Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Vulnerability Detector integration tests for SUSE Linux Enterprise #2847

Merged
merged 110 commits into from
Jun 2, 2022
Merged

Vulnerability Detector integration tests for SUSE Linux Enterprise #2847

merged 110 commits into from
Jun 2, 2022

Conversation

damarisg
Copy link
Member

@damarisg damarisg commented May 2, 2022
edited by Deblintrake09
Loading

Related issue
Close #2792

Description

For Wazuh v4.5.0 we want to add SUSE Linux Enterprise support for the Wazuh Vulnerability Detector module.

For this reason, it was necessary to:

  • Add a custom feed.
  • Modify the custom feed.
  • Refactor the provider and feed tests.
  • Add independent tests for test_scan_results.

Modules involved:

  • test_vulnerability_detector/test_feeds/test_download_feeds.py
  • test_vulnerability_detector/test_feeds/test_duplicate_feeds.py
  • test_vulnerability_detector/test_feeds/test_import_invalid_feed_type.py
  • test_vulnerability_detector/test_feeds/test_validate_feed_content.py
  • test_vulnerability_detector/test_providers/test_enabled.py
  • test_vulnerability_detector/test_providers/test_missing_os.py
  • test_vulnerability_detector/test_providers/test_multiple_provider_feeds.py
  • test_vulnerability_detector/test_providers/test_os.py
  • test_vulnerability_detector/test_providers/test_update_from_year.py
  • test_vulnerability_detector/test_providers/test_update_interval.py
  • test_vulnerability_detector/test_scan_results/test_scan_nvd_vulnerabilities.py
  • test_vulnerability_detector/test_scan_results/test_scan_provider_and_nvd_vulnerabilities.py
  • test_vulnerability_detector/test_scan_results/test_scan_provider_vulnerabilities.py
  • test_vulnerability_detector/test_scan_results/test_scan_vulnerability_removal.py

Logs example

Test Path Os/Type Execution Type Results Date By
test/integration/test_vulnerability_detector/ CentOS - Manager Local 🟢 🟢 🟢 2022/05/24 @Deblintrake09
test/integration/test_vulnerability_detector/ CentOS - Manager Jenkins 🟢 🟢 🟢 2022/05/24 @Deblintrake09

CamiRomero and others added 30 commits April 22, 2022 10:01
@CamiRomero
add: Add custom feeds for suse
e84613a
@CamiRomero
add: Add test case enable for SUSE Linux
889dcbe
@CamiRomero
add: Add test case disabled for SUSE Linux
aa5559e
@CamiRomero
add: Add test case 'missing OS' for SUSE Linux
a5bc7dd
@CamiRomero
add: Add test cases to 'test_os'
a61ca6f
@CamiRomero
add: Add suse case to 'cases_update_from_year'
59a3444
@CamiRomero
fix: Fix typo in SUSE
c1e62e2
@CamiRomero
add: Add case for suse to 'update_interval'
6343950
@CamiRomero
add: Add test documentation for SUSE
c0b316c
@CamiRomero
rm: Remove imports
f4c4a0b
@Deblintrake09
add: new mocking agent systems
18e8d1d
@Deblintrake09
add: SUSE test cases for test_no_agent_data
54ff211
@Deblintrake09
docu: add tested SUSE systems - test_no_agent_data
e673ff0
@Deblintrake09
add: test cases and config for SUSE cases
233ff90
@damarisg
add: Add cases of download feeds in the yaml file.
901bec1
@CamiRomero
fix: Fix provider_os in 'cases_download_feeds'
1d7b62b
@CamiRomero
add: Add suse to cases_duplicated.yaml
2c29821
@CamiRomero
Modify test in order to run suse cases
44ddac9
@CamiRomero
add: Add invalid case for SUSE
da49f4c
@CamiRomero
add: Add configuration for suse
3f55c6b
@CamiRomero
add: add cases for suse in 'validate test'
1cc8c15
@CamiRomero
add: Add test documentation for suse
7fea69e
@CamiRomero
rm: Remove unnecesary imports
ecba83a
@CamiRomero
add: Add custom_suse_oval_fedd variable
ec3807c
@CamiRomero
Add: Add cases fot all OS - suse
621dc52
@CamiRomero
add: Add test cases enableb for all OS - suse
e3ff6d5
@Deblintrake09
add: generate suse vulnerabilites json
c9d02cd
@Deblintrake09
fix: modify execute_sqlite_query to return values
fe95d2e
@Deblintrake09
add: SUSE systems to mock SYSTEM_DATA array
c237cd7
@Deblintrake09
add: vendor tag to update_feed_path_configurations
c3fbc94
damarisg
damarisg commented May 24, 2022
View reviewed changes
Copy link
Member Author

@damarisg damarisg left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I approved it.

Test Path Os/Type Execution Type Results Date By
test/integration/test_vulnerability_detector/ CentOS - Manager Jenkins 🟢 🟢 🟢 2022/05/24/ Seyla

@Deblintrake09 Deblintrake09 self-requested a review May 26, 2022 13:08
jmv74211
jmv74211 suggested changes May 27, 2022
View reviewed changes
deps/wazuh_testing/wazuh_testing/modules/vulnerability_detector/__init__.py Outdated Show resolved Hide resolved
deps/wazuh_testing/wazuh_testing/modules/vulnerability_detector/__init__.py Outdated Show resolved Hide resolved
tests/integration/test_vulnerability_detector/conftest.py Outdated Show resolved Hide resolved
tests/integration/test_vulnerability_detector/test_feeds/test_download_feeds.py Outdated Show resolved Hide resolved
tests/integration/test_vulnerability_detector/test_feeds/test_download_feeds.py Outdated Show resolved Hide resolved
tests/integration/test_vulnerability_detector/test_feeds/test_download_feeds.py Outdated Show resolved Hide resolved
...integration/test_vulnerability_detector/test_providers/data/test_cases/cases_missing_os.yaml Outdated Show resolved Hide resolved
tests/integration/test_vulnerability_detector/test_providers/test_multiple_provider_feeds.py Outdated Show resolved Hide resolved
...integration/test_vulnerability_detector/test_scan_results/test_scan_vulnerability_removal.py Show resolved Hide resolved
@Deblintrake09
Copy link
Contributor

Regarding questions made about the PR:

  • the Extra SUSE15 package is the OS version package installed in the agent, and it is required for the SUSE OVAL feed to work properly because every vulnerable package is paired with the OS versions it is vulnerable for. If the package is not found in the Agent's packages, VDT will not find any vulnerabilities.
  • After a thorough search I was unable to find how frequently the SUSE feed is updated. It was left with 2 weeks, since that is the time the other feeds were using. Looking at the OVAL advisories the data in there is updated almost every day, but that does not give us an indication of exactly how frequently the feed is updated, on would think that 2 weeks can be sufficient time for the new changes to be migrated to a feed (ALAS does the same and updates it's feed almost daily).

@Deblintrake09
Copy link
Contributor

Deblintrake09 commented May 31, 2022
edited
Loading

Test Path Os/Type Execution Type Results Date By
test/integration/test_vulnerability_detector/ CentOS - Manager Jenkins 🟢 🟢 🟢 2022/05/31 @Deblintrake09

jmv74211
jmv74211 previously approved these changes Jun 1, 2022
View reviewed changes
@jmv74211 jmv74211 merged commit 72322a8 into master Jun 2, 2022
@jmv74211 jmv74211 deleted the 2792-add-support-for-SUSE-OVAL-in-Vulnerability-Detector branch June 2, 2022 14:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jmv74211 jmv74211 jmv74211 approved these changes

@Deblintrake09 Deblintrake09 Awaiting requested review from Deblintrake09

@CamiRomero CamiRomero Awaiting requested review from CamiRomero

Assignees
No one assigned
Labels
feature/vuln-detector test/integration
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Add Vulnerability Detector integration tests for SUSE Linux Enterprise
4 participants
@damarisg @Deblintrake09 @jmv74211 @CamiRomero