diff --git a/CHANGELOG.md b/CHANGELOG.md
index d0307be19d..8de0a77007 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -20,6 +20,7 @@ Release report: TBD
### Added
+- Add support for SUSE systems in VDT tests ([#2902](https://github.com/wazuh/wazuh-qa/pull/2902))
- Test `global backup` WDB command ([#2637](https://github.com/wazuh/wazuh-qa/pull/2637)
- Test `sync-agens-groups-get` WDB command ([#2626](https://github.com/wazuh/wazuh-qa/pull/2626)
- Test `wazuhdb getconfig` WDB command ([2627#](https://github.com/wazuh/wazuh-qa/pull/2627))
diff --git a/deps/wazuh_testing/wazuh_testing/db_interface/agent_db.py b/deps/wazuh_testing/wazuh_testing/db_interface/agent_db.py
index 2366d981db..affb3c940e 100644
--- a/deps/wazuh_testing/wazuh_testing/db_interface/agent_db.py
+++ b/deps/wazuh_testing/wazuh_testing/db_interface/agent_db.py
@@ -54,7 +54,7 @@ def insert_hotfix(agent_id='000', scan_id=int(time()), scan_time=datetime.dateti
def insert_os_info(agent_id='000', scan_id=int(time()), scan_time=datetime.datetime.now().strftime("%Y/%m/%d %H:%M:%S"),
- hostname='centos8', architecture='x64', os_name='CentOS Linux', os_version='8.4', os_codename= '',
+ hostname='centos8', architecture='x64', os_name='CentOS Linux', os_version='8.4', os_codename='',
os_major='8', os_minor='4', os_patch='', os_build='', os_platform='centos', sysname='Linux',
release='', version='', os_release='', checksum='dummychecksum', os_display_version='', triaged=0,
reference=''):
@@ -138,6 +138,7 @@ def insert_package(agent_id='000', scan_id=int(time()), format='rpm', name='cust
f"{arguments['description']}, {arguments['location']}, {arguments['triaged']}, {arguments['checksum']},"
f"{arguments['item_id']})")
+
def update_sync_info(agent_id='000', component='syscollector-packages', last_attempt=1, last_completion=1,
n_attempts=0, n_completions=0, last_agent_checksum=''):
"""Update the sync_info table of the specified agent for the selected component.
@@ -215,7 +216,7 @@ def delete_os_info(agent_id='000'):
def update_os_info(agent_id='000', scan_id=int(time()), scan_time=datetime.datetime.now().strftime("%Y/%m/%d %H:%M:%S"),
- hostname='centos8', architecture='x64', os_name='CentOS Linux', os_version='8.4', os_codename= '',
+ hostname='centos8', architecture='x64', os_name='CentOS Linux', os_version='8.4', os_codename='',
os_major='8', os_minor='4', os_patch='', os_build='', os_platform='centos', sysname='Linux',
release='', version='', os_release='', checksum='dummychecksum', os_display_version='', triaged=0,
reference=''):
diff --git a/deps/wazuh_testing/wazuh_testing/db_interface/cve_db.py b/deps/wazuh_testing/wazuh_testing/db_interface/cve_db.py
index 95733b5ce3..750f8c53b8 100644
--- a/deps/wazuh_testing/wazuh_testing/db_interface/cve_db.py
+++ b/deps/wazuh_testing/wazuh_testing/db_interface/cve_db.py
@@ -63,7 +63,7 @@ def insert_vulnerability(cveid='CVE-000', target='RHEL7', target_minor='',
reference='https://github.com/wazuh/wazuh-qa', target_v='REDHAT', cvss='10.000000',
cvss_vector='AV:N/AC:L/Au:N/C:C/I:C/A:C', rationale='Wazuh integration test vulnerability',
cvss3='', bugzilla_reference='https://github.com/wazuh/wazuh-qa', cwe='WVE-000 -> WVE-001',
- advisory='RHSA-2010:0029', ref_target='RHEL'):
+ advisory='RHSA-2010:0029', ref_target='RHEL', deps_id='0'):
"""Insert a vulnerability in CVE database.
Args:
@@ -87,10 +87,11 @@ def insert_vulnerability(cveid='CVE-000', target='RHEL7', target_minor='',
cwe (str): CWE ID.
advisory (str): Advisory ID.
ref_target (str): OS target ID.
+ deps_id (str): id of the dependencies related to the vulnerability.
"""
queries = [
- 'INSERT INTO VULNERABILITIES (cveid, target, target_minor, package, operation, operation_value) VALUES '
- f"('{cveid}', '{target}', '{target_minor}', '{package}', '{operation}', '{operation_value}')",
+ 'INSERT INTO VULNERABILITIES (cveid, target, target_minor, package, operation, operation_value, deps_id) VALUES'
+ f" ('{cveid}', '{target}', '{target_minor}', '{package}', '{operation}', '{operation_value}', '{deps_id}')",
'INSERT INTO VULNERABILITIES_INFO (ID, title, severity, published, updated, target, rationale, cvss, '
f"cvss_vector, CVSS3, cwe) VALUES ('{cveid}', '{title}', '{severity}', '{published}', '{updated}', "
diff --git a/deps/wazuh_testing/wazuh_testing/mocking/__init__.py b/deps/wazuh_testing/wazuh_testing/mocking/__init__.py
index bfc6c6fc4f..989d722783 100644
--- a/deps/wazuh_testing/wazuh_testing/mocking/__init__.py
+++ b/deps/wazuh_testing/wazuh_testing/mocking/__init__.py
@@ -41,24 +41,24 @@
'WINDOWS_SERVER_2019': {'os_name': 'Microsoft Windows Server 2019', 'os_major': '10', 'os_minor': '0',
'os_platform': 'windows', 'name': 'windows_server_2019', 'os_version': '1000'},
'WINDOWS_SERVER_2022_1': {'os_name': 'Microsoft Windows Server 2022', 'os_major': '10', 'os_minor': '0',
- 'os_platform': 'windows', 'name': 'windows_server_2022', 'os_version': '1000'},
+ 'os_platform': 'windows', 'name': 'windows_server_2022', 'os_version': '1000'},
'WINDOWS_SERVER_2022_2': {'os_name': 'Microsoft Windows Server 2022', 'os_major': '10', 'os_minor': '0',
- 'os_platform': 'windows', 'name': 'windows_server', 'os_version': '1000'},
+ 'os_platform': 'windows', 'name': 'windows_server', 'os_version': '1000'},
'MAC': {'os_name': 'Mac OS X', 'os_major': '10', 'os_minor': '15', 'os_platform': 'darwin',
'name': 'macos-catalina'},
'MACS': {'os_name': 'Mac OS X Server', 'os_major': '5', 'os_minor': '10', 'os_platform': 'darwin',
'name': 'macos-server'},
'ARCH': {'os_name': 'Arch Linux', 'os_major': '', 'os_minor': '', 'os_platform': '', 'name': 'archlinux'},
'ALAS': {'hostname': 'amz', 'architecture': 'x86_64', 'os_name': 'Amazon Linux AMI', 'os_version': '2018.03',
- 'os_codename': '', 'os_major': '2018', 'os_minor': '03', 'os_patch': '', 'os_build': '',
- 'os_platform': 'amzn', 'sysname': 'Linux', 'release': '4.14.97-74.72.amzn1.x86_64',
- 'version': 'Wazuh v4.3.0', 'os_release': '', 'checksum': '1645433796303855540', 'os_display_version': '',
- 'triaged': '0', 'reference': '0886f3023b131f5bf1ecbc33f651807114cb5a53', 'name': 'amz', 'ip': '127.0.0.1',
- 'register_ip': '127.0.0.1', 'internal_key': '',
- 'os_uname': 'Linux |amz |4.14.97-74.72.amzn1.x86_64 |#1 SMP Tue Feb 5 20:59:30 UTC 2019 |x86_64',
- 'os_arch': 'x86_64', 'config_sum': '', 'merged_sum': '', 'manager_host': 'amz', 'node_name': 'node01',
- 'date_add': '1645433793', 'last_keepalive': '253402300799', 'sync_status': 'synced',
- 'connection_status': 'active', 'disconnection_time': '0'},
+ 'os_codename': '', 'os_major': '2018', 'os_minor': '03', 'os_patch': '', 'os_build': '',
+ 'os_platform': 'amzn', 'sysname': 'Linux', 'release': '4.14.97-74.72.amzn1.x86_64',
+ 'version': 'Wazuh v4.3.0', 'os_release': '', 'checksum': '1645433796303855540', 'os_display_version': '',
+ 'triaged': '0', 'reference': '0886f3023b131f5bf1ecbc33f651807114cb5a53', 'name': 'amz', 'ip': '127.0.0.1',
+ 'register_ip': '127.0.0.1', 'internal_key': '',
+ 'os_uname': 'Linux |amz |4.14.97-74.72.amzn1.x86_64 |#1 SMP Tue Feb 5 20:59:30 UTC 2019 |x86_64',
+ 'os_arch': 'x86_64', 'config_sum': '', 'merged_sum': '', 'manager_host': 'amz', 'node_name': 'node01',
+ 'date_add': '1645433793', 'last_keepalive': '253402300799', 'sync_status': 'synced',
+ 'connection_status': 'active', 'disconnection_time': '0'},
'ALAS2': {'hostname': 'alas2', 'architecture': 'x86_64', 'os_name': 'Amazon Linux', 'os_version': '2',
'os_codename': '', 'os_major': '2', 'os_minor': '', 'os_patch': '', 'os_build': '', 'os_platform': 'amzn',
'sysname': 'Linux', 'release': '4.14.198-152.320.amzn2.x86_64', 'version': 'Wazuh v4.3.0',
@@ -103,7 +103,26 @@
'BUSTER': {'os_name': 'Debian GNU/Linux', 'os_major': '10', 'os_minor': '0', 'os_platform': 'debian',
'name': 'debian10'},
'STRETCH': {'os_name': 'Debian GNU/Linux', 'os_major': '9', 'os_minor': '0', 'os_platform': 'debian',
- 'name': 'debian9'}
+ 'name': 'debian9'},
+ 'SLED11': {'hostname': 'sled', 'architecture': 'x86_64', 'os_name': 'SLED', 'os_major': '11', 'os_minor': '',
+ 'os_platform': 'sled', 'name': 'Desktop11', 'os_codename': 'sled'},
+ 'SLED12': {'hostname': 'sled', 'architecture': 'x86_64', 'os_name': 'SLED', 'os_major': '12', 'os_minor': '',
+ 'os_platform': 'sled', 'name': 'Desktop12', 'os_codename': 'sled'},
+ 'SLED15': {'hostname': 'sled', 'architecture': 'x86_64', 'os_name': 'SLED', 'os_major': '15', 'os_minor': '',
+ 'os_platform': 'sled', 'name': 'Desktop15', 'os_codename': 'sled'},
+ 'SLES11': {'hostname': 'sles', 'architecture': 'x86_64', 'os_name': 'SLES', 'os_major': '11', 'os_minor': '',
+ 'os_platform': 'sles', 'name': 'Server11', 'os_codename': 'sles'},
+ 'SLES12': {'hostname': 'sles', 'architecture': 'x86_64', 'os_name': 'SLES', 'os_major': '12', 'os_minor': '',
+ 'os_platform': 'sles', 'name': 'Server12', 'os_codename': 'sles'},
+ 'SLES15': {'hostname': 'localhost', 'architecture': 'x64', 'os_name': 'SLES', 'os_version': '15.2',
+ 'os_codename': '', 'os_major': '15', 'os_minor': '', 'os_patch': '', 'os_build': '',
+ 'os_platform': 'sles', 'sysname': 'Linux', 'release': '5.3.18-22-default', 'version': 'Wazuh v4.4.0',
+ 'os_release': '', 'checksum': '1652388661375945607', 'name': 'SUSE15', 'ip': '127.0.0.1',
+ 'register_ip': 'any', 'internal_key': '',
+ 'os_uname': 'Linux |localhost|5.3.18-22-default |#1 SMP Wed Jun 3 12:16:43 UTC 2020 (720aeba)|x86_64',
+ 'os_arch': 'x64', 'config_sum': '', 'merged_sum': '', 'manager_host': 'localhost.localdomain',
+ 'node_name': 'node01', 'date_add': '1652381429', 'last_keepalive': '253402300799',
+ 'sync_status': 'synced', 'connection_status': 'active'}
}
diff --git a/deps/wazuh_testing/wazuh_testing/modules/vulnerability_detector/__init__.py b/deps/wazuh_testing/wazuh_testing/modules/vulnerability_detector/__init__.py
index f99753423e..b8480aa3fe 100644
--- a/deps/wazuh_testing/wazuh_testing/modules/vulnerability_detector/__init__.py
+++ b/deps/wazuh_testing/wazuh_testing/modules/vulnerability_detector/__init__.py
@@ -31,6 +31,7 @@
CUSTOM_ARCHLINUX_JSON_FEED = 'custom_archlinux_feed.json'
CUSTOM_ALAS_JSON_FEED = 'custom_alas_feed.json'
CUSTOM_ALAS2_JSON_FEED = 'custom_alas2_feed.json'
+CUSTOM_SUSE_OVAL_FEED = 'custom_suse_oval_feed.xml'
VULNERABILITY_DETECTOR_PREFIX = r'.*wazuh-modulesd:vulnerability-detector.*'
@@ -67,6 +68,17 @@
}
]
+SUSE_SYSTEM_PACKAGE = {
+ 'SLES15': [
+ {
+ "name": "sle-module-basesystem-release",
+ "version": "15.2",
+ "format": "rpm",
+ "vendor": "SUSE LLC "
+ }
+ ]
+}
+
def update_feed_path_configurations(configurations, metadata, feeds_path):
"""Replace feed path tags in the configuration template, using the metadata information.
@@ -83,17 +95,17 @@ def update_feed_path_configurations(configurations, metadata, feeds_path):
for index, _ in enumerate(configurations):
if 'json_feed' in metadata[index] and metadata[index]['json_feed'] is not None:
- new_configurations[index] = json.loads(json.dumps(new_configurations[index]).\
+ new_configurations[index] = json.loads(json.dumps(new_configurations[index]).
replace(metadata[index]['json_feed_tag'], os.path.join(feeds_path, metadata[index]['provider_name'],
metadata[index]['json_feed'])))
if 'oval_feed' in metadata[index] and metadata[index]['oval_feed'] is not None:
- new_configurations[index] = json.loads(json.dumps(new_configurations[index]).\
+ new_configurations[index] = json.loads(json.dumps(new_configurations[index]).
replace(metadata[index]['oval_feed_tag'], os.path.join(feeds_path, metadata[index]['provider_name'],
metadata[index]['oval_feed'])))
if 'nvd_feed_tag' in metadata[index] and 'nvd_feed' in metadata[index]:
- new_configurations[index] = json.loads(json.dumps(new_configurations[index]).\
+ new_configurations[index] = json.loads(json.dumps(new_configurations[index]).
replace(metadata[index]['nvd_feed_tag'], os.path.join(feeds_path, 'nvd', metadata[index]['nvd_feed'])))
return new_configurations
@@ -130,6 +142,24 @@ def insert_vulnerabilities_agent_inventory(agent_id='000', status='VALID'):
cve=package['cveid'], status=status)
+def insert_suse_system_package(agent_id='000', version='SLES15'):
+ """Insert suse OS package to an agent.
+
+ Args:
+ agent_id (str): Agent ID.
+ version (str): Package version.
+
+ Raises:
+ ValueError: If version parameter has an invalid value.
+ """
+ if version not in SUSE_SYSTEM_PACKAGE:
+ raise ValueError('Suse system parameter invalid.')
+
+ for package in SUSE_SYSTEM_PACKAGE[version]:
+ agent_db.insert_package(name=package['name'], version=package['version'], source=package['name'],
+ agent_id=agent_id, vendor=package['vendor'])
+
+
def feed_is_recently_updated(provider_name, provider_os, threshold_weeks):
"""Check if the provider OS feed is recently updated according to a specified threshold.
diff --git a/deps/wazuh_testing/wazuh_testing/modules/vulnerability_detector/event_monitor.py b/deps/wazuh_testing/wazuh_testing/modules/vulnerability_detector/event_monitor.py
index 0bdc3accff..575cf31304 100644
--- a/deps/wazuh_testing/wazuh_testing/modules/vulnerability_detector/event_monitor.py
+++ b/deps/wazuh_testing/wazuh_testing/modules/vulnerability_detector/event_monitor.py
@@ -52,7 +52,7 @@ def check_vuln_detector_event(file_monitor=None, callback='', error_message=None
error_message
file_monitor.start(timeout=timeout, update_position=update_position, accum_results=accum_results,
- callback=make_vuln_callback(callback, prefix), error_message=error_message)
+ callback=make_vuln_callback(callback, prefix), error_message=error_message)
def check_vulnerability_detector_disabled():
diff --git a/tests/integration/conftest.py b/tests/integration/conftest.py
index 6b857ecf19..d6065881bb 100644
--- a/tests/integration/conftest.py
+++ b/tests/integration/conftest.py
@@ -119,6 +119,14 @@ def restart_wazuh_daemon_function(daemon=None):
truncate_file(LOG_FILE_PATH)
control_service("restart", daemon=daemon)
+@pytest.fixture(scope='module')
+def restart_wazuh_daemon_after_finishing(daemon=None):
+ """
+ Restart a Wazuh daemon
+ """
+ yield
+ truncate_file(LOG_FILE_PATH)
+ control_service("restart", daemon=daemon)
@pytest.fixture(scope='module')
def reset_ossec_log(get_configuration, request):
diff --git a/tests/integration/test_vulnerability_detector/conftest.py b/tests/integration/test_vulnerability_detector/conftest.py
index c1bf3f79bb..9f4f0d5222 100644
--- a/tests/integration/test_vulnerability_detector/conftest.py
+++ b/tests/integration/test_vulnerability_detector/conftest.py
@@ -111,6 +111,10 @@ def prepare_full_scan_with_vuln_packages_and_custom_system(agent_system, mock_ag
# Insert vulnerable packages
package_vendor = 'Red Hat, Inc.' if 'RHEL' in agent_system else 'wazuh-mocking'
+ if 'SLES' in agent_system:
+ package_vendor = 'SUSE LLC '
+ vd.insert_suse_system_package(agent_id=mock_agent_with_custom_system, version=agent_system)
+
vd.insert_vulnerable_packages(agent_id=mock_agent_with_custom_system, vendor=package_vendor)
# Update sync info for packages
diff --git a/tests/integration/test_vulnerability_detector/data/feeds/suse/custom_suse_oval_feed.xml b/tests/integration/test_vulnerability_detector/data/feeds/suse/custom_suse_oval_feed.xml
new file mode 100644
index 0000000000..ee5a3f7089
--- /dev/null
+++ b/tests/integration/test_vulnerability_detector/data/feeds/suse/custom_suse_oval_feed.xml
@@ -0,0 +1,219 @@
+
+
+
+ Wazuh QA custom CVE OVAL
+ 5.5
+ 2022-06-16T08:00:00
+
+
+
+
+ CVE-000
+
+ SUSE Linux Enterprise Desktop 12 SP5
+ SUSE Linux Enterprise Desktop 11 SP5
+ SUSE Linux Enterprise Desktop 15 SP5
+ SUSE Linux Enterprise Server 12 SP5
+ SUSE Linux Enterprise Server 11 SP5
+ SUSE Linux Enterprise Server 15 SP5
+
+
+
+
+ Important
+ CVE-000
+ Wazuh-mocking-bug 0
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ CVE-001
+
+ SUSE Linux Enterprise Desktop 12 SP5
+ SUSE Linux Enterprise Desktop 11 SP5
+ SUSE Linux Enterprise Desktop 15 SP5
+ SUSE Linux Enterprise Server 12 SP5
+ SUSE Linux Enterprise Server 11 SP5
+ SUSE Linux Enterprise Server 15 SP5
+
+
+
+
+ Important
+ CVE-001
+ Wazuh-mocking-bug 1
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ CVE-002
+
+ SUSE Linux Enterprise Desktop 12 SP5
+ SUSE Linux Enterprise Desktop 11 SP5
+ SUSE Linux Enterprise Desktop 15 SP5
+ SUSE Linux Enterprise Server 12 SP5
+ SUSE Linux Enterprise Server 11 SP5
+ SUSE Linux Enterprise Server 15 SP5
+
+
+
+
+ Important
+ CVE-002
+ Wazuh-mocking-bug 2
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ CVE-003
+
+ SUSE Linux Enterprise Desktop 12 SP5
+ SUSE Linux Enterprise Desktop 11 SP5
+ SUSE Linux Enterprise Desktop 15 SP5
+ SUSE Linux Enterprise Server 12 SP5
+ SUSE Linux Enterprise Server 11 SP5
+ SUSE Linux Enterprise Server 15 SP5
+
+
+
+
+ Important
+ CVE-003
+ Wazuh-mocking-bug 3
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ CVE-004
+
+ SUSE Linux Enterprise Desktop 12 SP5
+ SUSE Linux Enterprise Desktop 11 SP5
+ SUSE Linux Enterprise Desktop 15 SP5
+ SUSE Linux Enterprise Server 12 SP5
+ SUSE Linux Enterprise Server 11 SP5
+ SUSE Linux Enterprise Server 15 SP5
+
+
+
+
+ Important
+ CVE-004
+ Wazuh-mocking-bug 4
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ custom-package-0
+
+
+ custom-package-1
+
+
+ custom-package-2
+
+
+ custom-package-3
+
+
+ custom-package-4
+
+
+ sle-module-basesystem-release
+
+
+
+
+ 1.0.0
+
+
+ 15.2
+
+
+
diff --git a/tests/integration/test_vulnerability_detector/data/feeds/suse/custom_suse_oval_feed.xml.bz2 b/tests/integration/test_vulnerability_detector/data/feeds/suse/custom_suse_oval_feed.xml.bz2
new file mode 100644
index 0000000000..611ff679c2
Binary files /dev/null and b/tests/integration/test_vulnerability_detector/data/feeds/suse/custom_suse_oval_feed.xml.bz2 differ
diff --git a/tests/integration/test_vulnerability_detector/data/feeds/suse/custom_suse_oval_feed.xml.gz b/tests/integration/test_vulnerability_detector/data/feeds/suse/custom_suse_oval_feed.xml.gz
new file mode 100644
index 0000000000..88ed7e0d1c
Binary files /dev/null and b/tests/integration/test_vulnerability_detector/data/feeds/suse/custom_suse_oval_feed.xml.gz differ
diff --git a/tests/integration/test_vulnerability_detector/test_feeds/data/configuration_template/configuration_import_invalid_feed_type.yaml b/tests/integration/test_vulnerability_detector/test_feeds/data/configuration_template/configuration_import_invalid_feed_type.yaml
index 795c46b2b7..d2af274bd1 100644
--- a/tests/integration/test_vulnerability_detector/test_feeds/data/configuration_template/configuration_import_invalid_feed_type.yaml
+++ b/tests/integration/test_vulnerability_detector/test_feeds/data/configuration_template/configuration_import_invalid_feed_type.yaml
@@ -318,3 +318,50 @@
elements:
- disabled:
value: 'yes'
+
+# SUSE configuration
+- sections:
+ - section: vulnerability-detector
+ elements:
+ - enabled:
+ value: 'yes'
+ - run_on_start:
+ value: 'yes'
+ - provider:
+ attributes:
+ - name: 'suse'
+ elements:
+ - enabled:
+ value: 'yes'
+ - os:
+ attributes:
+ - url: CUSTOM_FEED_URL
+ value: '15-desktop'
+ - provider:
+ attributes:
+ - name: 'nvd'
+ elements:
+ - enabled:
+ value: 'no'
+
+ - section: sca
+ elements:
+ - enabled:
+ value: 'no'
+
+ - section: rootcheck
+ elements:
+ - disabled:
+ value: 'yes'
+
+ - section: syscheck
+ elements:
+ - disabled:
+ value: 'yes'
+
+ - section: wodle
+ attributes:
+ - name: 'syscollector'
+ elements:
+ - disabled:
+ value: 'yes'
diff --git a/tests/integration/test_vulnerability_detector/test_feeds/data/test_cases/cases_download_feeds.yaml b/tests/integration/test_vulnerability_detector/test_feeds/data/test_cases/cases_download_feeds.yaml
index 50a3ee05ed..c74275eec6 100644
--- a/tests/integration/test_vulnerability_detector/test_feeds/data/test_cases/cases_download_feeds.yaml
+++ b/tests/integration/test_vulnerability_detector/test_feeds/data/test_cases/cases_download_feeds.yaml
@@ -177,3 +177,69 @@
provider_os: 'MSU'
download_timeout: 120
update_treshold_weeks: 3
+
+- name: 'SUSE Linux Enterprise Server 11'
+ description: 'SUSE Linux Enterprise provider'
+ configuration_parameters:
+ PROVIDER: 'suse'
+ OS: '11-server'
+ metadata:
+ provider_name: 'SUSE Linux Enterprise Server 11'
+ provider_os: 'SLES11'
+ download_timeout: 360
+ update_treshold_weeks: None
+
+- name: 'SUSE Linux Enterprise Server 12'
+ description: 'SUSE Linux Enterprise provider'
+ configuration_parameters:
+ PROVIDER: 'suse'
+ OS: '12-server'
+ metadata:
+ provider_name: 'SUSE Linux Enterprise Server 12'
+ provider_os: 'SLES12'
+ download_timeout: 360
+ update_treshold_weeks: 2
+
+- name: 'SUSE Linux Enterprise Server 15'
+ description: 'SUSE Linux Enterprise provider'
+ configuration_parameters:
+ PROVIDER: 'suse'
+ OS: '15-server'
+ metadata:
+ provider_name: 'SUSE Linux Enterprise Server 15'
+ provider_os: 'SLES15'
+ download_timeout: 360
+ update_treshold_weeks: 2
+
+- name: 'SUSE Linux Enterprise Desktop 11'
+ description: 'SUSE Linux Enterprise provider'
+ configuration_parameters:
+ PROVIDER: 'suse'
+ OS: '11-desktop'
+ metadata:
+ provider_name: 'SUSE Linux Enterprise Desktop 11'
+ provider_os: 'SLED11'
+ download_timeout: 360
+ update_treshold_weeks: None
+
+- name: 'SUSE Linux Enterprise Desktop 12'
+ description: 'SUSE Linux Enterprise provider'
+ configuration_parameters:
+ PROVIDER: 'suse'
+ OS: '12-desktop'
+ metadata:
+ provider_name: 'SUSE Linux Enterprise Desktop 12'
+ provider_os: 'SLED12'
+ download_timeout: 360
+ update_treshold_weeks: 2
+
+- name: 'SUSE Linux Enterprise Desktop 15'
+ description: 'SUSE Linux Enterprise provider'
+ configuration_parameters:
+ PROVIDER: 'suse'
+ OS: '15-desktop'
+ metadata:
+ provider_name: 'SUSE Linux Enterprise Desktop 15'
+ provider_os: 'SLED15'
+ download_timeout: 360
+ update_treshold_weeks: 2
diff --git a/tests/integration/test_vulnerability_detector/test_feeds/data/test_cases/cases_duplicate_feeds.yaml b/tests/integration/test_vulnerability_detector/test_feeds/data/test_cases/cases_duplicate_feeds.yaml
index 920c26d34d..a4b076c435 100644
--- a/tests/integration/test_vulnerability_detector/test_feeds/data/test_cases/cases_duplicate_feeds.yaml
+++ b/tests/integration/test_vulnerability_detector/test_feeds/data/test_cases/cases_duplicate_feeds.yaml
@@ -59,3 +59,13 @@
metadata:
provider_name: 'Microsoft Security Update'
provider_json_name: ''
+
+- name: 'SUSE'
+ description: 'SUSE Linux Enterprise'
+ configuration_parameters:
+ PROVIDER: 'suse'
+ OS: '15-desktop'
+ OS_PATH: CUSTOM_SUSE_OVAL_FEED
+ metadata:
+ provider_name: 'SUSE Linux Enterprise Desktop 15'
+ provider_json_name: ''
diff --git a/tests/integration/test_vulnerability_detector/test_feeds/data/test_cases/cases_import_invalid_feed_type.yaml b/tests/integration/test_vulnerability_detector/test_feeds/data/test_cases/cases_import_invalid_feed_type.yaml
index 7f904087b9..70e41ba75e 100644
--- a/tests/integration/test_vulnerability_detector/test_feeds/data/test_cases/cases_import_invalid_feed_type.yaml
+++ b/tests/integration/test_vulnerability_detector/test_feeds/data/test_cases/cases_import_invalid_feed_type.yaml
@@ -61,3 +61,12 @@
custom_feed_url: https://s3.amazonaws.com/ci.wazuh.com/qa/testing_files/dummy_files/dummy.mp3
provider_feed_names:
- "nvd provider"
+
+- name: 'SUSE - JPG'
+ description: 'Check downloading and parsing of JPG file as invalid feed in Suse provider'
+ configuration_parameters: null
+ metadata:
+ target: 'suse'
+ custom_feed_url: https://s3.amazonaws.com/ci.wazuh.com/qa/testing_files/dummy_files/dummy.jpg
+ provider_feed_names:
+ - "suse SLED15"
diff --git a/tests/integration/test_vulnerability_detector/test_feeds/data/test_cases/cases_validate_xml_feed_content.yaml b/tests/integration/test_vulnerability_detector/test_feeds/data/test_cases/cases_validate_xml_feed_content.yaml
index 7d5a20d986..b1389196a5 100644
--- a/tests/integration/test_vulnerability_detector/test_feeds/data/test_cases/cases_validate_xml_feed_content.yaml
+++ b/tests/integration/test_vulnerability_detector/test_feeds/data/test_cases/cases_validate_xml_feed_content.yaml
@@ -135,3 +135,63 @@
path: '/tmp/oval-definitions-bullseye.xml'
extension: 'xml'
url: 'https://www.debian.org/security/oval/oval-definitions-bullseye.xml'
+
+- name: 'SUSE Linux Enterprise Desktop 11'
+ description: 'SUSE Linux Enterprise Desktop 11 provider'
+ configuration_parameters:
+ metadata:
+ provider_name: 'SUSE Linux Enterprise Desktop 11'
+ expected_format: 'xml'
+ path: '/tmp/suse.linux.enterprise.desktop.11.xml'
+ extension: 'xml'
+ url: 'https://ftp.suse.com/pub/projects/security/oval/suse.linux.enterprise.desktop.11.xml'
+
+- name: 'SUSE Linux Enterprise Desktop 12'
+ description: 'SUSE Linux Enterprise Desktop 12 provider'
+ configuration_parameters:
+ metadata:
+ provider_name: 'SUSE Linux Enterprise Desktop 12'
+ expected_format: 'xml'
+ path: '/tmp/suse.linux.enterprise.desktop.12.xml'
+ extension: 'xml'
+ url: 'https://ftp.suse.com/pub/projects/security/oval/suse.linux.enterprise.desktop.12.xml'
+
+- name: 'SUSE Linux Enterprise Desktop 15'
+ description: 'SUSE Linux Enterprise Desktop 15 provider'
+ configuration_parameters:
+ metadata:
+ provider_name: 'SUSE Linux Enterprise Desktop 15'
+ expected_format: 'xml'
+ path: '/tmp/suse.linux.enterprise.desktop.15.xml'
+ extension: 'xml'
+ url: 'https://ftp.suse.com/pub/projects/security/oval/suse.linux.enterprise.desktop.15.xml'
+
+- name: 'SUSE Linux Enterprise Server 11'
+ description: 'SUSE Linux Enterprise Server 11 provider'
+ configuration_parameters:
+ metadata:
+ provider_name: 'SUSE Linux Enterprise Server 11'
+ expected_format: 'xml'
+ path: '/tmp/suse.linux.enterprise.server.11.xml'
+ extension: 'xml'
+ url: 'https://ftp.suse.com/pub/projects/security/oval/suse.linux.enterprise.server.11.xml'
+
+- name: 'SUSE Linux Enterprise Server 12'
+ description: 'SUSE Linux Enterprise Server 12 provider'
+ configuration_parameters:
+ metadata:
+ provider_name: 'SUSE Linux Enterprise Server 12'
+ expected_format: 'xml'
+ path: '/tmp/suse.linux.enterprise.server.12.xml'
+ extension: 'xml'
+ url: 'https://ftp.suse.com/pub/projects/security/oval/suse.linux.enterprise.server.12.xml'
+
+- name: 'SUSE Linux Enterprise Server 15'
+ description: 'SUSE Linux Enterprise Server 15 provider'
+ configuration_parameters:
+ metadata:
+ provider_name: 'SUSE Linux Enterprise Server 15'
+ expected_format: 'xml'
+ path: '/tmp/suse.linux.enterprise.server.15.xml'
+ extension: 'xml'
+ url: 'https://ftp.suse.com/pub/projects/security/oval/suse.linux.enterprise.server.15.xml'
diff --git a/tests/integration/test_vulnerability_detector/test_feeds/test_download_feeds.py b/tests/integration/test_vulnerability_detector/test_feeds/test_download_feeds.py
index 92d268149f..68c6651c6a 100644
--- a/tests/integration/test_vulnerability_detector/test_feeds/test_download_feeds.py
+++ b/tests/integration/test_vulnerability_detector/test_feeds/test_download_feeds.py
@@ -1,5 +1,5 @@
'''
-copyright: Copyright (C) 2015-2021, Wazuh Inc.
+copyright: Copyright (C) 2015-2022, Wazuh Inc.
Created by Wazuh, Inc. .
@@ -37,6 +37,12 @@
- Red Hat 8
- Ubuntu Focal
- Ubuntu Bionic
+ - SUSE Linux Enterprise Desktop 11
+ - SUSE Linux Enterprise Desktop 12
+ - SUSE Linux Enterprise Desktop 15
+ - SUSE Linux Enterprise Server 11
+ - SUSE Linux Enterprise Server 12
+ - SUSE Linux Enterprise Server 15
references:
- https://documentation.wazuh.com/current/user-manual/capabilities/vulnerability-detection/
@@ -84,7 +90,7 @@ def test_download_feeds(configuration, metadata, set_wazuh_configuration_vdt, tr
- Check in log that the database provider has been updated successfully.
- Check that the timestamp of the feed metadata does not exceed the established threshold limit.
- wazuh_min_version: 4.2.0
+ wazuh_min_version: 4.4.0
tier: 2
@@ -135,7 +141,6 @@ def test_download_feeds(configuration, metadata, set_wazuh_configuration_vdt, tr
evm.check_provider_database_update_finish_log(provider_name=metadata['provider_json_name'],
timeout=metadata['download_timeout'])
- # Check that the timestamp of the feed metadata does not exceed the established threshold limit.
if metadata['update_treshold_weeks'] != 'None':
assert vd.feed_is_recently_updated(provider_name=metadata['provider_name'],
provider_os=metadata['provider_os'],
diff --git a/tests/integration/test_vulnerability_detector/test_feeds/test_duplicate_feeds.py b/tests/integration/test_vulnerability_detector/test_feeds/test_duplicate_feeds.py
index 4226754609..6b552cde46 100644
--- a/tests/integration/test_vulnerability_detector/test_feeds/test_duplicate_feeds.py
+++ b/tests/integration/test_vulnerability_detector/test_feeds/test_duplicate_feeds.py
@@ -1,5 +1,5 @@
'''
-copyright: Copyright (C) 2015-2021, Wazuh Inc.
+copyright: Copyright (C) 2015-2022, Wazuh Inc.
Created by Wazuh, Inc. .
@@ -37,6 +37,7 @@
- Red Hat 8
- Ubuntu Focal
- Ubuntu Bionic
+ - SUSE Linux Enterprise Desktop 15
references:
- https://documentation.wazuh.com/current/user-manual/capabilities/vulnerability-detection/index.html
@@ -75,6 +76,7 @@
custom_alas_feed_path = os.path.join(CUSTOM_FEED_PATH, 'feeds', 'alas', vd.CUSTOM_ALAS_JSON_FEED)
custom_archlinux_feed_path = os.path.join(CUSTOM_FEED_PATH, 'feeds', 'arch', vd.CUSTOM_ARCHLINUX_JSON_FEED)
custom_msu_feed_path = os.path.join(CUSTOM_FEED_PATH, 'feeds', 'msu', vd.CUSTOM_MSU_JSON_FEED)
+custom_suse_feed_path = os.path.join(CUSTOM_FEED_PATH, 'feeds', 'suse', vd.CUSTOM_SUSE_OVAL_FEED)
# Test configurations
configuration_parameters, configuration_metadata, test_case_ids = configuration.get_test_cases_data(
@@ -85,10 +87,10 @@
# Set offline custom feeds configuration
to_modify = ['CUSTOM_REDHAT_OVAL_FEED_PATH', 'CUSTOM_REDHAT_JSON_FEED_PATH', 'CUSTOM_DEBIAN_OVAL_FEED_PATH',
'CUSTOM_DEBIAN_JSON_FEED_PATH', 'CUSTOM_CANONICAL_OVAL_FEED_PATH', 'CUSTOM_ALAS_JSON_FEED_PATH',
- 'CUSTOM_ARCHLINUX_JSON_FEED_PATH', 'CUSTOM_MSU_JSON_FEED_PATH']
+ 'CUSTOM_ARCHLINUX_JSON_FEED_PATH', 'CUSTOM_MSU_JSON_FEED_PATH', 'CUSTOM_SUSE_OVAL_FEED']
new_values = [custom_redhat_oval_feed_path, custom_redhat_json_feed_path, custom_debian_oval_feed_path,
custom_debian_json_feed_path, custom_canonical_oval_feed_path, custom_alas_feed_path,
- custom_archlinux_feed_path, custom_msu_feed_path]
+ custom_archlinux_feed_path, custom_msu_feed_path, custom_suse_feed_path]
configurations = configuration.update_configuration_template(configurations, to_modify, new_values)
configuration_metadata = configuration.update_configuration_template(configuration_metadata, to_modify, new_values)
@@ -131,7 +133,7 @@ def test_duplicate_feeds(configuration, metadata, set_wazuh_configuration_vdt, t
- Wait until the next feeds download and indexation.
- Check that the number of vulnerabilities info is the same than the before indexation.
- wazuh_min_version: 4.3.0
+ wazuh_min_version: 4.4.0
tier: 2
diff --git a/tests/integration/test_vulnerability_detector/test_feeds/test_import_invalid_feed_type.py b/tests/integration/test_vulnerability_detector/test_feeds/test_import_invalid_feed_type.py
index 22fdbf5996..aa450be439 100644
--- a/tests/integration/test_vulnerability_detector/test_feeds/test_import_invalid_feed_type.py
+++ b/tests/integration/test_vulnerability_detector/test_feeds/test_import_invalid_feed_type.py
@@ -1,5 +1,5 @@
'''
-copyright: Copyright (C) 2015-2021, Wazuh Inc.
+copyright: Copyright (C) 2015-2022, Wazuh Inc.
Created by Wazuh, Inc. .
@@ -35,6 +35,7 @@
- Red Hat 8
- Ubuntu Focal
- Ubuntu Bionic
+ - SUSE Linux Enterprise Desktop 15
references:
- https://documentation.wazuh.com/current/user-manual/capabilities/vulnerability-detection/index.html
@@ -47,13 +48,11 @@
import pytest
import json
-from wazuh_testing.tools.configuration import load_configuration_template, get_test_cases_data
-from wazuh_testing.tools.configuration import update_configuration_template
-from wazuh_testing.db_interface import agent_db, cve_db
+from wazuh_testing.tools.configuration import get_test_cases_data
+from wazuh_testing.db_interface import cve_db
from wazuh_testing.tools.file import read_yaml
from wazuh_testing.processes import check_if_modulesd_is_running
from wazuh_testing.modules.vulnerability_detector import event_monitor as evm
-from wazuh_testing.modules import vulnerability_detector as vd
pytestmark = [pytest.mark.server]
@@ -97,7 +96,7 @@ def test_import_invalid_feed_type(configuration, metadata, set_wazuh_configurati
- Check that no junk data has been inserted into the database.
- Check that wazuh-modulesd is running (it has not crashed after parsing unexpected file types).
- wazuh_min_version: 4.3.0
+ wazuh_min_version: 4.4.0
tier: 2
diff --git a/tests/integration/test_vulnerability_detector/test_feeds/test_validate_feed_content.py b/tests/integration/test_vulnerability_detector/test_feeds/test_validate_feed_content.py
index fd5eee1255..d4c56425ca 100644
--- a/tests/integration/test_vulnerability_detector/test_feeds/test_validate_feed_content.py
+++ b/tests/integration/test_vulnerability_detector/test_feeds/test_validate_feed_content.py
@@ -1,5 +1,5 @@
'''
-copyright: Copyright (C) 2015-2021, Wazuh Inc.
+copyright: Copyright (C) 2015-2022, Wazuh Inc.
Created by Wazuh, Inc. .
@@ -37,6 +37,12 @@
- Red Hat 8
- Ubuntu Focal
- Ubuntu Bionic
+ - SUSE Linux Enterprise Desktop 11
+ - SUSE Linux Enterprise Desktop 12
+ - SUSE Linux Enterprise Desktop 15
+ - SUSE Linux Enterprise Server 11
+ - SUSE Linux Enterprise Server 12
+ - SUSE Linux Enterprise Server 15
references:
- https://documentation.wazuh.com/current/user-manual/capabilities/vulnerability-detection/
@@ -52,7 +58,7 @@
from datetime import datetime
from wazuh_testing.tools import file
-from wazuh_testing.tools.configuration import load_configuration_template, get_test_cases_data
+from wazuh_testing.tools.configuration import get_test_cases_data
# Reference paths
@@ -129,7 +135,7 @@ def test_validate_json_feed_content(metadata, manage_file):
- Download the feed file.
- Check the content is JSON parseable (decompress if necessary).
- wazuh_min_version: 4.2.0
+ wazuh_min_version: 4.4.0
tier: 2
@@ -173,7 +179,7 @@ def test_validate_xml_feed_content(metadata, manage_file):
- Download the feed file.
- Check the content is XML parseable (decompress if necessary).
- wazuh_min_version: 4.2.0
+ wazuh_min_version: 4.4.0
tier: 2
diff --git a/tests/integration/test_vulnerability_detector/test_providers/data/test_cases/cases_disabled.yaml b/tests/integration/test_vulnerability_detector/test_providers/data/test_cases/cases_disabled.yaml
index 5c863414a1..2a0dc983e4 100644
--- a/tests/integration/test_vulnerability_detector/test_providers/data/test_cases/cases_disabled.yaml
+++ b/tests/integration/test_vulnerability_detector/test_providers/data/test_cases/cases_disabled.yaml
@@ -141,3 +141,57 @@
OS: ''
metadata:
provider_name: 'Microsoft Security Update'
+
+- name: 'SUSE Linux Enterprise Server 11'
+ description: 'Test enabled SUSE Server 11'
+ configuration_parameters:
+ ENABLED: 'no'
+ PROVIDER: 'suse'
+ OS: '11-server'
+ metadata:
+ provider_name: 'SUSE Linux Enterprise Server 11'
+
+- name: 'SUSE Linux Enterprise Server 12'
+ description: 'Test enabled SUSE Server 12'
+ configuration_parameters:
+ ENABLED: 'no'
+ PROVIDER: 'suse'
+ OS: '12-server'
+ metadata:
+ provider_name: 'SUSE Linux Enterprise Server 12'
+
+- name: 'SUSE Linux Enterprise Server 15'
+ description: 'Test enabled SUSE Server 15'
+ configuration_parameters:
+ ENABLED: 'no'
+ PROVIDER: 'suse'
+ OS: '15-server'
+ metadata:
+ provider_name: 'SUSE Linux Enterprise Server 15'
+
+- name: 'SUSE Linux Enterprise Desktop 11'
+ description: 'Test enabled SUSE Desktop 11'
+ configuration_parameters:
+ ENABLED: 'no'
+ PROVIDER: 'suse'
+ OS: '11-desktop'
+ metadata:
+ provider_name: 'SUSE Linux Enterprise Desktop 11'
+
+- name: 'SUSE Linux Enterprise Desktop 12'
+ description: 'Test enabled SUSE Desktop 12'
+ configuration_parameters:
+ ENABLED: 'no'
+ PROVIDER: 'suse'
+ OS: '12-desktop'
+ metadata:
+ provider_name: 'SUSE Linux Enterprise Desktop 12'
+
+- name: 'SUSE Linux Enterprise Desktop 15'
+ description: 'Test enabled SUSE Desktop 15'
+ configuration_parameters:
+ ENABLED: 'no'
+ PROVIDER: 'suse'
+ OS: '15-desktop'
+ metadata:
+ provider_name: 'SUSE Linux Enterprise Desktop 15'
diff --git a/tests/integration/test_vulnerability_detector/test_providers/data/test_cases/cases_enabled.yaml b/tests/integration/test_vulnerability_detector/test_providers/data/test_cases/cases_enabled.yaml
index 2da8781075..fbf4619e9d 100644
--- a/tests/integration/test_vulnerability_detector/test_providers/data/test_cases/cases_enabled.yaml
+++ b/tests/integration/test_vulnerability_detector/test_providers/data/test_cases/cases_enabled.yaml
@@ -141,3 +141,57 @@
OS: ''
metadata:
provider_name: 'Microsoft Security Update'
+
+- name: 'SUSE Linux Enterprise Server 11'
+ description: 'Test enabled SUSE Server 11'
+ configuration_parameters:
+ ENABLED: 'yes'
+ PROVIDER: 'suse'
+ OS: '11-server'
+ metadata:
+ provider_name: 'SUSE Linux Enterprise Server 11'
+
+- name: 'SUSE Linux Enterprise Server 12'
+ description: 'Test enabled SUSE Server 12'
+ configuration_parameters:
+ ENABLED: 'yes'
+ PROVIDER: 'suse'
+ OS: '12-server'
+ metadata:
+ provider_name: 'SUSE Linux Enterprise Server 12'
+
+- name: 'SUSE Linux Enterprise Server 15'
+ description: 'Test enabled SUSE Server 15'
+ configuration_parameters:
+ ENABLED: 'yes'
+ PROVIDER: 'suse'
+ OS: '15-server'
+ metadata:
+ provider_name: 'SUSE Linux Enterprise Server 15'
+
+- name: 'SUSE Linux Enterprise Desktop 11'
+ description: 'Test enabled SUSE Desktop 11'
+ configuration_parameters:
+ ENABLED: 'yes'
+ PROVIDER: 'suse'
+ OS: '11-desktop'
+ metadata:
+ provider_name: 'SUSE Linux Enterprise Desktop 11'
+
+- name: 'SUSE Linux Enterprise Desktop 12'
+ description: 'Test enabled SUSE Desktop 12'
+ configuration_parameters:
+ ENABLED: 'yes'
+ PROVIDER: 'suse'
+ OS: '12-desktop'
+ metadata:
+ provider_name: 'SUSE Linux Enterprise Desktop 12'
+
+- name: 'SUSE Linux Enterprise Desktop 15'
+ description: 'Test enabled SUSE Desktop 15'
+ configuration_parameters:
+ ENABLED: 'yes'
+ PROVIDER: 'suse'
+ OS: '15-desktop'
+ metadata:
+ provider_name: 'SUSE Linux Enterprise Desktop 15'
diff --git a/tests/integration/test_vulnerability_detector/test_providers/data/test_cases/cases_missing_os.yaml b/tests/integration/test_vulnerability_detector/test_providers/data/test_cases/cases_missing_os.yaml
index 45c527e743..4ee00e780b 100644
--- a/tests/integration/test_vulnerability_detector/test_providers/data/test_cases/cases_missing_os.yaml
+++ b/tests/integration/test_vulnerability_detector/test_providers/data/test_cases/cases_missing_os.yaml
@@ -53,3 +53,11 @@
metadata:
provider_name: 'Arch Linux'
os: ['']
+
+- name: 'SUSE Linux Enterprise'
+ description: 'SUSE Linux Enterprise provider'
+ configuration_parameters:
+ PROVIDER: 'suse'
+ metadata:
+ provider_name: 'SUSE Linux Enterprise'
+ os: ['']
diff --git a/tests/integration/test_vulnerability_detector/test_providers/data/test_cases/cases_os.yaml b/tests/integration/test_vulnerability_detector/test_providers/data/test_cases/cases_os.yaml
index 4e771e852e..ab9d926ee0 100644
--- a/tests/integration/test_vulnerability_detector/test_providers/data/test_cases/cases_os.yaml
+++ b/tests/integration/test_vulnerability_detector/test_providers/data/test_cases/cases_os.yaml
@@ -141,3 +141,57 @@
metadata:
provider_name: 'Microsoft Security Update'
os: ''
+
+- name: 'SUSE Linux Enterprise Desktop 11'
+ description: 'SUSE Linux Enterprise Desktop 11 provider'
+ configuration_parameters:
+ PROVIDER: 'suse'
+ OS: '11-desktop'
+ metadata:
+ provider_name: 'SUSE Linux Enterprise Desktop 11'
+ os: '11-desktop'
+
+- name: 'SUSE Linux Enterprise Desktop 12'
+ description: 'SUSE Linux Enterprise Desktop 12 provider'
+ configuration_parameters:
+ PROVIDER: 'suse'
+ OS: '12-desktop'
+ metadata:
+ provider_name: 'SUSE Linux Enterprise Desktop 12'
+ os: '12-desktop'
+
+- name: 'SUSE Linux Enterprise Desktop 15'
+ description: 'SUSE Linux Enterprise Desktop 15 provider'
+ configuration_parameters:
+ PROVIDER: 'suse'
+ OS: '15-desktop'
+ metadata:
+ provider_name: 'SUSE Linux Enterprise Desktop 15'
+ os: '15-desktop'
+
+- name: 'SUSE Linux Enterprise Server 11'
+ description: 'SUSE Linux Enterprise Server 11'
+ configuration_parameters:
+ PROVIDER: 'suse'
+ OS: '11-server'
+ metadata:
+ provider_name: 'SUSE Linux Enterprise Server 11'
+ os: '11-server'
+
+- name: 'SUSE Linux Enterprise Server 12'
+ description: 'SUSE Linux Enterprise Server 12'
+ configuration_parameters:
+ PROVIDER: 'suse'
+ OS: '12-server'
+ metadata:
+ provider_name: 'SUSE Linux Enterprise Server 12'
+ os: '12-server'
+
+- name: 'SUSE Linux Enterprise Server 15'
+ description: 'SUSE Linux Enterprise Server 15'
+ configuration_parameters:
+ PROVIDER: 'suse'
+ OS: '15-server'
+ metadata:
+ provider_name: 'SUSE Linux Enterprise Server 15'
+ os: '15-server'
diff --git a/tests/integration/test_vulnerability_detector/test_providers/data/test_cases/cases_update_from_year.yaml b/tests/integration/test_vulnerability_detector/test_providers/data/test_cases/cases_update_from_year.yaml
index be78be8fdd..a45ebd6fd1 100644
--- a/tests/integration/test_vulnerability_detector/test_providers/data/test_cases/cases_update_from_year.yaml
+++ b/tests/integration/test_vulnerability_detector/test_providers/data/test_cases/cases_update_from_year.yaml
@@ -41,3 +41,13 @@
UPDATE_FROM_YEAR: YEAR
metadata:
provider: 'msu'
+
+- name: 'SUSE'
+ description: 'SUSE Linux Enterprise'
+ configuration_parameters:
+ PROVIDER: 'suse'
+ OS: 15-desktop
+ UPDATE_FROM_YEAR: YEAR
+ metadata:
+ provider: 'suse'
+ provider_name: 'SUSE Linux Enterprise Desktop 15'
diff --git a/tests/integration/test_vulnerability_detector/test_providers/data/test_cases/cases_update_interval.yaml b/tests/integration/test_vulnerability_detector/test_providers/data/test_cases/cases_update_interval.yaml
index 39d4aa098d..1f23a74286 100644
--- a/tests/integration/test_vulnerability_detector/test_providers/data/test_cases/cases_update_interval.yaml
+++ b/tests/integration/test_vulnerability_detector/test_providers/data/test_cases/cases_update_interval.yaml
@@ -57,3 +57,13 @@
metadata:
provider_name: 'Arch Linux'
update_interval: '5s'
+
+- name: 'SUSE'
+ description: 'Test update interval 5s SUSE'
+ configuration_parameters:
+ PROVIDER: 'suse'
+ OS: '15-server'
+ UPDATE_INTERVAL: '5s'
+ metadata:
+ provider_name: 'SUSE Linux Enterprise Server 15'
+ update_interval: '5s'
diff --git a/tests/integration/test_vulnerability_detector/test_providers/test_enabled.py b/tests/integration/test_vulnerability_detector/test_providers/test_enabled.py
index 1e54e81613..ab69c1bc40 100644
--- a/tests/integration/test_vulnerability_detector/test_providers/test_enabled.py
+++ b/tests/integration/test_vulnerability_detector/test_providers/test_enabled.py
@@ -36,6 +36,12 @@
- Red Hat 8
- Ubuntu Focal
- Ubuntu Bionic
+ - SUSE Linux Enterprise Desktop 11
+ - SUSE Linux Enterprise Desktop 12
+ - SUSE Linux Enterprise Desktop 15
+ - SUSE Linux Enterprise Server 11
+ - SUSE Linux Enterprise Server 12
+ - SUSE Linux Enterprise Server 15
references:
- https://documentation.wazuh.com/current/user-manual/capabilities/vulnerability-detection/index.html
@@ -52,8 +58,6 @@
from datetime import date
from wazuh_testing.tools.configuration import load_configuration_template, get_test_cases_data
-from wazuh_testing.db_interface import cve_db
-from wazuh_testing.modules import vulnerability_detector as vd
from wazuh_testing.modules.vulnerability_detector import event_monitor as evm
@@ -103,7 +107,7 @@ def test_enabled(configuration, metadata, set_wazuh_configuration_vdt, truncate_
- Restart wazuh-modulesd.
- Check that the database provider is being updated.
- wazuh_min_version: 4.2.0
+ wazuh_min_version: 4.4.0
tier: 0
@@ -148,7 +152,7 @@ def test_disabled(configuration, metadata, set_wazuh_configuration_vdt, truncate
- Restart wazuh-modulesd.
- Check that the database provider is not being updated.
- wazuh_min_version: 4.2.0
+ wazuh_min_version: 4.4.0
tier: 0
diff --git a/tests/integration/test_vulnerability_detector/test_providers/test_missing_os.py b/tests/integration/test_vulnerability_detector/test_providers/test_missing_os.py
index d3224502cb..1124bbbe4e 100644
--- a/tests/integration/test_vulnerability_detector/test_providers/test_missing_os.py
+++ b/tests/integration/test_vulnerability_detector/test_providers/test_missing_os.py
@@ -37,6 +37,12 @@
- Red Hat 8
- Ubuntu Focal
- Ubuntu Bionic
+ - SUSE Linux Enterprise Desktop 11
+ - SUSE Linux Enterprise Desktop 12
+ - SUSE Linux Enterprise Desktop 15
+ - SUSE Linux Enterprise Server 11
+ - SUSE Linux Enterprise Server 12
+ - SUSE Linux Enterprise Server 15
references:
- https://documentation.wazuh.com/current/user-manual/capabilities/vulnerability-detection/index.html
@@ -86,14 +92,14 @@
@pytest.mark.tier(level=0)
@pytest.mark.parametrize('configuration, metadata', zip(configurations, configuration_metadata), ids=test_case_ids)
def test_providers_missing_os(configuration, metadata, set_wazuh_configuration_vdt, truncate_monitored_files,
- clean_cve_tables_func):
+ clean_cve_tables_func, restart_wazuh_daemon_after_finishing):
'''
description: Check if modulesd starts downloading the feeds without specifying the os version. To do this, it checks
if errors occur when the tag is omitted in the configuration in providers that should have it and,
on the other hand, if the update of the feeds starts normally in providers that do not require this
tag.
- wazuh_min_version: 4.2.0
+ wazuh_min_version: 4.4.0
tier: 0
@@ -113,9 +119,9 @@ def test_providers_missing_os(configuration, metadata, set_wazuh_configuration_v
- clean_cve_tables_func:
type: fixture
brief: Clean all the CVE tables before and after running the test.
- - stop_modules_function_after_execution:
+ - restart_wazuh_daemon_after_finishing:
type: fixture
- brief: Stop the wazuh modules daemon.
+ brief: Restart wazuh modules after finishing the test module.
assertions:
- The provider os data update starts when `os` has not a determined value.
diff --git a/tests/integration/test_vulnerability_detector/test_providers/test_multiple_provider_feeds.py b/tests/integration/test_vulnerability_detector/test_providers/test_multiple_provider_feeds.py
index 771c412ae1..46b3a4bb75 100644
--- a/tests/integration/test_vulnerability_detector/test_providers/test_multiple_provider_feeds.py
+++ b/tests/integration/test_vulnerability_detector/test_providers/test_multiple_provider_feeds.py
@@ -52,6 +52,7 @@
import pytest
from wazuh_testing.tools import configuration
+from wazuh_testing.tools.services import control_service
from wazuh_testing.modules.vulnerability_detector import event_monitor as evm
from wazuh_testing.db_interface import cve_db
from wazuh_testing.modules import vulnerability_detector as vd
diff --git a/tests/integration/test_vulnerability_detector/test_providers/test_os.py b/tests/integration/test_vulnerability_detector/test_providers/test_os.py
index 7fccc19772..11ec2e0513 100644
--- a/tests/integration/test_vulnerability_detector/test_providers/test_os.py
+++ b/tests/integration/test_vulnerability_detector/test_providers/test_os.py
@@ -37,6 +37,12 @@
- Red Hat 8
- Ubuntu Focal
- Ubuntu Bionic
+ - SUSE Linux Enterprise Desktop 11
+ - SUSE Linux Enterprise Desktop 12
+ - SUSE Linux Enterprise Desktop 15
+ - SUSE Linux Enterprise Server 11
+ - SUSE Linux Enterprise Server 12
+ - SUSE Linux Enterprise Server 15
references:
- https://documentation.wazuh.com/current/user-manual/capabilities/vulnerability-detection/index.html
@@ -52,9 +58,7 @@
import pytest
from datetime import date
-from wazuh_testing.db_interface import cve_db
from wazuh_testing.tools import configuration
-from wazuh_testing.modules import vulnerability_detector as vd
from wazuh_testing.modules.vulnerability_detector import event_monitor as evm
@@ -94,7 +98,7 @@ def test_providers_os(configuration, metadata, set_wazuh_configuration_vdt, trun
- Restart wazuh-modulesd.
- Check that the feeds from the specified OS is being downloading and indexing.
- wazuh_min_version: 4.2.0
+ wazuh_min_version: 4.4.0
tier: 0
diff --git a/tests/integration/test_vulnerability_detector/test_providers/test_update_from_year.py b/tests/integration/test_vulnerability_detector/test_providers/test_update_from_year.py
index 4f1b3d03eb..e51c7f8503 100644
--- a/tests/integration/test_vulnerability_detector/test_providers/test_update_from_year.py
+++ b/tests/integration/test_vulnerability_detector/test_providers/test_update_from_year.py
@@ -37,6 +37,7 @@
- Red Hat 8
- Ubuntu Focal
- Ubuntu Bionic
+ - SUSE Linux Enterprise Desktop 15
references:
- https://documentation.wazuh.com/current/user-manual/capabilities/vulnerability-detection/index.html
@@ -53,7 +54,6 @@
from datetime import date
from wazuh_testing.tools.configuration import load_configuration_template, get_test_cases_data
-from wazuh_testing.db_interface.cve_db import check_inserted_value_exists
from wazuh_testing.modules.vulnerability_detector import event_monitor as evm
@@ -92,7 +92,7 @@ def test_update_from_year(configuration, metadata, set_wazuh_configuration_vdt,
- Restart wazuh-modulesd.
- Check that the feed is being downloading from the specified year until current date.
- wazuh_min_version: 4.2.0
+ wazuh_min_version: 4.4.0
tier: 0
diff --git a/tests/integration/test_vulnerability_detector/test_providers/test_update_interval.py b/tests/integration/test_vulnerability_detector/test_providers/test_update_interval.py
index 03e83d756c..148cc35617 100644
--- a/tests/integration/test_vulnerability_detector/test_providers/test_update_interval.py
+++ b/tests/integration/test_vulnerability_detector/test_providers/test_update_interval.py
@@ -37,6 +37,7 @@
- Red Hat 8
- Ubuntu Focal
- Ubuntu Bionic
+ - SUSE Linux Enterprise Server 15
references:
- https://documentation.wazuh.com/current/user-manual/capabilities/vulnerability-detection/index.html
@@ -85,7 +86,7 @@ def test_update_interval(configuration, metadata, set_wazuh_configuration_vdt, t
- Restart wazuh-modulesd.
- Wait for provider update interval and check that the provider feeds are being downloaded.
- wazuh_min_version: 4.2.0
+ wazuh_min_version: 4.4.0
tier: 0
diff --git a/tests/integration/test_vulnerability_detector/test_scan_results/data/configuration_template/configuration_scan_nvd_vulnerabilities.yaml b/tests/integration/test_vulnerability_detector/test_scan_results/data/configuration_template/configuration_scan_nvd_vulnerabilities.yaml
index f3f6e05252..e10e2b0fd9 100644
--- a/tests/integration/test_vulnerability_detector/test_scan_results/data/configuration_template/configuration_scan_nvd_vulnerabilities.yaml
+++ b/tests/integration/test_vulnerability_detector/test_scan_results/data/configuration_template/configuration_scan_nvd_vulnerabilities.yaml
@@ -70,4 +70,4 @@
- name: 'syscollector'
elements:
- disabled:
- value: 'yes'
\ No newline at end of file
+ value: 'yes'
diff --git a/tests/integration/test_vulnerability_detector/test_scan_results/data/configuration_template/configuration_scan_provider_and_nvd_vulnerabilities.yaml b/tests/integration/test_vulnerability_detector/test_scan_results/data/configuration_template/configuration_scan_provider_and_nvd_vulnerabilities.yaml
index aecb0fe086..202eb5482d 100644
--- a/tests/integration/test_vulnerability_detector/test_scan_results/data/configuration_template/configuration_scan_provider_and_nvd_vulnerabilities.yaml
+++ b/tests/integration/test_vulnerability_detector/test_scan_results/data/configuration_template/configuration_scan_provider_and_nvd_vulnerabilities.yaml
@@ -244,3 +244,31 @@
elements:
- disabled:
value: 'yes'
+
+
+# SUSE configuration
+- sections:
+ - section: vulnerability-detector
+ elements:
+ - enabled:
+ value: 'yes'
+ - run_on_start:
+ value: 'yes'
+ - provider:
+ attributes:
+ - name: 'suse'
+ elements:
+ - enabled:
+ value: 'yes'
+ - os:
+ attributes:
+ - path: CUSTOM_SUSE_OVAL_FEED
+ value: '15-server'
+ - provider:
+ attributes:
+ - name: 'nvd'
+ elements:
+ - enabled:
+ value: 'yes'
+ - path:
+ value: CUSTOM_NVD_JSON_FEED
diff --git a/tests/integration/test_vulnerability_detector/test_scan_results/data/configuration_template/configuration_scan_provider_vulnerabilities.yaml b/tests/integration/test_vulnerability_detector/test_scan_results/data/configuration_template/configuration_scan_provider_vulnerabilities.yaml
index aecb0fe086..7d6ef8c089 100644
--- a/tests/integration/test_vulnerability_detector/test_scan_results/data/configuration_template/configuration_scan_provider_vulnerabilities.yaml
+++ b/tests/integration/test_vulnerability_detector/test_scan_results/data/configuration_template/configuration_scan_provider_vulnerabilities.yaml
@@ -244,3 +244,30 @@
elements:
- disabled:
value: 'yes'
+
+# SUSE configuration
+- sections:
+ - section: vulnerability-detector
+ elements:
+ - enabled:
+ value: 'yes'
+ - run_on_start:
+ value: 'yes'
+ - provider:
+ attributes:
+ - name: 'suse'
+ elements:
+ - enabled:
+ value: 'yes'
+ - os:
+ attributes:
+ - path: CUSTOM_SUSE_OVAL_FEED
+ value: '15-server'
+ - provider:
+ attributes:
+ - name: 'nvd'
+ elements:
+ - enabled:
+ value: 'yes'
+ - path:
+ value: CUSTOM_NVD_JSON_FEED
diff --git a/tests/integration/test_vulnerability_detector/test_scan_results/data/configuration_template/configuration_scan_vulnerability_removal.yaml b/tests/integration/test_vulnerability_detector/test_scan_results/data/configuration_template/configuration_scan_vulnerability_removal.yaml
index 7dcd7198d2..759b1c31c7 100644
--- a/tests/integration/test_vulnerability_detector/test_scan_results/data/configuration_template/configuration_scan_vulnerability_removal.yaml
+++ b/tests/integration/test_vulnerability_detector/test_scan_results/data/configuration_template/configuration_scan_vulnerability_removal.yaml
@@ -1,3 +1,4 @@
+# Redhat Configuration
- sections:
- section: vulnerability-detector
elements:
@@ -11,24 +12,24 @@
value: 'yes'
- provider:
attributes:
- - name: PROVIDER_1
+ - name: redhat
elements:
- enabled:
value: 'yes'
- os:
attributes:
- - path: OS_PATH_1
- value: OS_1
+ - path: CUSTOM_REDHAT_OVAL_FEED
+ value: '8'
- path:
- value: PATH_1
+ value: CUSTOM_REDHAT_JSON_FEED
- provider:
attributes:
- - name: PROVIDER_2
+ - name: 'nvd'
elements:
- enabled:
value: 'yes'
- path:
- value: PATH_2
+ value: CUSTOM_NVD_JSON_FEED
- update_interval:
value: '10s'
@@ -58,3 +59,62 @@
elements:
- disabled:
value: 'no'
+
+# SUSE configuration
+- sections:
+ - section: vulnerability-detector
+ elements:
+ - enabled:
+ value: 'yes'
+ - interval:
+ value: '5s'
+ - min_full_scan_interval:
+ value: '5s'
+ - run_on_start:
+ value: 'yes'
+ - provider:
+ attributes:
+ - name: 'suse'
+ elements:
+ - enabled:
+ value: 'yes'
+ - os:
+ attributes:
+ - path: CUSTOM_SUSE_OVAL_FEED
+ value: '15-server'
+ - provider:
+ attributes:
+ - name: 'nvd'
+ elements:
+ - enabled:
+ value: 'yes'
+ - path:
+ value: CUSTOM_NVD_JSON_FEED
+ - update_interval:
+ value: '10s'
+ - section: sca
+ elements:
+ - enabled:
+ value: 'no'
+
+ - section: rootcheck
+ elements:
+ - disabled:
+ value: 'yes'
+
+ - section: syscheck
+ elements:
+ - disabled:
+ value: 'yes'
+
+ - section: wodle
+ attributes:
+ - name: 'syscollector'
+ elements:
+ - disabled:
+ value: 'yes'
+
+ - section: auth
+ elements:
+ - disabled:
+ value: 'no'
diff --git a/tests/integration/test_vulnerability_detector/test_scan_results/data/test_cases/cases_no_agent_data.yaml b/tests/integration/test_vulnerability_detector/test_scan_results/data/test_cases/cases_no_agent_data.yaml
index e93a82e0d4..3482d58a35 100644
--- a/tests/integration/test_vulnerability_detector/test_scan_results/data/test_cases/cases_no_agent_data.yaml
+++ b/tests/integration/test_vulnerability_detector/test_scan_results/data/test_cases/cases_no_agent_data.yaml
@@ -32,3 +32,45 @@
NVD_JSON_PATH: CUSTOM_NVD_JSON_PATH
metadata:
system: ALAS2
+
+- name: 'SLED11'
+ description: 'Scan SLED11 vulnerabilities using only the NVD feed'
+ configuration_parameters:
+ NVD_JSON_PATH: CUSTOM_NVD_JSON_PATH
+ metadata:
+ system: SLED11
+
+- name: 'SLED12'
+ description: 'Scan SLED12 vulnerabilities using only the NVD feed'
+ configuration_parameters:
+ NVD_JSON_PATH: CUSTOM_NVD_JSON_PATH
+ metadata:
+ system: SLED12
+
+- name: 'SLED15'
+ description: 'Scan SLED15 vulnerabilities using only the NVD feed'
+ configuration_parameters:
+ NVD_JSON_PATH: CUSTOM_NVD_JSON_PATH
+ metadata:
+ system: SLED15
+
+- name: 'SLES11'
+ description: 'Scan SLES11 vulnerabilities using only the NVD feed'
+ configuration_parameters:
+ NVD_JSON_PATH: CUSTOM_NVD_JSON_PATH
+ metadata:
+ system: SLES11
+
+- name: 'SLES12'
+ description: 'Scan SLES12 vulnerabilities using only the NVD feed'
+ configuration_parameters:
+ NVD_JSON_PATH: CUSTOM_NVD_JSON_PATH
+ metadata:
+ system: SLES12
+
+- name: 'SLES15'
+ description: 'Scan SLES15 vulnerabilities using only the NVD feed'
+ configuration_parameters:
+ NVD_JSON_PATH: CUSTOM_NVD_JSON_PATH
+ metadata:
+ system: SLES15
diff --git a/tests/integration/test_vulnerability_detector/test_scan_results/data/test_cases/cases_scan_provider_and_nvd_vulnerabilities.yaml b/tests/integration/test_vulnerability_detector/test_scan_results/data/test_cases/cases_scan_provider_and_nvd_vulnerabilities.yaml
index d6d33b1ed7..58710dbcb0 100644
--- a/tests/integration/test_vulnerability_detector/test_scan_results/data/test_cases/cases_scan_provider_and_nvd_vulnerabilities.yaml
+++ b/tests/integration/test_vulnerability_detector/test_scan_results/data/test_cases/cases_scan_provider_and_nvd_vulnerabilities.yaml
@@ -59,3 +59,15 @@
nvd_feed: 'custom_nvd_feed.json'
json_feed_tag: CUSTOM_ARCH_JSON_FEED
nvd_feed_tag: CUSTOM_NVD_JSON_FEED
+
+- name: 'SUSE'
+ description: 'Scan SLES vulnerabilities using provider and NVD feed'
+ configuration_parameters: null
+ metadata:
+ provider_name: 'suse'
+ system: 'SLES15'
+ json_feed: null
+ oval_feed: 'custom_suse_oval_feed.xml'
+ nvd_feed: 'custom_nvd_feed.json'
+ oval_feed_tag: CUSTOM_SUSE_OVAL_FEED
+ nvd_feed_tag: CUSTOM_NVD_JSON_FEED
diff --git a/tests/integration/test_vulnerability_detector/test_scan_results/data/test_cases/cases_scan_provider_vulnerabilities.yaml b/tests/integration/test_vulnerability_detector/test_scan_results/data/test_cases/cases_scan_provider_vulnerabilities.yaml
index 69931f73a5..202f004639 100644
--- a/tests/integration/test_vulnerability_detector/test_scan_results/data/test_cases/cases_scan_provider_vulnerabilities.yaml
+++ b/tests/integration/test_vulnerability_detector/test_scan_results/data/test_cases/cases_scan_provider_vulnerabilities.yaml
@@ -59,3 +59,15 @@
nvd_feed: 'custom_nvd_alternative_feed.json'
json_feed_tag: CUSTOM_ARCH_JSON_FEED
nvd_feed_tag: CUSTOM_NVD_JSON_FEED
+
+- name: 'SUSE'
+ description: 'Scan SLES vulnerabilities using provider and NVD feed'
+ configuration_parameters: null
+ metadata:
+ provider_name: 'suse'
+ system: 'SLES15'
+ json_feed: null
+ oval_feed: 'custom_suse_oval_feed.xml'
+ nvd_feed: 'custom_nvd_alternative_feed.json'
+ oval_feed_tag: CUSTOM_SUSE_OVAL_FEED
+ nvd_feed_tag: CUSTOM_NVD_JSON_FEED
diff --git a/tests/integration/test_vulnerability_detector/test_scan_results/data/test_cases/cases_scan_vulnerability_removal.yaml b/tests/integration/test_vulnerability_detector/test_scan_results/data/test_cases/cases_scan_vulnerability_removal.yaml
index 0476c1f99c..efd37e2013 100644
--- a/tests/integration/test_vulnerability_detector/test_scan_results/data/test_cases/cases_scan_vulnerability_removal.yaml
+++ b/tests/integration/test_vulnerability_detector/test_scan_results/data/test_cases/cases_scan_vulnerability_removal.yaml
@@ -1,16 +1,15 @@
- name: 'Alert vulnerability removal'
description: 'Alert when a package is removed from the database'
- configuration_parameters:
- PROVIDER_1: 'redhat'
- PROVIDER_2: 'nvd'
- OS_1: '8'
- OS_PATH_1: RHEL_FEED_PATH
- PATH_1: RHEL_JSON_FEED_PATH
- PATH_2: NVD_JSON_FEED_PATH
+ configuration_parameters: null
metadata:
- provider_name_1: 'Red Hat Enterprise Linux 8'
- provider_name_2: 'JSON Red Hat Enterprise Linux'
- provider_name_3: 'National Vulnerability Database'
+ provider_name: 'redhat'
+ system: 'RHEL8'
+ json_feed: 'custom_redhat_json_feed.json'
+ oval_feed: 'custom_redhat_oval_feed.xml'
+ nvd_feed: 'custom_nvd_feed.json'
+ oval_feed_tag: CUSTOM_REDHAT_OVAL_FEED
+ json_feed_tag: CUSTOM_REDHAT_JSON_FEED
+ nvd_feed_tag: CUSTOM_NVD_JSON_FEED
test_package_vendor: 'WazuhIntegrationTests'
test_package_version: '1.0.0'
test_package_version_not_vulnerable: '2.1.0'
@@ -18,3 +17,22 @@
test_package_1_name: 'custom-package-1'
test_package_0_cve: 'CVE-000'
test_package_1_cve: 'CVE-001'
+
+- name: 'Alert vulnerability removal - SUSE'
+ description: 'Alert when a package is removed from the database'
+ configuration_parameters: null
+ metadata:
+ provider_name: 'suse'
+ system: 'SLES15'
+ json_feed: null
+ oval_feed: 'custom_suse_oval_feed.xml'
+ nvd_feed: 'custom_nvd_feed.json'
+ oval_feed_tag: CUSTOM_SUSE_OVAL_FEED
+ nvd_feed_tag: CUSTOM_NVD_JSON_FEED
+ test_package_vendor: 'SUSE LLC '
+ test_package_version: '1.0.0'
+ test_package_version_not_vulnerable: '2.1.0'
+ test_package_0_name: 'custom-package-0'
+ test_package_1_name: 'custom-package-1'
+ test_package_0_cve: 'CVE-000'
+ test_package_1_cve: 'CVE-001'
diff --git a/tests/integration/test_vulnerability_detector/test_scan_results/test_scan_nvd_vulnerabilities.py b/tests/integration/test_vulnerability_detector/test_scan_results/test_scan_nvd_vulnerabilities.py
index 296add8c9e..41f208fe0a 100644
--- a/tests/integration/test_vulnerability_detector/test_scan_results/test_scan_nvd_vulnerabilities.py
+++ b/tests/integration/test_vulnerability_detector/test_scan_results/test_scan_nvd_vulnerabilities.py
@@ -37,6 +37,12 @@
- Red Hat 8
- Ubuntu Focal
- Ubuntu Bionic
+ - SUSE Enterprise Desktop 11
+ - SUSE Enterprise Desktop 12
+ - SUSE Enterprise Desktop 15
+ - SUSE Enterprise Server 11
+ - SUSE Enterprise Server 12
+ - SUSE Enterprise Server 15
references:
- https://documentation.wazuh.com/current/user-manual/capabilities/vulnerability-detection/index.html
@@ -51,9 +57,8 @@
from wazuh_testing.tools.configuration import load_configuration_template, get_test_cases_data
from wazuh_testing.tools.configuration import update_configuration_template
-from wazuh_testing.tools.file import read_json_file, copy, remove_file, write_json_file
+from wazuh_testing.tools.file import read_json_file, copy, write_json_file
from wazuh_testing import CPE_HELPER_PATH
-from wazuh_testing.mocking import SYSTEM_DATA
from wazuh_testing.db_interface import agent_db
from wazuh_testing.modules.vulnerability_detector import event_monitor as evm
from wazuh_testing.modules import vulnerability_detector as vd
@@ -157,7 +162,7 @@ def test_scan_nvd_vulnerabilities(configuration, metadata, agent_system, set_waz
- Check that the vulnerabilities of each package have been detected.
- Check that vulnerability alerts have been generated for all packages.
- wazuh_min_version: 4.3.0
+ wazuh_min_version: 4.4.0
tier: 1
@@ -223,7 +228,7 @@ def test_no_agent_data(configuration, metadata, agent_system, set_wazuh_configur
- Restart wazuh-modulesd.
- Check that the warning message of 'unavailable vulnerability agent' data appears.
- wazuh_min_version: 4.3.0
+ wazuh_min_version: 4.4.0
tier: 0
diff --git a/tests/integration/test_vulnerability_detector/test_scan_results/test_scan_provider_and_nvd_vulnerabilities.py b/tests/integration/test_vulnerability_detector/test_scan_results/test_scan_provider_and_nvd_vulnerabilities.py
index 5e9625aa2f..a224669415 100644
--- a/tests/integration/test_vulnerability_detector/test_scan_results/test_scan_provider_and_nvd_vulnerabilities.py
+++ b/tests/integration/test_vulnerability_detector/test_scan_results/test_scan_provider_and_nvd_vulnerabilities.py
@@ -35,6 +35,12 @@
- Red Hat 8
- Ubuntu Focal
- Ubuntu Bionic
+ - Suse Enterprise Linux Server 15
+ - Suse Enterprise Linux Server 12
+ - Suse Enterprise Linux Server 11
+ - Suse Enterprise Linux Desktop 15
+ - Suse Enterprise Linux Desktop 12
+ - Suse Enterprise Linux Desktop 11
references:
- https://documentation.wazuh.com/current/user-manual/capabilities/vulnerability-detection/index.html
@@ -46,10 +52,8 @@
import os
import pytest
-from wazuh_testing.tools.configuration import load_configuration_template, get_test_cases_data
-from wazuh_testing.tools.configuration import update_configuration_template
+from wazuh_testing.tools.configuration import get_test_cases_data
from wazuh_testing.tools.file import read_yaml
-from wazuh_testing.db_interface import agent_db
from wazuh_testing.modules.vulnerability_detector import event_monitor as evm
from wazuh_testing.modules import vulnerability_detector as vd
@@ -93,7 +97,7 @@ def test_scan_provider_and_nvd_vulnerabilities(configuration, metadata, agent_sy
- Check that the vulnerabilities have been reported in the log for all packages using NVD and OVAL source.
- Check that vulnerability alerts have been generated for all packages.
- wazuh_min_version: 4.3.0
+ wazuh_min_version: 4.4.0
tier: 1
diff --git a/tests/integration/test_vulnerability_detector/test_scan_results/test_scan_provider_vulnerabilities.py b/tests/integration/test_vulnerability_detector/test_scan_results/test_scan_provider_vulnerabilities.py
index beb305b063..db209eda30 100644
--- a/tests/integration/test_vulnerability_detector/test_scan_results/test_scan_provider_vulnerabilities.py
+++ b/tests/integration/test_vulnerability_detector/test_scan_results/test_scan_provider_vulnerabilities.py
@@ -35,6 +35,12 @@
- Red Hat 8
- Ubuntu Focal
- Ubuntu Bionic
+ - Suse Enterprise Linux Server 15
+ - Suse Enterprise Linux Server 12
+ - Suse Enterprise Linux Server 11
+ - Suse Enterprise Linux Desktop 15
+ - Suse Enterprise Linux Desktop 12
+ - Suse Enterprise Linux Desktop 11
references:
- https://documentation.wazuh.com/current/user-manual/capabilities/vulnerability-detection/index.html
@@ -46,10 +52,8 @@
import os
import pytest
-from wazuh_testing.tools.configuration import load_configuration_template, get_test_cases_data
-from wazuh_testing.tools.configuration import update_configuration_template
+from wazuh_testing.tools.configuration import get_test_cases_data
from wazuh_testing.tools.file import read_yaml
-from wazuh_testing.db_interface import agent_db
from wazuh_testing.modules.vulnerability_detector import event_monitor as evm
from wazuh_testing.modules import vulnerability_detector as vd
@@ -92,7 +96,7 @@ def test_scan_provider_vulnerabilities(configuration, metadata, agent_system, se
- Check that the vulnerabilities have been detected for all packages using only OVAL source. (0 for NVD)
- Check that vulnerability alerts have been generated for all packages.
- wazuh_min_version: 4.3.0
+ wazuh_min_version: 4.4.0
tier: 1
@@ -134,6 +138,7 @@ def test_scan_provider_vulnerabilities(configuration, metadata, agent_system, se
- f"The '{package}' package .* from agent '{agent_id}' is vulnerable to '{cve}'"
- f".*"agent":."id":"{agent_id}".*{cve} affects {package}"
'''
+
agent_id = prepare_full_scan_with_vuln_packages_and_custom_system
# Check potential vulnerabilities using the OVAL feed
diff --git a/tests/integration/test_vulnerability_detector/test_scan_results/test_scan_vulnerability_removal.py b/tests/integration/test_vulnerability_detector/test_scan_results/test_scan_vulnerability_removal.py
index 43a5d8ea0a..b4208761bc 100644
--- a/tests/integration/test_vulnerability_detector/test_scan_results/test_scan_vulnerability_removal.py
+++ b/tests/integration/test_vulnerability_detector/test_scan_results/test_scan_vulnerability_removal.py
@@ -9,7 +9,7 @@
brief: Wazuh is able to detect vulnerabilities in the applications installed in agents using the Vulnerability Detector
module. This software audit is performed through the integration of vulnerability feeds indexed by Redhat,
- Canonical, Debian, Amazon Linux and NVD Database.
+ Canonical, Debian, SUSE, Amazon Linux and NVD Database.
components:
- vulnerability_detector
@@ -37,6 +37,12 @@
- Red Hat 8
- Ubuntu Focal
- Ubuntu Bionic
+ - Suse Enterprise Linux Server 15
+ - Suse Enterprise Linux Server 12
+ - Suse Enterprise Linux Server 11
+ - Suse Enterprise Linux Desktop 15
+ - Suse Enterprise Linux Desktop 12
+ - Suse Enterprise Linux Desktop 11
references:
- https://documentation.wazuh.com/current/user-manual/capabilities/vulnerability-detection/index.html
@@ -52,8 +58,8 @@
import pytest
from wazuh_testing.tools import configuration
+from wazuh_testing.tools.file import read_yaml
from wazuh_testing.db_interface import agent_db, cve_db
-from wazuh_testing import LOG_FILE_PATH
from wazuh_testing.tools.time import get_current_timestamp
from wazuh_testing.modules import vulnerability_detector as vd
from wazuh_testing.modules.vulnerability_detector import event_monitor as evm
@@ -63,35 +69,28 @@
TEST_DATA_PATH = os.path.join(os.path.dirname(os.path.realpath(__file__)), 'data')
CONFIGURATIONS_PATH = os.path.join(TEST_DATA_PATH, 'configuration_template')
TEST_CASES_PATH = os.path.join(TEST_DATA_PATH, 'test_cases')
-CUSTOM_FEED_PATH = os.path.join(os.path.dirname(os.path.realpath(__file__)), '..', 'data')
+TEST_FEEDS_PATH = os.path.join(os.path.dirname(os.path.realpath(__file__)), '..', 'data', 'feeds')
# Configuration and cases data
configurations_path = os.path.join(CONFIGURATIONS_PATH, 'configuration_scan_vulnerability_removal.yaml')
-test_alert_vuln_removal_path = os.path.join(TEST_CASES_PATH, 'cases_scan_vulnerability_removal.yaml')
+cases_path = os.path.join(TEST_CASES_PATH, 'cases_scan_vulnerability_removal.yaml')
-# Custom feeds path
-rhel_oval_feed_path = os.path.join(CUSTOM_FEED_PATH, 'feeds', 'redhat', vd.CUSTOM_REDHAT_OVAL_FEED)
-rhel_json_feed_path = os.path.join(CUSTOM_FEED_PATH, 'feeds', 'redhat', vd.CUSTOM_REDHAT_JSON_FEED)
-nvd_json_feed_path = os.path.join(CUSTOM_FEED_PATH, 'feeds', 'nvd', vd.CUSTOM_NVD_FEED)
# Test configurations
+configurations = read_yaml(configurations_path)
+metadata = [item['metadata'] for item in read_yaml(cases_path)]
configuration_parameters, configuration_metadata, test_case_ids = configuration.get_test_cases_data(
- test_alert_vuln_removal_path)
-configurations = configuration.load_configuration_template(configurations_path, configuration_parameters,
- configuration_metadata)
-
-# Set offline custom feeds configuration
-to_modify = ['RHEL_FEED_PATH', 'RHEL_JSON_FEED_PATH', 'NVD_JSON_FEED_PATH']
-new_values = [rhel_oval_feed_path, rhel_json_feed_path, nvd_json_feed_path]
-configurations = configuration.update_configuration_template(configurations, to_modify, new_values)
-configuration_metadata = configuration.update_configuration_template(configuration_metadata, to_modify, new_values)
+ cases_path)
+configurations = vd.update_feed_path_configurations(configurations, metadata, TEST_FEEDS_PATH)
+systems = [metadata['system'] for metadata in configuration_metadata]
@pytest.mark.tier(level=1)
-@pytest.mark.parametrize('configuration, metadata', zip(configurations, configuration_metadata), ids=test_case_ids)
-def test_vulnerability_removal_update_package(configuration, metadata, set_wazuh_configuration_vdt,
+@pytest.mark.parametrize('configuration, metadata, agent_system', zip(configurations, configuration_metadata, systems),
+ ids=test_case_ids)
+def test_vulnerability_removal_update_package(configuration, metadata, agent_system, set_wazuh_configuration_vdt,
truncate_monitored_files, clean_cve_tables_func,
- prepare_full_scan_with_vuln_packages, setup_log_monitor,
+ prepare_full_scan_with_vuln_packages_and_custom_system, setup_log_monitor,
restart_modulesd_function):
'''
description: Check that the Vulnerability Detector module generates an alert when a vulnerability is removed from
@@ -99,7 +98,7 @@ def test_vulnerability_removal_update_package(configuration, metadata, set_wazuh
test_phases:
- Set a custom Wazuh configuration.
- - Mock an agent with vulnerable packages.
+ - Mock an agent with a custom system and vulnerable packages.
- Force a full scan.
- Restart wazuh-modulesd.
- Wait for full scan event log.
@@ -107,7 +106,7 @@ def test_vulnerability_removal_update_package(configuration, metadata, set_wazuh
- Force again a full scan and wait for the full scan event log.
- Check that vulnerability removal has been detected (in log) and check for the removal alert.
- wazuh_min_version: 4.2.0
+ wazuh_min_version: 4.4.0
tier: 1
@@ -118,6 +117,9 @@ def test_vulnerability_removal_update_package(configuration, metadata, set_wazuh
- metadata:
type: dict
brief: Wazuh configuration metadata
+ - agent_system:
+ type: str
+ brief: System to set to the mocked agent.
- set_wazuh_configuration_vdt:
type: fixture
brief: Set the wazuh configuration according to the configuration data.
@@ -127,9 +129,9 @@ def test_vulnerability_removal_update_package(configuration, metadata, set_wazuh
- clean_cve_tables_func:
type: fixture
brief: Clean all the vulnerabilities tables before and after running the test.
- - prepare_full_scan_with_vuln_packages:
+ - prepare_full_scan_with_vuln_packages_and_custom_system:
type: fixture
- brief: Inserte vulnerable package to an agent and finally clean the database.
+ brief: Insert vulnerable package to a custom mocked agent and finally clean the database.
- setup_log_monitor:
type: fixture
brief: Create the log monitor.
@@ -152,7 +154,7 @@ def test_vulnerability_removal_update_package(configuration, metadata, set_wazuh
- ' affecting was eliminated'
- Package '' not vulnerable to ''
'''
- agent_id = prepare_full_scan_with_vuln_packages
+ agent_id = prepare_full_scan_with_vuln_packages_and_custom_system
log_monitor = setup_log_monitor
# Wait for full scan event log
@@ -177,10 +179,11 @@ def test_vulnerability_removal_update_package(configuration, metadata, set_wazuh
@pytest.mark.tier(level=1)
-@pytest.mark.parametrize('configuration, metadata', zip(configurations, configuration_metadata), ids=test_case_ids)
-def test_vulnerability_removal_delete_package(configuration, metadata, set_wazuh_configuration_vdt,
+@pytest.mark.parametrize('configuration, metadata, agent_system', zip(configurations, configuration_metadata, systems),
+ ids=test_case_ids)
+def test_vulnerability_removal_delete_package(configuration, metadata, agent_system, set_wazuh_configuration_vdt,
truncate_monitored_files, clean_cve_tables_func,
- prepare_full_scan_with_vuln_packages, setup_log_monitor,
+ prepare_full_scan_with_vuln_packages_and_custom_system, setup_log_monitor,
restart_modulesd_function):
'''
description: Check that the Vulnerability Detector module generates an alert when a vulnerability is removed from
@@ -188,7 +191,7 @@ def test_vulnerability_removal_delete_package(configuration, metadata, set_wazuh
test_phases:
- Set a custom Wazuh configuration.
- - Mock an agent with vulnerable packages.
+ - Mock an agent with a custom system and vulnerable packages.
- Force a full scan.
- Restart wazuh-modulesd.
- Wait for full scan event log.
@@ -196,7 +199,7 @@ def test_vulnerability_removal_delete_package(configuration, metadata, set_wazuh
- Force again a full scan and wait for the full scan event log.
- Check for vulnerability removal alert.
- wazuh_min_version: 4.2.0
+ wazuh_min_version: 4.4.0
tier: 1
@@ -207,6 +210,9 @@ def test_vulnerability_removal_delete_package(configuration, metadata, set_wazuh
- metadata:
type: dict
brief: Wazuh configuration metadata
+ - agent_system:
+ type: str
+ brief: System to set to the mocked agent.
- set_wazuh_configuration_vdt:
type: fixture
brief: Set the wazuh configuration according to the configuration data.
@@ -216,9 +222,9 @@ def test_vulnerability_removal_delete_package(configuration, metadata, set_wazuh
- clean_cve_tables_func:
type: fixture
brief: Clean all the vulnerabilities tables before and after running the test.
- - prepare_full_scan_with_vuln_packages:
+ - prepare_full_scan_with_vuln_packages_and_custom_system:
type: fixture
- brief: Inserte vulnerable package to an agent and finally clean the database.
+ brief: Insert vulnerable package to a custom mocked agent and finally clean the database.
- setup_log_monitor:
type: fixture
brief: Create the log monitor.
@@ -241,7 +247,7 @@ def test_vulnerability_removal_delete_package(configuration, metadata, set_wazuh
- ' affecting was eliminated'
- Package '' not vulnerable to ''
'''
- agent_id = prepare_full_scan_with_vuln_packages
+ agent_id = prepare_full_scan_with_vuln_packages_and_custom_system
log_monitor = setup_log_monitor
# Wait for full scan event log