Tests to check cpe_helper.json file

CHANGELOG.md

@@ -9,6 +9,7 @@ Release report: TBD
 
 ### Added
 
+- Add new test to check cpe_helper.json file ([#3731](https:/wazuh/wazuh-qa/pull/3731))
 - Fix Yara and VirusTotal E2E basic usage tests ([#3660](https:/wazuh/wazuh-qa/pull/3660))
 - Add new test to check if syslog message are parsed correctrly in the `archives.json` file ([#3609](https:/wazuh/wazuh-qa/pull/3609)) \- (Framework + Tests)
 - Add new logging tests for analysisd EPS limitation ([#3509](https:/wazuh/wazuh-qa/pull/3509)) \- (Framework + Tests)

deps/wazuh_testing/wazuh_testing/modules/vulnerability_detector/__init__.py

@@ -28,6 +28,7 @@
 CUSTOM_DEBIAN_JSON_FEED = 'custom_debian_json_feed.json'
 CUSTOM_MSU_JSON_FEED = 'custom_msu.json'
 CUSTOM_CPE_HELPER = 'custom_cpe_helper.json'
+CUSTOM_GENERIC_CPE_HELPER = 'custom_generic_cpe_helper.json'
 CUSTOM_ARCHLINUX_JSON_FEED = 'custom_archlinux_feed.json'
 CUSTOM_ALAS_JSON_FEED = 'custom_alas_feed.json'
 CUSTOM_ALAS2_JSON_FEED = 'custom_alas2_feed.json'
@@ -96,17 +97,17 @@ def update_feed_path_configurations(configurations, metadata, feeds_path):
  for index, _ in enumerate(configurations):
  if 'json_feed' in metadata[index] and metadata[index]['json_feed'] is not None:
  new_configurations[index] = json.loads(json.dumps(new_configurations[index]).
-  replace(metadata[index]['json_feed_tag'], os.path.join(feeds_path, metadata[index]['provider_name'],
-  metadata[index]['json_feed'])))
+ replace(metadata[index]['json_feed_tag'], os.path.join(feeds_path, metadata[index]['provider_name'],
+ metadata[index]['json_feed'])))
 
  if 'oval_feed' in metadata[index] and metadata[index]['oval_feed'] is not None:
  new_configurations[index] = json.loads(json.dumps(new_configurations[index]).
-  replace(metadata[index]['oval_feed_tag'], os.path.join(feeds_path, metadata[index]['provider_name'],
-  metadata[index]['oval_feed'])))
+ replace(metadata[index]['oval_feed_tag'], os.path.join(feeds_path, metadata[index]['provider_name'],
+ metadata[index]['oval_feed'])))
 
  if 'nvd_feed_tag' in metadata[index] and 'nvd_feed' in metadata[index]:
  new_configurations[index] = json.loads(json.dumps(new_configurations[index]).
-  replace(metadata[index]['nvd_feed_tag'], os.path.join(feeds_path, 'nvd', metadata[index]['nvd_feed'])))
+ replace(metadata[index]['nvd_feed_tag'], os.path.join(feeds_path, 'nvd', metadata[index]['nvd_feed'])))
 
  return new_configurations
 

deps/wazuh_testing/wazuh_testing/modules/vulnerability_detector/event_monitor.py

@@ -345,7 +345,7 @@ def check_unavailable_vulnerability_agent_data(log_monitor=None, agent_id='000',
 
 
 def check_cpe_helper_packages_indexed(package_name='', package_vendor='wazuh-mocking', log_monitor=None,
- agent_id='000', timeout=vd.T_10):
+ agent_id='000', timeout=vd.T_20):
  """Check in the log that a CPE helper package data was indexed.
 
  Args:
@@ -462,3 +462,51 @@ def check_error_when_updating_cve_database(log_monitor=None, timeout=vd.T_20):
  """
  check_vuln_detector_event(file_monitor=log_monitor, timeout=timeout,
  callback=r"ERROR: .* CVE database could not be updated.")
+
+
+def check_cpe_helper_invalid_tag_warning(field='', log_monitor=None, timeout=vd.T_20):
+ """Check that a warning message comes out for invalid tags.
+
+ Args:
+ field (str): Tag name
+ log_monitor (FileMonitor): Log monitor.
+ timeout (str): timeout to check the event in Wazuh log.
+ """
+ check_vuln_detector_event(file_monitor=log_monitor, timeout=timeout,
+ callback=fr"WARNING: .* Invalid tag found when parsing the CPE dictionary: '{field}'")
+
+
+def check_cpe_helper_invalid_tag_fail(log_monitor=None, timeout=vd.T_20):
+ """Check that a warning message comes out for invalid tags.
+
+ Args:
+ log_monitor (FileMonitor): Log monitor.
+ timeout (str): timeout to check the event in Wazuh log.
+ """
+ check_vuln_detector_event(file_monitor=log_monitor, timeout=timeout,
+ callback=r"DEBUG: .* The 'Wazuh CPE Helper' update has failed, so the NVD feed will "
+ "not be updated.")
+
+
+def check_cpe_helper_invalid_format_version(log_monitor=None, timeout=vd.T_20):
+ """Check that a error message comes out for invalid format version value.
+
+ Args:
+ log_monitor (FileMonitor): Log monitor.
+ timeout (str): timeout to check the event in Wazuh log.
+ """
+ check_vuln_detector_event(file_monitor=log_monitor, timeout=timeout,
+ callback=r"ERROR: .* Invalid format version for the CPE helper: .*")
+
+
+def check_error_inserting_package(log_monitor=None, agent_id='000', timeout=vd.T_20):
+ """Check in the log that an error comes out when insert package with a missing tag in the cpe_helper.json file.
+
+ Args:
+ log_monitor (FileMonitor): Log monitor.
+ agent_id (str): Agent ID.
+ timeout (str): timeout to check the event in Wazuh log.
+ """
+ check_vuln_detector_event(file_monitor=log_monitor, timeout=timeout,
+ callback=fr"ERROR: .* Could not insert the CPEs from the agent '{agent_id}' "
+ "into the database.")

tests/integration/test_vulnerability_detector/data/feeds/cpe_helper/custom_generic_cpe_helper.json

@@ -0,0 +1,138 @@
+{
+ "VERSION_TAG": "VERSION_VALUE",
+ "FORMAT_TAG": "FORMAT_VALUE",
+ "UPDATE_TAG": "UPDATE_VALUE",
+ "DICTIONARY_TAG": [
+ {
+ "TARGET_TAG": "TARGET_VALUE",
+ "SOURCE_TAG": {
+ "VENDOR_S_TAG": [
+ "VENDOR_S_VALUE"
+ ],
+ "PRODUCT_S_TAG": [
+ "PRODUCT_S_VALUE_0"
+ ],
+ "VERSION_S_TAG": ["VERSION_S_VALUE"]
+ },
+ "TRANSLATION_TAG": {
+ "VENDOR_T_TAG": [
+ "VENDOR_T_VALUE"
+ ],
+ "PRODUCT_T_TAG": [
+ "PRODUCT_T_VALUE_0"
+ ],
+ "VERSION_T_TAG": ["VERSION_T_VALUE"]
+ },
+ "ACTION_TAG": [
+ "ACTION_VALUE_0",
+ "ACTION_VALUE_1"
+ ]
+ },
+ {
+ "TARGET_TAG": "TARGET_VALUE",
+ "SOURCE_TAG": {
+ "VENDOR_S_TAG": [
+ "VENDOR_S_VALUE"
+ ],
+ "PRODUCT_S_TAG": [
+ "PRODUCT_S_VALUE_1"
+ ],
+ "VERSION_S_TAG": ["VERSION_S_VALUE"]
+ },
+ "TRANSLATION_TAG": {
+ "VENDOR_T_TAG": [
+ "VENDOR_T_VALUE"
+ ],
+ "PRODUCT_T_TAG": [
+ "PRODUCT_T_VALUE_1"
+ ],
+ "VERSION_T_TAG": ["VERSION_T_VALUE"]
+ },
+ "ACTION_TAG": [
+ "ACTION_VALUE_0",
+ "ACTION_VALUE_1"
+ ]
+ },
+ {
+ "TARGET_TAG": "TARGET_VALUE",
+ "SOURCE_TAG": {
+ "VENDOR_S_TAG": [
+ "VENDOR_S_VALUE"
+ ],
+ "PRODUCT_S_TAG": [
+ "PRODUCT_S_VALUE_2"
+ ],
+ "VERSION_S_TAG": ["VERSION_S_VALUE"]
+ },
+ "TRANSLATION_TAG": {
+ "VENDOR_T_TAG": [
+ "VENDOR_T_VALUE"
+ ],
+ "PRODUCT_T_TAG": [
+ "PRODUCT_T_VALUE_2"
+ ],
+ "VERSION_T_TAG": ["VERSION_T_VALUE"]
+ },
+ "ACTION_TAG": [
+ "ACTION_VALUE_0",
+ "ACTION_VALUE_1"
+ ]
+ },
+ {
+ "TARGET_TAG": "TARGET_VALUE",
+ "SOURCE_TAG": {
+ "VENDOR_S_TAG": [
+ "VENDOR_S_VALUE"
+ ],
+ "PRODUCT_S_TAG": [
+ "PRODUCT_S_VALUE_3"
+ ],
+ "VERSION_S_TAG": ["VERSION_S_VALUE"]
+ },
+ "TRANSLATION_TAG": {
+ "VENDOR_T_TAG": [
+ "VENDOR_T_VALUE"
+ ],
+ "PRODUCT_T_TAG": [
+ "PRODUCT_T_VALUE_3"
+ ],
+ "VERSION_T_TAG": ["VERSION_T_VALUE"]
+ },
+ "ACTION_TAG": [
+ "ACTION_VALUE_0",
+ "ACTION_VALUE_1"
+ ]
+ },
+ {
+ "TARGET_TAG": "TARGET_VALUE",
+ "SOURCE_TAG": {
+ "VENDOR_S_TAG": [
+ "VENDOR_S_VALUE"
+ ],
+ "PRODUCT_S_TAG": [
+ "PRODUCT_S_VALUE_4"
+ ],
+ "VERSION_S_TAG": ["VERSION_S_VALUE"]
+ },
+ "TRANSLATION_TAG": {
+ "VENDOR_T_TAG": [
+ "VENDOR_T_VALUE"
+ ],
+ "PRODUCT_T_TAG": [
+ "PRODUCT_T_VALUE_4"
+ ],
+ "VERSION_T_TAG": ["VERSION_T_VALUE"]
+ },
+ "ACTION_TAG": [
+ "ACTION_VALUE_0",
+ "ACTION_VALUE_1"
+ ]
+ }
+ ],
+ "LICENSE_TAG": {
+ "TITLE_TAG": "TITLE_VALUE",
+ "COPYRIGHT_TAG": "COPYRIGHT_VALUE",
+ "DATE_TAG": "DATE_VALUE",
+ "TYPE_TAG" : "TYPE_VALUE"
+ }
+ }

tests/integration/test_vulnerability_detector/test_cpe_helper/data/configuration_template/configuration_cpe_indexing_missing_fields.yaml

@@ -0,0 +1,75 @@
+- sections:
+ - section: vulnerability-detector
+ elements:
+ - enabled:
+ value: 'yes'
+ - run_on_start:
+ value: 'yes'
+ - provider:
+ attributes:
+ - name: redhat
+ elements:
+ - enabled:
+ value: 'no'
+ - provider:
+ attributes:
+ - name: canonical
+ elements:
+ - enabled:
+ value: 'no'
+ - provider:
+ attributes:
+ - name: debian
+ elements:
+ - enabled:
+ value: 'no'
+ - provider:
+ attributes:
+ - name: msu
+ elements:
+ - enabled:
+ value: 'yes'
+ - update_interval:
+ value: 1h
+ - provider:
+ attributes:
+ - name: alas
+ elements:
+ - enabled:
+ value: 'no'
+ - provider:
+ attributes:
+ - name: arch
+ elements:
+ - enabled:
+ value: 'no'
+ - provider:
+ attributes:
+ - name: nvd
+ elements:
+ - enabled:
+ value: 'yes'
+ - path:
+ value: NVD_JSON_PATH
+
+ - section: sca
+ elements:
+ - enabled:
+ value: 'no'
+
+ - section: rootcheck
+ elements:
+ - disabled:
+ value: 'yes'
+
+ - section: syscheck
+ elements:
+ - disabled:
+ value: 'yes'
+
+ - section: wodle
+ attributes:
+ - name: syscollector
+ elements:
+ - disabled:
+ value: 'yes'

tests/integration/test_vulnerability_detector/test_cpe_helper/data/configuration_template/configuration_cpe_indexing_wrong_tags.yaml

@@ -0,0 +1,75 @@
+- sections:
+ - section: vulnerability-detector
+ elements:
+ - enabled:
+ value: 'yes'
+ - run_on_start:
+ value: 'yes'
+ - provider:
+ attributes:
+ - name: redhat
+ elements:
+ - enabled:
+ value: 'no'
+ - provider:
+ attributes:
+ - name: canonical
+ elements:
+ - enabled:
+ value: 'no'
+ - provider:
+ attributes:
+ - name: debian
+ elements:
+ - enabled:
+ value: 'no'
+ - provider:
+ attributes:
+ - name: msu
+ elements:
+ - enabled:
+ value: 'yes'
+ - update_interval:
+ value: 1h
+ - provider:
+ attributes:
+ - name: alas
+ elements:
+ - enabled:
+ value: 'no'
+ - provider:
+ attributes:
+ - name: arch
+ elements:
+ - enabled:
+ value: 'no'
+ - provider:
+ attributes:
+ - name: nvd
+ elements:
+ - enabled:
+ value: 'yes'
+ - path:
+ value: NVD_JSON_PATH
+
+ - section: sca
+ elements:
+ - enabled:
+ value: 'no'
+
+ - section: rootcheck
+ elements:
+ - disabled:
+ value: 'yes'
+
+ - section: syscheck
+ elements:
+ - disabled:
+ value: 'yes'
+
+ - section: wodle
+ attributes:
+ - name: syscollector
+ elements:
+ - disabled:
+ value: 'yes'