": 1, "modules": [ "vulnerability_detector" ], "components": [ "manager" ], "daemons": [ "wazuh-modulesd", "wazuh-db", "wazuh-analysisd" ], "os_platform": [ "linux" ], "os_version": [ "Arch Linux", "Amazon Linux 2", "Amazon Linux 1", "CentOS 8", "CentOS 7", "CentOS 6", "Ubuntu Focal", "Ubuntu Bionic", "Ubuntu Xenial", "Ubuntu Trusty", "Debian Buster", "Debian Stretch", "Debian Jessie", "Debian Wheezy", "Red Hat 8", "Red Hat 7", "Red Hat 6" ], "references": [ "https://documentation.wazuh.com/current/user-manual/capabilities/vulnerability-detection/index.html" ], "tags": [ "settings", "vulnerability", "vulnerability_detector" ], "name": "test_scan_different_cves.py", "id": 1, "group_id": 0, "path": "tests/integration/test_vulnerability_detector/test_scan_results/test_scan_different_cves.py", "tests": [ { "description": "Check what happens if a vulnerability is being reported by NVD and not by the OS provider or vice-versa. To do this, it checks. When a package has a specific provider defined, if this provider matches with the OVAL provider, then the provider feed has priority versus the NVD one but, if the package's provider is a generic one, then NVD feed has priority. To do this, it checks that NVD feed has priority with the generic package's provider and the provider feed has priority for those packages where the provider matches the feeds' one.", "wazuh_min_version": "4.2.0", "parameters": [ { "get_configuration": { "type": "fixture", "brief": "Get configurations from the module." } }, { "configure_environment": { "type": "fixture", "brief": "Configure a custom environment for testing." } }, { "restart_modulesd": { "type": "fixture", "brief": "Reset the logs file and start a new monitor." } }, { "check_cve_db": { "type": "fixture", "brief": "Check if the CVE database exists and its tables are created." } }, { "mock_vulnerability_scan": { "type": "fixture", "brief": "It allows to mock the vulnerability scan inserting custom packages, feeds and changing the host system." } } ], "assertions": [ "Verify the vulnerabilities of inserted packages.", "Verify that the number of OVAL vulnerabilities is the expected.", "Verify that the modulesd daemon is running." ], "input_description": [ "Test cases are found in the test module. The `wazuh_different_cves.yaml` file provides the configuration of this module for this test. Vulnerabilities are got from vulnerabilities.json file and feeds from custom_nvd_feed.json file." ], "expected_output": [ "r'A total of .* vulnerabilities have been reported for agent .* thanks to the `NVD` feed.'", "r'A total of .* vulnerabilities have been reported for agent .* thanks to the `vendor` feed.'", "r'The .* package .* from agent .* is vulnerable to .*'" ], "name": "test_vulnerabilities_report" } ] }test_scan_nvd_feed.json
{ "copyright": "Copyright (C) 2015-2021, Wazuh Inc.\nCreated by Wazuh, Inc. <[email protected]>.\nThis program is free software; you can redistribute it and/or modify it under the terms of GPLv2", "type": "integration", "brief": "Wazuh is able to detect vulnerabilities in the applications installed in agents using the Vulnerability Detector module. This software audit is performed through the integration of vulnerability feeds indexed by Redhat, Canonical, Debian, Amazon Linux and NVD Database.", "tier": 0, "modules": [ "vulnerability_detector" ], "components": [ "manager" ], "daemons": [ "wazuh-modulesd", "wazuh-db", "wazuh-analysisd" ], "os_platform": [ "linux" ], "os_version": [ "Arch Linux", "Amazon Linux 2", "Amazon Linux 1", "CentOS 8", "CentOS 7", "CentOS 6", "Ubuntu Focal", "Ubuntu Bionic", "Ubuntu Xenial", "Ubuntu Trusty", "Debian Buster", "Debian Stretch", "Debian Jessie", "Debian Wheezy", "Red Hat 8", "Red Hat 7", "Red Hat 6" ], "references": [ "https://documentation.wazuh.com/current/user-manual/capabilities/vulnerability-detection/index.html" ], "tags": [ "settings", "vulnerability", "vulnerability_detector" ], "name": "test_scan_nvd_feed.py", "id": 1, "group_id": 0, "path": "tests/integration/test_vulnerability_detector/test_scan_results/test_scan_nvd_feed.py", "tests": [ { "description": "Check if inserted vulnerable packages are reported by the vulnerability detector. To do this, it inserts a dummy vulnerability in the vulnerabilities table, it inserts a simulated NVD vulnerable packages, it imports simulated NVD vulnerabilities from a custom NVD feed, and finally, it checks a report of the corresponding vulnerabilities are generated in the logs file.", "wazuh_min_version": "4.2.0", "parameters": [ { "get_configuration": { "type": "fixture", "brief": "Get configurations from the module." } }, { "configure_environment": { "type": "fixture", "brief": "Configure a custom environment for testing." } }, { "restart_modulesd": { "type": "fixture", "brief": "Reset the logs file and start a new monitor." } }, { "check_cve_db": { "type": "fixture", "brief": "Check if the CVE database exists and its tables are created." } }, { "mock_vulnerability_scan": { "type": "fixture", "brief": "It allows to mock the vulnerability scan inserting custom packages, feeds and changing the host system." } } ], "assertions": [ "Verify that the number of NVD vulnerabilities is the expected.", "Verify the vulnerabilities of inserted packages.", "Verify that the modulesd daemon is running." ], "input_description": [ "Test cases are found in the test module. The `wazuh_nvd_configuration.yaml` file provides the configuration of this module for this test. Feeds are got from custom_msu.json and custom_cpe_helper.json files. Vulnerabilities are got from vulnerabilities.json file." ], "expected_output": [ "r'Agent .* has an unsupported Wazuh version .*'", "r'The .* found a total of .* potential vulnerabilities for agent .*'", "r'The .* package .* from agent .* is vulnerable to .*'" ], "name": "test_vulnerabilities_report" } ] }test_scan_providers_and_nvd_feed.json
{ "copyright": "Copyright (C) 2015-2021, Wazuh Inc.\nCreated by Wazuh, Inc. <[email protected]>.\nThis program is free software; you can redistribute it and/or modify it under the terms of GPLv2", "type": "integration", "brief": "Wazuh is able to detect vulnerabilities in the applications installed in agents using the Vulnerability Detector module. This software audit is performed through the integration of vulnerability feeds indexed by Redhat, Canonical, Debian, Amazon Linux and NVD Database.", "tier": 0, "modules": [ "vulnerability_detector" ], "components": [ "manager" ], "daemons": [ "wazuh-modulesd", "wazuh-db", "wazuh-analysisd" ], "os_platform": [ "linux" ], "os_version": [ "Arch Linux", "Amazon Linux 2", "Amazon Linux 1", "CentOS 8", "CentOS 7", "CentOS 6", "Ubuntu Focal", "Ubuntu Bionic", "Ubuntu Xenial", "Ubuntu Trusty", "Debian Buster", "Debian Stretch", "Debian Jessie", "Debian Wheezy", "Red Hat 8", "Red Hat 7", "Red Hat 6" ], "references": [ "https://documentation.wazuh.com/current/user-manual/capabilities/vulnerability-detection/index.html" ], "tags": [ "settings", "vulnerability", "vulnerability_detector" ], "name": "test_scan_providers_and_nvd_feed.py", "id": 1, "group_id": 0, "path": "tests/integration/test_vulnerability_detector/test_scan_results/test_scan_providers_and_nvd_feed.py", "tests": [ { "description": "Check if inserted vulnerable packages are reported by the vulnerability detector. To do this, it inserts a dummy vulnerability in the vulnerabilities table, simulating having imported a feed from a provider, it inserts a simulated NVD vulnerable packages and provider simulated vulnerable packages, it imports simulated NVD vulnerabilities from a custom NVD feed, and finally, it checks a report of the corresponding vulnerabilities are generated in the logs file.", "wazuh_min_version": "4.2.0", "parameters": [ { "get_configuration": { "type": "fixture", "brief": "Get configurations from the module." } }, { "configure_environment": { "type": "fixture", "brief": "Configure a custom environment for testing." } }, { "restart_modulesd": { "type": "fixture", "brief": "Reset the logs file and start a new monitor." } }, { "check_cve_db": { "type": "fixture", "brief": "Check if the CVE database exists and its tables are created." } }, { "mock_vulnerability_scan": { "type": "fixture", "brief": "It allows to mock the vulnerability scan inserting custom packages, feeds and changing the host system." } } ], "assertions": [ "Verify the vulnerabilities of inserted packages.", "Verify that the number of provider vulnerabilities is the expected.", "Verify that the number of NVD vulnerabilities is the expected.", "Verify that the modulesd daemon is running." ], "input_description": [ "Test cases are found in the test module. The `wazuh_provider_and_nvd_configuration.yaml` file provides the configuration of this module for this test. Feeds are got from custom_nvd_feed.json file. Vulnerabilities are got from vulnerabilities.json file." ], "expected_output": [ "r'The .* package .* from agent .* is vulnerable to .*'", "r'A total of .* vulnerabilities have been reported for agent .* thanks to the `vendor` feed.'", "r'A total of .* vulnerabilities have been reported for agent .* thanks to the `NVD` feed.'" ], "name": "test_vulnerabilities_report" } ] }test_ubuntu_inventory_canonical_feed.json
{ "copyright": "Copyright (C) 2015-2021, Wazuh Inc.\nCreated by Wazuh, Inc. <[email protected]>.\nThis program is free software; you can redistribute it and/or modify it under the terms of GPLv2", "type": "integration", "brief": "Wazuh is able to detect vulnerabilities in the applications installed in agents using the Vulnerability Detector module. This software audit is performed through the integration of vulnerability feeds indexed by Redhat, Canonical, Debian, Amazon Linux and NVD Database.", "tier": 0, "modules": [ "vulnerability_detector" ], "components": [ "manager" ], "daemons": [ "wazuh-modulesd", "wazuh-db", "wazuh-analysisd" ], "os_platform": [ "linux" ], "os_version": [ "Arch Linux", "Amazon Linux 2", "Amazon Linux 1", "CentOS 8", "CentOS 7", "CentOS 6", "Ubuntu Focal", "Ubuntu Bionic", "Ubuntu Xenial", "Ubuntu Trusty", "Debian Buster", "Debian Stretch", "Debian Jessie", "Debian Wheezy", "Red Hat 8", "Red Hat 7", "Red Hat 6" ], "references": [ "https://documentation.wazuh.com/current/user-manual/capabilities/vulnerability-detection/index.html" ], "tags": [ "settings", "vulnerability", "vulnerability_detector" ], "name": "test_ubuntu_inventory_canonical_feed.py", "id": 1, "group_id": 0, "path": "tests/integration/test_vulnerability_detector/test_scan_results/test_ubuntu_inventory_canonical_feed.py", "tests": [ { "description": "Check if inserted vulnerable packages are reported by vulnerability detector. To do this, it checks a report of the corresponding vulnerabilities are generated in the logs file.", "wazuh_min_version": "4.2.0", "parameters": [ { "get_configuration": { "type": "fixture", "brief": "Get configurations from the module." } }, { "configure_environment": { "type": "fixture", "brief": "Configure a custom environment for testing." } }, { "restart_modulesd": { "type": "fixture", "brief": "Reset the logs file and start a new monitor." } }, { "check_cve_db": { "type": "fixture", "brief": "Check if the CVE database exists and its tables are created." } }, { "mock_vulnerability_scan": { "type": "fixture", "brief": "It allows to mock the vulnerability scan inserting custom packages, feeds and changing the host system." } } ], "assertions": [ "Verify that the number of OVAL vulnerabilities is the expected.", "Verify the vulnerabilities of packages inserted.", "Verify that the modulesd daemon is running." ], "input_description": [ "Test cases are found in the test module. The `wazuh_ubuntu_inventory.yaml` file provides the configuration of this module for this test. Vulnerabilities are got from ubuntu_vulnerabilities.json file." ], "expected_output": [ "r'The .* found a total of .* potential vulnerabilities for agent .*'", "r'The .* package .* from agent .* is vulnerable to .*'", "r'(The file|File from URL) .* was successfully uncompressed into .*'" ], "name": "test_ubuntu_vulnerabilities_report", "inputs": [ "ubuntu_scan_configuration-FOCAL", "ubuntu_scan_configuration-BIONIC", "ubuntu_scan_configuration-XENIAL", "ubuntu_scan_configuration-TRUSTY" ] } ] }Tests
pycodestyle --max-line-length=120 --show-source --show-pep8 file.py.qa-docstool does not raise any error.