Merge branch '4.8.0' into fix/5413-increase-change-manager-test-timeout

CHANGELOG.md

@@ -26,6 +26,8 @@ All notable changes to this project will be documented in this file.
 
 ### Changed
 
+- Include "Agent key already in use" in the E2E Vulnerability Detection expected error list. ([#5409](https://github.com/wazuh/wazuh-qa/pull/5409)) \- (Tests)
+- Update vulnerability state index name ([#5402](https://github.com/wazuh/wazuh-qa/pull/5402)) \- (Framework)
 - Include new package information from wdb ([#5350](https://github.com/wazuh/wazuh-qa/pull/5350)) \- (Tests)
 - Disable debug evidences for Vulnerability Detector E2E tests by default ([#5331](https://github.com/wazuh/wazuh-qa/pull/5331)) \- (Tests)
 - Include CVE-2023-4822 vulnerability to grafana packages ([#5332](https://github.com/wazuh/wazuh-qa/pull/5332)) \- (Framework)
@@ -63,6 +65,8 @@ All notable changes to this project will be documented in this file.
 ### Fixed
 
 - Increase E2E Vulnerability detection change manager test timeout ([#5414](https://github.com/wazuh/wazuh-qa/pull/5414)) \- (Tests)
+- Fix filter vulnerabilities function in case of multiple packages are used ([#5419](https://github.com/wazuh/wazuh-qa/pull/5419)) \- (Framework)
+- Remove false positive from E2E Vulnerability Detection tests ([#5369](https://github.com/wazuh/wazuh-qa/pull/5369)) \- (Framework)
 - Fix multigroups guess system test ([#5396](https://github.com/wazuh/wazuh-qa/pull/5396)) \- (Tests)
 - Fix hotfixes syscollector agent simulator messages ([#5379](https://github.com/wazuh/wazuh-qa/pull/5379)) \- (Framework)
 - Fix restart agent in change manager Vulnerability Detector E2E test case ([#5355](https://github.com/wazuh/wazuh-qa/pull/5355)) \- (Tests)
@@ -108,6 +112,7 @@ All notable changes to this project will be documented in this file.
 - Fix test cluster performance. ([#4780](https://github.com/wazuh/wazuh-qa/pull/4780)) \- (Framework)
 - Fixed the graphic generation for the logcollectord statistics files. ([#5021](https://github.com/wazuh/wazuh-qa/pull/5021)) \- (Framework)
 
+## [4.7.5] - TBD
 
 ## [4.7.4] - 29/04/2024
 

deps/wazuh_testing/wazuh_testing/end_to_end/indexer_api.py

@@ -5,7 +5,19 @@
 This module provides functions to interact with the Wazuh Indexer API.
 
 Functions:
-    - get_indexer_values: Retrieves values from the Indexer API.
+    - get_wazuh_states_vulnerabilities_indexname(cluster_name: str) -> str:
+        Generate the Wazuh states vulnerabilities index name for a given cluster.
+    - create_vulnerability_states_indexer_filter(target_agent: str = None,
+                                               greater_than_timestamp: str = None) -> dict
+        Create a filter for the Indexer API for the vulnerability state index.
+    - create_alerts_filter(target_agent: str = None, greater_than_timestamp: str = None) -> dict
+        Create a filter for the Indexer API for the alerts index.
+    - get_indexer_values(host_manager: HostManager, credentials: dict = {'user': 'admin', 'password': 'changeme'},
+                       index: str = 'wazuh-alerts*', filter: dict = None, size: int = 10000) -> Dict
+        Get values from the Wazuh Indexer API.
+    - delete_index(host_manager: HostManager, credentials: dict = {'user': 'admin', 'password': 'changeme'},
+                 index: str = 'wazuh-alerts*')
+        Delete index from the Wazuh Indexer API.
 
 Copyright (C) 2015, Wazuh Inc.
 Created by Wazuh, Inc. <[email protected]>.
@@ -18,7 +30,28 @@
 from wazuh_testing.tools.system import HostManager
 
 
-WAZUH_STATES_VULNERABILITIES_INDEXNAME = 'wazuh-states-vulnerabilities'
+WAZUH_STATES_VULNERABILITIES_INDEXNAME_TEMPLATE = 'wazuh-states-vulnerabilities-{cluster_name}'
+
+
+def get_wazuh_states_vulnerabilities_indexname(cluster_name: str = 'wazuh') -> str:
+    """
+    Generate the Wazuh states vulnerabilities index name for a given cluster.
+
+    This function takes a cluster name as input and returns the corresponding
+    Wazuh states vulnerabilities index name by inserting the cluster name into
+    a predefined template.
+
+    Args:
+        cluster_name (str): The name of the cluster to be included in the index name.
+
+    Returns:
+        str: The formatted Wazuh states vulnerabilities index name.
+
+    Example:
+        >>> get_wazuh_states_vulnerabilities_indexname('cluster1')
+        'wazuh-states-vulnerabilities-cluster1'
+    """
+    return WAZUH_STATES_VULNERABILITIES_INDEXNAME_TEMPLATE.format(cluster_name=cluster_name)
 
 
 def create_vulnerability_states_indexer_filter(target_agent: str = None,

deps/wazuh_testing/wazuh_testing/end_to_end/remote_operations_handler.py

@@ -97,6 +97,7 @@ def filter_vulnerabilities_by_packages(host_manager: HostManager,
                                        vulnerabilities: Dict, packages_data: List) -> Dict:
     filtered_vulnerabilities = {}
     for host in vulnerabilities.keys():
+        packages_to_filter = set()
         filtered_vulnerabilities[host] = []
         host_os_name = host_manager.get_host_variables(host)["os"].split("_")[0]
         host_os_arch = host_manager.get_host_variables(host)["architecture"]
@@ -105,10 +106,11 @@ def filter_vulnerabilities_by_packages(host_manager: HostManager,
             package_id = package_data[host_os_name][host_os_arch]
             data = load_packages_metadata()[package_id]
             package_name = data["package_name"]
+            packages_to_filter.add(package_name)
 
-            for vulnerability in vulnerabilities[host]:
-                if vulnerability.package_name == package_name:
-                    filtered_vulnerabilities[host].append(vulnerability)
+        for vulnerability in vulnerabilities[host]:
+            if vulnerability.package_name in list(packages_to_filter):
+                filtered_vulnerabilities[host].append(vulnerability)
 
     return filtered_vulnerabilities
 

deps/wazuh_testing/wazuh_testing/end_to_end/vulnerability_detector.py

@@ -23,7 +23,7 @@
 
 from wazuh_testing.tools.system import HostManager
 from wazuh_testing.end_to_end.indexer_api import get_indexer_values, create_vulnerability_states_indexer_filter, \
-    create_alerts_filter, WAZUH_STATES_VULNERABILITIES_INDEXNAME
+    create_alerts_filter, get_wazuh_states_vulnerabilities_indexname
 from wazuh_testing.end_to_end.regex import REGEX_PATTERNS
 from collections import namedtuple
 
@@ -275,7 +275,7 @@ def parse_vulnerability_from_state(state):
 
 
 def get_vulnerabilities_from_states_by_agent(host_manager: HostManager, agents: List[str],
-                                             greater_than_timestamp: str = None) -> dict:
+                                             greater_than_timestamp: str = None, cluster_name='wazuh') -> dict:
     """Get vulnerabilities from the vulnerability state index by agent.
 
     Args:
@@ -302,11 +302,12 @@ def get_vulnerabilities_from_states_by_agent(host_manager: HostManager, agents:
     for agent in agents:
         agent_all_vulnerabilities = []
         try:
+            index = get_wazuh_states_vulnerabilities_indexname(cluster_name)
             states_filter = create_vulnerability_states_indexer_filter(target_agent=agent,
                                                                        greater_than_timestamp=greater_than_timestamp)
             agent_all_vulnerabilities = get_indexer_values(host_manager,
                                                            filter=states_filter,
-                                                           index=WAZUH_STATES_VULNERABILITIES_INDEXNAME,
+                                                           index=index,
                                                            credentials={'user': indexer_user,
                                                                         'password': indexer_password}
                                                            )['hits']['hits']

deps/wazuh_testing/wazuh_testing/end_to_end/vulnerability_detector_packages/vuln_packages.json

@@ -31,8 +31,7 @@
       "CVE-2022-31097",
       "CVE-2022-23552",
       "CVE-2022-23498",
-      "CVE-2023-3128",
-      "CVE-2023-4822"
+      "CVE-2023-3128"
     ],
     "urls": {
       "ubuntu": {
@@ -63,8 +62,7 @@
       "CVE-2022-31097",
       "CVE-2022-23552",
       "CVE-2022-23498",
-      "CVE-2023-3128",
-      "CVE-2023-4822"
+      "CVE-2023-3128"
     ],
     "urls": {
       "centos": {
@@ -95,7 +93,7 @@
       "CVE-2022-31097",
       "CVE-2022-23552",
       "CVE-2022-23498",
-      "CVE-2023-4822"
+      "CVE-2023-3128"
     ],
     "urls": {
       "ubuntu": {
@@ -126,7 +124,7 @@
       "CVE-2022-31097",
       "CVE-2022-23552",
       "CVE-2022-23498",
-      "CVE-2023-4822"
+      "CVE-2023-3128"
     ],
     "urls": {
       "centos": {
@@ -136,6 +134,30 @@
     },
     "uninstall_name": "grafana*"
   },
+  "grafana-8.5.27": {
+    "package_name": "grafana",
+    "package_version": "8.5.27",
+    "CVE": [],
+    "urls": {
+      "ubuntu": {
+        "amd64": "https://dl.grafana.com/oss/release/grafana_8.5.27_amd64.deb",
+        "arm64v8": "https://dl.grafana.com/oss/release/grafana_8.5.27_arm64.deb"
+      }
+    },
+    "uninstall_name": "grafana*"
+  },
+  "grafana-8.5.27-1": {
+    "package_name": "grafana",
+    "package_version": "8.5.27-1",
+    "CVE": [],
+    "urls": {
+      "centos": {
+        "amd64": "https://dl.grafana.com/oss/release/grafana-8.5.27-1.x86_64.rpm",
+        "arm64v8": "https://dl.grafana.com/oss/release/grafana-8.5.27-1.aarch64.rpm"
+      }
+    },
+    "uninstall_name": "grafana*"
+  },
   "grafana-9.1.1": {
     "package_name": "grafana",
     "package_version": "9.1.1",
@@ -152,8 +174,7 @@
       "CVE-2022-31130",
       "CVE-2022-31123",
       "CVE-2022-23552",
-      "CVE-2022-23498",
-      "CVE-2023-4822"
+      "CVE-2022-23498"
     ],
     "urls": {
       "ubuntu": {
@@ -179,8 +200,7 @@
       "CVE-2022-31130",
       "CVE-2022-31123",
       "CVE-2022-23552",
-      "CVE-2022-23498",
-      "CVE-2023-4822"
+      "CVE-2022-23498"
     ],
     "urls": {
       "centos": {
@@ -206,8 +226,7 @@
       "CVE-2022-39307",
       "CVE-2022-39306",
       "CVE-2022-23552",
-      "CVE-2022-23498",
-      "CVE-2023-4822"
+      "CVE-2022-23498"
     ],
     "urls": {
       "ubuntu": {
@@ -233,8 +252,7 @@
       "CVE-2022-39307",
       "CVE-2022-39306",
       "CVE-2022-23552",
-      "CVE-2022-23498",
-      "CVE-2023-4822"
+      "CVE-2022-23498"
     ],
     "urls": {
       "centos": {
@@ -292,26 +310,26 @@
     },
     "uninstall_name": "grafana*"
   },
-  "grafana-10.0.0": {
+  "grafana-9.5.17": {
     "package_name": "grafana",
-    "package_version": "10.0.0",
-    "CVE": ["CVE-2023-4822", "CVE-2023-4399", "CVE-2023-4822"],
+    "package_version": "9.5.17",
+    "CVE": [],
     "urls": {
       "ubuntu": {
-        "amd64": "https://dl.grafana.com/oss/release/grafana_10.0.0_amd64.deb",
-        "arm64v8": "https://dl.grafana.com/oss/release/grafana_10.0.0_arm64.deb"
+        "amd64": "https://dl.grafana.com/oss/release/grafana_9.5.17_amd64.deb",
+        "arm64v8": "https://dl.grafana.com/oss/release/grafana_9.5.17_arm64.deb"
       }
     },
     "uninstall_name": "grafana*"
   },
-  "grafana-10.0.0-1": {
+  "grafana-9.5.17-1": {
     "package_name": "grafana",
-    "package_version": "10.0.0-1",
-    "CVE": ["CVE-2023-4822", "CVE-2023-4399", "CVE-2023-4822"],
+    "package_version": "9.5.17-1",
+    "CVE": [],
     "urls": {
       "centos": {
-        "amd64": "https://dl.grafana.com/oss/release/grafana-10.0.0-1.x86_64.rpm",
-        "arm64v8": "https://dl.grafana.com/oss/release/grafana-10.0.0-1.aarch64.rpm"
+        "amd64": "https://dl.grafana.com/oss/release/grafana-9.5.17-1.x86_64.rpm",
+        "arm64v8": "https://dl.grafana.com/oss/release/grafana-9.5.17-1.aarch64.rpm"
       }
     },
     "uninstall_name": "grafana*"

deps/wazuh_testing/wazuh_testing/qa_docs/schema.yaml

@@ -200,8 +200,8 @@ predefined_values:
     - 4.7.2
     - 4.7.3
     - 4.7.4
+    - 4.7.5
     - 4.8.0
-
   tags:
     - active_response
     - agentd

deps/wazuh_testing/wazuh_testing/tools/performance/statistic.py

@@ -154,8 +154,9 @@ def _parse_api_data(self):
         """Read the data generated by Wazuh API."""
 
         API_URL = f"https://{self.ip}:{self.port}"
+        CLUSTER_NAME = 'wazuh'
         DAEMONS_ENDPOINT= f"/manager/daemons/stats?daemons_list={self.daemon}&wait_for_complete=true"
-        VULNS_ENDOPOINT= f"/wazuh-states-vulnerabilities/_count"
+        VULNS_ENDOPOINT= f"/wazuh-states-vulnerabilities-{CLUSTER_NAME}/_count"
         ALERTS_ENDPOINT= f"/wazuh-alerts-4.x-*/_count"
         TOKEN_ENDPOINT="/security/user/authenticate"
 
@@ -164,7 +165,7 @@ def _parse_api_data(self):
         max_retries = 3
         token_response = None
         daemon_response = None
-        data = None        
+        data = None
 
         if(self.target == "vulnerabilities"):
             for _ in range(max_retries):
@@ -244,22 +245,22 @@ def _write_csv(self, data, target, csv_file):
             csv_header = headers.agentd_header
 
         header = not isfile(csv_file)
-        
+
         with open(csv_file, 'a+') as log:
 
             if header:
                 log.write(f'{",".join(csv_header)}\n')
 
             timestamp = datetime.fromtimestamp(time()).strftime('%Y-%m-%d %H:%M:%S')
-            
+
             if self.use_state_file == False:
                 if target not in ["vulnerabilities", "alerts"]:
                     format = r"%Y-%m-%dT%H:%M:%S+%f:00"
                     datetime_timestamp = datetime.strptime(data['timestamp'], format)
                     datetime_uptime = datetime.strptime(data['uptime'], format)
                     interval =  (datetime_timestamp - datetime_uptime).total_seconds()
 
-                if target == "analysis":                   
+                if target == "analysis":
                     metrics = data['metrics']
                     decoded = metrics['events']['received_breakdown']['decoded_breakdown']
                     decoded_modules = decoded['modules_breakdown']
@@ -425,11 +426,11 @@ def _write_csv(self, data, target, csv_file):
                         ag_bd['tables']['syscheck']['fim_file'],                                                    # 17
                         ag_bd['tables']['syscheck']['fim_registry'],                                                # 18
                         ag_bd['tables']['syscheck']['fim_registry_key'],                                            # 19
-                        ag_bd['tables']['syscheck']['fim_registry_value'],                                          # 20              
+                        ag_bd['tables']['syscheck']['fim_registry_value'],                                          # 20
                         ag_bd['tables']['syscollector']['syscollector_hotfixes'],                                    # 21
-                        ag_bd['tables']['syscollector']['syscollector_hwinfo'],                                      # 22 
+                        ag_bd['tables']['syscollector']['syscollector_hwinfo'],                                      # 22
                         ag_bd['tables']['syscollector']['syscollector_network_address'],                             # 23
-                        ag_bd['tables']['syscollector']['syscollector_network_iface'],                               # 24                          
+                        ag_bd['tables']['syscollector']['syscollector_network_iface'],                               # 24
                         ag_bd['tables']['syscollector']['syscollector_network_protocol'],                            # 25
                         ag_bd['tables']['syscollector']['syscollector_osinfo'],                                      # 26
                         ag_bd['tables']['syscollector']['syscollector_packages'],                                    # 27
@@ -438,7 +439,7 @@ def _write_csv(self, data, target, csv_file):
                         vulnerability_data,                                                                          # 30
                         received_breakdown['global'],                                                               # 31
                         glob_bd['db']['backup'],                                                                    # 32
-                        glob_bd['db']['sql'],                                                                       # 33       
+                        glob_bd['db']['sql'],                                                                       # 33
                         glob_bd['db']['vacuum'],                                                                    # 34
                         glob_bd['db']['get_fragmentation'],                                                         # 35
                         glob_bd['tables']['agent']['delete-agent'],                                                 # 36

deps/wazuh_testing/wazuh_testing/tools/system.py

@@ -884,6 +884,16 @@ def get_api_credentials(self):
 
         return user, password
 
+    def get_cluster_name(self):
+        manager_list = self.get_group_hosts('manager')
+        if not manager_list:
+            raise ValueError("No manager is defined in the environment")
+
+        first_manager_vars = self.inventory_manager.get_host(manager_list[0])
+        cluster_name = first_manager_vars.vars.get('cluster_name', 'wazuh')
+
+        return cluster_name
+
     def get_indexer_credentials(self):
         default_user = 'admin'
         default_password = 'changeme'