Skip to content

Commit

Permalink
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat(#798): add new test to check missing fields in cpe_helper file
Browse files Browse the repository at this point in the history
fedepacher committed Jan 17, 2023
1 parent 487a1eb commit bbe7395
Showing 9 changed files with 780 additions and 5 deletions.
Original file line number Diff line number Diff line change
@@ -19,6 +19,8 @@
T_800 = 800

CUSTOM_VULNERABLE_PACKAGES = 'custom_vulnerable_packages.json'
CUSTOM_VULNERABLE_PKG_MISSING_VENDOR = 'custom_vulnerable_pkg_missing_vendor.json'
CUSTOM_VULNERABLE_PKG_MISSING_VENDOR_VERSION = 'custom_vulnerable_pkg_missing_vendor_version.json'
CUSTOM_NVD_FEED = 'custom_nvd_feed.json'
CUSTOM_NVD_ALTERNATIVE_FEED = 'custom_nvd_alternative_feed.json'
CUSTOM_REDHAT_JSON_FEED = 'custom_redhat_json_feed.json'
@@ -28,6 +30,7 @@
CUSTOM_DEBIAN_JSON_FEED = 'custom_debian_json_feed.json'
CUSTOM_MSU_JSON_FEED = 'custom_msu.json'
CUSTOM_CPE_HELPER = 'custom_cpe_helper.json'
CUSTOM_GENERIC_CPE_HELPER = 'custom_generic_cpe_helper_one_package.json'
CUSTOM_ARCHLINUX_JSON_FEED = 'custom_archlinux_feed.json'
CUSTOM_ALAS_JSON_FEED = 'custom_alas_feed.json'
CUSTOM_ALAS2_JSON_FEED = 'custom_alas2_feed.json'
@@ -97,17 +100,20 @@ def update_feed_path_configurations(configurations, metadata, feeds_path):
for index, _ in enumerate(configurations):
if 'json_feed' in metadata[index] and metadata[index]['json_feed'] is not None:
new_configurations[index] = json.loads(json.dumps(new_configurations[index]).
replace(metadata[index]['json_feed_tag'], os.path.join(feeds_path, metadata[index]['provider_name'],
metadata[index]['json_feed'])))
replace(metadata[index]['json_feed_tag'],
os.path.join(feeds_path, metadata[index]['provider_name'],
metadata[index]['json_feed'])))

if 'oval_feed' in metadata[index] and metadata[index]['oval_feed'] is not None:
new_configurations[index] = json.loads(json.dumps(new_configurations[index]).
replace(metadata[index]['oval_feed_tag'], os.path.join(feeds_path, metadata[index]['provider_name'],
metadata[index]['oval_feed'])))
replace(metadata[index]['oval_feed_tag'],
os.path.join(feeds_path, metadata[index]['provider_name'],
metadata[index]['oval_feed'])))

if 'nvd_feed_tag' in metadata[index] and 'nvd_feed' in metadata[index]:
new_configurations[index] = json.loads(json.dumps(new_configurations[index]).
replace(metadata[index]['nvd_feed_tag'], os.path.join(feeds_path, 'nvd', metadata[index]['nvd_feed'])))
replace(metadata[index]['nvd_feed_tag'],
os.path.join(feeds_path, 'nvd', metadata[index]['nvd_feed'])))

return new_configurations

Original file line number Diff line number Diff line change
@@ -462,3 +462,16 @@ def check_error_when_updating_cve_database(log_monitor=None, timeout=vd.T_20):
"""
check_vuln_detector_event(file_monitor=log_monitor, timeout=timeout,
callback=r"ERROR: .* CVE database could not be updated.")


def check_version_log(package_name='', log_monitor=None, timeout=vd.T_20):
"""Check that the version log could not be reached.
Args:
package_name (str): Package name.
log_monitor (FileMonitor): Log monitor.
timeout (str): timeout to check the event in Wazuh log.
"""
check_vuln_detector_event(file_monitor=log_monitor, timeout=timeout,
callback=fr"DEBUG: .* Couldn't get the version of the CPE for the {package_name} "
"package.")
Original file line number Diff line number Diff line change
@@ -0,0 +1,38 @@
{
"VERSION_TAG": "VERSION_VALUE",
"FORMAT_TAG": "FORMAT_VALUE",
"UPDATE_TAG": "UPDATE_VALUE",
"DICTIONARY_TAG": [
{
"TARGET_TAG": "TARGET_VALUE",
"SOURCE_TAG": {
"VENDOR_S_TAG": [
"VENDOR_S_VALUE"
],
"PRODUCT_S_TAG": [
"PRODUCT_S_VALUE_0"
],
"VERSION_S_TAG": ["VERSION_S_VALUE"]
},
"TRANSLATION_TAG": {
"VENDOR_T_TAG": [
"VENDOR_T_VALUE"
],
"PRODUCT_T_TAG": [
"PRODUCT_T_VALUE_0"
],
"VERSION_T_TAG": ["VERSION_T_VALUE"]
},
"ACTION_TAG": [
"ACTION_VALUE_0",
"ACTION_VALUE_1"
]
}
],
"LICENSE_TAG": {
"TITLE_TAG": "TITLE_VALUE",
"COPYRIGHT_TAG": "COPYRIGHT_VALUE",
"DATE_TAG": "DATE_VALUE",
"TYPE_TAG" : "TYPE_VALUE"
}
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
[
{
"scan": {
"id": 0,
"time": "2021-11-20T12:41:27Z"
},
"architecture": "x86_64",
"format": "win",
"name": "custom-package-0 1.0.0",
"size": 0,
"vendor": "NULL",
"cveid": "CVE-000"
}
]
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
[
{
"scan": {
"id": 0,
"time": "2021-11-20T12:41:27Z"
},
"architecture": "x86_64",
"format": "win",
"name": "custom-package-0 1.0.0",
"size": 0,
"vendor": "NULL",
"cveid": "CVE-000",
"version": "NULL"
}
]
Original file line number Diff line number Diff line change
@@ -0,0 +1,75 @@
- sections:
- section: vulnerability-detector
elements:
- enabled:
value: 'yes'
- run_on_start:
value: 'yes'
- provider:
attributes:
- name: redhat
elements:
- enabled:
value: 'no'
- provider:
attributes:
- name: canonical
elements:
- enabled:
value: 'no'
- provider:
attributes:
- name: debian
elements:
- enabled:
value: 'no'
- provider:
attributes:
- name: msu
elements:
- enabled:
value: 'yes'
- update_interval:
value: 1h
- provider:
attributes:
- name: alas
elements:
- enabled:
value: 'no'
- provider:
attributes:
- name: arch
elements:
- enabled:
value: 'no'
- provider:
attributes:
- name: nvd
elements:
- enabled:
value: 'yes'
- path:
value: NVD_JSON_PATH

- section: sca
elements:
- enabled:
value: 'no'

- section: rootcheck
elements:
- disabled:
value: 'yes'

- section: syscheck
elements:
- disabled:
value: 'yes'

- section: wodle
attributes:
- name: syscollector
elements:
- disabled:
value: 'yes'
Original file line number Diff line number Diff line change
@@ -0,0 +1,229 @@
- name: WINDOWS
description: Indexing CPE helper with missing vendor field
configuration_parameters:
NVD_JSON_PATH: CUSTOM_NVD_JSON_PATH
metadata:
system: WINDOWS_10
wrong_field: null
missing_field: []
tags:
VERSION_TAG: version
FORMAT_TAG: format_version
UPDATE_TAG: update_date
DICTIONARY_TAG: dictionary
TARGET_TAG: target
SOURCE_TAG: source
VENDOR_S_TAG: vendor
PRODUCT_S_TAG: product
VERSION_S_TAG: version
TRANSLATION_TAG: translation
VENDOR_T_TAG: vendor
PRODUCT_T_TAG: product
VERSION_T_TAG: version
ACTION_TAG: action
LICENSE_TAG: license
TITLE_TAG: title
COPYRIGHT_TAG: copyright
DATE_TAG: date
TYPE_TAG: type
values:
VERSION_VALUE: "1.0"
FORMAT_VALUE: "1.0"
UPDATE_VALUE: 2050-10-02T10:56Z
TARGET_VALUE: windows
VENDOR_S_VALUE: ""
PRODUCT_S_VALUE_0: ^custom-package-0.*
VERSION_S_VALUE: ^custom-package-0 ([0-9]+\\.*[0-9]*\\.*[0-9]*-*[0-9]*)
VENDOR_T_VALUE: wazuh-mocking
PRODUCT_T_VALUE_0: custom-package-0
VERSION_T_VALUE: ""
ACTION_VALUE_0: replace_product
ACTION_VALUE_1: set_version_if_product_matches
TITLE_VALUE: Dictionary of CPEs to analyze system vulnerabilities.
COPYRIGHT_VALUE: Copyright (C) 2015-2019, Wazuh Inc.
DATE_VALUE: March 6, 2019.
TYPE_VALUE: GPLv2

- name: WINDOWS
description: Indexing CPE helper with missing vendor and version fields
configuration_parameters:
NVD_JSON_PATH: CUSTOM_NVD_JSON_PATH
metadata:
system: WINDOWS_10
wrong_field: null
missing_field: []
tags:
VERSION_TAG: version
FORMAT_TAG: format_version
UPDATE_TAG: update_date
DICTIONARY_TAG: dictionary
TARGET_TAG: target
SOURCE_TAG: source
VENDOR_S_TAG: vendor
PRODUCT_S_TAG: product
VERSION_S_TAG: version
TRANSLATION_TAG: translation
VENDOR_T_TAG: vendor
PRODUCT_T_TAG: product
VERSION_T_TAG: version
ACTION_TAG: action
LICENSE_TAG: license
TITLE_TAG: title
COPYRIGHT_TAG: copyright
DATE_TAG: date
TYPE_TAG: type
values:
VERSION_VALUE: "1.0"
FORMAT_VALUE: "1.0"
UPDATE_VALUE: 2050-10-02T10:56Z
TARGET_VALUE: windows
VENDOR_S_VALUE: ""
PRODUCT_S_VALUE_0: ^custom-package-0.*
VERSION_S_VALUE: ""
VENDOR_T_VALUE: wazuh-mocking
PRODUCT_T_VALUE_0: custom-package-0
VERSION_T_VALUE: ^custom-package-0 ([0-9]+\\.*[0-9]*\\.*[0-9]*-*[0-9]*)
ACTION_VALUE_0: replace_product
ACTION_VALUE_1: set_version_if_product_matches
TITLE_VALUE: Dictionary of CPEs to analyze system vulnerabilities.
COPYRIGHT_VALUE: Copyright (C) 2015-2019, Wazuh Inc.
DATE_VALUE: March 6, 2019.
TYPE_VALUE: GPLv2

- name: WINDOWS
description: Indexing CPE helper with missing set_version_if_product_matches action field
configuration_parameters:
NVD_JSON_PATH: CUSTOM_NVD_JSON_PATH
metadata:
system: WINDOWS_10
wrong_field: null
missing_field: []
tags:
VERSION_TAG: version
FORMAT_TAG: format_version
UPDATE_TAG: update_date
DICTIONARY_TAG: dictionary
TARGET_TAG: target
SOURCE_TAG: source
VENDOR_S_TAG: vendor
PRODUCT_S_TAG: product
VERSION_S_TAG: version
TRANSLATION_TAG: translation
VENDOR_T_TAG: vendor
PRODUCT_T_TAG: product
VERSION_T_TAG: version
ACTION_TAG: action
LICENSE_TAG: license
TITLE_TAG: title
COPYRIGHT_TAG: copyright
DATE_TAG: date
TYPE_TAG: type
values:
VERSION_VALUE: "1.0"
FORMAT_VALUE: "1.0"
UPDATE_VALUE: 2050-10-02T10:56Z
TARGET_VALUE: windows
VENDOR_S_VALUE: ""
PRODUCT_S_VALUE_0: ^custom-package-0.*
VERSION_S_VALUE: ""
VENDOR_T_VALUE: wazuh-mocking
PRODUCT_T_VALUE_0: custom-package-0
VERSION_T_VALUE: ^custom-package-0 ([0-9]+\\.*[0-9]*\\.*[0-9]*-*[0-9]*)
ACTION_VALUE_0: replace_product
ACTION_VALUE_1: ""
TITLE_VALUE: Dictionary of CPEs to analyze system vulnerabilities.
COPYRIGHT_VALUE: Copyright (C) 2015-2019, Wazuh Inc.
DATE_VALUE: March 6, 2019.
TYPE_VALUE: GPLv2

- name: WINDOWS
description: Indexing CPE helper with replace_vendor instead of set_version_if_product_matches action fields
configuration_parameters:
NVD_JSON_PATH: CUSTOM_NVD_JSON_PATH
metadata:
system: WINDOWS_10
wrong_field: null
missing_field: []
tags:
VERSION_TAG: version
FORMAT_TAG: format_version
UPDATE_TAG: update_date
DICTIONARY_TAG: dictionary
TARGET_TAG: target
SOURCE_TAG: source
VENDOR_S_TAG: vendor
PRODUCT_S_TAG: product
VERSION_S_TAG: version
TRANSLATION_TAG: translation
VENDOR_T_TAG: vendor
PRODUCT_T_TAG: product
VERSION_T_TAG: version
ACTION_TAG: action
LICENSE_TAG: license
TITLE_TAG: title
COPYRIGHT_TAG: copyright
DATE_TAG: date
TYPE_TAG: type
values:
VERSION_VALUE: "1.0"
FORMAT_VALUE: "1.0"
UPDATE_VALUE: 2050-10-02T10:56Z
TARGET_VALUE: windows
VENDOR_S_VALUE: ""
PRODUCT_S_VALUE_0: ^custom-package-0.*
VERSION_S_VALUE: ""
VENDOR_T_VALUE: wazuh-mocking
PRODUCT_T_VALUE_0: custom-package-0
VERSION_T_VALUE: ^custom-package-0 ([0-9]+\\.*[0-9]*\\.*[0-9]*-*[0-9]*)
ACTION_VALUE_0: replace_product
ACTION_VALUE_1: replace_vendor
TITLE_VALUE: Dictionary of CPEs to analyze system vulnerabilities.
COPYRIGHT_VALUE: Copyright (C) 2015-2019, Wazuh Inc.
DATE_VALUE: March 6, 2019.
TYPE_VALUE: GPLv2

- name: WINDOWS
description: Indexing CPE helper with missing all source fields
configuration_parameters:
NVD_JSON_PATH: CUSTOM_NVD_JSON_PATH
metadata:
system: WINDOWS_10
wrong_field: null
missing_field: []
tags:
VERSION_TAG: version
FORMAT_TAG: format_version
UPDATE_TAG: update_date
DICTIONARY_TAG: dictionary
TARGET_TAG: target
SOURCE_TAG: source
VENDOR_S_TAG: vendor
PRODUCT_S_TAG: product
VERSION_S_TAG: version
TRANSLATION_TAG: translation
VENDOR_T_TAG: vendor
PRODUCT_T_TAG: product
VERSION_T_TAG: version
ACTION_TAG: action
LICENSE_TAG: license
TITLE_TAG: title
COPYRIGHT_TAG: copyright
DATE_TAG: date
TYPE_TAG: type
values:
VERSION_VALUE: "1.0"
FORMAT_VALUE: "1.0"
UPDATE_VALUE: 2050-10-02T10:56Z
TARGET_VALUE: windows
VENDOR_S_VALUE: ""
PRODUCT_S_VALUE_0: ""
VERSION_S_VALUE: ""
VENDOR_T_VALUE: wazuh-mocking
PRODUCT_T_VALUE_0: custom-package-0
VERSION_T_VALUE: ^custom-package-0 ([0-9]+\\.*[0-9]*\\.*[0-9]*-*[0-9]*)
ACTION_VALUE_0: replace_product
ACTION_VALUE_1: replace_vendor
TITLE_VALUE: Dictionary of CPEs to analyze system vulnerabilities.
COPYRIGHT_VALUE: Copyright (C) 2015-2019, Wazuh Inc.
DATE_VALUE: March 6, 2019.
TYPE_VALUE: GPLv2
Original file line number Diff line number Diff line change
@@ -0,0 +1,46 @@
- name: WINDOWS
description: Indexing CPE helper with missing all the source fields and version translation field
configuration_parameters:
NVD_JSON_PATH: CUSTOM_NVD_JSON_PATH
metadata:
system: WINDOWS_10
wrong_field: null
missing_field: []
stage: stage_0
tags:
VERSION_TAG: version
FORMAT_TAG: format_version
UPDATE_TAG: update_date
DICTIONARY_TAG: dictionary
TARGET_TAG: target
SOURCE_TAG: source
VENDOR_S_TAG: vendor
PRODUCT_S_TAG: product
VERSION_S_TAG: version
TRANSLATION_TAG: translation
VENDOR_T_TAG: vendor
PRODUCT_T_TAG: product
VERSION_T_TAG: version
ACTION_TAG: action
LICENSE_TAG: license
TITLE_TAG: title
COPYRIGHT_TAG: copyright
DATE_TAG: date
TYPE_TAG: type
values:
VERSION_VALUE: "1.0"
FORMAT_VALUE: "1.0"
UPDATE_VALUE: 2050-10-02T10:56Z
TARGET_VALUE: windows
VENDOR_S_VALUE: ""
PRODUCT_S_VALUE_0: ""
VERSION_S_VALUE: ""
VENDOR_T_VALUE: wazuh-mocking
PRODUCT_T_VALUE_0: custom-package-0
VERSION_T_VALUE: ""
ACTION_VALUE_0: replace_product
ACTION_VALUE_1: replace_vendor
TITLE_VALUE: Dictionary of CPEs to analyze system vulnerabilities.
COPYRIGHT_VALUE: Copyright (C) 2015-2019, Wazuh Inc.
DATE_VALUE: March 6, 2019.
TYPE_VALUE: GPLv2
Original file line number Diff line number Diff line change
@@ -0,0 +1,339 @@
'''
copyright: Copyright (C) 2015-2021, Wazuh Inc.
Created by Wazuh, Inc. <info@wazuh.com>.
This program is free software; you can redistribute it and/or modify it under the terms of GPLv2
type: integration
brief: Wazuh is able to detect vulnerabilities in the applications installed in agents using the Vulnerability Detector
module. This software audit is performed through the integration of vulnerability feeds indexed by Redhat,
Canonical, Debian, Amazon Linux and NVD Database.
components:
- vulnerability_detector
suite: feeds
targets:
- manager
daemons:
- wazuh-modulesd
- wazuh-db
os_platform:
- linux
os_version:
- Arch Linux
- Amazon Linux 2
- Amazon Linux 1
- CentOS 8
- CentOS 7
- Debian Buster
- Red Hat 8
- Ubuntu Focal
- Ubuntu Bionic
references:
- https://documentation.wazuh.com/current/user-manual/capabilities/vulnerability-detection/index.html
tags:
- vulnerability_detector
- cpe_helper
'''
import os
import pytest

from wazuh_testing.tools.configuration import load_configuration_template, get_test_cases_data
from wazuh_testing.tools.configuration import update_configuration_template
from wazuh_testing import CPE_HELPER_PATH
from wazuh_testing.db_interface import agent_db
from wazuh_testing.tools.file import read_json_file, copy, write_json_file
from wazuh_testing.modules.vulnerability_detector import event_monitor as evm
from wazuh_testing.modules import vulnerability_detector as vd

pytestmark = [pytest.mark.server]


# Reference paths
TEST_DATA_PATH = os.path.join(os.path.dirname(os.path.realpath(__file__)), 'data')
CONFIGURATIONS_PATH = os.path.join(TEST_DATA_PATH, 'configuration_template')
TEST_CASES_PATH = os.path.join(TEST_DATA_PATH, 'test_cases')
TEST_FEEDS_PATH = os.path.join(os.path.dirname(os.path.realpath(__file__)), '..', 'data', 'feeds')
TEST_PACKAGES_PATH = os.path.join(os.path.dirname(os.path.realpath(__file__)), '..', 'data', 'vulnerable_packages')

# Configuration and cases data
t1_configurations_path = os.path.join(CONFIGURATIONS_PATH, 'configuration_cpe_indexing.yaml')
t1_cases_path = os.path.join(TEST_CASES_PATH, 'cases_cpe_indexing_missing_fields.yaml')
t2_configurations_path = os.path.join(CONFIGURATIONS_PATH, 'configuration_cpe_indexing.yaml')
t2_cases_path = os.path.join(TEST_CASES_PATH, 'cases_cpe_indexing_missing_vendor_version.yaml')

# Custom paths
custom_nvd_json_feed_path = os.path.join(TEST_FEEDS_PATH, 'nvd', vd.CUSTOM_NVD_FEED)
custom_cpe_helper_path = os.path.join(TEST_FEEDS_PATH, 'cpe_helper', vd.CUSTOM_GENERIC_CPE_HELPER)
custom_vulnerable_pkg_missing_vendor_path = os.path.join(TEST_PACKAGES_PATH,
vd.CUSTOM_VULNERABLE_PKG_MISSING_VENDOR)
custom_vulnerable_pkg_missing_vendor_version_path = os.path.join(TEST_PACKAGES_PATH,
vd.CUSTOM_VULNERABLE_PKG_MISSING_VENDOR_VERSION)

# CPE indexing packages test configurations (t1)
t1_configuration_parameters, t1_configuration_metadata, t1_test_case_ids = get_test_cases_data(t1_cases_path)
t1_configurations = load_configuration_template(t1_configurations_path, t1_configuration_parameters,
t1_configuration_metadata)
t1_systems = [metadata['system'] for metadata in t1_configuration_metadata]

# CPE indexing packages test configurations (t2)
t2_configuration_parameters, t2_configuration_metadata, t2_test_case_ids = get_test_cases_data(t2_cases_path)
t2_configurations = load_configuration_template(t2_configurations_path, t2_configuration_parameters,
t2_configuration_metadata)
t2_systems = [metadata['system'] for metadata in t2_configuration_metadata]

# Set offline custom feeds configuration
t1_configurations = update_configuration_template(t1_configurations, ['CUSTOM_NVD_JSON_PATH'],
[custom_nvd_json_feed_path])
t2_configurations = update_configuration_template(t2_configurations, ['CUSTOM_NVD_JSON_PATH'],
[custom_nvd_json_feed_path])

# Global vars
t1_agent_packages = [read_json_file(custom_vulnerable_pkg_missing_vendor_path)
for metadata in t1_configuration_metadata]
t2_agent_packages = [read_json_file(custom_vulnerable_pkg_missing_vendor_version_path)
for metadata in t2_configuration_metadata]

def replace_cpe_json_fields(tags=None, values=None):
"""Replace the tags and values of the generic_custom_cpe_helper.json file.
Args:
tags (dict): Dictionary with tags names values
values (dict): Dictionary with tag values
"""
with open(CPE_HELPER_PATH, 'r') as file:
filedata = file.read()
for key, value in tags.items():
filedata = filedata.replace(key, value)
for key, value in values.items():
filedata = filedata.replace(key, value)
with open(CPE_HELPER_PATH, 'w') as file:
file.write(filedata)


def remove_item(item, remove_key=""):
"""Remove recursively the tags and values of the dictionary.
Args:
item (dict): Dictionary
remove_key (str): Item to be deleted
"""
if isinstance(item, dict):
for key in list(item.keys()):
if key == remove_key:
del item[key]
else:
remove_item(item[key], remove_key)
elif isinstance(item, list):
for i in reversed(range(len(item))):
if item[i] == remove_key:
del item[i]
else:
remove_item(item[i], remove_key)
else:
pass
return item


def remove_cpe_json_fields(tags=None):
"""Remove the tags and values of the generic_custom_cpe_helper.json file.
Args:
tags (dict): Dictionary with tags names values
"""
import json
with open(CPE_HELPER_PATH, 'r') as file:
filedata = json.load(file)
filedata = remove_item(filedata, tags)
with open(CPE_HELPER_PATH, 'w') as file:
file.write(json.dumps(filedata, indent=4))


@pytest.fixture(scope='function')
def prepare_scan(request, metadata, agent_system, agent_packages, mock_agent_with_custom_system):
"""Prepare the environment to launch the vulnerability scan.
- Mock an agent with a specified system.
- Insert mocked vulnerables packages.
- Update packages sync status.
- Copy the custom CPE helper to the dictionaries folder.
- Force full scan.
Args:
metadata (dict): Test case metadata.
agent_system (str): System to set to the mocked agent.
agent_packages (list): List of vulnerable packages
mock_agent_with_custom_system (fixture): Mock an agent with a custom system.
"""
for package in agent_packages:
try:
version = package['version']
except KeyError:
version = ''
agent_db.insert_package(name=package['name'], format=package['format'], architecture=package['architecture'],
agent_id=mock_agent_with_custom_system, vendor=package['vendor'], version=version)

# Sync packages info
agent_db.update_sync_info(agent_id=mock_agent_with_custom_system, component="syscollector-packages")
agent_db.update_sync_info(agent_id=mock_agent_with_custom_system, component="syscollector-hotfixes")

# Make a backup data from inital CPE helper
cpe_helper_backup_data = read_json_file(CPE_HELPER_PATH)

# Set the custom CPE helper
copy(custom_cpe_helper_path, CPE_HELPER_PATH)

# Remove the values of the CPE helper
remove_cpe_json_fields(tags=metadata['missing_field'])

# Replace the values of the CPE helper
replace_cpe_json_fields(tags=metadata['tags'], values=metadata['values'])

yield mock_agent_with_custom_system

# Restore the CPE helper backup data
write_json_file(CPE_HELPER_PATH, cpe_helper_backup_data)


@pytest.mark.parametrize('configuration, metadata, agent_system, agent_packages',
zip(t1_configurations, t1_configuration_metadata, t1_systems, t1_agent_packages),
ids=t1_test_case_ids)
def test_cpe_indexing_missing_fields(configuration, metadata, agent_system, agent_packages, set_wazuh_configuration_vdt,
truncate_monitored_files, clean_cve_tables_func, prepare_scan,
restart_modulesd_function):
'''
description: Check if the packages are indexed in the database by checking the respective log in the ossec.log file,
and if the alert of the vulnerable package comes out when some tag are missing.
test_phases:
- Set a custom Wazuh configuration, with custom feeds.
- Mock an agent with Windows system and vulnerable packages.
- Copy a custom CPE helper and load new tags and values.
- Restart wazuh-modulesd.
- Check the ossec.log for specific information.
wazuh_min_version: 4.5.0
tier: 1
parameters:
- configuration:
type: dict
brief: Wazuh configuration data. Needed for set_wazuh_configuration fixture.
- metadata:
type: dict
brief: Wazuh configuration metadata.
- agent_system:
type: str
brief: System to set to the mocked agent.
- agent_packages
type: list
brief: List of vulnerable packages.
- set_wazuh_configuration_vdt:
type: fixture
brief: Set the wazuh configuration according to the configuration data.
- truncate_monitored_files:
type: fixture
brief: Truncate all the log files and json alerts files before and after the test execution.
- clean_cve_tables_func:
type: fixture
brief: Clean all CVE tables.
- prepare_scan:
type: fixture
brief: Setup the initial test state.
- restart_modulesd_function:
type: fixture
brief: Restart the wazuh-modulesd daemon.
assertions:
- Check for a specific log and alert.
input_description:
- The `configuration_cpe_indexing.yaml` file provides the module configuration for this test.
- The `cases_cpe_indexing_missing_fields.yaml` file provides the test cases.
expected_output:
- r"The CPE .*a:{package_vendor}:{package_name}.* from the agent '{agent_id}' was indexed"
- fr".*"agent":."id":"{agent_id}".*{cve} affects {package}', prefix='.*"
'''
for package in agent_packages:
evm.check_cpe_helper_packages_indexed(package_name=metadata['values']['PRODUCT_T_VALUE_0'],
package_vendor=metadata['values']['VENDOR_T_VALUE'],
agent_id=prepare_scan)


evm.check_vulnerability_affects_alert(agent_id=prepare_scan,
package=metadata['values']['PRODUCT_T_VALUE_0'],
cve=package['cveid'])


@pytest.mark.parametrize('configuration, metadata, agent_system, agent_packages',
zip(t2_configurations, t2_configuration_metadata, t2_systems, t2_agent_packages),
ids=t2_test_case_ids)
def test_cpe_indexing_missing_vendor_version(configuration, metadata, agent_system, agent_packages,
set_wazuh_configuration_vdt, truncate_monitored_files,
clean_cve_tables_func, prepare_scan, restart_modulesd_function):
'''
description: Check that when vendor and version tags are missing, and the action tag is not the correct to
extract the version field, the package cannot be indexed.
test_phases:
- Set a custom Wazuh configuration, with custom feeds.
- Mock an agent with Windows system and vulnerable packages.
- Copy a custom CPE helper and load new tags and values.
- Restart wazuh-modulesd.
- Check the ossec.log for specific information.
wazuh_min_version: 4.5.0
tier: 1
parameters:
- configuration:
type: dict
brief: Wazuh configuration data. Needed for set_wazuh_configuration fixture.
- metadata:
type: dict
brief: Wazuh configuration metadata.
- agent_system:
type: str
brief: System to set to the mocked agent.
- agent_packages
type: list
brief: List of vulnerable packages.
- set_wazuh_configuration_vdt:
type: fixture
brief: Set the wazuh configuration according to the configuration data.
- truncate_monitored_files:
type: fixture
brief: Truncate all the log files and json alerts files before and after the test execution.
- clean_cve_tables_func:
type: fixture
brief: Clean all CVE tables.
- prepare_scan:
type: fixture
brief: Setup the initial test state.
- restart_modulesd_function:
type: fixture
brief: Restart the wazuh-modulesd daemon.
assertions:
- Check for a specific log and alert.
input_description:
- The `configuration_cpe_indexing.yaml` file provides the module configuration for this test.
- The `cases_cpe_indexing_missing_vendor_version.yaml` file provides the test cases.
expected_output:
- fr"DEBUG: .* Couldn't get the version of the CPE for the {package_name} package."
'''
evm.check_version_log(package_name=metadata['values']['PRODUCT_T_VALUE_0'])

0 comments on commit bbe7395

Please sign in to comment.