Skip to content

Commit

Permalink
Merge branch '4.8.0' into fix/5415-include-retry-install-package
Browse files Browse the repository at this point in the history
  • Loading branch information
@Rebits
Rebits committed May 23, 2024
2 parents 8fff957 + 4be8d40 commit 963fd38
Show file tree
Hide file tree
Showing 11 changed files with 179 additions and 72 deletions.
6 changes: 6 additions & 0 deletions CHANGELOG.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,8 @@ All notable changes to this project will be documented in this file.

### Changed

- Include "Agent key already in use" in the E2E Vulnerability Detection expected error list. ([#5409](https://github.com/wazuh/wazuh-qa/pull/5409)) \- (Tests)
- Update vulnerability state index name ([#5402](https://github.com/wazuh/wazuh-qa/pull/5402)) \- (Framework)
- Include new package information from wdb ([#5350](https://github.com/wazuh/wazuh-qa/pull/5350)) \- (Tests)
- Disable debug evidences for Vulnerability Detector E2E tests by default ([#5331](https://github.com/wazuh/wazuh-qa/pull/5331)) \- (Tests)
- Include CVE-2023-4822 vulnerability to grafana packages ([#5332](https://github.com/wazuh/wazuh-qa/pull/5332)) \- (Framework)
Expand Down Expand Up @@ -63,6 +65,9 @@ All notable changes to this project will be documented in this file.
### Fixed

- Include logic to retry package installation if the lock file is currently in use ([#5421](https://github.com/wazuh/wazuh-qa/pull/5421)) \- (Framework)
- Increase E2E Vulnerability detection change manager test timeout ([#5414](https://github.com/wazuh/wazuh-qa/pull/5414)) \- (Tests)
- Fix filter vulnerabilities function in case of multiple packages are used ([#5419](https://github.com/wazuh/wazuh-qa/pull/5419)) \- (Framework)
- Remove false positive from E2E Vulnerability Detection tests ([#5369](https://github.com/wazuh/wazuh-qa/pull/5369)) \- (Framework)
- Fix multigroups guess system test ([#5396](https://github.com/wazuh/wazuh-qa/pull/5396)) \- (Tests)
- Fix hotfixes syscollector agent simulator messages ([#5379](https://github.com/wazuh/wazuh-qa/pull/5379)) \- (Framework)
- Fix restart agent in change manager Vulnerability Detector E2E test case ([#5355](https://github.com/wazuh/wazuh-qa/pull/5355)) \- (Tests)
Expand Down Expand Up @@ -108,6 +113,7 @@ All notable changes to this project will be documented in this file.
- Fix test cluster performance. ([#4780](https://github.com/wazuh/wazuh-qa/pull/4780)) \- (Framework)
- Fixed the graphic generation for the logcollectord statistics files. ([#5021](https://github.com/wazuh/wazuh-qa/pull/5021)) \- (Framework)

## [4.7.5] - TBD

## [4.7.4] - 29/04/2024

Expand Down
37 changes: 35 additions & 2 deletions deps/wazuh_testing/wazuh_testing/end_to_end/indexer_api.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,19 @@
This module provides functions to interact with the Wazuh Indexer API.
Functions:
- get_indexer_values: Retrieves values from the Indexer API.
- get_wazuh_states_vulnerabilities_indexname(cluster_name: str) -> str:
Generate the Wazuh states vulnerabilities index name for a given cluster.
- create_vulnerability_states_indexer_filter(target_agent: str = None,
greater_than_timestamp: str = None) -> dict
Create a filter for the Indexer API for the vulnerability state index.
- create_alerts_filter(target_agent: str = None, greater_than_timestamp: str = None) -> dict
Create a filter for the Indexer API for the alerts index.
- get_indexer_values(host_manager: HostManager, credentials: dict = {'user': 'admin', 'password': 'changeme'},
index: str = 'wazuh-alerts*', filter: dict = None, size: int = 10000) -> Dict
Get values from the Wazuh Indexer API.
- delete_index(host_manager: HostManager, credentials: dict = {'user': 'admin', 'password': 'changeme'},
index: str = 'wazuh-alerts*')
Delete index from the Wazuh Indexer API.
Copyright (C) 2015, Wazuh Inc.
Created by Wazuh, Inc. <info@wazuh.com>.
Expand All @@ -18,7 +30,28 @@
from wazuh_testing.tools.system import HostManager


WAZUH_STATES_VULNERABILITIES_INDEXNAME = 'wazuh-states-vulnerabilities'
WAZUH_STATES_VULNERABILITIES_INDEXNAME_TEMPLATE = 'wazuh-states-vulnerabilities-{cluster_name}'


def get_wazuh_states_vulnerabilities_indexname(cluster_name: str = 'wazuh') -> str:
"""
Generate the Wazuh states vulnerabilities index name for a given cluster.
This function takes a cluster name as input and returns the corresponding
Wazuh states vulnerabilities index name by inserting the cluster name into
a predefined template.
Args:
cluster_name (str): The name of the cluster to be included in the index name.
Returns:
str: The formatted Wazuh states vulnerabilities index name.
Example:
>>> get_wazuh_states_vulnerabilities_indexname('cluster1')
'wazuh-states-vulnerabilities-cluster1'
"""
return WAZUH_STATES_VULNERABILITIES_INDEXNAME_TEMPLATE.format(cluster_name=cluster_name)


def create_vulnerability_states_indexer_filter(target_agent: str = None,
Expand Down
8 changes: 5 additions & 3 deletions deps/wazuh_testing/wazuh_testing/end_to_end/remote_operations_handler.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -97,6 +97,7 @@ def filter_vulnerabilities_by_packages(host_manager: HostManager,
vulnerabilities: Dict, packages_data: List) -> Dict:
filtered_vulnerabilities = {}
for host in vulnerabilities.keys():
packages_to_filter = set()
filtered_vulnerabilities[host] = []
host_os_name = host_manager.get_host_variables(host)["os"].split("_")[0]
host_os_arch = host_manager.get_host_variables(host)["architecture"]
Expand All @@ -105,10 +106,11 @@ def filter_vulnerabilities_by_packages(host_manager: HostManager,
package_id = package_data[host_os_name][host_os_arch]
data = load_packages_metadata()[package_id]
package_name = data["package_name"]
packages_to_filter.add(package_name)

for vulnerability in vulnerabilities[host]:
if vulnerability.package_name == package_name:
filtered_vulnerabilities[host].append(vulnerability)
for vulnerability in vulnerabilities[host]:
if vulnerability.package_name in list(packages_to_filter):
filtered_vulnerabilities[host].append(vulnerability)

return filtered_vulnerabilities

Expand Down
7 changes: 4 additions & 3 deletions deps/wazuh_testing/wazuh_testing/end_to_end/vulnerability_detector.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@

from wazuh_testing.tools.system import HostManager
from wazuh_testing.end_to_end.indexer_api import get_indexer_values, create_vulnerability_states_indexer_filter, \
create_alerts_filter, WAZUH_STATES_VULNERABILITIES_INDEXNAME
create_alerts_filter, get_wazuh_states_vulnerabilities_indexname
from wazuh_testing.end_to_end.regex import REGEX_PATTERNS
from collections import namedtuple

Expand Down Expand Up @@ -275,7 +275,7 @@ def parse_vulnerability_from_state(state):


def get_vulnerabilities_from_states_by_agent(host_manager: HostManager, agents: List[str],
greater_than_timestamp: str = None) -> dict:
greater_than_timestamp: str = None, cluster_name='wazuh') -> dict:
"""Get vulnerabilities from the vulnerability state index by agent.
Args:
Expand All @@ -302,11 +302,12 @@ def get_vulnerabilities_from_states_by_agent(host_manager: HostManager, agents:
for agent in agents:
agent_all_vulnerabilities = []
try:
index = get_wazuh_states_vulnerabilities_indexname(cluster_name)
states_filter = create_vulnerability_states_indexer_filter(target_agent=agent,
greater_than_timestamp=greater_than_timestamp)
agent_all_vulnerabilities = get_indexer_values(host_manager,
filter=states_filter,
index=WAZUH_STATES_VULNERABILITIES_INDEXNAME,
index=index,
credentials={'user': indexer_user,
'password': indexer_password}
)['hits']['hits']
Expand Down
66 changes: 42 additions & 24 deletions ...wazuh_testing/wazuh_testing/end_to_end/vulnerability_detector_packages/vuln_packages.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,8 +31,7 @@
"CVE-2022-31097",
"CVE-2022-23552",
"CVE-2022-23498",
"CVE-2023-3128",
"CVE-2023-4822"
"CVE-2023-3128"
],
"urls": {
"ubuntu": {
Expand Down Expand Up @@ -63,8 +62,7 @@
"CVE-2022-31097",
"CVE-2022-23552",
"CVE-2022-23498",
"CVE-2023-3128",
"CVE-2023-4822"
"CVE-2023-3128"
],
"urls": {
"centos": {
Expand Down Expand Up @@ -95,7 +93,7 @@
"CVE-2022-31097",
"CVE-2022-23552",
"CVE-2022-23498",
"CVE-2023-4822"
"CVE-2023-3128"
],
"urls": {
"ubuntu": {
Expand Down Expand Up @@ -126,7 +124,7 @@
"CVE-2022-31097",
"CVE-2022-23552",
"CVE-2022-23498",
"CVE-2023-4822"
"CVE-2023-3128"
],
"urls": {
"centos": {
Expand All @@ -136,6 +134,30 @@
},
"uninstall_name": "grafana*"
},
"grafana-8.5.27": {
"package_name": "grafana",
"package_version": "8.5.27",
"CVE": [],
"urls": {
"ubuntu": {
"amd64": "https://dl.grafana.com/oss/release/grafana_8.5.27_amd64.deb",
"arm64v8": "https://dl.grafana.com/oss/release/grafana_8.5.27_arm64.deb"
}
},
"uninstall_name": "grafana*"
},
"grafana-8.5.27-1": {
"package_name": "grafana",
"package_version": "8.5.27-1",
"CVE": [],
"urls": {
"centos": {
"amd64": "https://dl.grafana.com/oss/release/grafana-8.5.27-1.x86_64.rpm",
"arm64v8": "https://dl.grafana.com/oss/release/grafana-8.5.27-1.aarch64.rpm"
}
},
"uninstall_name": "grafana*"
},
"grafana-9.1.1": {
"package_name": "grafana",
"package_version": "9.1.1",
Expand All @@ -152,8 +174,7 @@
"CVE-2022-31130",
"CVE-2022-31123",
"CVE-2022-23552",
"CVE-2022-23498",
"CVE-2023-4822"
"CVE-2022-23498"
],
"urls": {
"ubuntu": {
Expand All @@ -179,8 +200,7 @@
"CVE-2022-31130",
"CVE-2022-31123",
"CVE-2022-23552",
"CVE-2022-23498",
"CVE-2023-4822"
"CVE-2022-23498"
],
"urls": {
"centos": {
Expand All @@ -206,8 +226,7 @@
"CVE-2022-39307",
"CVE-2022-39306",
"CVE-2022-23552",
"CVE-2022-23498",
"CVE-2023-4822"
"CVE-2022-23498"
],
"urls": {
"ubuntu": {
Expand All @@ -233,8 +252,7 @@
"CVE-2022-39307",
"CVE-2022-39306",
"CVE-2022-23552",
"CVE-2022-23498",
"CVE-2023-4822"
"CVE-2022-23498"
],
"urls": {
"centos": {
Expand Down Expand Up @@ -292,26 +310,26 @@
},
"uninstall_name": "grafana*"
},
"grafana-10.0.0": {
"grafana-9.5.17": {
"package_name": "grafana",
"package_version": "10.0.0",
"CVE": ["CVE-2023-4822", "CVE-2023-4399", "CVE-2023-4822"],
"package_version": "9.5.17",
"CVE": [],
"urls": {
"ubuntu": {
"amd64": "https://dl.grafana.com/oss/release/grafana_10.0.0_amd64.deb",
"arm64v8": "https://dl.grafana.com/oss/release/grafana_10.0.0_arm64.deb"
"amd64": "https://dl.grafana.com/oss/release/grafana_9.5.17_amd64.deb",
"arm64v8": "https://dl.grafana.com/oss/release/grafana_9.5.17_arm64.deb"
}
},
"uninstall_name": "grafana*"
},
"grafana-10.0.0-1": {
"grafana-9.5.17-1": {
"package_name": "grafana",
"package_version": "10.0.0-1",
"CVE": ["CVE-2023-4822", "CVE-2023-4399", "CVE-2023-4822"],
"package_version": "9.5.17-1",
"CVE": [],
"urls": {
"centos": {
"amd64": "https://dl.grafana.com/oss/release/grafana-10.0.0-1.x86_64.rpm",
"arm64v8": "https://dl.grafana.com/oss/release/grafana-10.0.0-1.aarch64.rpm"
"amd64": "https://dl.grafana.com/oss/release/grafana-9.5.17-1.x86_64.rpm",
"arm64v8": "https://dl.grafana.com/oss/release/grafana-9.5.17-1.aarch64.rpm"
}
},
"uninstall_name": "grafana*"
Expand Down
2 changes: 1 addition & 1 deletion deps/wazuh_testing/wazuh_testing/qa_docs/schema.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -200,8 +200,8 @@ predefined_values:
- 4.7.2
- 4.7.3
- 4.7.4
- 4.7.5
- 4.8.0

tags:
- active_response
- agentd
Expand Down
19 changes: 10 additions & 9 deletions deps/wazuh_testing/wazuh_testing/tools/performance/statistic.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -154,8 +154,9 @@ def _parse_api_data(self):
"""Read the data generated by Wazuh API."""

API_URL = f"https://{self.ip}:{self.port}"
CLUSTER_NAME = 'wazuh'
DAEMONS_ENDPOINT= f"/manager/daemons/stats?daemons_list={self.daemon}&wait_for_complete=true"
VULNS_ENDOPOINT= f"/wazuh-states-vulnerabilities/_count"
VULNS_ENDOPOINT= f"/wazuh-states-vulnerabilities-{CLUSTER_NAME}/_count"
ALERTS_ENDPOINT= f"/wazuh-alerts-4.x-*/_count"
TOKEN_ENDPOINT="/security/user/authenticate"

Expand All @@ -164,7 +165,7 @@ def _parse_api_data(self):
max_retries = 3
token_response = None
daemon_response = None
data = None
data = None

if(self.target == "vulnerabilities"):
for _ in range(max_retries):
Expand Down Expand Up @@ -244,22 +245,22 @@ def _write_csv(self, data, target, csv_file):
csv_header = headers.agentd_header

header = not isfile(csv_file)

with open(csv_file, 'a+') as log:

if header:
log.write(f'{",".join(csv_header)}\n')

timestamp = datetime.fromtimestamp(time()).strftime('%Y-%m-%d %H:%M:%S')

if self.use_state_file == False:
if target not in ["vulnerabilities", "alerts"]:
format = r"%Y-%m-%dT%H:%M:%S+%f:00"
datetime_timestamp = datetime.strptime(data['timestamp'], format)
datetime_uptime = datetime.strptime(data['uptime'], format)
interval = (datetime_timestamp - datetime_uptime).total_seconds()

if target == "analysis":
if target == "analysis":
metrics = data['metrics']
decoded = metrics['events']['received_breakdown']['decoded_breakdown']
decoded_modules = decoded['modules_breakdown']
Expand Down Expand Up @@ -425,11 +426,11 @@ def _write_csv(self, data, target, csv_file):
ag_bd['tables']['syscheck']['fim_file'], # 17
ag_bd['tables']['syscheck']['fim_registry'], # 18
ag_bd['tables']['syscheck']['fim_registry_key'], # 19
ag_bd['tables']['syscheck']['fim_registry_value'], # 20
ag_bd['tables']['syscheck']['fim_registry_value'], # 20
ag_bd['tables']['syscollector']['syscollector_hotfixes'], # 21
ag_bd['tables']['syscollector']['syscollector_hwinfo'], # 22
ag_bd['tables']['syscollector']['syscollector_hwinfo'], # 22
ag_bd['tables']['syscollector']['syscollector_network_address'], # 23
ag_bd['tables']['syscollector']['syscollector_network_iface'], # 24
ag_bd['tables']['syscollector']['syscollector_network_iface'], # 24
ag_bd['tables']['syscollector']['syscollector_network_protocol'], # 25
ag_bd['tables']['syscollector']['syscollector_osinfo'], # 26
ag_bd['tables']['syscollector']['syscollector_packages'], # 27
Expand All @@ -438,7 +439,7 @@ def _write_csv(self, data, target, csv_file):
vulnerability_data, # 30
received_breakdown['global'], # 31
glob_bd['db']['backup'], # 32
glob_bd['db']['sql'], # 33
glob_bd['db']['sql'], # 33
glob_bd['db']['vacuum'], # 34
glob_bd['db']['get_fragmentation'], # 35
glob_bd['tables']['agent']['delete-agent'], # 36
Expand Down
10 changes: 10 additions & 0 deletions deps/wazuh_testing/wazuh_testing/tools/system.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -888,6 +888,16 @@ def get_api_credentials(self):

return user, password

def get_cluster_name(self):
manager_list = self.get_group_hosts('manager')
if not manager_list:
raise ValueError("No manager is defined in the environment")

first_manager_vars = self.inventory_manager.get_host(manager_list[0])
cluster_name = first_manager_vars.vars.get('cluster_name', 'wazuh')

return cluster_name

def get_indexer_credentials(self):
default_user = 'admin'
default_password = 'changeme'
Expand Down
Loading

0 comments on commit 963fd38

Please sign in to comment.