diff --git a/deps/wazuh_testing/wazuh_testing/qa_docs/schema.yaml b/deps/wazuh_testing/wazuh_testing/qa_docs/schema.yaml index b8ffc97ca6..c53b92ed8e 100644 --- a/deps/wazuh_testing/wazuh_testing/qa_docs/schema.yaml +++ b/deps/wazuh_testing/wazuh_testing/qa_docs/schema.yaml @@ -282,5 +282,6 @@ predefined_values: - wdb_socket - week_day - who_data + - windows - worker - wpk \ No newline at end of file diff --git a/tests/integration/test_vulnerability_detector/test_windows/test_cpe_indexing.py b/tests/integration/test_vulnerability_detector/test_windows/test_cpe_indexing.py index c82b47bef3..e29da99e3f 100644 --- a/tests/integration/test_vulnerability_detector/test_windows/test_cpe_indexing.py +++ b/tests/integration/test_vulnerability_detector/test_windows/test_cpe_indexing.py @@ -1,7 +1,62 @@ -# Copyright (C) 2015-2021, Wazuh Inc. -# Created by Wazuh, Inc. . -# This program is free software; you can redistribute it and/or modify it under the terms of GPLv2 - +''' +copyright: Copyright (C) 2015-2021, Wazuh Inc. + + Created by Wazuh, Inc. . + + This program is free software; you can redistribute it and/or modify it under the terms of GPLv2 + +type: integration + +brief: Wazuh is able to detect vulnerabilities in the applications installed in agents using the Vulnerability Detector + module. This software audit is performed through the integration of vulnerability feeds indexed by Redhat, + Canonical, Debian, Amazon Linux and NVD Database. + +tier: 1 + +modules: + - vulnerability_detector + +components: + - manager + +daemons: + - wazuh-modulesd + - wazuh-db + - wazuh-analysisd + +os_platform: + - linux + +os_version: + - Arch Linux + - Amazon Linux 2 + - Amazon Linux 1 + - CentOS 8 + - CentOS 7 + - CentOS 6 + - Ubuntu Focal + - Ubuntu Bionic + - Ubuntu Xenial + - Ubuntu Trusty + - Debian Buster + - Debian Stretch + - Debian Jessie + - Debian Wheezy + - Red Hat 8 + - Red Hat 7 + - Red Hat 6 + +references: + - https://documentation.wazuh.com/current/user-manual/capabilities/vulnerability-detection/index.html + - https://wazuh.com/blog/using-wazuh-for-windows-vulnerability-detection/ + - https://documentation.wazuh.com/current/user-manual/capabilities/vulnerability-detection/cpe-helper.html + +tags: + - settings + - vulnerability + - vulnerability_detector + - windows +''' import os from time import sleep @@ -34,23 +89,26 @@ common_system_data = {'name': 'windows', 'os_major': '10', 'os_minor': '0', 'os_release': '1000'} # Architecture with associate name extension -architecture_name_extension = {'x86_64': '', 'x86' : '_I386'} +architecture_name_extension = {'x86_64': '', 'x86': '_I386'} system_data = [] target_name_index_system_data = [ {'target': 'WINDOWS_SERVER_2013', 'os_name': "Microsoft Windows Server 2003", 'index_name': 'windows_server_2003'}, - {'target': 'WINDOWS_SERVER_2013_R2', 'os_name': "Microsoft Windows Server 2003 R2", 'index_name': 'windows_server_2003'}, + {'target': 'WINDOWS_SERVER_2013_R2', 'os_name': "Microsoft Windows Server 2003 R2", + 'index_name': 'windows_server_2003'}, {'target': 'WINDOWS_XP', 'os_name': "Microsoft Windows XP", 'index_name': 'windows_xp'}, - {'target': 'WINDOWS_VISTA', 'os_name': "Microsoft Windows Vista",'index_name': 'windows_vista'}, - {'target': 'WINDOWS_7', 'os_name': "Microsoft Windows 7",'index_name': 'windows_7'}, - {'target': 'WINDOWS_8', 'os_name': "Microsoft Windows 8",'index_name': 'windows_8'}, - {'target': 'WINDOWS_8.1', 'os_name': "Microsoft Windows 8.1",'index_name': 'windows_8.1',}, - {'target': 'WINDOWS_10', 'os_name': "Microsoft Windows 10",'index_name': 'windows_10'}, - {'target': 'WINDOWS_SERVER_2008', 'os_name': "Microsoft Windows Server 2008",'index_name': 'windows_server_2008'}, - {'target': 'WINDOWS_SERVER_2008_R2', 'os_name': "Microsoft Windows Server 2008 R2",'index_name': 'windows_server_2008'}, - {'target': 'WINDOWS_SERVER_2012', 'os_name': "Microsoft Windows Server 2012",'index_name': 'windows_server_2012'}, - {'target': 'WINDOWS_SERVER_2012_R2', 'os_name': "Microsoft Windows Server 2012 R2",'index_name': 'windows_server_2012'}, - {'target': 'WINDOWS_SERVER_2016', 'os_name': "Microsoft Windows Server 2016",'index_name': 'windows_server_2016'}, - {'target': 'WINDOWS_SERVER_2019', 'os_name': "Microsoft Windows Server 2019",'index_name': 'windows_server_2019',}, + {'target': 'WINDOWS_VISTA', 'os_name': "Microsoft Windows Vista", 'index_name': 'windows_vista'}, + {'target': 'WINDOWS_7', 'os_name': "Microsoft Windows 7", 'index_name': 'windows_7'}, + {'target': 'WINDOWS_8', 'os_name': "Microsoft Windows 8", 'index_name': 'windows_8'}, + {'target': 'WINDOWS_8.1', 'os_name': "Microsoft Windows 8.1", 'index_name': 'windows_8.1'}, + {'target': 'WINDOWS_10', 'os_name': "Microsoft Windows 10", 'index_name': 'windows_10'}, + {'target': 'WINDOWS_SERVER_2008', 'os_name': "Microsoft Windows Server 2008", 'index_name': 'windows_server_2008'}, + {'target': 'WINDOWS_SERVER_2008_R2', 'os_name': "Microsoft Windows Server 2008 R2", + 'index_name': 'windows_server_2008'}, + {'target': 'WINDOWS_SERVER_2012', 'os_name': "Microsoft Windows Server 2012", 'index_name': 'windows_server_2012'}, + {'target': 'WINDOWS_SERVER_2012_R2', 'os_name': "Microsoft Windows Server 2012 R2", + 'index_name': 'windows_server_2012'}, + {'target': 'WINDOWS_SERVER_2016', 'os_name': "Microsoft Windows Server 2016", 'index_name': 'windows_server_2016'}, + {'target': 'WINDOWS_SERVER_2019', 'os_name': "Microsoft Windows Server 2019", 'index_name': 'windows_server_2019'}, ] for architecture, architecture_extension in architecture_name_extension.items(): for system_data_case in target_name_index_system_data: @@ -95,7 +153,7 @@ def mock_system(request, mock_agent): vd.make_query(vd.CVE_DB_PATH, [query_string]) truncate_file(LOG_FILE_PATH) - + vd.update_last_scan(agent=mock_agent) control_service('start', daemon='wazuh-db') @@ -110,9 +168,52 @@ def mock_system(request, mock_agent): control_service('start', daemon='wazuh-db') -def test_window_version_indexing(get_configuration, configure_environment, - configure_local_internal_options_module, restart_modulesd, - check_cve_db, mock_system, file_monitoring): +def test_window_version_indexing(get_configuration, configure_environment, configure_local_internal_options_module, + restart_modulesd, check_cve_db, mock_system, file_monitoring): + ''' + description: Check if inserted vulnerable packages are reported by the vulnerability detector. To do this, an + auxiliary dictionary is generated in order to translate the gathered program names, (emulated by an + entry list), into the standard format used by the NVD, which is called CPE. This allows the + vulnerability detector to scan the NVD looking for vulnerabilities of these applications. So, is + inserted a vulnerability in the NVD_CVE table since this is needed for the vulnerability detector to + generate the required log. + + wazuh_min_version: 4.2.0 + + parameters: + - get_configuration: + type: fixture + brief: Get configurations from the module. + - configure_environment: + type: fixture + brief: Configure a custom environment for testing. + - configure_local_internal_options_module: + type: fixture + brief: Configure the local internal options file. + - restart_modulesd: + type: fixture + brief: Reset the logs file and start a new monitor. + - check_cve_db: + type: fixture + brief: Check if the CVE database exists and its tables are created. + - mock_system: + type: fixture + brief: It allows to insert a vulnerability in the NVD_CVE table. + - file_monitoring: + type: fixture + brief: Handle the monitoring of a specified file. + + assertions: + - Verify that the monitor gets the expected message. + + input_description: + - Test cases are found in the test module. The `cpe_indexing.yaml` file provides the configuration of + this module for this test. Feeds are got from custom_nvd_feed.json file. + Vulnerabilities are got from custom_msu.json file. + + expected_output: + - r'The CPE `o:microsoft:.*:(-|r2|.*):(.*)?:::::.*:` from the agent `.*` was indexed' + ''' log_monitor.start( timeout=vd.VULN_DETECTOR_EXTENDED_GLOBAL_TIMEOUT, update_position=False,