From bbe73959a96643d47964fa38d00f4f55b6937c02 Mon Sep 17 00:00:00 2001 From: fedepacher Date: Tue, 17 Jan 2023 08:41:11 -0300 Subject: [PATCH 1/8] feat(#798): add new test to check missing fields in cpe_helper file --- .../vulnerability_detector/__init__.py | 16 +- .../vulnerability_detector/event_monitor.py | 13 + ...custom_generic_cpe_helper_one_package.json | 38 ++ .../custom_vulnerable_pkg_missing_vendor.json | 14 + ...vulnerable_pkg_missing_vendor_version.json | 15 + .../configuration_cpe_indexing.yaml | 75 ++++ .../cases_cpe_indexing_missing_fields.yaml | 229 ++++++++++++ ...s_cpe_indexing_missing_vendor_version.yaml | 46 +++ .../test_cpe_helper_missing_fields.py | 339 ++++++++++++++++++ 9 files changed, 780 insertions(+), 5 deletions(-) create mode 100644 tests/integration/test_vulnerability_detector/data/feeds/cpe_helper/custom_generic_cpe_helper_one_package.json create mode 100644 tests/integration/test_vulnerability_detector/data/vulnerable_packages/custom_vulnerable_pkg_missing_vendor.json create mode 100644 tests/integration/test_vulnerability_detector/data/vulnerable_packages/custom_vulnerable_pkg_missing_vendor_version.json create mode 100644 tests/integration/test_vulnerability_detector/test_cpe_helper/data/configuration_template/configuration_cpe_indexing.yaml create mode 100644 tests/integration/test_vulnerability_detector/test_cpe_helper/data/test_cases/cases_cpe_indexing_missing_fields.yaml create mode 100644 tests/integration/test_vulnerability_detector/test_cpe_helper/data/test_cases/cases_cpe_indexing_missing_vendor_version.yaml create mode 100644 tests/integration/test_vulnerability_detector/test_cpe_helper/test_cpe_helper_missing_fields.py diff --git a/deps/wazuh_testing/wazuh_testing/modules/vulnerability_detector/__init__.py b/deps/wazuh_testing/wazuh_testing/modules/vulnerability_detector/__init__.py index 7af7479a49..52d0119bb6 100644 --- a/deps/wazuh_testing/wazuh_testing/modules/vulnerability_detector/__init__.py +++ b/deps/wazuh_testing/wazuh_testing/modules/vulnerability_detector/__init__.py @@ -19,6 +19,8 @@ T_800 = 800 CUSTOM_VULNERABLE_PACKAGES = 'custom_vulnerable_packages.json' +CUSTOM_VULNERABLE_PKG_MISSING_VENDOR = 'custom_vulnerable_pkg_missing_vendor.json' +CUSTOM_VULNERABLE_PKG_MISSING_VENDOR_VERSION = 'custom_vulnerable_pkg_missing_vendor_version.json' CUSTOM_NVD_FEED = 'custom_nvd_feed.json' CUSTOM_NVD_ALTERNATIVE_FEED = 'custom_nvd_alternative_feed.json' CUSTOM_REDHAT_JSON_FEED = 'custom_redhat_json_feed.json' @@ -28,6 +30,7 @@ CUSTOM_DEBIAN_JSON_FEED = 'custom_debian_json_feed.json' CUSTOM_MSU_JSON_FEED = 'custom_msu.json' CUSTOM_CPE_HELPER = 'custom_cpe_helper.json' +CUSTOM_GENERIC_CPE_HELPER = 'custom_generic_cpe_helper_one_package.json' CUSTOM_ARCHLINUX_JSON_FEED = 'custom_archlinux_feed.json' CUSTOM_ALAS_JSON_FEED = 'custom_alas_feed.json' CUSTOM_ALAS2_JSON_FEED = 'custom_alas2_feed.json' @@ -97,17 +100,20 @@ def update_feed_path_configurations(configurations, metadata, feeds_path): for index, _ in enumerate(configurations): if 'json_feed' in metadata[index] and metadata[index]['json_feed'] is not None: new_configurations[index] = json.loads(json.dumps(new_configurations[index]). - replace(metadata[index]['json_feed_tag'], os.path.join(feeds_path, metadata[index]['provider_name'], - metadata[index]['json_feed']))) + replace(metadata[index]['json_feed_tag'], + os.path.join(feeds_path, metadata[index]['provider_name'], + metadata[index]['json_feed']))) if 'oval_feed' in metadata[index] and metadata[index]['oval_feed'] is not None: new_configurations[index] = json.loads(json.dumps(new_configurations[index]). - replace(metadata[index]['oval_feed_tag'], os.path.join(feeds_path, metadata[index]['provider_name'], - metadata[index]['oval_feed']))) + replace(metadata[index]['oval_feed_tag'], + os.path.join(feeds_path, metadata[index]['provider_name'], + metadata[index]['oval_feed']))) if 'nvd_feed_tag' in metadata[index] and 'nvd_feed' in metadata[index]: new_configurations[index] = json.loads(json.dumps(new_configurations[index]). - replace(metadata[index]['nvd_feed_tag'], os.path.join(feeds_path, 'nvd', metadata[index]['nvd_feed']))) + replace(metadata[index]['nvd_feed_tag'], + os.path.join(feeds_path, 'nvd', metadata[index]['nvd_feed']))) return new_configurations diff --git a/deps/wazuh_testing/wazuh_testing/modules/vulnerability_detector/event_monitor.py b/deps/wazuh_testing/wazuh_testing/modules/vulnerability_detector/event_monitor.py index 575cf31304..a2c9fd19d5 100644 --- a/deps/wazuh_testing/wazuh_testing/modules/vulnerability_detector/event_monitor.py +++ b/deps/wazuh_testing/wazuh_testing/modules/vulnerability_detector/event_monitor.py @@ -462,3 +462,16 @@ def check_error_when_updating_cve_database(log_monitor=None, timeout=vd.T_20): """ check_vuln_detector_event(file_monitor=log_monitor, timeout=timeout, callback=r"ERROR: .* CVE database could not be updated.") + + +def check_version_log(package_name='', log_monitor=None, timeout=vd.T_20): + """Check that the version log could not be reached. + + Args: + package_name (str): Package name. + log_monitor (FileMonitor): Log monitor. + timeout (str): timeout to check the event in Wazuh log. + """ + check_vuln_detector_event(file_monitor=log_monitor, timeout=timeout, + callback=fr"DEBUG: .* Couldn't get the version of the CPE for the {package_name} " + "package.") \ No newline at end of file diff --git a/tests/integration/test_vulnerability_detector/data/feeds/cpe_helper/custom_generic_cpe_helper_one_package.json b/tests/integration/test_vulnerability_detector/data/feeds/cpe_helper/custom_generic_cpe_helper_one_package.json new file mode 100644 index 0000000000..0931fb79bc --- /dev/null +++ b/tests/integration/test_vulnerability_detector/data/feeds/cpe_helper/custom_generic_cpe_helper_one_package.json @@ -0,0 +1,38 @@ +{ + "VERSION_TAG": "VERSION_VALUE", + "FORMAT_TAG": "FORMAT_VALUE", + "UPDATE_TAG": "UPDATE_VALUE", + "DICTIONARY_TAG": [ + { + "TARGET_TAG": "TARGET_VALUE", + "SOURCE_TAG": { + "VENDOR_S_TAG": [ + "VENDOR_S_VALUE" + ], + "PRODUCT_S_TAG": [ + "PRODUCT_S_VALUE_0" + ], + "VERSION_S_TAG": ["VERSION_S_VALUE"] + }, + "TRANSLATION_TAG": { + "VENDOR_T_TAG": [ + "VENDOR_T_VALUE" + ], + "PRODUCT_T_TAG": [ + "PRODUCT_T_VALUE_0" + ], + "VERSION_T_TAG": ["VERSION_T_VALUE"] + }, + "ACTION_TAG": [ + "ACTION_VALUE_0", + "ACTION_VALUE_1" + ] + } + ], + "LICENSE_TAG": { + "TITLE_TAG": "TITLE_VALUE", + "COPYRIGHT_TAG": "COPYRIGHT_VALUE", + "DATE_TAG": "DATE_VALUE", + "TYPE_TAG" : "TYPE_VALUE" + } + } diff --git a/tests/integration/test_vulnerability_detector/data/vulnerable_packages/custom_vulnerable_pkg_missing_vendor.json b/tests/integration/test_vulnerability_detector/data/vulnerable_packages/custom_vulnerable_pkg_missing_vendor.json new file mode 100644 index 0000000000..1f80f08860 --- /dev/null +++ b/tests/integration/test_vulnerability_detector/data/vulnerable_packages/custom_vulnerable_pkg_missing_vendor.json @@ -0,0 +1,14 @@ +[ + { + "scan": { + "id": 0, + "time": "2021-11-20T12:41:27Z" + }, + "architecture": "x86_64", + "format": "win", + "name": "custom-package-0 1.0.0", + "size": 0, + "vendor": "NULL", + "cveid": "CVE-000" + } +] diff --git a/tests/integration/test_vulnerability_detector/data/vulnerable_packages/custom_vulnerable_pkg_missing_vendor_version.json b/tests/integration/test_vulnerability_detector/data/vulnerable_packages/custom_vulnerable_pkg_missing_vendor_version.json new file mode 100644 index 0000000000..2f6baae6c6 --- /dev/null +++ b/tests/integration/test_vulnerability_detector/data/vulnerable_packages/custom_vulnerable_pkg_missing_vendor_version.json @@ -0,0 +1,15 @@ +[ + { + "scan": { + "id": 0, + "time": "2021-11-20T12:41:27Z" + }, + "architecture": "x86_64", + "format": "win", + "name": "custom-package-0 1.0.0", + "size": 0, + "vendor": "NULL", + "cveid": "CVE-000", + "version": "NULL" + } +] diff --git a/tests/integration/test_vulnerability_detector/test_cpe_helper/data/configuration_template/configuration_cpe_indexing.yaml b/tests/integration/test_vulnerability_detector/test_cpe_helper/data/configuration_template/configuration_cpe_indexing.yaml new file mode 100644 index 0000000000..bfe2978b35 --- /dev/null +++ b/tests/integration/test_vulnerability_detector/test_cpe_helper/data/configuration_template/configuration_cpe_indexing.yaml @@ -0,0 +1,75 @@ +- sections: + - section: vulnerability-detector + elements: + - enabled: + value: 'yes' + - run_on_start: + value: 'yes' + - provider: + attributes: + - name: redhat + elements: + - enabled: + value: 'no' + - provider: + attributes: + - name: canonical + elements: + - enabled: + value: 'no' + - provider: + attributes: + - name: debian + elements: + - enabled: + value: 'no' + - provider: + attributes: + - name: msu + elements: + - enabled: + value: 'yes' + - update_interval: + value: 1h + - provider: + attributes: + - name: alas + elements: + - enabled: + value: 'no' + - provider: + attributes: + - name: arch + elements: + - enabled: + value: 'no' + - provider: + attributes: + - name: nvd + elements: + - enabled: + value: 'yes' + - path: + value: NVD_JSON_PATH + + - section: sca + elements: + - enabled: + value: 'no' + + - section: rootcheck + elements: + - disabled: + value: 'yes' + + - section: syscheck + elements: + - disabled: + value: 'yes' + + - section: wodle + attributes: + - name: syscollector + elements: + - disabled: + value: 'yes' diff --git a/tests/integration/test_vulnerability_detector/test_cpe_helper/data/test_cases/cases_cpe_indexing_missing_fields.yaml b/tests/integration/test_vulnerability_detector/test_cpe_helper/data/test_cases/cases_cpe_indexing_missing_fields.yaml new file mode 100644 index 0000000000..b003e458bf --- /dev/null +++ b/tests/integration/test_vulnerability_detector/test_cpe_helper/data/test_cases/cases_cpe_indexing_missing_fields.yaml @@ -0,0 +1,229 @@ +- name: WINDOWS + description: Indexing CPE helper with missing vendor field + configuration_parameters: + NVD_JSON_PATH: CUSTOM_NVD_JSON_PATH + metadata: + system: WINDOWS_10 + wrong_field: null + missing_field: [] + tags: + VERSION_TAG: version + FORMAT_TAG: format_version + UPDATE_TAG: update_date + DICTIONARY_TAG: dictionary + TARGET_TAG: target + SOURCE_TAG: source + VENDOR_S_TAG: vendor + PRODUCT_S_TAG: product + VERSION_S_TAG: version + TRANSLATION_TAG: translation + VENDOR_T_TAG: vendor + PRODUCT_T_TAG: product + VERSION_T_TAG: version + ACTION_TAG: action + LICENSE_TAG: license + TITLE_TAG: title + COPYRIGHT_TAG: copyright + DATE_TAG: date + TYPE_TAG: type + values: + VERSION_VALUE: "1.0" + FORMAT_VALUE: "1.0" + UPDATE_VALUE: 2050-10-02T10:56Z + TARGET_VALUE: windows + VENDOR_S_VALUE: "" + PRODUCT_S_VALUE_0: ^custom-package-0.* + VERSION_S_VALUE: ^custom-package-0 ([0-9]+\\.*[0-9]*\\.*[0-9]*-*[0-9]*) + VENDOR_T_VALUE: wazuh-mocking + PRODUCT_T_VALUE_0: custom-package-0 + VERSION_T_VALUE: "" + ACTION_VALUE_0: replace_product + ACTION_VALUE_1: set_version_if_product_matches + TITLE_VALUE: Dictionary of CPEs to analyze system vulnerabilities. + COPYRIGHT_VALUE: Copyright (C) 2015-2019, Wazuh Inc. + DATE_VALUE: March 6, 2019. + TYPE_VALUE: GPLv2 + +- name: WINDOWS + description: Indexing CPE helper with missing vendor and version fields + configuration_parameters: + NVD_JSON_PATH: CUSTOM_NVD_JSON_PATH + metadata: + system: WINDOWS_10 + wrong_field: null + missing_field: [] + tags: + VERSION_TAG: version + FORMAT_TAG: format_version + UPDATE_TAG: update_date + DICTIONARY_TAG: dictionary + TARGET_TAG: target + SOURCE_TAG: source + VENDOR_S_TAG: vendor + PRODUCT_S_TAG: product + VERSION_S_TAG: version + TRANSLATION_TAG: translation + VENDOR_T_TAG: vendor + PRODUCT_T_TAG: product + VERSION_T_TAG: version + ACTION_TAG: action + LICENSE_TAG: license + TITLE_TAG: title + COPYRIGHT_TAG: copyright + DATE_TAG: date + TYPE_TAG: type + values: + VERSION_VALUE: "1.0" + FORMAT_VALUE: "1.0" + UPDATE_VALUE: 2050-10-02T10:56Z + TARGET_VALUE: windows + VENDOR_S_VALUE: "" + PRODUCT_S_VALUE_0: ^custom-package-0.* + VERSION_S_VALUE: "" + VENDOR_T_VALUE: wazuh-mocking + PRODUCT_T_VALUE_0: custom-package-0 + VERSION_T_VALUE: ^custom-package-0 ([0-9]+\\.*[0-9]*\\.*[0-9]*-*[0-9]*) + ACTION_VALUE_0: replace_product + ACTION_VALUE_1: set_version_if_product_matches + TITLE_VALUE: Dictionary of CPEs to analyze system vulnerabilities. + COPYRIGHT_VALUE: Copyright (C) 2015-2019, Wazuh Inc. + DATE_VALUE: March 6, 2019. + TYPE_VALUE: GPLv2 + +- name: WINDOWS + description: Indexing CPE helper with missing set_version_if_product_matches action field + configuration_parameters: + NVD_JSON_PATH: CUSTOM_NVD_JSON_PATH + metadata: + system: WINDOWS_10 + wrong_field: null + missing_field: [] + tags: + VERSION_TAG: version + FORMAT_TAG: format_version + UPDATE_TAG: update_date + DICTIONARY_TAG: dictionary + TARGET_TAG: target + SOURCE_TAG: source + VENDOR_S_TAG: vendor + PRODUCT_S_TAG: product + VERSION_S_TAG: version + TRANSLATION_TAG: translation + VENDOR_T_TAG: vendor + PRODUCT_T_TAG: product + VERSION_T_TAG: version + ACTION_TAG: action + LICENSE_TAG: license + TITLE_TAG: title + COPYRIGHT_TAG: copyright + DATE_TAG: date + TYPE_TAG: type + values: + VERSION_VALUE: "1.0" + FORMAT_VALUE: "1.0" + UPDATE_VALUE: 2050-10-02T10:56Z + TARGET_VALUE: windows + VENDOR_S_VALUE: "" + PRODUCT_S_VALUE_0: ^custom-package-0.* + VERSION_S_VALUE: "" + VENDOR_T_VALUE: wazuh-mocking + PRODUCT_T_VALUE_0: custom-package-0 + VERSION_T_VALUE: ^custom-package-0 ([0-9]+\\.*[0-9]*\\.*[0-9]*-*[0-9]*) + ACTION_VALUE_0: replace_product + ACTION_VALUE_1: "" + TITLE_VALUE: Dictionary of CPEs to analyze system vulnerabilities. + COPYRIGHT_VALUE: Copyright (C) 2015-2019, Wazuh Inc. + DATE_VALUE: March 6, 2019. + TYPE_VALUE: GPLv2 + +- name: WINDOWS + description: Indexing CPE helper with replace_vendor instead of set_version_if_product_matches action fields + configuration_parameters: + NVD_JSON_PATH: CUSTOM_NVD_JSON_PATH + metadata: + system: WINDOWS_10 + wrong_field: null + missing_field: [] + tags: + VERSION_TAG: version + FORMAT_TAG: format_version + UPDATE_TAG: update_date + DICTIONARY_TAG: dictionary + TARGET_TAG: target + SOURCE_TAG: source + VENDOR_S_TAG: vendor + PRODUCT_S_TAG: product + VERSION_S_TAG: version + TRANSLATION_TAG: translation + VENDOR_T_TAG: vendor + PRODUCT_T_TAG: product + VERSION_T_TAG: version + ACTION_TAG: action + LICENSE_TAG: license + TITLE_TAG: title + COPYRIGHT_TAG: copyright + DATE_TAG: date + TYPE_TAG: type + values: + VERSION_VALUE: "1.0" + FORMAT_VALUE: "1.0" + UPDATE_VALUE: 2050-10-02T10:56Z + TARGET_VALUE: windows + VENDOR_S_VALUE: "" + PRODUCT_S_VALUE_0: ^custom-package-0.* + VERSION_S_VALUE: "" + VENDOR_T_VALUE: wazuh-mocking + PRODUCT_T_VALUE_0: custom-package-0 + VERSION_T_VALUE: ^custom-package-0 ([0-9]+\\.*[0-9]*\\.*[0-9]*-*[0-9]*) + ACTION_VALUE_0: replace_product + ACTION_VALUE_1: replace_vendor + TITLE_VALUE: Dictionary of CPEs to analyze system vulnerabilities. + COPYRIGHT_VALUE: Copyright (C) 2015-2019, Wazuh Inc. + DATE_VALUE: March 6, 2019. + TYPE_VALUE: GPLv2 + +- name: WINDOWS + description: Indexing CPE helper with missing all source fields + configuration_parameters: + NVD_JSON_PATH: CUSTOM_NVD_JSON_PATH + metadata: + system: WINDOWS_10 + wrong_field: null + missing_field: [] + tags: + VERSION_TAG: version + FORMAT_TAG: format_version + UPDATE_TAG: update_date + DICTIONARY_TAG: dictionary + TARGET_TAG: target + SOURCE_TAG: source + VENDOR_S_TAG: vendor + PRODUCT_S_TAG: product + VERSION_S_TAG: version + TRANSLATION_TAG: translation + VENDOR_T_TAG: vendor + PRODUCT_T_TAG: product + VERSION_T_TAG: version + ACTION_TAG: action + LICENSE_TAG: license + TITLE_TAG: title + COPYRIGHT_TAG: copyright + DATE_TAG: date + TYPE_TAG: type + values: + VERSION_VALUE: "1.0" + FORMAT_VALUE: "1.0" + UPDATE_VALUE: 2050-10-02T10:56Z + TARGET_VALUE: windows + VENDOR_S_VALUE: "" + PRODUCT_S_VALUE_0: "" + VERSION_S_VALUE: "" + VENDOR_T_VALUE: wazuh-mocking + PRODUCT_T_VALUE_0: custom-package-0 + VERSION_T_VALUE: ^custom-package-0 ([0-9]+\\.*[0-9]*\\.*[0-9]*-*[0-9]*) + ACTION_VALUE_0: replace_product + ACTION_VALUE_1: replace_vendor + TITLE_VALUE: Dictionary of CPEs to analyze system vulnerabilities. + COPYRIGHT_VALUE: Copyright (C) 2015-2019, Wazuh Inc. + DATE_VALUE: March 6, 2019. + TYPE_VALUE: GPLv2 diff --git a/tests/integration/test_vulnerability_detector/test_cpe_helper/data/test_cases/cases_cpe_indexing_missing_vendor_version.yaml b/tests/integration/test_vulnerability_detector/test_cpe_helper/data/test_cases/cases_cpe_indexing_missing_vendor_version.yaml new file mode 100644 index 0000000000..e86c72c7b5 --- /dev/null +++ b/tests/integration/test_vulnerability_detector/test_cpe_helper/data/test_cases/cases_cpe_indexing_missing_vendor_version.yaml @@ -0,0 +1,46 @@ +- name: WINDOWS + description: Indexing CPE helper with missing all the source fields and version translation field + configuration_parameters: + NVD_JSON_PATH: CUSTOM_NVD_JSON_PATH + metadata: + system: WINDOWS_10 + wrong_field: null + missing_field: [] + stage: stage_0 + tags: + VERSION_TAG: version + FORMAT_TAG: format_version + UPDATE_TAG: update_date + DICTIONARY_TAG: dictionary + TARGET_TAG: target + SOURCE_TAG: source + VENDOR_S_TAG: vendor + PRODUCT_S_TAG: product + VERSION_S_TAG: version + TRANSLATION_TAG: translation + VENDOR_T_TAG: vendor + PRODUCT_T_TAG: product + VERSION_T_TAG: version + ACTION_TAG: action + LICENSE_TAG: license + TITLE_TAG: title + COPYRIGHT_TAG: copyright + DATE_TAG: date + TYPE_TAG: type + values: + VERSION_VALUE: "1.0" + FORMAT_VALUE: "1.0" + UPDATE_VALUE: 2050-10-02T10:56Z + TARGET_VALUE: windows + VENDOR_S_VALUE: "" + PRODUCT_S_VALUE_0: "" + VERSION_S_VALUE: "" + VENDOR_T_VALUE: wazuh-mocking + PRODUCT_T_VALUE_0: custom-package-0 + VERSION_T_VALUE: "" + ACTION_VALUE_0: replace_product + ACTION_VALUE_1: replace_vendor + TITLE_VALUE: Dictionary of CPEs to analyze system vulnerabilities. + COPYRIGHT_VALUE: Copyright (C) 2015-2019, Wazuh Inc. + DATE_VALUE: March 6, 2019. + TYPE_VALUE: GPLv2 diff --git a/tests/integration/test_vulnerability_detector/test_cpe_helper/test_cpe_helper_missing_fields.py b/tests/integration/test_vulnerability_detector/test_cpe_helper/test_cpe_helper_missing_fields.py new file mode 100644 index 0000000000..3950c34f14 --- /dev/null +++ b/tests/integration/test_vulnerability_detector/test_cpe_helper/test_cpe_helper_missing_fields.py @@ -0,0 +1,339 @@ +''' +copyright: Copyright (C) 2015-2021, Wazuh Inc. + + Created by Wazuh, Inc. . + + This program is free software; you can redistribute it and/or modify it under the terms of GPLv2 + +type: integration + +brief: Wazuh is able to detect vulnerabilities in the applications installed in agents using the Vulnerability Detector + module. This software audit is performed through the integration of vulnerability feeds indexed by Redhat, + Canonical, Debian, Amazon Linux and NVD Database. + +components: + - vulnerability_detector + +suite: feeds + +targets: + - manager + +daemons: + - wazuh-modulesd + - wazuh-db + +os_platform: + - linux + +os_version: + - Arch Linux + - Amazon Linux 2 + - Amazon Linux 1 + - CentOS 8 + - CentOS 7 + - Debian Buster + - Red Hat 8 + - Ubuntu Focal + - Ubuntu Bionic + +references: + - https://documentation.wazuh.com/current/user-manual/capabilities/vulnerability-detection/index.html + +tags: + - vulnerability_detector + - cpe_helper +''' +import os +import pytest + +from wazuh_testing.tools.configuration import load_configuration_template, get_test_cases_data +from wazuh_testing.tools.configuration import update_configuration_template +from wazuh_testing import CPE_HELPER_PATH +from wazuh_testing.db_interface import agent_db +from wazuh_testing.tools.file import read_json_file, copy, write_json_file +from wazuh_testing.modules.vulnerability_detector import event_monitor as evm +from wazuh_testing.modules import vulnerability_detector as vd + +pytestmark = [pytest.mark.server] + + +# Reference paths +TEST_DATA_PATH = os.path.join(os.path.dirname(os.path.realpath(__file__)), 'data') +CONFIGURATIONS_PATH = os.path.join(TEST_DATA_PATH, 'configuration_template') +TEST_CASES_PATH = os.path.join(TEST_DATA_PATH, 'test_cases') +TEST_FEEDS_PATH = os.path.join(os.path.dirname(os.path.realpath(__file__)), '..', 'data', 'feeds') +TEST_PACKAGES_PATH = os.path.join(os.path.dirname(os.path.realpath(__file__)), '..', 'data', 'vulnerable_packages') + +# Configuration and cases data +t1_configurations_path = os.path.join(CONFIGURATIONS_PATH, 'configuration_cpe_indexing.yaml') +t1_cases_path = os.path.join(TEST_CASES_PATH, 'cases_cpe_indexing_missing_fields.yaml') +t2_configurations_path = os.path.join(CONFIGURATIONS_PATH, 'configuration_cpe_indexing.yaml') +t2_cases_path = os.path.join(TEST_CASES_PATH, 'cases_cpe_indexing_missing_vendor_version.yaml') + +# Custom paths +custom_nvd_json_feed_path = os.path.join(TEST_FEEDS_PATH, 'nvd', vd.CUSTOM_NVD_FEED) +custom_cpe_helper_path = os.path.join(TEST_FEEDS_PATH, 'cpe_helper', vd.CUSTOM_GENERIC_CPE_HELPER) +custom_vulnerable_pkg_missing_vendor_path = os.path.join(TEST_PACKAGES_PATH, + vd.CUSTOM_VULNERABLE_PKG_MISSING_VENDOR) +custom_vulnerable_pkg_missing_vendor_version_path = os.path.join(TEST_PACKAGES_PATH, + vd.CUSTOM_VULNERABLE_PKG_MISSING_VENDOR_VERSION) + +# CPE indexing packages test configurations (t1) +t1_configuration_parameters, t1_configuration_metadata, t1_test_case_ids = get_test_cases_data(t1_cases_path) +t1_configurations = load_configuration_template(t1_configurations_path, t1_configuration_parameters, + t1_configuration_metadata) +t1_systems = [metadata['system'] for metadata in t1_configuration_metadata] + +# CPE indexing packages test configurations (t2) +t2_configuration_parameters, t2_configuration_metadata, t2_test_case_ids = get_test_cases_data(t2_cases_path) +t2_configurations = load_configuration_template(t2_configurations_path, t2_configuration_parameters, + t2_configuration_metadata) +t2_systems = [metadata['system'] for metadata in t2_configuration_metadata] + +# Set offline custom feeds configuration +t1_configurations = update_configuration_template(t1_configurations, ['CUSTOM_NVD_JSON_PATH'], + [custom_nvd_json_feed_path]) +t2_configurations = update_configuration_template(t2_configurations, ['CUSTOM_NVD_JSON_PATH'], + [custom_nvd_json_feed_path]) + +# Global vars +t1_agent_packages = [read_json_file(custom_vulnerable_pkg_missing_vendor_path) + for metadata in t1_configuration_metadata] +t2_agent_packages = [read_json_file(custom_vulnerable_pkg_missing_vendor_version_path) + for metadata in t2_configuration_metadata] + +def replace_cpe_json_fields(tags=None, values=None): + """Replace the tags and values of the generic_custom_cpe_helper.json file. + + Args: + tags (dict): Dictionary with tags names values + values (dict): Dictionary with tag values + """ + with open(CPE_HELPER_PATH, 'r') as file: + filedata = file.read() + for key, value in tags.items(): + filedata = filedata.replace(key, value) + for key, value in values.items(): + filedata = filedata.replace(key, value) + with open(CPE_HELPER_PATH, 'w') as file: + file.write(filedata) + + +def remove_item(item, remove_key=""): + """Remove recursively the tags and values of the dictionary. + + Args: + item (dict): Dictionary + remove_key (str): Item to be deleted + """ + if isinstance(item, dict): + for key in list(item.keys()): + if key == remove_key: + del item[key] + else: + remove_item(item[key], remove_key) + elif isinstance(item, list): + for i in reversed(range(len(item))): + if item[i] == remove_key: + del item[i] + else: + remove_item(item[i], remove_key) + else: + pass + return item + + +def remove_cpe_json_fields(tags=None): + """Remove the tags and values of the generic_custom_cpe_helper.json file. + + Args: + tags (dict): Dictionary with tags names values + """ + import json + with open(CPE_HELPER_PATH, 'r') as file: + filedata = json.load(file) + filedata = remove_item(filedata, tags) + with open(CPE_HELPER_PATH, 'w') as file: + file.write(json.dumps(filedata, indent=4)) + + +@pytest.fixture(scope='function') +def prepare_scan(request, metadata, agent_system, agent_packages, mock_agent_with_custom_system): + """Prepare the environment to launch the vulnerability scan. + + - Mock an agent with a specified system. + - Insert mocked vulnerables packages. + - Update packages sync status. + - Copy the custom CPE helper to the dictionaries folder. + - Force full scan. + + Args: + metadata (dict): Test case metadata. + agent_system (str): System to set to the mocked agent. + agent_packages (list): List of vulnerable packages + mock_agent_with_custom_system (fixture): Mock an agent with a custom system. + """ + for package in agent_packages: + try: + version = package['version'] + except KeyError: + version = '' + agent_db.insert_package(name=package['name'], format=package['format'], architecture=package['architecture'], + agent_id=mock_agent_with_custom_system, vendor=package['vendor'], version=version) + + # Sync packages info + agent_db.update_sync_info(agent_id=mock_agent_with_custom_system, component="syscollector-packages") + agent_db.update_sync_info(agent_id=mock_agent_with_custom_system, component="syscollector-hotfixes") + + # Make a backup data from inital CPE helper + cpe_helper_backup_data = read_json_file(CPE_HELPER_PATH) + + # Set the custom CPE helper + copy(custom_cpe_helper_path, CPE_HELPER_PATH) + + # Remove the values of the CPE helper + remove_cpe_json_fields(tags=metadata['missing_field']) + + # Replace the values of the CPE helper + replace_cpe_json_fields(tags=metadata['tags'], values=metadata['values']) + + yield mock_agent_with_custom_system + + # Restore the CPE helper backup data + write_json_file(CPE_HELPER_PATH, cpe_helper_backup_data) + + +@pytest.mark.parametrize('configuration, metadata, agent_system, agent_packages', + zip(t1_configurations, t1_configuration_metadata, t1_systems, t1_agent_packages), + ids=t1_test_case_ids) +def test_cpe_indexing_missing_fields(configuration, metadata, agent_system, agent_packages, set_wazuh_configuration_vdt, + truncate_monitored_files, clean_cve_tables_func, prepare_scan, + restart_modulesd_function): + ''' + description: Check if the packages are indexed in the database by checking the respective log in the ossec.log file, + and if the alert of the vulnerable package comes out when some tag are missing. + + test_phases: + - Set a custom Wazuh configuration, with custom feeds. + - Mock an agent with Windows system and vulnerable packages. + - Copy a custom CPE helper and load new tags and values. + - Restart wazuh-modulesd. + - Check the ossec.log for specific information. + + wazuh_min_version: 4.5.0 + + tier: 1 + + parameters: + - configuration: + type: dict + brief: Wazuh configuration data. Needed for set_wazuh_configuration fixture. + - metadata: + type: dict + brief: Wazuh configuration metadata. + - agent_system: + type: str + brief: System to set to the mocked agent. + - agent_packages + type: list + brief: List of vulnerable packages. + - set_wazuh_configuration_vdt: + type: fixture + brief: Set the wazuh configuration according to the configuration data. + - truncate_monitored_files: + type: fixture + brief: Truncate all the log files and json alerts files before and after the test execution. + - clean_cve_tables_func: + type: fixture + brief: Clean all CVE tables. + - prepare_scan: + type: fixture + brief: Setup the initial test state. + - restart_modulesd_function: + type: fixture + brief: Restart the wazuh-modulesd daemon. + + assertions: + - Check for a specific log and alert. + + input_description: + - The `configuration_cpe_indexing.yaml` file provides the module configuration for this test. + - The `cases_cpe_indexing_missing_fields.yaml` file provides the test cases. + + expected_output: + - r"The CPE .*a:{package_vendor}:{package_name}.* from the agent '{agent_id}' was indexed" + - fr".*"agent":."id":"{agent_id}".*{cve} affects {package}', prefix='.*" + ''' + for package in agent_packages: + evm.check_cpe_helper_packages_indexed(package_name=metadata['values']['PRODUCT_T_VALUE_0'], + package_vendor=metadata['values']['VENDOR_T_VALUE'], + agent_id=prepare_scan) + + + evm.check_vulnerability_affects_alert(agent_id=prepare_scan, + package=metadata['values']['PRODUCT_T_VALUE_0'], + cve=package['cveid']) + + +@pytest.mark.parametrize('configuration, metadata, agent_system, agent_packages', + zip(t2_configurations, t2_configuration_metadata, t2_systems, t2_agent_packages), + ids=t2_test_case_ids) +def test_cpe_indexing_missing_vendor_version(configuration, metadata, agent_system, agent_packages, + set_wazuh_configuration_vdt, truncate_monitored_files, + clean_cve_tables_func, prepare_scan, restart_modulesd_function): + ''' + description: Check that when vendor and version tags are missing, and the action tag is not the correct to + extract the version field, the package cannot be indexed. + + test_phases: + - Set a custom Wazuh configuration, with custom feeds. + - Mock an agent with Windows system and vulnerable packages. + - Copy a custom CPE helper and load new tags and values. + - Restart wazuh-modulesd. + - Check the ossec.log for specific information. + + wazuh_min_version: 4.5.0 + + tier: 1 + + parameters: + - configuration: + type: dict + brief: Wazuh configuration data. Needed for set_wazuh_configuration fixture. + - metadata: + type: dict + brief: Wazuh configuration metadata. + - agent_system: + type: str + brief: System to set to the mocked agent. + - agent_packages + type: list + brief: List of vulnerable packages. + - set_wazuh_configuration_vdt: + type: fixture + brief: Set the wazuh configuration according to the configuration data. + - truncate_monitored_files: + type: fixture + brief: Truncate all the log files and json alerts files before and after the test execution. + - clean_cve_tables_func: + type: fixture + brief: Clean all CVE tables. + - prepare_scan: + type: fixture + brief: Setup the initial test state. + - restart_modulesd_function: + type: fixture + brief: Restart the wazuh-modulesd daemon. + + assertions: + - Check for a specific log and alert. + + input_description: + - The `configuration_cpe_indexing.yaml` file provides the module configuration for this test. + - The `cases_cpe_indexing_missing_vendor_version.yaml` file provides the test cases. + + expected_output: + - fr"DEBUG: .* Couldn't get the version of the CPE for the {package_name} package." + ''' + evm.check_version_log(package_name=metadata['values']['PRODUCT_T_VALUE_0']) From 60588c492ba3ce18f9453a7a0f4bdf471b8c6788 Mon Sep 17 00:00:00 2001 From: fedepacher Date: Tue, 17 Jan 2023 08:53:25 -0300 Subject: [PATCH 2/8] refactor(#798): refactor code style and add changelog comment --- CHANGELOG.md | 3 ++- .../modules/vulnerability_detector/event_monitor.py | 2 +- .../test_cpe_helper/test_cpe_helper_missing_fields.py | 11 +++++------ 3 files changed, 8 insertions(+), 8 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index e48e7a7d81..77aa682e40 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -20,7 +20,7 @@ Release report: TBD ### Fixed -- Fix a regex error in the FIM integration tests ([#3061](https://github.com/wazuh/wazuh-qa/issues/3061)) \- (Framework + Tests) +- Fix a regex error in the FIM integration tests ([#3061](https://github.com/wazuh/wazuh-qa/issues/3061)) \- (Framework + Tests) - Fix an error in the cluster performance tests related to CSV parser ([#2999](https://github.com/wazuh/wazuh-qa/pull/2999)) \- (Framework + Tests) @@ -31,6 +31,7 @@ Release report: TBD ### Added +- Add new test to check missing fields in `cpe_helper.json` file ([#3766](https://github.com/wazuh/wazuh-qa/pull/3766)) \- (Framework + Tests) - Add new test to check if syslog message are parsed correctrly in the `archives.json` file ([#3609](https://github.com/wazuh/wazuh-qa/pull/3609)) \- (Framework + Tests) - Add new logging tests for analysisd EPS limitation ([#3509](https://github.com/wazuh/wazuh-qa/pull/3509)) \- (Framework + Tests) - New testing suite for checking analysisd EPS limitation ([#2947](https://github.com/wazuh/wazuh-qa/pull/3181)) \- (Framework + Tests) diff --git a/deps/wazuh_testing/wazuh_testing/modules/vulnerability_detector/event_monitor.py b/deps/wazuh_testing/wazuh_testing/modules/vulnerability_detector/event_monitor.py index a2c9fd19d5..fed95b3f6b 100644 --- a/deps/wazuh_testing/wazuh_testing/modules/vulnerability_detector/event_monitor.py +++ b/deps/wazuh_testing/wazuh_testing/modules/vulnerability_detector/event_monitor.py @@ -474,4 +474,4 @@ def check_version_log(package_name='', log_monitor=None, timeout=vd.T_20): """ check_vuln_detector_event(file_monitor=log_monitor, timeout=timeout, callback=fr"DEBUG: .* Couldn't get the version of the CPE for the {package_name} " - "package.") \ No newline at end of file + "package.") diff --git a/tests/integration/test_vulnerability_detector/test_cpe_helper/test_cpe_helper_missing_fields.py b/tests/integration/test_vulnerability_detector/test_cpe_helper/test_cpe_helper_missing_fields.py index 3950c34f14..85e00dd2ec 100644 --- a/tests/integration/test_vulnerability_detector/test_cpe_helper/test_cpe_helper_missing_fields.py +++ b/tests/integration/test_vulnerability_detector/test_cpe_helper/test_cpe_helper_missing_fields.py @@ -103,6 +103,7 @@ t2_agent_packages = [read_json_file(custom_vulnerable_pkg_missing_vendor_version_path) for metadata in t2_configuration_metadata] + def replace_cpe_json_fields(tags=None, values=None): """Replace the tags and values of the generic_custom_cpe_helper.json file. @@ -267,13 +268,11 @@ def test_cpe_indexing_missing_fields(configuration, metadata, agent_system, agen ''' for package in agent_packages: evm.check_cpe_helper_packages_indexed(package_name=metadata['values']['PRODUCT_T_VALUE_0'], - package_vendor=metadata['values']['VENDOR_T_VALUE'], - agent_id=prepare_scan) - + package_vendor=metadata['values']['VENDOR_T_VALUE'], + agent_id=prepare_scan) - evm.check_vulnerability_affects_alert(agent_id=prepare_scan, - package=metadata['values']['PRODUCT_T_VALUE_0'], - cve=package['cveid']) + evm.check_vulnerability_affects_alert(agent_id=prepare_scan, package=metadata['values']['PRODUCT_T_VALUE_0'], + cve=package['cveid']) @pytest.mark.parametrize('configuration, metadata, agent_system, agent_packages', From ce25edbaec5990bebe31349d2fb3ebad4c462d1e Mon Sep 17 00:00:00 2001 From: fedepacher Date: Tue, 17 Jan 2023 11:23:15 -0300 Subject: [PATCH 3/8] refactor(#798): refactor test timeout --- .../test_cpe_helper/test_cpe_helper_missing_fields.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/integration/test_vulnerability_detector/test_cpe_helper/test_cpe_helper_missing_fields.py b/tests/integration/test_vulnerability_detector/test_cpe_helper/test_cpe_helper_missing_fields.py index 85e00dd2ec..d1e410bda6 100644 --- a/tests/integration/test_vulnerability_detector/test_cpe_helper/test_cpe_helper_missing_fields.py +++ b/tests/integration/test_vulnerability_detector/test_cpe_helper/test_cpe_helper_missing_fields.py @@ -269,7 +269,7 @@ def test_cpe_indexing_missing_fields(configuration, metadata, agent_system, agen for package in agent_packages: evm.check_cpe_helper_packages_indexed(package_name=metadata['values']['PRODUCT_T_VALUE_0'], package_vendor=metadata['values']['VENDOR_T_VALUE'], - agent_id=prepare_scan) + agent_id=prepare_scan, timeout=vd.T_20) evm.check_vulnerability_affects_alert(agent_id=prepare_scan, package=metadata['values']['PRODUCT_T_VALUE_0'], cve=package['cveid']) From 93cae740e1b26e6e0834960585ba6749630d5ff4 Mon Sep 17 00:00:00 2001 From: fedepacher Date: Tue, 24 Jan 2023 16:12:37 -0300 Subject: [PATCH 4/8] refactor(#798): refactor code style --- .../cases_cpe_indexing_missing_fields.yaml | 10 +-- ...s_cpe_indexing_missing_vendor_version.yaml | 3 +- .../test_cpe_helper_missing_fields.py | 83 ++++++++++++------- 3 files changed, 60 insertions(+), 36 deletions(-) diff --git a/tests/integration/test_vulnerability_detector/test_cpe_helper/data/test_cases/cases_cpe_indexing_missing_fields.yaml b/tests/integration/test_vulnerability_detector/test_cpe_helper/data/test_cases/cases_cpe_indexing_missing_fields.yaml index b003e458bf..dd9ac1c1ef 100644 --- a/tests/integration/test_vulnerability_detector/test_cpe_helper/data/test_cases/cases_cpe_indexing_missing_fields.yaml +++ b/tests/integration/test_vulnerability_detector/test_cpe_helper/data/test_cases/cases_cpe_indexing_missing_fields.yaml @@ -1,4 +1,4 @@ -- name: WINDOWS +- name: Indexing CPE helper with missing vendor field description: Indexing CPE helper with missing vendor field configuration_parameters: NVD_JSON_PATH: CUSTOM_NVD_JSON_PATH @@ -44,7 +44,7 @@ DATE_VALUE: March 6, 2019. TYPE_VALUE: GPLv2 -- name: WINDOWS +- name: Indexing CPE helper with missing vendor and version fields description: Indexing CPE helper with missing vendor and version fields configuration_parameters: NVD_JSON_PATH: CUSTOM_NVD_JSON_PATH @@ -90,7 +90,7 @@ DATE_VALUE: March 6, 2019. TYPE_VALUE: GPLv2 -- name: WINDOWS +- name: Indexing CPE helper with missing set_version_if_product_matches action field description: Indexing CPE helper with missing set_version_if_product_matches action field configuration_parameters: NVD_JSON_PATH: CUSTOM_NVD_JSON_PATH @@ -136,7 +136,7 @@ DATE_VALUE: March 6, 2019. TYPE_VALUE: GPLv2 -- name: WINDOWS +- name: Indexing CPE helper with replace_vendor instead of set_version_if_product_matches action fields description: Indexing CPE helper with replace_vendor instead of set_version_if_product_matches action fields configuration_parameters: NVD_JSON_PATH: CUSTOM_NVD_JSON_PATH @@ -182,7 +182,7 @@ DATE_VALUE: March 6, 2019. TYPE_VALUE: GPLv2 -- name: WINDOWS +- name: Indexing CPE helper with missing all source fields description: Indexing CPE helper with missing all source fields configuration_parameters: NVD_JSON_PATH: CUSTOM_NVD_JSON_PATH diff --git a/tests/integration/test_vulnerability_detector/test_cpe_helper/data/test_cases/cases_cpe_indexing_missing_vendor_version.yaml b/tests/integration/test_vulnerability_detector/test_cpe_helper/data/test_cases/cases_cpe_indexing_missing_vendor_version.yaml index e86c72c7b5..97e7db7086 100644 --- a/tests/integration/test_vulnerability_detector/test_cpe_helper/data/test_cases/cases_cpe_indexing_missing_vendor_version.yaml +++ b/tests/integration/test_vulnerability_detector/test_cpe_helper/data/test_cases/cases_cpe_indexing_missing_vendor_version.yaml @@ -1,4 +1,4 @@ -- name: WINDOWS +- name: Indexing CPE helper with missing all the source fields and version translation field description: Indexing CPE helper with missing all the source fields and version translation field configuration_parameters: NVD_JSON_PATH: CUSTOM_NVD_JSON_PATH @@ -6,7 +6,6 @@ system: WINDOWS_10 wrong_field: null missing_field: [] - stage: stage_0 tags: VERSION_TAG: version FORMAT_TAG: format_version diff --git a/tests/integration/test_vulnerability_detector/test_cpe_helper/test_cpe_helper_missing_fields.py b/tests/integration/test_vulnerability_detector/test_cpe_helper/test_cpe_helper_missing_fields.py index d1e410bda6..9d2e37e1ee 100644 --- a/tests/integration/test_vulnerability_detector/test_cpe_helper/test_cpe_helper_missing_fields.py +++ b/tests/integration/test_vulnerability_detector/test_cpe_helper/test_cpe_helper_missing_fields.py @@ -45,13 +45,14 @@ - cpe_helper ''' import os +import json import pytest from wazuh_testing.tools.configuration import load_configuration_template, get_test_cases_data from wazuh_testing.tools.configuration import update_configuration_template from wazuh_testing import CPE_HELPER_PATH from wazuh_testing.db_interface import agent_db -from wazuh_testing.tools.file import read_json_file, copy, write_json_file +from wazuh_testing.tools.file import read_json_file, copy, write_json_file, read_file, write_file from wazuh_testing.modules.vulnerability_detector import event_monitor as evm from wazuh_testing.modules import vulnerability_detector as vd @@ -111,14 +112,15 @@ def replace_cpe_json_fields(tags=None, values=None): tags (dict): Dictionary with tags names values values (dict): Dictionary with tag values """ - with open(CPE_HELPER_PATH, 'r') as file: - filedata = file.read() + filedata = read_file(CPE_HELPER_PATH) + for key, value in tags.items(): filedata = filedata.replace(key, value) + for key, value in values.items(): filedata = filedata.replace(key, value) - with open(CPE_HELPER_PATH, 'w') as file: - file.write(filedata) + + write_file(CPE_HELPER_PATH, data=filedata) def remove_item(item, remove_key=""): @@ -149,19 +151,24 @@ def remove_cpe_json_fields(tags=None): """Remove the tags and values of the generic_custom_cpe_helper.json file. Args: - tags (dict): Dictionary with tags names values + tags (list): Dictionary with tags names values """ - import json - with open(CPE_HELPER_PATH, 'r') as file: - filedata = json.load(file) - filedata = remove_item(filedata, tags) - with open(CPE_HELPER_PATH, 'w') as file: - file.write(json.dumps(filedata, indent=4)) + tags = [] if tags is None else tags + + if len(tags) > 0: + with open(CPE_HELPER_PATH, 'r') as file: + filedata = json.load(file) + + for item in tags: + filedata = remove_item(filedata, item) + + with open(CPE_HELPER_PATH, 'w') as file: + file.write(json.dumps(filedata, indent=4)) @pytest.fixture(scope='function') -def prepare_scan(request, metadata, agent_system, agent_packages, mock_agent_with_custom_system): - """Prepare the environment to launch the vulnerability scan. +def prepare_environment(request, metadata, agent_system, agent_packages, mock_agent_with_custom_system): + """Prepare the environment with a mocked agent, vulnerable packages and a custom cpe_helper. - Mock an agent with a specified system. - Insert mocked vulnerables packages. @@ -209,18 +216,27 @@ def prepare_scan(request, metadata, agent_system, agent_packages, mock_agent_wit zip(t1_configurations, t1_configuration_metadata, t1_systems, t1_agent_packages), ids=t1_test_case_ids) def test_cpe_indexing_missing_fields(configuration, metadata, agent_system, agent_packages, set_wazuh_configuration_vdt, - truncate_monitored_files, clean_cve_tables_func, prepare_scan, + truncate_monitored_files, clean_cve_tables_func, prepare_environment, restart_modulesd_function): ''' description: Check if the packages are indexed in the database by checking the respective log in the ossec.log file, and if the alert of the vulnerable package comes out when some tag are missing. test_phases: - - Set a custom Wazuh configuration, with custom feeds. + - setup: + - Load Wazuh light configuration, with custom feeds. + - Apply ossec.conf configuration changes according to the configuration template and use case. + - Apply custom settings in local_internal_options.conf. - Mock an agent with Windows system and vulnerable packages. - - Copy a custom CPE helper and load new tags and values. - - Restart wazuh-modulesd. - - Check the ossec.log for specific information. + - Backup the original cpe_helper.json and copy a custom CPE helper with new tags and values. + - Truncate wazuh logs. + - Restart wazuh-modulesd daemon to apply configuration changes. + - test: + - Check in the log and alert for specific information. + - teardown: + - Truncate wazuh logs. + - Restore initial configuration, both ossec.conf and local_internal_options.conf. + - Restore the original cpe_helper.json wazuh_min_version: 4.5.0 @@ -248,7 +264,7 @@ def test_cpe_indexing_missing_fields(configuration, metadata, agent_system, agen - clean_cve_tables_func: type: fixture brief: Clean all CVE tables. - - prepare_scan: + - prepare_environment: type: fixture brief: Setup the initial test state. - restart_modulesd_function: @@ -269,10 +285,10 @@ def test_cpe_indexing_missing_fields(configuration, metadata, agent_system, agen for package in agent_packages: evm.check_cpe_helper_packages_indexed(package_name=metadata['values']['PRODUCT_T_VALUE_0'], package_vendor=metadata['values']['VENDOR_T_VALUE'], - agent_id=prepare_scan, timeout=vd.T_20) + agent_id=prepare_environment, timeout=vd.T_20) - evm.check_vulnerability_affects_alert(agent_id=prepare_scan, package=metadata['values']['PRODUCT_T_VALUE_0'], - cve=package['cveid']) + evm.check_vulnerability_affects_alert(agent_id=prepare_environment, + package=metadata['values']['PRODUCT_T_VALUE_0'], cve=package['cveid']) @pytest.mark.parametrize('configuration, metadata, agent_system, agent_packages', @@ -280,17 +296,26 @@ def test_cpe_indexing_missing_fields(configuration, metadata, agent_system, agen ids=t2_test_case_ids) def test_cpe_indexing_missing_vendor_version(configuration, metadata, agent_system, agent_packages, set_wazuh_configuration_vdt, truncate_monitored_files, - clean_cve_tables_func, prepare_scan, restart_modulesd_function): + clean_cve_tables_func, prepare_environment, restart_modulesd_function): ''' description: Check that when vendor and version tags are missing, and the action tag is not the correct to extract the version field, the package cannot be indexed. test_phases: - - Set a custom Wazuh configuration, with custom feeds. + - setup: + - Load Wazuh light configuration, with custom feeds. + - Apply ossec.conf configuration changes according to the configuration template and use case. + - Apply custom settings in local_internal_options.conf. - Mock an agent with Windows system and vulnerable packages. - - Copy a custom CPE helper and load new tags and values. - - Restart wazuh-modulesd. - - Check the ossec.log for specific information. + - Backup the original cpe_helper.json and copy a custom CPE helper with new tags and values. + - Truncate wazuh logs. + - Restart wazuh-modulesd daemon to apply configuration changes. + - test: + - Check in the log and alert for specific information. + - teardown: + - Truncate wazuh logs. + - Restore initial configuration, both ossec.conf and local_internal_options.conf. + - Restore the original cpe_helper.json wazuh_min_version: 4.5.0 @@ -318,7 +343,7 @@ def test_cpe_indexing_missing_vendor_version(configuration, metadata, agent_syst - clean_cve_tables_func: type: fixture brief: Clean all CVE tables. - - prepare_scan: + - prepare_environment: type: fixture brief: Setup the initial test state. - restart_modulesd_function: From 9f4b9ac6e93f15223844868135ccc118f24e057b Mon Sep 17 00:00:00 2001 From: fedepacher Date: Wed, 25 Jan 2023 09:04:01 -0300 Subject: [PATCH 5/8] refactor(#798): replace read and write file function --- .../test_cpe_helper/test_cpe_helper_missing_fields.py | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/tests/integration/test_vulnerability_detector/test_cpe_helper/test_cpe_helper_missing_fields.py b/tests/integration/test_vulnerability_detector/test_cpe_helper/test_cpe_helper_missing_fields.py index 9d2e37e1ee..0177f8a006 100644 --- a/tests/integration/test_vulnerability_detector/test_cpe_helper/test_cpe_helper_missing_fields.py +++ b/tests/integration/test_vulnerability_detector/test_cpe_helper/test_cpe_helper_missing_fields.py @@ -156,14 +156,12 @@ def remove_cpe_json_fields(tags=None): tags = [] if tags is None else tags if len(tags) > 0: - with open(CPE_HELPER_PATH, 'r') as file: - filedata = json.load(file) + filedata = read_json_file(CPE_HELPER_PATH) - for item in tags: - filedata = remove_item(filedata, item) + for item in tags: + filedata = remove_item(filedata, item) - with open(CPE_HELPER_PATH, 'w') as file: - file.write(json.dumps(filedata, indent=4)) + write_json_file(CPE_HELPER_PATH, filedata) @pytest.fixture(scope='function') From fea7ff1766ccd245dcfda8e29db8b9c5dcb7c2dd Mon Sep 17 00:00:00 2001 From: fedepacher Date: Wed, 25 Jan 2023 16:30:20 -0300 Subject: [PATCH 6/8] refactor(#798): refactor code and add new tests --- .../vulnerability_detector/__init__.py | 4 +- ...> custom_vulnerable_pkg_empty_vendor.json} | 0 ..._vulnerable_pkg_empty_vendor_version.json} | 0 .../cases_cpe_indexing_empty_fields.yaml | 229 +++++++++++ ...es_cpe_indexing_empty_vendor_version.yaml} | 2 +- .../cases_cpe_indexing_missing_fields.yaml | 14 +- .../cases_cpe_indexing_wrong_tags.yaml | 12 +- .../cases_cpe_indexing_wrong_values.yaml | 14 +- .../test_cpe_helper/test_cpe_helper.py | 241 +++++++++++- .../test_cpe_helper_missing_fields.py | 361 ------------------ 10 files changed, 476 insertions(+), 401 deletions(-) rename tests/integration/test_vulnerability_detector/data/vulnerable_packages/{custom_vulnerable_pkg_missing_vendor.json => custom_vulnerable_pkg_empty_vendor.json} (100%) rename tests/integration/test_vulnerability_detector/data/vulnerable_packages/{custom_vulnerable_pkg_missing_vendor_version.json => custom_vulnerable_pkg_empty_vendor_version.json} (100%) create mode 100644 tests/integration/test_vulnerability_detector/test_cpe_helper/data/test_cases/cases_cpe_indexing_empty_fields.yaml rename tests/integration/test_vulnerability_detector/test_cpe_helper/data/test_cases/{cases_cpe_indexing_missing_vendor_version.yaml => cases_cpe_indexing_empty_vendor_version.yaml} (93%) delete mode 100644 tests/integration/test_vulnerability_detector/test_cpe_helper/test_cpe_helper_missing_fields.py diff --git a/deps/wazuh_testing/wazuh_testing/modules/vulnerability_detector/__init__.py b/deps/wazuh_testing/wazuh_testing/modules/vulnerability_detector/__init__.py index 4ac7e4990e..328eccd6a0 100644 --- a/deps/wazuh_testing/wazuh_testing/modules/vulnerability_detector/__init__.py +++ b/deps/wazuh_testing/wazuh_testing/modules/vulnerability_detector/__init__.py @@ -19,8 +19,8 @@ T_800 = 800 CUSTOM_VULNERABLE_PACKAGES = 'custom_vulnerable_packages.json' -CUSTOM_VULNERABLE_PKG_MISSING_VENDOR = 'custom_vulnerable_pkg_missing_vendor.json' -CUSTOM_VULNERABLE_PKG_MISSING_VENDOR_VERSION = 'custom_vulnerable_pkg_missing_vendor_version.json' +CUSTOM_VULNERABLE_PKG_EMPTY_VENDOR = 'custom_vulnerable_pkg_empty_vendor.json' +CUSTOM_VULNERABLE_PKG_EMPTY_VENDOR_VERSION = 'custom_vulnerable_pkg_empty_vendor_version.json' CUSTOM_NVD_FEED = 'custom_nvd_feed.json' CUSTOM_NVD_ALTERNATIVE_FEED = 'custom_nvd_alternative_feed.json' CUSTOM_REDHAT_JSON_FEED = 'custom_redhat_json_feed.json' diff --git a/tests/integration/test_vulnerability_detector/data/vulnerable_packages/custom_vulnerable_pkg_missing_vendor.json b/tests/integration/test_vulnerability_detector/data/vulnerable_packages/custom_vulnerable_pkg_empty_vendor.json similarity index 100% rename from tests/integration/test_vulnerability_detector/data/vulnerable_packages/custom_vulnerable_pkg_missing_vendor.json rename to tests/integration/test_vulnerability_detector/data/vulnerable_packages/custom_vulnerable_pkg_empty_vendor.json diff --git a/tests/integration/test_vulnerability_detector/data/vulnerable_packages/custom_vulnerable_pkg_missing_vendor_version.json b/tests/integration/test_vulnerability_detector/data/vulnerable_packages/custom_vulnerable_pkg_empty_vendor_version.json similarity index 100% rename from tests/integration/test_vulnerability_detector/data/vulnerable_packages/custom_vulnerable_pkg_missing_vendor_version.json rename to tests/integration/test_vulnerability_detector/data/vulnerable_packages/custom_vulnerable_pkg_empty_vendor_version.json diff --git a/tests/integration/test_vulnerability_detector/test_cpe_helper/data/test_cases/cases_cpe_indexing_empty_fields.yaml b/tests/integration/test_vulnerability_detector/test_cpe_helper/data/test_cases/cases_cpe_indexing_empty_fields.yaml new file mode 100644 index 0000000000..5cb06536d2 --- /dev/null +++ b/tests/integration/test_vulnerability_detector/test_cpe_helper/data/test_cases/cases_cpe_indexing_empty_fields.yaml @@ -0,0 +1,229 @@ +- name: Missing vendor field + description: Indexing CPE helper with missing vendor field + configuration_parameters: + NVD_JSON_PATH: CUSTOM_NVD_JSON_PATH + metadata: + system: WINDOWS_10 + wrong_field: null + missing_field: [] + tags: + VERSION_TAG: version + FORMAT_TAG: format_version + UPDATE_TAG: update_date + DICTIONARY_TAG: dictionary + TARGET_TAG: target + SOURCE_TAG: source + VENDOR_S_TAG: vendor + PRODUCT_S_TAG: product + VERSION_S_TAG: version + TRANSLATION_TAG: translation + VENDOR_T_TAG: vendor + PRODUCT_T_TAG: product + VERSION_T_TAG: version + ACTION_TAG: action + LICENSE_TAG: license + TITLE_TAG: title + COPYRIGHT_TAG: copyright + DATE_TAG: date + TYPE_TAG: type + values: + VERSION_VALUE: "1.0" + FORMAT_VALUE: "1.0" + UPDATE_VALUE: 2050-10-02T10:56Z + TARGET_VALUE: windows + VENDOR_S_VALUE: "" + PRODUCT_S_VALUE_0: ^custom-package-0.* + VERSION_S_VALUE: ^custom-package-0 ([0-9]+\\.*[0-9]*\\.*[0-9]*-*[0-9]*) + VENDOR_T_VALUE: wazuh-mocking + PRODUCT_T_VALUE_0: custom-package-0 + VERSION_T_VALUE: "" + ACTION_VALUE_0: replace_product + ACTION_VALUE_1: set_version_if_product_matches + TITLE_VALUE: Dictionary of CPEs to analyze system vulnerabilities. + COPYRIGHT_VALUE: Copyright (C) 2015-2019, Wazuh Inc. + DATE_VALUE: March 6, 2019. + TYPE_VALUE: GPLv2 + +- name: Missing vendor and version fields + description: Indexing CPE helper with missing vendor and version fields + configuration_parameters: + NVD_JSON_PATH: CUSTOM_NVD_JSON_PATH + metadata: + system: WINDOWS_10 + wrong_field: null + missing_field: [] + tags: + VERSION_TAG: version + FORMAT_TAG: format_version + UPDATE_TAG: update_date + DICTIONARY_TAG: dictionary + TARGET_TAG: target + SOURCE_TAG: source + VENDOR_S_TAG: vendor + PRODUCT_S_TAG: product + VERSION_S_TAG: version + TRANSLATION_TAG: translation + VENDOR_T_TAG: vendor + PRODUCT_T_TAG: product + VERSION_T_TAG: version + ACTION_TAG: action + LICENSE_TAG: license + TITLE_TAG: title + COPYRIGHT_TAG: copyright + DATE_TAG: date + TYPE_TAG: type + values: + VERSION_VALUE: "1.0" + FORMAT_VALUE: "1.0" + UPDATE_VALUE: 2050-10-02T10:56Z + TARGET_VALUE: windows + VENDOR_S_VALUE: "" + PRODUCT_S_VALUE_0: ^custom-package-0.* + VERSION_S_VALUE: "" + VENDOR_T_VALUE: wazuh-mocking + PRODUCT_T_VALUE_0: custom-package-0 + VERSION_T_VALUE: ^custom-package-0 ([0-9]+\\.*[0-9]*\\.*[0-9]*-*[0-9]*) + ACTION_VALUE_0: replace_product + ACTION_VALUE_1: set_version_if_product_matches + TITLE_VALUE: Dictionary of CPEs to analyze system vulnerabilities. + COPYRIGHT_VALUE: Copyright (C) 2015-2019, Wazuh Inc. + DATE_VALUE: March 6, 2019. + TYPE_VALUE: GPLv2 + +- name: Missing set_version_if_product_matches action field + description: Indexing CPE helper with missing set_version_if_product_matches action field + configuration_parameters: + NVD_JSON_PATH: CUSTOM_NVD_JSON_PATH + metadata: + system: WINDOWS_10 + wrong_field: null + missing_field: [] + tags: + VERSION_TAG: version + FORMAT_TAG: format_version + UPDATE_TAG: update_date + DICTIONARY_TAG: dictionary + TARGET_TAG: target + SOURCE_TAG: source + VENDOR_S_TAG: vendor + PRODUCT_S_TAG: product + VERSION_S_TAG: version + TRANSLATION_TAG: translation + VENDOR_T_TAG: vendor + PRODUCT_T_TAG: product + VERSION_T_TAG: version + ACTION_TAG: action + LICENSE_TAG: license + TITLE_TAG: title + COPYRIGHT_TAG: copyright + DATE_TAG: date + TYPE_TAG: type + values: + VERSION_VALUE: "1.0" + FORMAT_VALUE: "1.0" + UPDATE_VALUE: 2050-10-02T10:56Z + TARGET_VALUE: windows + VENDOR_S_VALUE: "" + PRODUCT_S_VALUE_0: ^custom-package-0.* + VERSION_S_VALUE: "" + VENDOR_T_VALUE: wazuh-mocking + PRODUCT_T_VALUE_0: custom-package-0 + VERSION_T_VALUE: ^custom-package-0 ([0-9]+\\.*[0-9]*\\.*[0-9]*-*[0-9]*) + ACTION_VALUE_0: replace_product + ACTION_VALUE_1: "" + TITLE_VALUE: Dictionary of CPEs to analyze system vulnerabilities. + COPYRIGHT_VALUE: Copyright (C) 2015-2019, Wazuh Inc. + DATE_VALUE: March 6, 2019. + TYPE_VALUE: GPLv2 + +- name: Replace_vendor instead of set_version_if_product_matches action fields + description: Indexing CPE helper with replace_vendor instead of set_version_if_product_matches action fields + configuration_parameters: + NVD_JSON_PATH: CUSTOM_NVD_JSON_PATH + metadata: + system: WINDOWS_10 + wrong_field: null + missing_field: [] + tags: + VERSION_TAG: version + FORMAT_TAG: format_version + UPDATE_TAG: update_date + DICTIONARY_TAG: dictionary + TARGET_TAG: target + SOURCE_TAG: source + VENDOR_S_TAG: vendor + PRODUCT_S_TAG: product + VERSION_S_TAG: version + TRANSLATION_TAG: translation + VENDOR_T_TAG: vendor + PRODUCT_T_TAG: product + VERSION_T_TAG: version + ACTION_TAG: action + LICENSE_TAG: license + TITLE_TAG: title + COPYRIGHT_TAG: copyright + DATE_TAG: date + TYPE_TAG: type + values: + VERSION_VALUE: "1.0" + FORMAT_VALUE: "1.0" + UPDATE_VALUE: 2050-10-02T10:56Z + TARGET_VALUE: windows + VENDOR_S_VALUE: "" + PRODUCT_S_VALUE_0: ^custom-package-0.* + VERSION_S_VALUE: "" + VENDOR_T_VALUE: wazuh-mocking + PRODUCT_T_VALUE_0: custom-package-0 + VERSION_T_VALUE: ^custom-package-0 ([0-9]+\\.*[0-9]*\\.*[0-9]*-*[0-9]*) + ACTION_VALUE_0: replace_product + ACTION_VALUE_1: replace_vendor + TITLE_VALUE: Dictionary of CPEs to analyze system vulnerabilities. + COPYRIGHT_VALUE: Copyright (C) 2015-2019, Wazuh Inc. + DATE_VALUE: March 6, 2019. + TYPE_VALUE: GPLv2 + +- name: Missing all source fields + description: Indexing CPE helper with missing all source fields + configuration_parameters: + NVD_JSON_PATH: CUSTOM_NVD_JSON_PATH + metadata: + system: WINDOWS_10 + wrong_field: null + missing_field: [] + tags: + VERSION_TAG: version + FORMAT_TAG: format_version + UPDATE_TAG: update_date + DICTIONARY_TAG: dictionary + TARGET_TAG: target + SOURCE_TAG: source + VENDOR_S_TAG: vendor + PRODUCT_S_TAG: product + VERSION_S_TAG: version + TRANSLATION_TAG: translation + VENDOR_T_TAG: vendor + PRODUCT_T_TAG: product + VERSION_T_TAG: version + ACTION_TAG: action + LICENSE_TAG: license + TITLE_TAG: title + COPYRIGHT_TAG: copyright + DATE_TAG: date + TYPE_TAG: type + values: + VERSION_VALUE: "1.0" + FORMAT_VALUE: "1.0" + UPDATE_VALUE: 2050-10-02T10:56Z + TARGET_VALUE: windows + VENDOR_S_VALUE: "" + PRODUCT_S_VALUE_0: "" + VERSION_S_VALUE: "" + VENDOR_T_VALUE: wazuh-mocking + PRODUCT_T_VALUE_0: custom-package-0 + VERSION_T_VALUE: ^custom-package-0 ([0-9]+\\.*[0-9]*\\.*[0-9]*-*[0-9]*) + ACTION_VALUE_0: replace_product + ACTION_VALUE_1: replace_vendor + TITLE_VALUE: Dictionary of CPEs to analyze system vulnerabilities. + COPYRIGHT_VALUE: Copyright (C) 2015-2019, Wazuh Inc. + DATE_VALUE: March 6, 2019. + TYPE_VALUE: GPLv2 diff --git a/tests/integration/test_vulnerability_detector/test_cpe_helper/data/test_cases/cases_cpe_indexing_missing_vendor_version.yaml b/tests/integration/test_vulnerability_detector/test_cpe_helper/data/test_cases/cases_cpe_indexing_empty_vendor_version.yaml similarity index 93% rename from tests/integration/test_vulnerability_detector/test_cpe_helper/data/test_cases/cases_cpe_indexing_missing_vendor_version.yaml rename to tests/integration/test_vulnerability_detector/test_cpe_helper/data/test_cases/cases_cpe_indexing_empty_vendor_version.yaml index 97e7db7086..a35763ded6 100644 --- a/tests/integration/test_vulnerability_detector/test_cpe_helper/data/test_cases/cases_cpe_indexing_missing_vendor_version.yaml +++ b/tests/integration/test_vulnerability_detector/test_cpe_helper/data/test_cases/cases_cpe_indexing_empty_vendor_version.yaml @@ -1,4 +1,4 @@ -- name: Indexing CPE helper with missing all the source fields and version translation field +- name: Missing all the source fields and version translation field description: Indexing CPE helper with missing all the source fields and version translation field configuration_parameters: NVD_JSON_PATH: CUSTOM_NVD_JSON_PATH diff --git a/tests/integration/test_vulnerability_detector/test_cpe_helper/data/test_cases/cases_cpe_indexing_missing_fields.yaml b/tests/integration/test_vulnerability_detector/test_cpe_helper/data/test_cases/cases_cpe_indexing_missing_fields.yaml index 6b0bb35c91..78469ef842 100644 --- a/tests/integration/test_vulnerability_detector/test_cpe_helper/data/test_cases/cases_cpe_indexing_missing_fields.yaml +++ b/tests/integration/test_vulnerability_detector/test_cpe_helper/data/test_cases/cases_cpe_indexing_missing_fields.yaml @@ -1,4 +1,4 @@ -- name: Indexing CPE helper with missing version field +- name: Missing version field description: Indexing CPE helper with missing version field configuration_parameters: NVD_JSON_PATH: CUSTOM_NVD_JSON_PATH @@ -54,7 +54,7 @@ DATE_VALUE: March 6, 2019. TYPE_VALUE: GPLv2 -- name: Indexing CPE helper with missing format_version field +- name: Missing format_version field description: Indexing CPE helper with missing format_version field configuration_parameters: NVD_JSON_PATH: CUSTOM_NVD_JSON_PATH @@ -110,7 +110,7 @@ DATE_VALUE: March 6, 2019. TYPE_VALUE: GPLv2 -- name: Indexing CPE helper with missing update_date field +- name: Missing update_date field description: Indexing CPE helper with missing update_date field configuration_parameters: NVD_JSON_PATH: CUSTOM_NVD_JSON_PATH @@ -166,7 +166,7 @@ DATE_VALUE: March 6, 2019. TYPE_VALUE: GPLv2 -- name: Indexing CPE helper with missing target field +- name: Missing target field description: Indexing CPE helper with missing target field configuration_parameters: NVD_JSON_PATH: CUSTOM_NVD_JSON_PATH @@ -222,7 +222,7 @@ DATE_VALUE: March 6, 2019. TYPE_VALUE: GPLv2 -- name: Indexing CPE helper with missing action field +- name: Missing action field description: Indexing CPE helper with missing action field configuration_parameters: NVD_JSON_PATH: CUSTOM_NVD_JSON_PATH @@ -278,7 +278,7 @@ DATE_VALUE: March 6, 2019. TYPE_VALUE: GPLv2 -- name: Indexing CPE helper with missing vendor field +- name: Missing vendor field description: Indexing CPE helper with missing vendor field configuration_parameters: NVD_JSON_PATH: CUSTOM_NVD_JSON_PATH @@ -334,7 +334,7 @@ DATE_VALUE: March 6, 2019. TYPE_VALUE: GPLv2 -- name: Indexing CPE helper with missing product field +- name: Missing product field description: Indexing CPE helper with missing product field configuration_parameters: NVD_JSON_PATH: CUSTOM_NVD_JSON_PATH diff --git a/tests/integration/test_vulnerability_detector/test_cpe_helper/data/test_cases/cases_cpe_indexing_wrong_tags.yaml b/tests/integration/test_vulnerability_detector/test_cpe_helper/data/test_cases/cases_cpe_indexing_wrong_tags.yaml index 04658367af..e8ba5e42c3 100644 --- a/tests/integration/test_vulnerability_detector/test_cpe_helper/data/test_cases/cases_cpe_indexing_wrong_tags.yaml +++ b/tests/integration/test_vulnerability_detector/test_cpe_helper/data/test_cases/cases_cpe_indexing_wrong_tags.yaml @@ -1,4 +1,4 @@ -- name: Indexing CPE helper with wrong source vendor fields +- name: Wrong source vendor fields description: Indexing CPE helper with wrong source vendor fields configuration_parameters: NVD_JSON_PATH: CUSTOM_NVD_JSON_PATH @@ -53,7 +53,7 @@ DATE_VALUE: March 6, 2019. TYPE_VALUE: GPLv2 -- name: Indexing CPE helper with wrong translation product fields +- name: Wrong translation product fields description: Indexing CPE helper with wrong translation product fields configuration_parameters: NVD_JSON_PATH: CUSTOM_NVD_JSON_PATH @@ -108,7 +108,7 @@ DATE_VALUE: March 6, 2019. TYPE_VALUE: GPLv2 -- name: Indexing CPE helper with wrong version field +- name: Wrong version field description: Indexing CPE helper with wrong version field configuration_parameters: NVD_JSON_PATH: CUSTOM_NVD_JSON_PATH @@ -163,7 +163,7 @@ DATE_VALUE: March 6, 2019. TYPE_VALUE: GPLv2 -- name: Indexing CPE helper with wrong format_version fields +- name: Wrong format_version fields description: Indexing CPE helper with wrong format_version fields configuration_parameters: NVD_JSON_PATH: CUSTOM_NVD_JSON_PATH @@ -218,7 +218,7 @@ DATE_VALUE: March 6, 2019. TYPE_VALUE: GPLv2 -- name: Indexing CPE helper with wrong update_date fields +- name: Wrong update_date fields description: Indexing CPE helper with wrong update_date fields configuration_parameters: NVD_JSON_PATH: CUSTOM_NVD_JSON_PATH @@ -273,7 +273,7 @@ DATE_VALUE: March 6, 2019. TYPE_VALUE: GPLv2 -- name: Indexing CPE helper with wrong target field +- name: Wrong target field description: Indexing CPE helper with wrong target field configuration_parameters: NVD_JSON_PATH: CUSTOM_NVD_JSON_PATH diff --git a/tests/integration/test_vulnerability_detector/test_cpe_helper/data/test_cases/cases_cpe_indexing_wrong_values.yaml b/tests/integration/test_vulnerability_detector/test_cpe_helper/data/test_cases/cases_cpe_indexing_wrong_values.yaml index 7ed91bad3e..a0cecb6ad3 100644 --- a/tests/integration/test_vulnerability_detector/test_cpe_helper/data/test_cases/cases_cpe_indexing_wrong_values.yaml +++ b/tests/integration/test_vulnerability_detector/test_cpe_helper/data/test_cases/cases_cpe_indexing_wrong_values.yaml @@ -1,4 +1,4 @@ -- name: Indexing CPE helper with wrong version value +- name: Wrong version value description: Indexing CPE helper with wrong version value configuration_parameters: NVD_JSON_PATH: CUSTOM_NVD_JSON_PATH @@ -53,7 +53,7 @@ DATE_VALUE: March 6, 2019. TYPE_VALUE: GPLv2 -- name: Indexing CPE helper with wrong update_date value +- name: Wrong update_date value description: Indexing CPE helper with wrong update_date value configuration_parameters: NVD_JSON_PATH: CUSTOM_NVD_JSON_PATH @@ -108,7 +108,7 @@ DATE_VALUE: March 6, 2019. TYPE_VALUE: GPLv2 -- name: Indexing CPE helper with wrong target value +- name: Wrong target value description: Indexing CPE helper with wrong target value configuration_parameters: NVD_JSON_PATH: CUSTOM_NVD_JSON_PATH @@ -163,7 +163,7 @@ DATE_VALUE: March 6, 2019. TYPE_VALUE: GPLv2 -- name: Indexing CPE helper with wrong format_version value +- name: Wrong format_version value description: Indexing CPE helper with wrong format_version value configuration_parameters: NVD_JSON_PATH: CUSTOM_NVD_JSON_PATH @@ -218,7 +218,7 @@ DATE_VALUE: March 6, 2019. TYPE_VALUE: GPLv2 -- name: Indexing CPE helper with wrong source vendor value +- name: Wrong source vendor value description: Indexing CPE helper with wrong source vendor value configuration_parameters: NVD_JSON_PATH: CUSTOM_NVD_JSON_PATH @@ -273,7 +273,7 @@ DATE_VALUE: March 6, 2019. TYPE_VALUE: GPLv2 -- name: Indexing CPE helper with wrong source product value +- name: Wrong source product value description: Indexing CPE helper with wrong source product value configuration_parameters: NVD_JSON_PATH: CUSTOM_NVD_JSON_PATH @@ -328,7 +328,7 @@ DATE_VALUE: March 6, 2019. TYPE_VALUE: GPLv2 -- name: Indexing CPE helper with wrong action value +- name: Wrong action value description: Indexing CPE helper with wrong action value configuration_parameters: NVD_JSON_PATH: CUSTOM_NVD_JSON_PATH diff --git a/tests/integration/test_vulnerability_detector/test_cpe_helper/test_cpe_helper.py b/tests/integration/test_vulnerability_detector/test_cpe_helper/test_cpe_helper.py index f9b9db8a8a..d58cb590a4 100644 --- a/tests/integration/test_vulnerability_detector/test_cpe_helper/test_cpe_helper.py +++ b/tests/integration/test_vulnerability_detector/test_cpe_helper/test_cpe_helper.py @@ -73,11 +73,19 @@ t2_cases_path = os.path.join(TEST_CASES_PATH, 'cases_cpe_indexing_wrong_values.yaml') t3_configurations_path = os.path.join(CONFIGURATIONS_PATH, 'configuration_cpe_indexing.yaml') t3_cases_path = os.path.join(TEST_CASES_PATH, 'cases_cpe_indexing_missing_fields.yaml') +t4_configurations_path = os.path.join(CONFIGURATIONS_PATH, 'configuration_cpe_indexing.yaml') +t4_cases_path = os.path.join(TEST_CASES_PATH, 'cases_cpe_indexing_empty_fields.yaml') +t5_configurations_path = os.path.join(CONFIGURATIONS_PATH, 'configuration_cpe_indexing.yaml') +t5_cases_path = os.path.join(TEST_CASES_PATH, 'cases_cpe_indexing_empty_vendor_version.yaml') # Custom paths custom_nvd_json_feed_path = os.path.join(TEST_FEEDS_PATH, 'nvd', vd.CUSTOM_NVD_FEED) custom_cpe_helper_path = os.path.join(TEST_FEEDS_PATH, 'cpe_helper', vd.CUSTOM_CPE_HELPER_TEMPLATE) custom_vulnerable_packages_path = os.path.join(TEST_PACKAGES_PATH, vd.CUSTOM_VULNERABLE_PACKAGES) +custom_vulnerable_pkg_empty_vendor_path = os.path.join(TEST_PACKAGES_PATH, + vd.CUSTOM_VULNERABLE_PKG_EMPTY_VENDOR) +custom_vulnerable_pkg_empty_vendor_version_path = os.path.join(TEST_PACKAGES_PATH, + vd.CUSTOM_VULNERABLE_PKG_EMPTY_VENDOR_VERSION) # CPE indexing packages test configurations (t1) t1_configuration_parameters, t1_configuration_metadata, t1_test_case_ids = get_test_cases_data(t1_cases_path) @@ -97,6 +105,18 @@ t3_configuration_metadata) t3_systems = [metadata['system'] for metadata in t3_configuration_metadata] +# CPE indexing packages test configurations (t4) +t4_configuration_parameters, t4_configuration_metadata, t4_test_case_ids = get_test_cases_data(t4_cases_path) +t4_configurations = load_configuration_template(t4_configurations_path, t4_configuration_parameters, + t4_configuration_metadata) +t4_systems = [metadata['system'] for metadata in t4_configuration_metadata] + +# CPE indexing packages test configurations (t5) +t5_configuration_parameters, t5_configuration_metadata, t5_test_case_ids = get_test_cases_data(t5_cases_path) +t5_configurations = load_configuration_template(t5_configurations_path, t5_configuration_parameters, + t5_configuration_metadata) +t5_systems = [metadata['system'] for metadata in t5_configuration_metadata] + # Set offline custom feeds configuration t1_configurations = update_configuration_template(t1_configurations, ['CUSTOM_NVD_JSON_PATH'], [custom_nvd_json_feed_path]) @@ -104,10 +124,19 @@ [custom_nvd_json_feed_path]) t3_configurations = update_configuration_template(t3_configurations, ['CUSTOM_NVD_JSON_PATH'], [custom_nvd_json_feed_path]) +t4_configurations = update_configuration_template(t4_configurations, ['CUSTOM_NVD_JSON_PATH'], + [custom_nvd_json_feed_path]) +t5_configurations = update_configuration_template(t5_configurations, ['CUSTOM_NVD_JSON_PATH'], + [custom_nvd_json_feed_path]) # Global vars -agent_packages = read_json_file(custom_vulnerable_packages_path) - +t1_agent_packages = [read_json_file(custom_vulnerable_packages_path) for metadata in t1_configuration_metadata] +t2_agent_packages = [read_json_file(custom_vulnerable_packages_path) for metadata in t2_configuration_metadata] +t3_agent_packages = [read_json_file(custom_vulnerable_packages_path) for metadata in t3_configuration_metadata] +t4_agent_packages = [read_json_file(custom_vulnerable_pkg_empty_vendor_path) + for metadata in t4_configuration_metadata] +t5_agent_packages = [read_json_file(custom_vulnerable_pkg_empty_vendor_version_path) + for metadata in t5_configuration_metadata] def replace_cpe_json_fields(tags=None, values=None): """Replace the tags and values of the generic_custom_cpe_helper.json file. @@ -169,22 +198,37 @@ def remove_cpe_json_fields(tags=None): @pytest.fixture(scope='function') -def prepare_environment(request, metadata, agent_system, mock_agent_with_custom_system): +def prepare_environment(request, metadata, agent_system, agent_packages, mock_agent_with_custom_system): """Prepare the environment with a mocked agent, vulnerable packages and a custom cpe_helper. - Mock an agent with a specified system. - Insert mocked vulnerables packages. - Update packages sync status. - Copy the custom CPE helper to the dictionaries folder. + - Force full scan. Args: metadata (dict): Test case metadata. agent_system (str): System to set to the mocked agent. + agent_packages (list): List of vulnerable packages mock_agent_with_custom_system (fixture): Mock an agent with a custom system. """ for package in agent_packages: - agent_db.insert_package(name=package['name'], version=package['version'], source=package['name'], - vendor=package['vendor'], agent_id=mock_agent_with_custom_system) + try: + version = package['version'] + except KeyError: + version = '' + try: + format = package['format'] + except KeyError: + format = 'rpm' + try: + architecture = package['architecture'] + except KeyError: + architecture = 'x64' + agent_db.insert_package(name=package['name'], format=format, architecture=architecture, + agent_id=mock_agent_with_custom_system, vendor=package['vendor'], + version=version, source=package['name']) # Sync packages info agent_db.update_sync_info(agent_id=mock_agent_with_custom_system, component="syscollector-packages") @@ -208,9 +252,10 @@ def prepare_environment(request, metadata, agent_system, mock_agent_with_custom_ write_json_file(CPE_HELPER_PATH, cpe_helper_backup_data) -@pytest.mark.parametrize('configuration, metadata, agent_system', - zip(t1_configurations, t1_configuration_metadata, t1_systems), ids=t1_test_case_ids) -def test_cpe_indexing_wrong_tags(configuration, metadata, agent_system, set_wazuh_configuration_vdt, +@pytest.mark.parametrize('configuration, metadata, agent_system, agent_packages', + zip(t1_configurations, t1_configuration_metadata, t1_systems, t1_agent_packages), + ids=t1_test_case_ids) +def test_cpe_indexing_wrong_tags(configuration, metadata, agent_system, agent_packages, set_wazuh_configuration_vdt, truncate_monitored_files, clean_cve_tables_func, prepare_environment, restart_modulesd_function): ''' @@ -232,7 +277,7 @@ def test_cpe_indexing_wrong_tags(configuration, metadata, agent_system, set_wazu - Restore initial configuration, both ossec.conf and local_internal_options.conf. - Restore the original cpe_helper.json - wazuh_min_version: 4.4.0 + wazuh_min_version: 4.5.0 tier: 2 @@ -246,6 +291,9 @@ def test_cpe_indexing_wrong_tags(configuration, metadata, agent_system, set_wazu - agent_system: type: str brief: System to set to the mocked agent. + - agent_packages + type: list + brief: List of vulnerable packages. - set_wazuh_configuration_vdt: type: fixture brief: Set the wazuh configuration according to the configuration data. @@ -293,9 +341,10 @@ def test_cpe_indexing_wrong_tags(configuration, metadata, agent_system, set_wazu raise AttributeError('Unexpected log') -@pytest.mark.parametrize('configuration, metadata, agent_system', - zip(t2_configurations, t2_configuration_metadata, t2_systems), ids=t2_test_case_ids) -def test_cpe_indexing_wrong_values(configuration, metadata, agent_system, set_wazuh_configuration_vdt, +@pytest.mark.parametrize('configuration, metadata, agent_system, agent_packages', + zip(t2_configurations, t2_configuration_metadata, t2_systems, t2_agent_packages), + ids=t2_test_case_ids) +def test_cpe_indexing_wrong_values(configuration, metadata, agent_system, agent_packages, set_wazuh_configuration_vdt, truncate_monitored_files, clean_cve_tables_func, prepare_environment, restart_modulesd_function): ''' @@ -317,7 +366,7 @@ def test_cpe_indexing_wrong_values(configuration, metadata, agent_system, set_wa - Restore initial configuration, both ossec.conf and local_internal_options.conf. - Restore the original cpe_helper.json - wazuh_min_version: 4.4.0 + wazuh_min_version: 4.5.0 tier: 2 @@ -331,6 +380,9 @@ def test_cpe_indexing_wrong_values(configuration, metadata, agent_system, set_wa - agent_system: type: str brief: System to set to the mocked agent. + - agent_packages + type: list + brief: List of vulnerable packages. - set_wazuh_configuration_vdt: type: fixture brief: Set the wazuh configuration according to the configuration data. @@ -378,9 +430,10 @@ def test_cpe_indexing_wrong_values(configuration, metadata, agent_system, set_wa raise AttributeError('Unexpected log') -@pytest.mark.parametrize('configuration, metadata, agent_system', - zip(t3_configurations, t3_configuration_metadata, t3_systems), ids=t3_test_case_ids) -def test_cpe_indexing_missing_field(configuration, metadata, agent_system, set_wazuh_configuration_vdt, +@pytest.mark.parametrize('configuration, metadata, agent_system, agent_packages', + zip(t3_configurations, t3_configuration_metadata, t3_systems, t3_agent_packages), + ids=t3_test_case_ids) +def test_cpe_indexing_missing_field(configuration, metadata, agent_system, agent_packages, set_wazuh_configuration_vdt, truncate_monitored_files, clean_cve_tables_func, prepare_environment, restart_modulesd_function): ''' @@ -402,7 +455,7 @@ def test_cpe_indexing_missing_field(configuration, metadata, agent_system, set_w - Restore initial configuration, both ossec.conf and local_internal_options.conf. - Restore the original cpe_helper.json - wazuh_min_version: 4.4.0 + wazuh_min_version: 4.5.0 tier: 2 @@ -416,6 +469,9 @@ def test_cpe_indexing_missing_field(configuration, metadata, agent_system, set_w - agent_system: type: str brief: System to set to the mocked agent. + - agent_packages + type: list + brief: List of vulnerable packages. - set_wazuh_configuration_vdt: type: fixture brief: Set the wazuh configuration according to the configuration data. @@ -460,3 +516,154 @@ def test_cpe_indexing_missing_field(configuration, metadata, agent_system, set_w raise AttributeError('Unexpected log') elif expected_result == 'error_inserting_package': evm.check_error_inserting_package(agent_id=prepare_environment) + + +@pytest.mark.parametrize('configuration, metadata, agent_system, agent_packages', + zip(t4_configurations, t4_configuration_metadata, t4_systems, t4_agent_packages), + ids=t4_test_case_ids) +def test_cpe_indexing_empty_fields(configuration, metadata, agent_system, agent_packages, set_wazuh_configuration_vdt, + truncate_monitored_files, clean_cve_tables_func, prepare_environment, + restart_modulesd_function): + ''' + description: Check if the packages are indexed in the database by checking the respective log in the ossec.log file, + and if the alert of the vulnerable package comes out when some tag are empty. + + test_phases: + - setup: + - Load Wazuh light configuration, with custom feeds. + - Apply ossec.conf configuration changes according to the configuration template and use case. + - Apply custom settings in local_internal_options.conf. + - Mock an agent with Windows system and vulnerable packages. + - Backup the original cpe_helper.json and copy a custom CPE helper with new tags and values. + - Truncate wazuh logs. + - Restart wazuh-modulesd daemon to apply configuration changes. + - test: + - Check in the log and alert for specific information. + - teardown: + - Truncate wazuh logs. + - Restore initial configuration, both ossec.conf and local_internal_options.conf. + - Restore the original cpe_helper.json + + wazuh_min_version: 4.5.0 + + tier: 1 + + parameters: + - configuration: + type: dict + brief: Wazuh configuration data. Needed for set_wazuh_configuration fixture. + - metadata: + type: dict + brief: Wazuh configuration metadata. + - agent_system: + type: str + brief: System to set to the mocked agent. + - agent_packages + type: list + brief: List of vulnerable packages. + - set_wazuh_configuration_vdt: + type: fixture + brief: Set the wazuh configuration according to the configuration data. + - truncate_monitored_files: + type: fixture + brief: Truncate all the log files and json alerts files before and after the test execution. + - clean_cve_tables_func: + type: fixture + brief: Clean all CVE tables. + - prepare_environment: + type: fixture + brief: Setup the initial test state. + - restart_modulesd_function: + type: fixture + brief: Restart the wazuh-modulesd daemon. + + assertions: + - Check for a specific log and alert. + + input_description: + - The `configuration_cpe_indexing.yaml` file provides the module configuration for this test. + - The `cases_cpe_indexing_missing_fields.yaml` file provides the test cases. + + expected_output: + - r"The CPE .*a:{package_vendor}:{package_name}.* from the agent '{agent_id}' was indexed" + - fr".*"agent":."id":"{agent_id}".*{cve} affects {package}', prefix='.*" + ''' + for package in agent_packages: + evm.check_cpe_helper_packages_indexed(package_name=metadata['values']['PRODUCT_T_VALUE_0'], + package_vendor=metadata['values']['VENDOR_T_VALUE'], + agent_id=prepare_environment, timeout=vd.T_20) + + evm.check_vulnerability_affects_alert(agent_id=prepare_environment, + package=metadata['values']['PRODUCT_T_VALUE_0'], cve=package['cveid']) + + +@pytest.mark.parametrize('configuration, metadata, agent_system, agent_packages', + zip(t5_configurations, t5_configuration_metadata, t5_systems, t5_agent_packages), + ids=t5_test_case_ids) +def test_cpe_indexing_empty_vendor_version(configuration, metadata, agent_system, agent_packages, + set_wazuh_configuration_vdt, truncate_monitored_files, + clean_cve_tables_func, prepare_environment, restart_modulesd_function): + ''' + description: Check that when vendor and version tags are empty, and the action tag is not the correct to + extract the version field, the package cannot be indexed. + + test_phases: + - setup: + - Load Wazuh light configuration, with custom feeds. + - Apply ossec.conf configuration changes according to the configuration template and use case. + - Apply custom settings in local_internal_options.conf. + - Mock an agent with Windows system and vulnerable packages. + - Backup the original cpe_helper.json and copy a custom CPE helper with new tags and values. + - Truncate wazuh logs. + - Restart wazuh-modulesd daemon to apply configuration changes. + - test: + - Check in the log and alert for specific information. + - teardown: + - Truncate wazuh logs. + - Restore initial configuration, both ossec.conf and local_internal_options.conf. + - Restore the original cpe_helper.json + + wazuh_min_version: 4.5.0 + + tier: 1 + + parameters: + - configuration: + type: dict + brief: Wazuh configuration data. Needed for set_wazuh_configuration fixture. + - metadata: + type: dict + brief: Wazuh configuration metadata. + - agent_system: + type: str + brief: System to set to the mocked agent. + - agent_packages + type: list + brief: List of vulnerable packages. + - set_wazuh_configuration_vdt: + type: fixture + brief: Set the wazuh configuration according to the configuration data. + - truncate_monitored_files: + type: fixture + brief: Truncate all the log files and json alerts files before and after the test execution. + - clean_cve_tables_func: + type: fixture + brief: Clean all CVE tables. + - prepare_environment: + type: fixture + brief: Setup the initial test state. + - restart_modulesd_function: + type: fixture + brief: Restart the wazuh-modulesd daemon. + + assertions: + - Check for a specific log and alert. + + input_description: + - The `configuration_cpe_indexing.yaml` file provides the module configuration for this test. + - The `cases_cpe_indexing_missing_vendor_version.yaml` file provides the test cases. + + expected_output: + - fr"DEBUG: .* Couldn't get the version of the CPE for the {package_name} package." + ''' + evm.check_version_log(package_name=metadata['values']['PRODUCT_T_VALUE_0']) diff --git a/tests/integration/test_vulnerability_detector/test_cpe_helper/test_cpe_helper_missing_fields.py b/tests/integration/test_vulnerability_detector/test_cpe_helper/test_cpe_helper_missing_fields.py deleted file mode 100644 index 0177f8a006..0000000000 --- a/tests/integration/test_vulnerability_detector/test_cpe_helper/test_cpe_helper_missing_fields.py +++ /dev/null @@ -1,361 +0,0 @@ -''' -copyright: Copyright (C) 2015-2021, Wazuh Inc. - - Created by Wazuh, Inc. . - - This program is free software; you can redistribute it and/or modify it under the terms of GPLv2 - -type: integration - -brief: Wazuh is able to detect vulnerabilities in the applications installed in agents using the Vulnerability Detector - module. This software audit is performed through the integration of vulnerability feeds indexed by Redhat, - Canonical, Debian, Amazon Linux and NVD Database. - -components: - - vulnerability_detector - -suite: feeds - -targets: - - manager - -daemons: - - wazuh-modulesd - - wazuh-db - -os_platform: - - linux - -os_version: - - Arch Linux - - Amazon Linux 2 - - Amazon Linux 1 - - CentOS 8 - - CentOS 7 - - Debian Buster - - Red Hat 8 - - Ubuntu Focal - - Ubuntu Bionic - -references: - - https://documentation.wazuh.com/current/user-manual/capabilities/vulnerability-detection/index.html - -tags: - - vulnerability_detector - - cpe_helper -''' -import os -import json -import pytest - -from wazuh_testing.tools.configuration import load_configuration_template, get_test_cases_data -from wazuh_testing.tools.configuration import update_configuration_template -from wazuh_testing import CPE_HELPER_PATH -from wazuh_testing.db_interface import agent_db -from wazuh_testing.tools.file import read_json_file, copy, write_json_file, read_file, write_file -from wazuh_testing.modules.vulnerability_detector import event_monitor as evm -from wazuh_testing.modules import vulnerability_detector as vd - -pytestmark = [pytest.mark.server] - - -# Reference paths -TEST_DATA_PATH = os.path.join(os.path.dirname(os.path.realpath(__file__)), 'data') -CONFIGURATIONS_PATH = os.path.join(TEST_DATA_PATH, 'configuration_template') -TEST_CASES_PATH = os.path.join(TEST_DATA_PATH, 'test_cases') -TEST_FEEDS_PATH = os.path.join(os.path.dirname(os.path.realpath(__file__)), '..', 'data', 'feeds') -TEST_PACKAGES_PATH = os.path.join(os.path.dirname(os.path.realpath(__file__)), '..', 'data', 'vulnerable_packages') - -# Configuration and cases data -t1_configurations_path = os.path.join(CONFIGURATIONS_PATH, 'configuration_cpe_indexing.yaml') -t1_cases_path = os.path.join(TEST_CASES_PATH, 'cases_cpe_indexing_missing_fields.yaml') -t2_configurations_path = os.path.join(CONFIGURATIONS_PATH, 'configuration_cpe_indexing.yaml') -t2_cases_path = os.path.join(TEST_CASES_PATH, 'cases_cpe_indexing_missing_vendor_version.yaml') - -# Custom paths -custom_nvd_json_feed_path = os.path.join(TEST_FEEDS_PATH, 'nvd', vd.CUSTOM_NVD_FEED) -custom_cpe_helper_path = os.path.join(TEST_FEEDS_PATH, 'cpe_helper', vd.CUSTOM_GENERIC_CPE_HELPER) -custom_vulnerable_pkg_missing_vendor_path = os.path.join(TEST_PACKAGES_PATH, - vd.CUSTOM_VULNERABLE_PKG_MISSING_VENDOR) -custom_vulnerable_pkg_missing_vendor_version_path = os.path.join(TEST_PACKAGES_PATH, - vd.CUSTOM_VULNERABLE_PKG_MISSING_VENDOR_VERSION) - -# CPE indexing packages test configurations (t1) -t1_configuration_parameters, t1_configuration_metadata, t1_test_case_ids = get_test_cases_data(t1_cases_path) -t1_configurations = load_configuration_template(t1_configurations_path, t1_configuration_parameters, - t1_configuration_metadata) -t1_systems = [metadata['system'] for metadata in t1_configuration_metadata] - -# CPE indexing packages test configurations (t2) -t2_configuration_parameters, t2_configuration_metadata, t2_test_case_ids = get_test_cases_data(t2_cases_path) -t2_configurations = load_configuration_template(t2_configurations_path, t2_configuration_parameters, - t2_configuration_metadata) -t2_systems = [metadata['system'] for metadata in t2_configuration_metadata] - -# Set offline custom feeds configuration -t1_configurations = update_configuration_template(t1_configurations, ['CUSTOM_NVD_JSON_PATH'], - [custom_nvd_json_feed_path]) -t2_configurations = update_configuration_template(t2_configurations, ['CUSTOM_NVD_JSON_PATH'], - [custom_nvd_json_feed_path]) - -# Global vars -t1_agent_packages = [read_json_file(custom_vulnerable_pkg_missing_vendor_path) - for metadata in t1_configuration_metadata] -t2_agent_packages = [read_json_file(custom_vulnerable_pkg_missing_vendor_version_path) - for metadata in t2_configuration_metadata] - - -def replace_cpe_json_fields(tags=None, values=None): - """Replace the tags and values of the generic_custom_cpe_helper.json file. - - Args: - tags (dict): Dictionary with tags names values - values (dict): Dictionary with tag values - """ - filedata = read_file(CPE_HELPER_PATH) - - for key, value in tags.items(): - filedata = filedata.replace(key, value) - - for key, value in values.items(): - filedata = filedata.replace(key, value) - - write_file(CPE_HELPER_PATH, data=filedata) - - -def remove_item(item, remove_key=""): - """Remove recursively the tags and values of the dictionary. - - Args: - item (dict): Dictionary - remove_key (str): Item to be deleted - """ - if isinstance(item, dict): - for key in list(item.keys()): - if key == remove_key: - del item[key] - else: - remove_item(item[key], remove_key) - elif isinstance(item, list): - for i in reversed(range(len(item))): - if item[i] == remove_key: - del item[i] - else: - remove_item(item[i], remove_key) - else: - pass - return item - - -def remove_cpe_json_fields(tags=None): - """Remove the tags and values of the generic_custom_cpe_helper.json file. - - Args: - tags (list): Dictionary with tags names values - """ - tags = [] if tags is None else tags - - if len(tags) > 0: - filedata = read_json_file(CPE_HELPER_PATH) - - for item in tags: - filedata = remove_item(filedata, item) - - write_json_file(CPE_HELPER_PATH, filedata) - - -@pytest.fixture(scope='function') -def prepare_environment(request, metadata, agent_system, agent_packages, mock_agent_with_custom_system): - """Prepare the environment with a mocked agent, vulnerable packages and a custom cpe_helper. - - - Mock an agent with a specified system. - - Insert mocked vulnerables packages. - - Update packages sync status. - - Copy the custom CPE helper to the dictionaries folder. - - Force full scan. - - Args: - metadata (dict): Test case metadata. - agent_system (str): System to set to the mocked agent. - agent_packages (list): List of vulnerable packages - mock_agent_with_custom_system (fixture): Mock an agent with a custom system. - """ - for package in agent_packages: - try: - version = package['version'] - except KeyError: - version = '' - agent_db.insert_package(name=package['name'], format=package['format'], architecture=package['architecture'], - agent_id=mock_agent_with_custom_system, vendor=package['vendor'], version=version) - - # Sync packages info - agent_db.update_sync_info(agent_id=mock_agent_with_custom_system, component="syscollector-packages") - agent_db.update_sync_info(agent_id=mock_agent_with_custom_system, component="syscollector-hotfixes") - - # Make a backup data from inital CPE helper - cpe_helper_backup_data = read_json_file(CPE_HELPER_PATH) - - # Set the custom CPE helper - copy(custom_cpe_helper_path, CPE_HELPER_PATH) - - # Remove the values of the CPE helper - remove_cpe_json_fields(tags=metadata['missing_field']) - - # Replace the values of the CPE helper - replace_cpe_json_fields(tags=metadata['tags'], values=metadata['values']) - - yield mock_agent_with_custom_system - - # Restore the CPE helper backup data - write_json_file(CPE_HELPER_PATH, cpe_helper_backup_data) - - -@pytest.mark.parametrize('configuration, metadata, agent_system, agent_packages', - zip(t1_configurations, t1_configuration_metadata, t1_systems, t1_agent_packages), - ids=t1_test_case_ids) -def test_cpe_indexing_missing_fields(configuration, metadata, agent_system, agent_packages, set_wazuh_configuration_vdt, - truncate_monitored_files, clean_cve_tables_func, prepare_environment, - restart_modulesd_function): - ''' - description: Check if the packages are indexed in the database by checking the respective log in the ossec.log file, - and if the alert of the vulnerable package comes out when some tag are missing. - - test_phases: - - setup: - - Load Wazuh light configuration, with custom feeds. - - Apply ossec.conf configuration changes according to the configuration template and use case. - - Apply custom settings in local_internal_options.conf. - - Mock an agent with Windows system and vulnerable packages. - - Backup the original cpe_helper.json and copy a custom CPE helper with new tags and values. - - Truncate wazuh logs. - - Restart wazuh-modulesd daemon to apply configuration changes. - - test: - - Check in the log and alert for specific information. - - teardown: - - Truncate wazuh logs. - - Restore initial configuration, both ossec.conf and local_internal_options.conf. - - Restore the original cpe_helper.json - - wazuh_min_version: 4.5.0 - - tier: 1 - - parameters: - - configuration: - type: dict - brief: Wazuh configuration data. Needed for set_wazuh_configuration fixture. - - metadata: - type: dict - brief: Wazuh configuration metadata. - - agent_system: - type: str - brief: System to set to the mocked agent. - - agent_packages - type: list - brief: List of vulnerable packages. - - set_wazuh_configuration_vdt: - type: fixture - brief: Set the wazuh configuration according to the configuration data. - - truncate_monitored_files: - type: fixture - brief: Truncate all the log files and json alerts files before and after the test execution. - - clean_cve_tables_func: - type: fixture - brief: Clean all CVE tables. - - prepare_environment: - type: fixture - brief: Setup the initial test state. - - restart_modulesd_function: - type: fixture - brief: Restart the wazuh-modulesd daemon. - - assertions: - - Check for a specific log and alert. - - input_description: - - The `configuration_cpe_indexing.yaml` file provides the module configuration for this test. - - The `cases_cpe_indexing_missing_fields.yaml` file provides the test cases. - - expected_output: - - r"The CPE .*a:{package_vendor}:{package_name}.* from the agent '{agent_id}' was indexed" - - fr".*"agent":."id":"{agent_id}".*{cve} affects {package}', prefix='.*" - ''' - for package in agent_packages: - evm.check_cpe_helper_packages_indexed(package_name=metadata['values']['PRODUCT_T_VALUE_0'], - package_vendor=metadata['values']['VENDOR_T_VALUE'], - agent_id=prepare_environment, timeout=vd.T_20) - - evm.check_vulnerability_affects_alert(agent_id=prepare_environment, - package=metadata['values']['PRODUCT_T_VALUE_0'], cve=package['cveid']) - - -@pytest.mark.parametrize('configuration, metadata, agent_system, agent_packages', - zip(t2_configurations, t2_configuration_metadata, t2_systems, t2_agent_packages), - ids=t2_test_case_ids) -def test_cpe_indexing_missing_vendor_version(configuration, metadata, agent_system, agent_packages, - set_wazuh_configuration_vdt, truncate_monitored_files, - clean_cve_tables_func, prepare_environment, restart_modulesd_function): - ''' - description: Check that when vendor and version tags are missing, and the action tag is not the correct to - extract the version field, the package cannot be indexed. - - test_phases: - - setup: - - Load Wazuh light configuration, with custom feeds. - - Apply ossec.conf configuration changes according to the configuration template and use case. - - Apply custom settings in local_internal_options.conf. - - Mock an agent with Windows system and vulnerable packages. - - Backup the original cpe_helper.json and copy a custom CPE helper with new tags and values. - - Truncate wazuh logs. - - Restart wazuh-modulesd daemon to apply configuration changes. - - test: - - Check in the log and alert for specific information. - - teardown: - - Truncate wazuh logs. - - Restore initial configuration, both ossec.conf and local_internal_options.conf. - - Restore the original cpe_helper.json - - wazuh_min_version: 4.5.0 - - tier: 1 - - parameters: - - configuration: - type: dict - brief: Wazuh configuration data. Needed for set_wazuh_configuration fixture. - - metadata: - type: dict - brief: Wazuh configuration metadata. - - agent_system: - type: str - brief: System to set to the mocked agent. - - agent_packages - type: list - brief: List of vulnerable packages. - - set_wazuh_configuration_vdt: - type: fixture - brief: Set the wazuh configuration according to the configuration data. - - truncate_monitored_files: - type: fixture - brief: Truncate all the log files and json alerts files before and after the test execution. - - clean_cve_tables_func: - type: fixture - brief: Clean all CVE tables. - - prepare_environment: - type: fixture - brief: Setup the initial test state. - - restart_modulesd_function: - type: fixture - brief: Restart the wazuh-modulesd daemon. - - assertions: - - Check for a specific log and alert. - - input_description: - - The `configuration_cpe_indexing.yaml` file provides the module configuration for this test. - - The `cases_cpe_indexing_missing_vendor_version.yaml` file provides the test cases. - - expected_output: - - fr"DEBUG: .* Couldn't get the version of the CPE for the {package_name} package." - ''' - evm.check_version_log(package_name=metadata['values']['PRODUCT_T_VALUE_0']) From daffc1d55846cb8aaa8264bd526748d21d55c70e Mon Sep 17 00:00:00 2001 From: fedepacher Date: Wed, 25 Jan 2023 16:42:56 -0300 Subject: [PATCH 7/8] refactor(#798): refactor code style --- .../test_cpe_helper/test_cpe_helper.py | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/integration/test_vulnerability_detector/test_cpe_helper/test_cpe_helper.py b/tests/integration/test_vulnerability_detector/test_cpe_helper/test_cpe_helper.py index d58cb590a4..e10a3723b6 100644 --- a/tests/integration/test_vulnerability_detector/test_cpe_helper/test_cpe_helper.py +++ b/tests/integration/test_vulnerability_detector/test_cpe_helper/test_cpe_helper.py @@ -138,6 +138,7 @@ t5_agent_packages = [read_json_file(custom_vulnerable_pkg_empty_vendor_version_path) for metadata in t5_configuration_metadata] + def replace_cpe_json_fields(tags=None, values=None): """Replace the tags and values of the generic_custom_cpe_helper.json file. From ca6f08d1bae29c70bd00e1058471a9578eda5183 Mon Sep 17 00:00:00 2001 From: jmv74211 Date: Thu, 2 Feb 2023 17:16:53 +0100 Subject: [PATCH 8/8] refactor: add tier mark to CPE helper tests --- .../test_cpe_helper/test_cpe_helper.py | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/tests/integration/test_vulnerability_detector/test_cpe_helper/test_cpe_helper.py b/tests/integration/test_vulnerability_detector/test_cpe_helper/test_cpe_helper.py index e10a3723b6..40f6a26de7 100644 --- a/tests/integration/test_vulnerability_detector/test_cpe_helper/test_cpe_helper.py +++ b/tests/integration/test_vulnerability_detector/test_cpe_helper/test_cpe_helper.py @@ -46,7 +46,6 @@ ''' import os import pytest -import json from wazuh_testing.tools.configuration import load_configuration_template, get_test_cases_data from wazuh_testing.tools.configuration import update_configuration_template @@ -253,6 +252,7 @@ def prepare_environment(request, metadata, agent_system, agent_packages, mock_ag write_json_file(CPE_HELPER_PATH, cpe_helper_backup_data) +@pytest.mark.tier(level=2) @pytest.mark.parametrize('configuration, metadata, agent_system, agent_packages', zip(t1_configurations, t1_configuration_metadata, t1_systems, t1_agent_packages), ids=t1_test_case_ids) @@ -342,6 +342,7 @@ def test_cpe_indexing_wrong_tags(configuration, metadata, agent_system, agent_pa raise AttributeError('Unexpected log') +@pytest.mark.tier(level=2) @pytest.mark.parametrize('configuration, metadata, agent_system, agent_packages', zip(t2_configurations, t2_configuration_metadata, t2_systems, t2_agent_packages), ids=t2_test_case_ids) @@ -431,6 +432,7 @@ def test_cpe_indexing_wrong_values(configuration, metadata, agent_system, agent_ raise AttributeError('Unexpected log') +@pytest.mark.tier(level=2) @pytest.mark.parametrize('configuration, metadata, agent_system, agent_packages', zip(t3_configurations, t3_configuration_metadata, t3_systems, t3_agent_packages), ids=t3_test_case_ids) @@ -519,6 +521,7 @@ def test_cpe_indexing_missing_field(configuration, metadata, agent_system, agent evm.check_error_inserting_package(agent_id=prepare_environment) +@pytest.mark.tier(level=1) @pytest.mark.parametrize('configuration, metadata, agent_system, agent_packages', zip(t4_configurations, t4_configuration_metadata, t4_systems, t4_agent_packages), ids=t4_test_case_ids) @@ -598,6 +601,7 @@ def test_cpe_indexing_empty_fields(configuration, metadata, agent_system, agent_ package=metadata['values']['PRODUCT_T_VALUE_0'], cve=package['cveid']) +@pytest.mark.tier(level=1) @pytest.mark.parametrize('configuration, metadata, agent_system, agent_packages', zip(t5_configurations, t5_configuration_metadata, t5_systems, t5_agent_packages), ids=t5_test_case_ids)