Vulnerability Detector integration tests for SUSE Linux Enterprise

CHANGELOG.md

@@ -20,6 +20,7 @@ Release report: TBD
 
 ### Added
 
+- Add support for SUSE systems in VDT tests ([#2902](https://github.com/wazuh/wazuh-qa/pull/2902))
 - Test `global backup` WDB command ([#2637](https://github.com/wazuh/wazuh-qa/pull/2637)
 - Test `sync-agens-groups-get` WDB command ([#2626](https://github.com/wazuh/wazuh-qa/pull/2626)
 - Test `wazuhdb getconfig` WDB command ([2627#](https://github.com/wazuh/wazuh-qa/pull/2627))

deps/wazuh_testing/wazuh_testing/db_interface/agent_db.py

@@ -54,7 +54,7 @@ def insert_hotfix(agent_id='000', scan_id=int(time()), scan_time=datetime.dateti
 
 
 def insert_os_info(agent_id='000', scan_id=int(time()), scan_time=datetime.datetime.now().strftime("%Y/%m/%d %H:%M:%S"),
-                   hostname='centos8', architecture='x64', os_name='CentOS Linux', os_version='8.4', os_codename= '',
+                   hostname='centos8', architecture='x64', os_name='CentOS Linux', os_version='8.4', os_codename='',
                    os_major='8', os_minor='4', os_patch='', os_build='', os_platform='centos', sysname='Linux',
                    release='', version='', os_release='', checksum='dummychecksum', os_display_version='', triaged=0,
                    reference=''):
@@ -138,6 +138,7 @@ def insert_package(agent_id='000', scan_id=int(time()), format='rpm', name='cust
               f"{arguments['description']}, {arguments['location']}, {arguments['triaged']}, {arguments['checksum']},"
               f"{arguments['item_id']})")
 
+
 def update_sync_info(agent_id='000', component='syscollector-packages', last_attempt=1, last_completion=1,
                      n_attempts=0, n_completions=0, last_agent_checksum=''):
     """Update the sync_info table of the specified agent for the selected component.
@@ -215,7 +216,7 @@ def delete_os_info(agent_id='000'):
 
 
 def update_os_info(agent_id='000', scan_id=int(time()), scan_time=datetime.datetime.now().strftime("%Y/%m/%d %H:%M:%S"),
-                   hostname='centos8', architecture='x64', os_name='CentOS Linux', os_version='8.4', os_codename= '',
+                   hostname='centos8', architecture='x64', os_name='CentOS Linux', os_version='8.4', os_codename='',
                    os_major='8', os_minor='4', os_patch='', os_build='', os_platform='centos', sysname='Linux',
                    release='', version='', os_release='', checksum='dummychecksum', os_display_version='', triaged=0,
                    reference=''):

deps/wazuh_testing/wazuh_testing/db_interface/cve_db.py

@@ -63,7 +63,7 @@ def insert_vulnerability(cveid='CVE-000', target='RHEL7', target_minor='',
                          reference='https://github.com/wazuh/wazuh-qa', target_v='REDHAT', cvss='10.000000',
                          cvss_vector='AV:N/AC:L/Au:N/C:C/I:C/A:C', rationale='Wazuh integration test vulnerability',
                          cvss3='', bugzilla_reference='https://github.com/wazuh/wazuh-qa', cwe='WVE-000 -> WVE-001',
-                         advisory='RHSA-2010:0029', ref_target='RHEL'):
+                         advisory='RHSA-2010:0029', ref_target='RHEL', deps_id='0'):
     """Insert a vulnerability in CVE database.
 
     Args:
@@ -87,10 +87,11 @@ def insert_vulnerability(cveid='CVE-000', target='RHEL7', target_minor='',
         cwe (str): CWE ID.
         advisory (str): Advisory ID.
         ref_target (str): OS target ID.
+        deps_id (str): id of the dependencies related to the vulnerability.
     """
     queries = [
-        'INSERT INTO VULNERABILITIES (cveid, target, target_minor, package, operation, operation_value) VALUES '
-        f"('{cveid}', '{target}', '{target_minor}', '{package}', '{operation}', '{operation_value}')",
+        'INSERT INTO VULNERABILITIES (cveid, target, target_minor, package, operation, operation_value, deps_id) VALUES'
+        f" ('{cveid}', '{target}', '{target_minor}', '{package}', '{operation}', '{operation_value}', '{deps_id}')",
 
         'INSERT INTO VULNERABILITIES_INFO (ID, title, severity, published, updated, target, rationale, cvss, '
         f"cvss_vector, CVSS3, cwe) VALUES ('{cveid}', '{title}', '{severity}', '{published}', '{updated}', "

deps/wazuh_testing/wazuh_testing/mocking/__init__.py

@@ -41,24 +41,24 @@
     'WINDOWS_SERVER_2019': {'os_name': 'Microsoft Windows Server 2019', 'os_major': '10', 'os_minor': '0',
                             'os_platform': 'windows', 'name': 'windows_server_2019', 'os_version': '1000'},
     'WINDOWS_SERVER_2022_1': {'os_name': 'Microsoft Windows Server 2022', 'os_major': '10', 'os_minor': '0',
-                            'os_platform': 'windows', 'name': 'windows_server_2022', 'os_version': '1000'},
+                              'os_platform': 'windows', 'name': 'windows_server_2022', 'os_version': '1000'},
     'WINDOWS_SERVER_2022_2': {'os_name': 'Microsoft Windows Server 2022', 'os_major': '10', 'os_minor': '0',
-                            'os_platform': 'windows', 'name': 'windows_server', 'os_version': '1000'},
+                              'os_platform': 'windows', 'name': 'windows_server', 'os_version': '1000'},
     'MAC': {'os_name': 'Mac OS X', 'os_major': '10', 'os_minor': '15', 'os_platform': 'darwin',
             'name': 'macos-catalina'},
     'MACS': {'os_name': 'Mac OS X Server', 'os_major': '5', 'os_minor': '10', 'os_platform': 'darwin',
              'name': 'macos-server'},
     'ARCH': {'os_name': 'Arch Linux', 'os_major': '', 'os_minor': '', 'os_platform': '', 'name': 'archlinux'},
     'ALAS': {'hostname': 'amz', 'architecture': 'x86_64', 'os_name': 'Amazon Linux AMI', 'os_version': '2018.03',
-            'os_codename': '', 'os_major': '2018', 'os_minor': '03', 'os_patch': '', 'os_build': '',
-            'os_platform': 'amzn', 'sysname': 'Linux', 'release': '4.14.97-74.72.amzn1.x86_64',
-            'version': 'Wazuh v4.3.0', 'os_release': '', 'checksum': '1645433796303855540', 'os_display_version': '',
-            'triaged': '0', 'reference': '0886f3023b131f5bf1ecbc33f651807114cb5a53', 'name': 'amz', 'ip': '127.0.0.1',
-            'register_ip': '127.0.0.1', 'internal_key': '',
-            'os_uname': 'Linux |amz |4.14.97-74.72.amzn1.x86_64 |#1 SMP Tue Feb 5 20:59:30 UTC 2019 |x86_64',
-            'os_arch': 'x86_64', 'config_sum': '', 'merged_sum': '', 'manager_host': 'amz', 'node_name': 'node01',
-            'date_add': '1645433793', 'last_keepalive': '253402300799', 'sync_status': 'synced',
-            'connection_status': 'active', 'disconnection_time': '0'},
+             'os_codename': '', 'os_major': '2018', 'os_minor': '03', 'os_patch': '', 'os_build': '',
+             'os_platform': 'amzn', 'sysname': 'Linux', 'release': '4.14.97-74.72.amzn1.x86_64',
+             'version': 'Wazuh v4.3.0', 'os_release': '', 'checksum': '1645433796303855540', 'os_display_version': '',
+             'triaged': '0', 'reference': '0886f3023b131f5bf1ecbc33f651807114cb5a53', 'name': 'amz', 'ip': '127.0.0.1',
+             'register_ip': '127.0.0.1', 'internal_key': '',
+             'os_uname': 'Linux |amz |4.14.97-74.72.amzn1.x86_64 |#1 SMP Tue Feb 5 20:59:30 UTC 2019 |x86_64',
+             'os_arch': 'x86_64', 'config_sum': '', 'merged_sum': '', 'manager_host': 'amz', 'node_name': 'node01',
+             'date_add': '1645433793', 'last_keepalive': '253402300799', 'sync_status': 'synced',
+             'connection_status': 'active', 'disconnection_time': '0'},
     'ALAS2': {'hostname': 'alas2', 'architecture': 'x86_64', 'os_name': 'Amazon Linux', 'os_version': '2',
               'os_codename': '', 'os_major': '2', 'os_minor': '', 'os_patch': '', 'os_build': '', 'os_platform': 'amzn',
               'sysname': 'Linux', 'release': '4.14.198-152.320.amzn2.x86_64', 'version': 'Wazuh v4.3.0',
@@ -103,7 +103,26 @@
     'BUSTER': {'os_name': 'Debian GNU/Linux', 'os_major': '10', 'os_minor': '0', 'os_platform': 'debian',
                'name': 'debian10'},
     'STRETCH': {'os_name': 'Debian GNU/Linux', 'os_major': '9', 'os_minor': '0', 'os_platform': 'debian',
-                'name': 'debian9'}
+                'name': 'debian9'},
+    'SLED11': {'hostname': 'sled', 'architecture': 'x86_64', 'os_name': 'SLED', 'os_major': '11', 'os_minor': '',
+               'os_platform': 'sled', 'name': 'Desktop11', 'os_codename': 'sled'},
+    'SLED12': {'hostname': 'sled', 'architecture': 'x86_64', 'os_name': 'SLED', 'os_major': '12', 'os_minor': '',
+               'os_platform': 'sled', 'name': 'Desktop12', 'os_codename': 'sled'},
+    'SLED15': {'hostname': 'sled', 'architecture': 'x86_64', 'os_name': 'SLED', 'os_major': '15', 'os_minor': '',
+               'os_platform': 'sled', 'name': 'Desktop15', 'os_codename': 'sled'},
+    'SLES11': {'hostname': 'sles', 'architecture': 'x86_64', 'os_name': 'SLES', 'os_major': '11', 'os_minor': '',
+               'os_platform': 'sles', 'name': 'Server11', 'os_codename': 'sles'},
+    'SLES12': {'hostname': 'sles', 'architecture': 'x86_64', 'os_name': 'SLES', 'os_major': '12', 'os_minor': '',
+               'os_platform': 'sles', 'name': 'Server12', 'os_codename': 'sles'},
+    'SLES15': {'hostname': 'localhost', 'architecture': 'x64', 'os_name': 'SLES', 'os_version': '15.2',
+               'os_codename': '', 'os_major': '15', 'os_minor': '', 'os_patch': '', 'os_build': '',
+               'os_platform': 'sles', 'sysname': 'Linux', 'release': '5.3.18-22-default', 'version': 'Wazuh v4.4.0',
+               'os_release': '', 'checksum': '1652388661375945607', 'name': 'SUSE15', 'ip': '127.0.0.1',
+               'register_ip': 'any', 'internal_key': '',
+               'os_uname': 'Linux |localhost|5.3.18-22-default |#1 SMP Wed Jun 3 12:16:43 UTC 2020 (720aeba)|x86_64',
+               'os_arch': 'x64', 'config_sum': '', 'merged_sum': '', 'manager_host': 'localhost.localdomain',
+               'node_name': 'node01', 'date_add': '1652381429', 'last_keepalive': '253402300799',
+               'sync_status': 'synced', 'connection_status': 'active'}
 }
 
 

deps/wazuh_testing/wazuh_testing/modules/vulnerability_detector/__init__.py

@@ -31,6 +31,7 @@
 CUSTOM_ARCHLINUX_JSON_FEED = 'custom_archlinux_feed.json'
 CUSTOM_ALAS_JSON_FEED = 'custom_alas_feed.json'
 CUSTOM_ALAS2_JSON_FEED = 'custom_alas2_feed.json'
+CUSTOM_SUSE_OVAL_FEED = 'custom_suse_oval_feed.xml'
 
 VULNERABILITY_DETECTOR_PREFIX = r'.*wazuh-modulesd:vulnerability-detector.*'
 
@@ -67,6 +68,17 @@
     }
 ]
 
+SUSE_SYSTEM_PACKAGE = {
+    'SLES15': [
+        {
+            "name": "sle-module-basesystem-release",
+            "version": "15.2",
+            "format": "rpm",
+            "vendor": "SUSE LLC <https://www.suse.com/>"
+        }
+    ]
+}
+
 
 def update_feed_path_configurations(configurations, metadata, feeds_path):
     """Replace feed path tags in the configuration template, using the metadata information.
@@ -83,17 +95,17 @@ def update_feed_path_configurations(configurations, metadata, feeds_path):
 
     for index, _ in enumerate(configurations):
         if 'json_feed' in metadata[index] and metadata[index]['json_feed'] is not None:
-            new_configurations[index] = json.loads(json.dumps(new_configurations[index]).\
+            new_configurations[index] = json.loads(json.dumps(new_configurations[index]).
                 replace(metadata[index]['json_feed_tag'], os.path.join(feeds_path, metadata[index]['provider_name'],
                                                                        metadata[index]['json_feed'])))
 
         if 'oval_feed' in metadata[index] and metadata[index]['oval_feed'] is not None:
-            new_configurations[index] = json.loads(json.dumps(new_configurations[index]).\
+            new_configurations[index] = json.loads(json.dumps(new_configurations[index]).
                 replace(metadata[index]['oval_feed_tag'], os.path.join(feeds_path, metadata[index]['provider_name'],
                                                                        metadata[index]['oval_feed'])))
 
         if 'nvd_feed_tag' in metadata[index] and 'nvd_feed' in metadata[index]:
-            new_configurations[index] = json.loads(json.dumps(new_configurations[index]).\
+            new_configurations[index] = json.loads(json.dumps(new_configurations[index]).
                 replace(metadata[index]['nvd_feed_tag'], os.path.join(feeds_path, 'nvd', metadata[index]['nvd_feed'])))
 
     return new_configurations
@@ -130,6 +142,24 @@ def insert_vulnerabilities_agent_inventory(agent_id='000', status='VALID'):
                                                          cve=package['cveid'], status=status)
 
 
+def insert_suse_system_package(agent_id='000', version='SLES15'):
+    """Insert suse OS package to an agent.
+
+    Args:
+        agent_id (str): Agent ID.
+        version (str): Package version.
+
+    Raises:
+        ValueError: If version parameter has an invalid value.
+    """
+    if version not in SUSE_SYSTEM_PACKAGE:
+        raise ValueError('Suse system parameter invalid.')
+
+    for package in SUSE_SYSTEM_PACKAGE[version]:
+        agent_db.insert_package(name=package['name'], version=package['version'], source=package['name'],
+                                agent_id=agent_id, vendor=package['vendor'])
+
+
 def feed_is_recently_updated(provider_name, provider_os, threshold_weeks):
     """Check if the provider OS feed is recently updated according to a specified threshold.
 

deps/wazuh_testing/wazuh_testing/modules/vulnerability_detector/event_monitor.py

@@ -52,7 +52,7 @@ def check_vuln_detector_event(file_monitor=None, callback='', error_message=None
         error_message
 
     file_monitor.start(timeout=timeout, update_position=update_position, accum_results=accum_results,
-                      callback=make_vuln_callback(callback, prefix), error_message=error_message)
+                       callback=make_vuln_callback(callback, prefix), error_message=error_message)
 
 
 def check_vulnerability_detector_disabled():

tests/integration/conftest.py

@@ -119,6 +119,14 @@ def restart_wazuh_daemon_function(daemon=None):
     truncate_file(LOG_FILE_PATH)
     control_service("restart", daemon=daemon)
 
+@pytest.fixture(scope='module')
+def restart_wazuh_daemon_after_finishing(daemon=None):
+    """
+    Restart a Wazuh daemon
+    """
+    yield
+    truncate_file(LOG_FILE_PATH)
+    control_service("restart", daemon=daemon)
 
 @pytest.fixture(scope='module')
 def reset_ossec_log(get_configuration, request):

tests/integration/test_vulnerability_detector/conftest.py

@@ -111,6 +111,10 @@ def prepare_full_scan_with_vuln_packages_and_custom_system(agent_system, mock_ag
     # Insert vulnerable packages
     package_vendor = 'Red Hat, Inc.' if 'RHEL' in agent_system else 'wazuh-mocking'
 
+    if 'SLES' in agent_system:
+        package_vendor = 'SUSE LLC <https://www.suse.com/>'
+        vd.insert_suse_system_package(agent_id=mock_agent_with_custom_system, version=agent_system)
+
     vd.insert_vulnerable_packages(agent_id=mock_agent_with_custom_system, vendor=package_vendor)
 
     # Update sync info for packages