Add VDT does not report updated vulnerable packages as Solved IT support

[Deblintrake09]

Target version	Related issue	Related PR	Planning
master	wazuh/wazuh#13354	wazuh/wazuh#17052	#4039

Description

This Issue add IT support for Vulnerability Detector, that when a package with a vulnerability is updated with a version that is still vulnerable, the vulnerability is not shown as solved, as it creates confusion.

Test Cases

Tier 0 -Updating package that is still vulnerable does not show CVE as solved

   Given an agent with a vulnerable package associated to a CVE
   When the package is replaced by another version that is still vulnerable to the same CVE
   Then an alert about the new version being vulnerable is fired
   And no alert about the removed version being "solved" is fired

Steps to reproduce

• Configure Manager with custom feed

<oval_definitions
    xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5"
    xmlns:ind-def="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent"
    xmlns:oval="http://oval.mitre.org/XMLSchema/oval-common-5"
    xmlns:unix-def="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix"
    xmlns:linux-def="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://oval.mitre.org/XMLSchema/oval-common-5 oval-common-schema.xsd   http://oval.mitre.org/XMLSchema/oval-definitions-5 oval-definitions-schema.xsd   http://oval.mitre.org/XMLSchema/oval-definitions-5#independent independent-definitions-schema.xsd   http://oval.mitre.org/XMLSchema/oval-definitions-5#unix unix-definitions-schema.xsd   http://oval.mitre.org/XMLSchema/oval-definitions-5#macos linux-definitions-schema.xsd">

    <generator>
        <oval:product_name>Canonical CVE OVAL Generator</oval:product_name>
        <oval:product_version>1.1</oval:product_version>
        <oval:schema_version>5.11.1</oval:schema_version>
        <oval:timestamp>2021-11-16T15:30:28</oval:timestamp>
    </generator>
    <definitions>
        <definition class="vulnerability" id="oval:com.ubuntu.focal:def:200224390000000" version="1">
            <metadata>
                <title>CVE-2022-2022 on Ubuntu 20.04 (focal) - low.</title>
                <description>Dummy description</description>
                <affected family="unix">
                    <platform>Ubuntu 20.04</platform>
                </affected>
                <reference source="CVE" ref_id="CVE-2022-2022" ref_url="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2022" />
                <advisory>
                    <severity>Low</severity>
                    <rights>Copyright (C) 2015 Canonical Ltd.</rights>
                    <public_date>2022-05-04</public_date>
                    <ref>http://people.canonical.com/~ubuntu-security/cve/2002/CVE-2022-2022.html</ref>
                </advisory>
            </metadata>
            <criteria>
                <extend_definition definition_ref="oval:com.ubuntu.focal:def:100" comment="Ubuntu 20.04 (focal) is installed." applicability_check="true" />
                <criteria operator="OR">
                    <criterion test_ref="oval:com.ubuntu.focal:tst:200224390000040" comment="dummy-fixed package in focal, is related to the CVE in some way and has been fixed (note: '10.0.0-0ubuntu1')." />
                </criteria>
            </criteria>
        </definition>
    </definitions>
    <tests>
        <linux-def:dpkginfo_test id="oval:com.ubuntu.focal:tst:200224390000040" version="1" check_existence="at_least_one_exists" check="at least one" comment="Does the 'dummy-fixed' package exist and is the version less than '10.0.0-0ubuntu1'?">
            <linux-def:object object_ref="oval:com.ubuntu.focal:obj:200224390000040"/>
            <linux-def:state state_ref="oval:com.ubuntu.focal:ste:200224390000040" />
        </linux-def:dpkginfo_test>
    </tests>
    <objects>
        <linux-def:dpkginfo_object id="oval:com.ubuntu.focal:obj:200224390000040" version="1" comment="The 'dummy-fixed' package binary.">
            <linux-def:name var_ref="oval:com.ubuntu.focal:var:200224390000040" var_check="at least one" />
            <linux-def:name>dummy-fixed</linux-def:name>
        </linux-def:dpkginfo_object>
    </objects>
    <states>
        <linux-def:dpkginfo_state id="oval:com.ubuntu.focal:ste:200224390000040" version="1" comment="The package version is less than '0:10.0.0-0ubuntu1'.">
            <linux-def:evr datatype="debian_evr_string" operation="less than">0:10.0.0-0ubuntu1</linux-def:evr>
        </linux-def:dpkginfo_state>
    </states>
    <variables>
        <constant_variable id="oval:com.ubuntu.focal:var:200224390000040" version="1" datatype="string" comment="'dummy-fixed' package binaries">
            <value>dummy-fixed</value>
        </constant_variable>
    </variables>
</oval_definitions>

• Install vulnerable package an allow for vulnerability scan to run
• Update package to newer version that is still vulnerable
• Validate alerts generated

[Deblintrake09]

Update 27/03/2023

• Design ITs
• Try to replicate error 🔴
• Ask Core about found behavior in 4.3.0

[Deblintrake09]

Update 28/03/2023

• Finish writing IT tests
• Move Issue to blocked until development is finished

[Deblintrake09]

Update 07/07/2023

• Update branch and check tests are working

[Deblintrake09]

Update 24/07/2023

• Finish fixing tests and update documentation and style
• Create new branch as old had unsigned commits and was hard to recover because of merge commits
• Launch Executions 🟢
• Ready to review

[Deblintrake09]

Update 03/08/2023

• Created new branch targetting 4.7.0
• Applied requested changes

[Deblintrake09]

Reopen to track removal of tests in 4.7.0