wazuh · jmv74211 · Feb 2, 2023 · Jan 17, 2023 · Jan 17, 2023 · Jan 17, 2023
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -10,7 +10,7 @@ Release report: TBD
 ### Added
 
 - Add Windows System folders FIM monitoring tests ([#3720](https:/wazuh/wazuh-qa/pull/3720)) \- (Tests)
-- Add 'test_whodata_policy_changes' tests ([#3627](https:/wazuh/wazuh-qa/pull/3627)) \- (Framework + Tests) 
+- Add 'test_whodata_policy_changes' tests ([#3627](https:/wazuh/wazuh-qa/pull/3627)) \- (Framework + Tests)
 - Add test to check if active-response netsh generates alerts when firewall is disabled. ([#3787](https:/wazuh/wazuh-qa/pull/3787)) \- (Framework + Tests)
 - Add new tests for logcollector 'ignore' and 'restrict' options ([#3582](https:/wazuh/wazuh-qa/pull/3582)) \- (Tests)
 - Add 'Force reconnect' feature to agent_simulator tool. ([#3111](https:/wazuh/wazuh-qa/pull/3111)) \- (Tools)
@@ -36,6 +36,7 @@ Release report: TBD
 
 ### Added
 
+- Add new test to check missing fields in `cpe_helper.json` file ([#3766](https:/wazuh/wazuh-qa/pull/3766)) \- (Framework + Tests)
 - Add new test to check cpe_helper.json file ([#3731](https:/wazuh/wazuh-qa/pull/3731))
 - Add new tests analysid handling of invalid/empty rule signature IDs ([#3649]
 (https:/wazuh/wazuh-qa/pull/3649)) \- (Framework + Tests)

diff --git a/deps/wazuh_testing/wazuh_testing/modules/vulnerability_detector/__init__.py b/deps/wazuh_testing/wazuh_testing/modules/vulnerability_detector/__init__.py
@@ -19,6 +19,8 @@
 T_800 = 800
 
 CUSTOM_VULNERABLE_PACKAGES = 'custom_vulnerable_packages.json'
+CUSTOM_VULNERABLE_PKG_EMPTY_VENDOR = 'custom_vulnerable_pkg_empty_vendor.json'
+CUSTOM_VULNERABLE_PKG_EMPTY_VENDOR_VERSION = 'custom_vulnerable_pkg_empty_vendor_version.json'
 CUSTOM_NVD_FEED = 'custom_nvd_feed.json'
 CUSTOM_NVD_ALTERNATIVE_FEED = 'custom_nvd_alternative_feed.json'
 CUSTOM_REDHAT_JSON_FEED = 'custom_redhat_json_feed.json'
@@ -28,6 +30,7 @@
 CUSTOM_DEBIAN_JSON_FEED = 'custom_debian_json_feed.json'
 CUSTOM_MSU_JSON_FEED = 'custom_msu.json'
 CUSTOM_CPE_HELPER = 'custom_cpe_helper.json'
+CUSTOM_GENERIC_CPE_HELPER = 'custom_generic_cpe_helper_one_package.json'
 CUSTOM_CPE_HELPER_TEMPLATE = 'custom_cpe_helper_template.json'
 CUSTOM_ARCHLINUX_JSON_FEED = 'custom_archlinux_feed.json'
 CUSTOM_ALAS_JSON_FEED = 'custom_alas_feed.json'

diff --git a/deps/wazuh_testing/wazuh_testing/modules/vulnerability_detector/event_monitor.py b/deps/wazuh_testing/wazuh_testing/modules/vulnerability_detector/event_monitor.py
@@ -510,3 +510,16 @@ def check_error_inserting_package(log_monitor=None, agent_id='000', timeout=vd.T
  check_vuln_detector_event(file_monitor=log_monitor, timeout=timeout,
  callback=f"ERROR: .* Could not insert the CPEs from the agent '{agent_id}' "
  "into the database.")
+
+
+def check_version_log(package_name='', log_monitor=None, timeout=vd.T_20):
+ """Check that the version log could not be reached.
+
+ Args:
+ package_name (str): Package name.
+ log_monitor (FileMonitor): Log monitor.
+ timeout (str): timeout to check the event in Wazuh log.
+ """
+ check_vuln_detector_event(file_monitor=log_monitor, timeout=timeout,
+ callback=fr"DEBUG: .* Couldn't get the version of the CPE for the {package_name} "
+ "package.")
diff --git a/...t_vulnerability_detector/data/feeds/cpe_helper/custom_generic_cpe_helper_one_package.json b/...t_vulnerability_detector/data/feeds/cpe_helper/custom_generic_cpe_helper_one_package.json
@@ -0,0 +1,38 @@
+{
+ "VERSION_TAG": "VERSION_VALUE",
+ "FORMAT_TAG": "FORMAT_VALUE",
+ "UPDATE_TAG": "UPDATE_VALUE",
+ "DICTIONARY_TAG": [
+ {
+ "TARGET_TAG": "TARGET_VALUE",
+ "SOURCE_TAG": {
+ "VENDOR_S_TAG": [
+ "VENDOR_S_VALUE"
+ ],
+ "PRODUCT_S_TAG": [
+ "PRODUCT_S_VALUE_0"
+ ],
+ "VERSION_S_TAG": ["VERSION_S_VALUE"]
+ },
+ "TRANSLATION_TAG": {
+ "VENDOR_T_TAG": [
+ "VENDOR_T_VALUE"
+ ],
+ "PRODUCT_T_TAG": [
+ "PRODUCT_T_VALUE_0"
+ ],
+ "VERSION_T_TAG": ["VERSION_T_VALUE"]
+ },
+ "ACTION_TAG": [
+ "ACTION_VALUE_0",
+ "ACTION_VALUE_1"
+ ]
+ }
+ ],
+ "LICENSE_TAG": {
+ "TITLE_TAG": "TITLE_VALUE",
+ "COPYRIGHT_TAG": "COPYRIGHT_VALUE",
+ "DATE_TAG": "DATE_VALUE",
+ "TYPE_TAG" : "TYPE_VALUE"
+ }
+ }
diff --git a/...t_vulnerability_detector/data/vulnerable_packages/custom_vulnerable_pkg_empty_vendor.json b/...t_vulnerability_detector/data/vulnerable_packages/custom_vulnerable_pkg_empty_vendor.json
@@ -0,0 +1,14 @@
+[
+ {
+ "scan": {
+ "id": 0,
+ "time": "2021-11-20T12:41:27Z"
+ },
+ "architecture": "x86_64",
+ "format": "win",
+ "name": "custom-package-0 1.0.0",
+ "size": 0,
+ "vendor": "NULL",
+ "cveid": "CVE-000"
+ }
+]
diff --git a/...ability_detector/data/vulnerable_packages/custom_vulnerable_pkg_empty_vendor_version.json b/...ability_detector/data/vulnerable_packages/custom_vulnerable_pkg_empty_vendor_version.json
@@ -0,0 +1,15 @@
+[
+ {
+ "scan": {
+ "id": 0,
+ "time": "2021-11-20T12:41:27Z"
+ },
+ "architecture": "x86_64",
+ "format": "win",
+ "name": "custom-package-0 1.0.0",
+ "size": 0,
+ "vendor": "NULL",
+ "cveid": "CVE-000",
+ "version": "NULL"
+ }
+]
diff --git a/...lnerability_detector/test_cpe_helper/data/test_cases/cases_cpe_indexing_empty_fields.yaml b/...lnerability_detector/test_cpe_helper/data/test_cases/cases_cpe_indexing_empty_fields.yaml
@@ -0,0 +1,229 @@
+- name: Missing vendor field
+ description: Indexing CPE helper with missing vendor field
+ configuration_parameters:
+ NVD_JSON_PATH: CUSTOM_NVD_JSON_PATH
+ metadata:
+ system: WINDOWS_10
+ wrong_field: null
+ missing_field: []
+ tags:
+ VERSION_TAG: version
+ FORMAT_TAG: format_version
+ UPDATE_TAG: update_date
+ DICTIONARY_TAG: dictionary
+ TARGET_TAG: target
+ SOURCE_TAG: source
+ VENDOR_S_TAG: vendor
+ PRODUCT_S_TAG: product
+ VERSION_S_TAG: version
+ TRANSLATION_TAG: translation
+ VENDOR_T_TAG: vendor
+ PRODUCT_T_TAG: product
+ VERSION_T_TAG: version
+ ACTION_TAG: action
+ LICENSE_TAG: license
+ TITLE_TAG: title
+ COPYRIGHT_TAG: copyright
+ DATE_TAG: date
+ TYPE_TAG: type
+ values:
+ VERSION_VALUE: "1.0"
+ FORMAT_VALUE: "1.0"
+ UPDATE_VALUE: 2050-10-02T10:56Z
+ TARGET_VALUE: windows
+ VENDOR_S_VALUE: ""
+ PRODUCT_S_VALUE_0: ^custom-package-0.*
+ VERSION_S_VALUE: ^custom-package-0 ([0-9]+\\.*[0-9]*\\.*[0-9]*-*[0-9]*)
+ VENDOR_T_VALUE: wazuh-mocking
+ PRODUCT_T_VALUE_0: custom-package-0
+ VERSION_T_VALUE: ""
+ ACTION_VALUE_0: replace_product
+ ACTION_VALUE_1: set_version_if_product_matches
+ TITLE_VALUE: Dictionary of CPEs to analyze system vulnerabilities.
+ COPYRIGHT_VALUE: Copyright (C) 2015-2019, Wazuh Inc.
+ DATE_VALUE: March 6, 2019.
+ TYPE_VALUE: GPLv2
+
+- name: Missing vendor and version fields
+ description: Indexing CPE helper with missing vendor and version fields
+ configuration_parameters:
+ NVD_JSON_PATH: CUSTOM_NVD_JSON_PATH
+ metadata:
+ system: WINDOWS_10
+ wrong_field: null
+ missing_field: []
+ tags:
+ VERSION_TAG: version
+ FORMAT_TAG: format_version
+ UPDATE_TAG: update_date
+ DICTIONARY_TAG: dictionary
+ TARGET_TAG: target
+ SOURCE_TAG: source
+ VENDOR_S_TAG: vendor
+ PRODUCT_S_TAG: product
+ VERSION_S_TAG: version
+ TRANSLATION_TAG: translation
+ VENDOR_T_TAG: vendor
+ PRODUCT_T_TAG: product
+ VERSION_T_TAG: version
+ ACTION_TAG: action
+ LICENSE_TAG: license
+ TITLE_TAG: title
+ COPYRIGHT_TAG: copyright
+ DATE_TAG: date
+ TYPE_TAG: type
+ values:
+ VERSION_VALUE: "1.0"
+ FORMAT_VALUE: "1.0"
+ UPDATE_VALUE: 2050-10-02T10:56Z
+ TARGET_VALUE: windows
+ VENDOR_S_VALUE: ""
+ PRODUCT_S_VALUE_0: ^custom-package-0.*
+ VERSION_S_VALUE: ""
+ VENDOR_T_VALUE: wazuh-mocking
+ PRODUCT_T_VALUE_0: custom-package-0
+ VERSION_T_VALUE: ^custom-package-0 ([0-9]+\\.*[0-9]*\\.*[0-9]*-*[0-9]*)
+ ACTION_VALUE_0: replace_product
+ ACTION_VALUE_1: set_version_if_product_matches
+ TITLE_VALUE: Dictionary of CPEs to analyze system vulnerabilities.
+ COPYRIGHT_VALUE: Copyright (C) 2015-2019, Wazuh Inc.
+ DATE_VALUE: March 6, 2019.
+ TYPE_VALUE: GPLv2
+
+- name: Missing set_version_if_product_matches action field
+ description: Indexing CPE helper with missing set_version_if_product_matches action field
+ configuration_parameters:
+ NVD_JSON_PATH: CUSTOM_NVD_JSON_PATH
+ metadata:
+ system: WINDOWS_10
+ wrong_field: null
+ missing_field: []
+ tags:
+ VERSION_TAG: version
+ FORMAT_TAG: format_version
+ UPDATE_TAG: update_date
+ DICTIONARY_TAG: dictionary
+ TARGET_TAG: target
+ SOURCE_TAG: source
+ VENDOR_S_TAG: vendor
+ PRODUCT_S_TAG: product
+ VERSION_S_TAG: version
+ TRANSLATION_TAG: translation
+ VENDOR_T_TAG: vendor
+ PRODUCT_T_TAG: product
+ VERSION_T_TAG: version
+ ACTION_TAG: action
+ LICENSE_TAG: license
+ TITLE_TAG: title
+ COPYRIGHT_TAG: copyright
+ DATE_TAG: date
+ TYPE_TAG: type
+ values:
+ VERSION_VALUE: "1.0"
+ FORMAT_VALUE: "1.0"
+ UPDATE_VALUE: 2050-10-02T10:56Z
+ TARGET_VALUE: windows
+ VENDOR_S_VALUE: ""
+ PRODUCT_S_VALUE_0: ^custom-package-0.*
+ VERSION_S_VALUE: ""
+ VENDOR_T_VALUE: wazuh-mocking
+ PRODUCT_T_VALUE_0: custom-package-0
+ VERSION_T_VALUE: ^custom-package-0 ([0-9]+\\.*[0-9]*\\.*[0-9]*-*[0-9]*)
+ ACTION_VALUE_0: replace_product
+ ACTION_VALUE_1: ""
+ TITLE_VALUE: Dictionary of CPEs to analyze system vulnerabilities.
+ COPYRIGHT_VALUE: Copyright (C) 2015-2019, Wazuh Inc.
+ DATE_VALUE: March 6, 2019.
+ TYPE_VALUE: GPLv2
+
+- name: Replace_vendor instead of set_version_if_product_matches action fields
+ description: Indexing CPE helper with replace_vendor instead of set_version_if_product_matches action fields
+ configuration_parameters:
+ NVD_JSON_PATH: CUSTOM_NVD_JSON_PATH
+ metadata:
+ system: WINDOWS_10
+ wrong_field: null
+ missing_field: []
+ tags:
+ VERSION_TAG: version
+ FORMAT_TAG: format_version
+ UPDATE_TAG: update_date
+ DICTIONARY_TAG: dictionary
+ TARGET_TAG: target
+ SOURCE_TAG: source
+ VENDOR_S_TAG: vendor
+ PRODUCT_S_TAG: product
+ VERSION_S_TAG: version
+ TRANSLATION_TAG: translation
+ VENDOR_T_TAG: vendor
+ PRODUCT_T_TAG: product
+ VERSION_T_TAG: version
+ ACTION_TAG: action
+ LICENSE_TAG: license
+ TITLE_TAG: title
+ COPYRIGHT_TAG: copyright
+ DATE_TAG: date
+ TYPE_TAG: type
+ values:
+ VERSION_VALUE: "1.0"
+ FORMAT_VALUE: "1.0"
+ UPDATE_VALUE: 2050-10-02T10:56Z
+ TARGET_VALUE: windows
+ VENDOR_S_VALUE: ""
+ PRODUCT_S_VALUE_0: ^custom-package-0.*
+ VERSION_S_VALUE: ""
+ VENDOR_T_VALUE: wazuh-mocking
+ PRODUCT_T_VALUE_0: custom-package-0
+ VERSION_T_VALUE: ^custom-package-0 ([0-9]+\\.*[0-9]*\\.*[0-9]*-*[0-9]*)
+ ACTION_VALUE_0: replace_product
+ ACTION_VALUE_1: replace_vendor
+ TITLE_VALUE: Dictionary of CPEs to analyze system vulnerabilities.
+ COPYRIGHT_VALUE: Copyright (C) 2015-2019, Wazuh Inc.
+ DATE_VALUE: March 6, 2019.
+ TYPE_VALUE: GPLv2
+
+- name: Missing all source fields
+ description: Indexing CPE helper with missing all source fields
+ configuration_parameters:
+ NVD_JSON_PATH: CUSTOM_NVD_JSON_PATH
+ metadata:
+ system: WINDOWS_10
+ wrong_field: null
+ missing_field: []
+ tags:
+ VERSION_TAG: version
+ FORMAT_TAG: format_version
+ UPDATE_TAG: update_date
+ DICTIONARY_TAG: dictionary
+ TARGET_TAG: target
+ SOURCE_TAG: source
+ VENDOR_S_TAG: vendor
+ PRODUCT_S_TAG: product
+ VERSION_S_TAG: version
+ TRANSLATION_TAG: translation
+ VENDOR_T_TAG: vendor
+ PRODUCT_T_TAG: product
+ VERSION_T_TAG: version
+ ACTION_TAG: action
+ LICENSE_TAG: license
+ TITLE_TAG: title
+ COPYRIGHT_TAG: copyright
+ DATE_TAG: date
+ TYPE_TAG: type
+ values:
+ VERSION_VALUE: "1.0"
+ FORMAT_VALUE: "1.0"
+ UPDATE_VALUE: 2050-10-02T10:56Z
+ TARGET_VALUE: windows
+ VENDOR_S_VALUE: ""
+ PRODUCT_S_VALUE_0: ""
+ VERSION_S_VALUE: ""
+ VENDOR_T_VALUE: wazuh-mocking
+ PRODUCT_T_VALUE_0: custom-package-0
+ VERSION_T_VALUE: ^custom-package-0 ([0-9]+\\.*[0-9]*\\.*[0-9]*-*[0-9]*)
+ ACTION_VALUE_0: replace_product
+ ACTION_VALUE_1: replace_vendor
+ TITLE_VALUE: Dictionary of CPEs to analyze system vulnerabilities.
+ COPYRIGHT_VALUE: Copyright (C) 2015-2019, Wazuh Inc.
+ DATE_VALUE: March 6, 2019.
+ TYPE_VALUE: GPLv2
diff --git a/...ity_detector/test_cpe_helper/data/test_cases/cases_cpe_indexing_empty_vendor_version.yaml b/...ity_detector/test_cpe_helper/data/test_cases/cases_cpe_indexing_empty_vendor_version.yaml
@@ -0,0 +1,45 @@
+- name: Missing all the source fields and version translation field
+ description: Indexing CPE helper with missing all the source fields and version translation field
+ configuration_parameters:
+ NVD_JSON_PATH: CUSTOM_NVD_JSON_PATH
+ metadata:
+ system: WINDOWS_10
+ wrong_field: null
+ missing_field: []
+ tags:
+ VERSION_TAG: version
+ FORMAT_TAG: format_version
+ UPDATE_TAG: update_date
+ DICTIONARY_TAG: dictionary
+ TARGET_TAG: target
+ SOURCE_TAG: source
+ VENDOR_S_TAG: vendor
+ PRODUCT_S_TAG: product
+ VERSION_S_TAG: version
+ TRANSLATION_TAG: translation
+ VENDOR_T_TAG: vendor
+ PRODUCT_T_TAG: product
+ VERSION_T_TAG: version
+ ACTION_TAG: action
+ LICENSE_TAG: license
+ TITLE_TAG: title
+ COPYRIGHT_TAG: copyright
+ DATE_TAG: date
+ TYPE_TAG: type
+ values:
+ VERSION_VALUE: "1.0"
+ FORMAT_VALUE: "1.0"
+ UPDATE_VALUE: 2050-10-02T10:56Z
+ TARGET_VALUE: windows
+ VENDOR_S_VALUE: ""
+ PRODUCT_S_VALUE_0: ""
+ VERSION_S_VALUE: ""
+ VENDOR_T_VALUE: wazuh-mocking
+ PRODUCT_T_VALUE_0: custom-package-0
+ VERSION_T_VALUE: ""
+ ACTION_VALUE_0: replace_product
+ ACTION_VALUE_1: replace_vendor
+ TITLE_VALUE: Dictionary of CPEs to analyze system vulnerabilities.
+ COPYRIGHT_VALUE: Copyright (C) 2015-2019, Wazuh Inc.
+ DATE_VALUE: March 6, 2019.
+ TYPE_VALUE: GPLv2