-
Notifications
You must be signed in to change notification settings - Fork 32
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat(#798): add new test to check missing fields in cpe_helper file
1 parent
487a1eb
commit bbe7395
Showing
9 changed files
with
780 additions
and
5 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
38 changes: 38 additions & 0 deletions
38
...t_vulnerability_detector/data/feeds/cpe_helper/custom_generic_cpe_helper_one_package.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,38 @@ | ||
{ | ||
"VERSION_TAG": "VERSION_VALUE", | ||
"FORMAT_TAG": "FORMAT_VALUE", | ||
"UPDATE_TAG": "UPDATE_VALUE", | ||
"DICTIONARY_TAG": [ | ||
{ | ||
"TARGET_TAG": "TARGET_VALUE", | ||
"SOURCE_TAG": { | ||
"VENDOR_S_TAG": [ | ||
"VENDOR_S_VALUE" | ||
], | ||
"PRODUCT_S_TAG": [ | ||
"PRODUCT_S_VALUE_0" | ||
], | ||
"VERSION_S_TAG": ["VERSION_S_VALUE"] | ||
}, | ||
"TRANSLATION_TAG": { | ||
"VENDOR_T_TAG": [ | ||
"VENDOR_T_VALUE" | ||
], | ||
"PRODUCT_T_TAG": [ | ||
"PRODUCT_T_VALUE_0" | ||
], | ||
"VERSION_T_TAG": ["VERSION_T_VALUE"] | ||
}, | ||
"ACTION_TAG": [ | ||
"ACTION_VALUE_0", | ||
"ACTION_VALUE_1" | ||
] | ||
} | ||
], | ||
"LICENSE_TAG": { | ||
"TITLE_TAG": "TITLE_VALUE", | ||
"COPYRIGHT_TAG": "COPYRIGHT_VALUE", | ||
"DATE_TAG": "DATE_VALUE", | ||
"TYPE_TAG" : "TYPE_VALUE" | ||
} | ||
} |
14 changes: 14 additions & 0 deletions
14
...vulnerability_detector/data/vulnerable_packages/custom_vulnerable_pkg_missing_vendor.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,14 @@ | ||
[ | ||
{ | ||
"scan": { | ||
"id": 0, | ||
"time": "2021-11-20T12:41:27Z" | ||
}, | ||
"architecture": "x86_64", | ||
"format": "win", | ||
"name": "custom-package-0 1.0.0", | ||
"size": 0, | ||
"vendor": "NULL", | ||
"cveid": "CVE-000" | ||
} | ||
] |
15 changes: 15 additions & 0 deletions
15
...ility_detector/data/vulnerable_packages/custom_vulnerable_pkg_missing_vendor_version.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,15 @@ | ||
[ | ||
{ | ||
"scan": { | ||
"id": 0, | ||
"time": "2021-11-20T12:41:27Z" | ||
}, | ||
"architecture": "x86_64", | ||
"format": "win", | ||
"name": "custom-package-0 1.0.0", | ||
"size": 0, | ||
"vendor": "NULL", | ||
"cveid": "CVE-000", | ||
"version": "NULL" | ||
} | ||
] |
75 changes: 75 additions & 0 deletions
75
...lity_detector/test_cpe_helper/data/configuration_template/configuration_cpe_indexing.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,75 @@ | ||
- sections: | ||
- section: vulnerability-detector | ||
elements: | ||
- enabled: | ||
value: 'yes' | ||
- run_on_start: | ||
value: 'yes' | ||
- provider: | ||
attributes: | ||
- name: redhat | ||
elements: | ||
- enabled: | ||
value: 'no' | ||
- provider: | ||
attributes: | ||
- name: canonical | ||
elements: | ||
- enabled: | ||
value: 'no' | ||
- provider: | ||
attributes: | ||
- name: debian | ||
elements: | ||
- enabled: | ||
value: 'no' | ||
- provider: | ||
attributes: | ||
- name: msu | ||
elements: | ||
- enabled: | ||
value: 'yes' | ||
- update_interval: | ||
value: 1h | ||
- provider: | ||
attributes: | ||
- name: alas | ||
elements: | ||
- enabled: | ||
value: 'no' | ||
- provider: | ||
attributes: | ||
- name: arch | ||
elements: | ||
- enabled: | ||
value: 'no' | ||
- provider: | ||
attributes: | ||
- name: nvd | ||
elements: | ||
- enabled: | ||
value: 'yes' | ||
- path: | ||
value: NVD_JSON_PATH | ||
|
||
- section: sca | ||
elements: | ||
- enabled: | ||
value: 'no' | ||
|
||
- section: rootcheck | ||
elements: | ||
- disabled: | ||
value: 'yes' | ||
|
||
- section: syscheck | ||
elements: | ||
- disabled: | ||
value: 'yes' | ||
|
||
- section: wodle | ||
attributes: | ||
- name: syscollector | ||
elements: | ||
- disabled: | ||
value: 'yes' |
229 changes: 229 additions & 0 deletions
229
...erability_detector/test_cpe_helper/data/test_cases/cases_cpe_indexing_missing_fields.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,229 @@ | ||
- name: WINDOWS | ||
description: Indexing CPE helper with missing vendor field | ||
configuration_parameters: | ||
NVD_JSON_PATH: CUSTOM_NVD_JSON_PATH | ||
metadata: | ||
system: WINDOWS_10 | ||
wrong_field: null | ||
missing_field: [] | ||
tags: | ||
VERSION_TAG: version | ||
FORMAT_TAG: format_version | ||
UPDATE_TAG: update_date | ||
DICTIONARY_TAG: dictionary | ||
TARGET_TAG: target | ||
SOURCE_TAG: source | ||
VENDOR_S_TAG: vendor | ||
PRODUCT_S_TAG: product | ||
VERSION_S_TAG: version | ||
TRANSLATION_TAG: translation | ||
VENDOR_T_TAG: vendor | ||
PRODUCT_T_TAG: product | ||
VERSION_T_TAG: version | ||
ACTION_TAG: action | ||
LICENSE_TAG: license | ||
TITLE_TAG: title | ||
COPYRIGHT_TAG: copyright | ||
DATE_TAG: date | ||
TYPE_TAG: type | ||
values: | ||
VERSION_VALUE: "1.0" | ||
FORMAT_VALUE: "1.0" | ||
UPDATE_VALUE: 2050-10-02T10:56Z | ||
TARGET_VALUE: windows | ||
VENDOR_S_VALUE: "" | ||
PRODUCT_S_VALUE_0: ^custom-package-0.* | ||
VERSION_S_VALUE: ^custom-package-0 ([0-9]+\\.*[0-9]*\\.*[0-9]*-*[0-9]*) | ||
VENDOR_T_VALUE: wazuh-mocking | ||
PRODUCT_T_VALUE_0: custom-package-0 | ||
VERSION_T_VALUE: "" | ||
ACTION_VALUE_0: replace_product | ||
ACTION_VALUE_1: set_version_if_product_matches | ||
TITLE_VALUE: Dictionary of CPEs to analyze system vulnerabilities. | ||
COPYRIGHT_VALUE: Copyright (C) 2015-2019, Wazuh Inc. | ||
DATE_VALUE: March 6, 2019. | ||
TYPE_VALUE: GPLv2 | ||
|
||
- name: WINDOWS | ||
description: Indexing CPE helper with missing vendor and version fields | ||
configuration_parameters: | ||
NVD_JSON_PATH: CUSTOM_NVD_JSON_PATH | ||
metadata: | ||
system: WINDOWS_10 | ||
wrong_field: null | ||
missing_field: [] | ||
tags: | ||
VERSION_TAG: version | ||
FORMAT_TAG: format_version | ||
UPDATE_TAG: update_date | ||
DICTIONARY_TAG: dictionary | ||
TARGET_TAG: target | ||
SOURCE_TAG: source | ||
VENDOR_S_TAG: vendor | ||
PRODUCT_S_TAG: product | ||
VERSION_S_TAG: version | ||
TRANSLATION_TAG: translation | ||
VENDOR_T_TAG: vendor | ||
PRODUCT_T_TAG: product | ||
VERSION_T_TAG: version | ||
ACTION_TAG: action | ||
LICENSE_TAG: license | ||
TITLE_TAG: title | ||
COPYRIGHT_TAG: copyright | ||
DATE_TAG: date | ||
TYPE_TAG: type | ||
values: | ||
VERSION_VALUE: "1.0" | ||
FORMAT_VALUE: "1.0" | ||
UPDATE_VALUE: 2050-10-02T10:56Z | ||
TARGET_VALUE: windows | ||
VENDOR_S_VALUE: "" | ||
PRODUCT_S_VALUE_0: ^custom-package-0.* | ||
VERSION_S_VALUE: "" | ||
VENDOR_T_VALUE: wazuh-mocking | ||
PRODUCT_T_VALUE_0: custom-package-0 | ||
VERSION_T_VALUE: ^custom-package-0 ([0-9]+\\.*[0-9]*\\.*[0-9]*-*[0-9]*) | ||
ACTION_VALUE_0: replace_product | ||
ACTION_VALUE_1: set_version_if_product_matches | ||
TITLE_VALUE: Dictionary of CPEs to analyze system vulnerabilities. | ||
COPYRIGHT_VALUE: Copyright (C) 2015-2019, Wazuh Inc. | ||
DATE_VALUE: March 6, 2019. | ||
TYPE_VALUE: GPLv2 | ||
|
||
- name: WINDOWS | ||
description: Indexing CPE helper with missing set_version_if_product_matches action field | ||
configuration_parameters: | ||
NVD_JSON_PATH: CUSTOM_NVD_JSON_PATH | ||
metadata: | ||
system: WINDOWS_10 | ||
wrong_field: null | ||
missing_field: [] | ||
tags: | ||
VERSION_TAG: version | ||
FORMAT_TAG: format_version | ||
UPDATE_TAG: update_date | ||
DICTIONARY_TAG: dictionary | ||
TARGET_TAG: target | ||
SOURCE_TAG: source | ||
VENDOR_S_TAG: vendor | ||
PRODUCT_S_TAG: product | ||
VERSION_S_TAG: version | ||
TRANSLATION_TAG: translation | ||
VENDOR_T_TAG: vendor | ||
PRODUCT_T_TAG: product | ||
VERSION_T_TAG: version | ||
ACTION_TAG: action | ||
LICENSE_TAG: license | ||
TITLE_TAG: title | ||
COPYRIGHT_TAG: copyright | ||
DATE_TAG: date | ||
TYPE_TAG: type | ||
values: | ||
VERSION_VALUE: "1.0" | ||
FORMAT_VALUE: "1.0" | ||
UPDATE_VALUE: 2050-10-02T10:56Z | ||
TARGET_VALUE: windows | ||
VENDOR_S_VALUE: "" | ||
PRODUCT_S_VALUE_0: ^custom-package-0.* | ||
VERSION_S_VALUE: "" | ||
VENDOR_T_VALUE: wazuh-mocking | ||
PRODUCT_T_VALUE_0: custom-package-0 | ||
VERSION_T_VALUE: ^custom-package-0 ([0-9]+\\.*[0-9]*\\.*[0-9]*-*[0-9]*) | ||
ACTION_VALUE_0: replace_product | ||
ACTION_VALUE_1: "" | ||
TITLE_VALUE: Dictionary of CPEs to analyze system vulnerabilities. | ||
COPYRIGHT_VALUE: Copyright (C) 2015-2019, Wazuh Inc. | ||
DATE_VALUE: March 6, 2019. | ||
TYPE_VALUE: GPLv2 | ||
|
||
- name: WINDOWS | ||
description: Indexing CPE helper with replace_vendor instead of set_version_if_product_matches action fields | ||
configuration_parameters: | ||
NVD_JSON_PATH: CUSTOM_NVD_JSON_PATH | ||
metadata: | ||
system: WINDOWS_10 | ||
wrong_field: null | ||
missing_field: [] | ||
tags: | ||
VERSION_TAG: version | ||
FORMAT_TAG: format_version | ||
UPDATE_TAG: update_date | ||
DICTIONARY_TAG: dictionary | ||
TARGET_TAG: target | ||
SOURCE_TAG: source | ||
VENDOR_S_TAG: vendor | ||
PRODUCT_S_TAG: product | ||
VERSION_S_TAG: version | ||
TRANSLATION_TAG: translation | ||
VENDOR_T_TAG: vendor | ||
PRODUCT_T_TAG: product | ||
VERSION_T_TAG: version | ||
ACTION_TAG: action | ||
LICENSE_TAG: license | ||
TITLE_TAG: title | ||
COPYRIGHT_TAG: copyright | ||
DATE_TAG: date | ||
TYPE_TAG: type | ||
values: | ||
VERSION_VALUE: "1.0" | ||
FORMAT_VALUE: "1.0" | ||
UPDATE_VALUE: 2050-10-02T10:56Z | ||
TARGET_VALUE: windows | ||
VENDOR_S_VALUE: "" | ||
PRODUCT_S_VALUE_0: ^custom-package-0.* | ||
VERSION_S_VALUE: "" | ||
VENDOR_T_VALUE: wazuh-mocking | ||
PRODUCT_T_VALUE_0: custom-package-0 | ||
VERSION_T_VALUE: ^custom-package-0 ([0-9]+\\.*[0-9]*\\.*[0-9]*-*[0-9]*) | ||
ACTION_VALUE_0: replace_product | ||
ACTION_VALUE_1: replace_vendor | ||
TITLE_VALUE: Dictionary of CPEs to analyze system vulnerabilities. | ||
COPYRIGHT_VALUE: Copyright (C) 2015-2019, Wazuh Inc. | ||
DATE_VALUE: March 6, 2019. | ||
TYPE_VALUE: GPLv2 | ||
|
||
- name: WINDOWS | ||
description: Indexing CPE helper with missing all source fields | ||
configuration_parameters: | ||
NVD_JSON_PATH: CUSTOM_NVD_JSON_PATH | ||
metadata: | ||
system: WINDOWS_10 | ||
wrong_field: null | ||
missing_field: [] | ||
tags: | ||
VERSION_TAG: version | ||
FORMAT_TAG: format_version | ||
UPDATE_TAG: update_date | ||
DICTIONARY_TAG: dictionary | ||
TARGET_TAG: target | ||
SOURCE_TAG: source | ||
VENDOR_S_TAG: vendor | ||
PRODUCT_S_TAG: product | ||
VERSION_S_TAG: version | ||
TRANSLATION_TAG: translation | ||
VENDOR_T_TAG: vendor | ||
PRODUCT_T_TAG: product | ||
VERSION_T_TAG: version | ||
ACTION_TAG: action | ||
LICENSE_TAG: license | ||
TITLE_TAG: title | ||
COPYRIGHT_TAG: copyright | ||
DATE_TAG: date | ||
TYPE_TAG: type | ||
values: | ||
VERSION_VALUE: "1.0" | ||
FORMAT_VALUE: "1.0" | ||
UPDATE_VALUE: 2050-10-02T10:56Z | ||
TARGET_VALUE: windows | ||
VENDOR_S_VALUE: "" | ||
PRODUCT_S_VALUE_0: "" | ||
VERSION_S_VALUE: "" | ||
VENDOR_T_VALUE: wazuh-mocking | ||
PRODUCT_T_VALUE_0: custom-package-0 | ||
VERSION_T_VALUE: ^custom-package-0 ([0-9]+\\.*[0-9]*\\.*[0-9]*-*[0-9]*) | ||
ACTION_VALUE_0: replace_product | ||
ACTION_VALUE_1: replace_vendor | ||
TITLE_VALUE: Dictionary of CPEs to analyze system vulnerabilities. | ||
COPYRIGHT_VALUE: Copyright (C) 2015-2019, Wazuh Inc. | ||
DATE_VALUE: March 6, 2019. | ||
TYPE_VALUE: GPLv2 |
46 changes: 46 additions & 0 deletions
46
...y_detector/test_cpe_helper/data/test_cases/cases_cpe_indexing_missing_vendor_version.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,46 @@ | ||
- name: WINDOWS | ||
description: Indexing CPE helper with missing all the source fields and version translation field | ||
configuration_parameters: | ||
NVD_JSON_PATH: CUSTOM_NVD_JSON_PATH | ||
metadata: | ||
system: WINDOWS_10 | ||
wrong_field: null | ||
missing_field: [] | ||
stage: stage_0 | ||
tags: | ||
VERSION_TAG: version | ||
FORMAT_TAG: format_version | ||
UPDATE_TAG: update_date | ||
DICTIONARY_TAG: dictionary | ||
TARGET_TAG: target | ||
SOURCE_TAG: source | ||
VENDOR_S_TAG: vendor | ||
PRODUCT_S_TAG: product | ||
VERSION_S_TAG: version | ||
TRANSLATION_TAG: translation | ||
VENDOR_T_TAG: vendor | ||
PRODUCT_T_TAG: product | ||
VERSION_T_TAG: version | ||
ACTION_TAG: action | ||
LICENSE_TAG: license | ||
TITLE_TAG: title | ||
COPYRIGHT_TAG: copyright | ||
DATE_TAG: date | ||
TYPE_TAG: type | ||
values: | ||
VERSION_VALUE: "1.0" | ||
FORMAT_VALUE: "1.0" | ||
UPDATE_VALUE: 2050-10-02T10:56Z | ||
TARGET_VALUE: windows | ||
VENDOR_S_VALUE: "" | ||
PRODUCT_S_VALUE_0: "" | ||
VERSION_S_VALUE: "" | ||
VENDOR_T_VALUE: wazuh-mocking | ||
PRODUCT_T_VALUE_0: custom-package-0 | ||
VERSION_T_VALUE: "" | ||
ACTION_VALUE_0: replace_product | ||
ACTION_VALUE_1: replace_vendor | ||
TITLE_VALUE: Dictionary of CPEs to analyze system vulnerabilities. | ||
COPYRIGHT_VALUE: Copyright (C) 2015-2019, Wazuh Inc. | ||
DATE_VALUE: March 6, 2019. | ||
TYPE_VALUE: GPLv2 |
339 changes: 339 additions & 0 deletions
339
...integration/test_vulnerability_detector/test_cpe_helper/test_cpe_helper_missing_fields.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,339 @@ | ||
''' | ||
copyright: Copyright (C) 2015-2021, Wazuh Inc. | ||
Created by Wazuh, Inc. <info@wazuh.com>. | ||
This program is free software; you can redistribute it and/or modify it under the terms of GPLv2 | ||
type: integration | ||
brief: Wazuh is able to detect vulnerabilities in the applications installed in agents using the Vulnerability Detector | ||
module. This software audit is performed through the integration of vulnerability feeds indexed by Redhat, | ||
Canonical, Debian, Amazon Linux and NVD Database. | ||
components: | ||
- vulnerability_detector | ||
suite: feeds | ||
targets: | ||
- manager | ||
daemons: | ||
- wazuh-modulesd | ||
- wazuh-db | ||
os_platform: | ||
- linux | ||
os_version: | ||
- Arch Linux | ||
- Amazon Linux 2 | ||
- Amazon Linux 1 | ||
- CentOS 8 | ||
- CentOS 7 | ||
- Debian Buster | ||
- Red Hat 8 | ||
- Ubuntu Focal | ||
- Ubuntu Bionic | ||
references: | ||
- https://documentation.wazuh.com/current/user-manual/capabilities/vulnerability-detection/index.html | ||
tags: | ||
- vulnerability_detector | ||
- cpe_helper | ||
''' | ||
import os | ||
import pytest | ||
|
||
from wazuh_testing.tools.configuration import load_configuration_template, get_test_cases_data | ||
from wazuh_testing.tools.configuration import update_configuration_template | ||
from wazuh_testing import CPE_HELPER_PATH | ||
from wazuh_testing.db_interface import agent_db | ||
from wazuh_testing.tools.file import read_json_file, copy, write_json_file | ||
from wazuh_testing.modules.vulnerability_detector import event_monitor as evm | ||
from wazuh_testing.modules import vulnerability_detector as vd | ||
|
||
pytestmark = [pytest.mark.server] | ||
|
||
|
||
# Reference paths | ||
TEST_DATA_PATH = os.path.join(os.path.dirname(os.path.realpath(__file__)), 'data') | ||
CONFIGURATIONS_PATH = os.path.join(TEST_DATA_PATH, 'configuration_template') | ||
TEST_CASES_PATH = os.path.join(TEST_DATA_PATH, 'test_cases') | ||
TEST_FEEDS_PATH = os.path.join(os.path.dirname(os.path.realpath(__file__)), '..', 'data', 'feeds') | ||
TEST_PACKAGES_PATH = os.path.join(os.path.dirname(os.path.realpath(__file__)), '..', 'data', 'vulnerable_packages') | ||
|
||
# Configuration and cases data | ||
t1_configurations_path = os.path.join(CONFIGURATIONS_PATH, 'configuration_cpe_indexing.yaml') | ||
t1_cases_path = os.path.join(TEST_CASES_PATH, 'cases_cpe_indexing_missing_fields.yaml') | ||
t2_configurations_path = os.path.join(CONFIGURATIONS_PATH, 'configuration_cpe_indexing.yaml') | ||
t2_cases_path = os.path.join(TEST_CASES_PATH, 'cases_cpe_indexing_missing_vendor_version.yaml') | ||
|
||
# Custom paths | ||
custom_nvd_json_feed_path = os.path.join(TEST_FEEDS_PATH, 'nvd', vd.CUSTOM_NVD_FEED) | ||
custom_cpe_helper_path = os.path.join(TEST_FEEDS_PATH, 'cpe_helper', vd.CUSTOM_GENERIC_CPE_HELPER) | ||
custom_vulnerable_pkg_missing_vendor_path = os.path.join(TEST_PACKAGES_PATH, | ||
vd.CUSTOM_VULNERABLE_PKG_MISSING_VENDOR) | ||
custom_vulnerable_pkg_missing_vendor_version_path = os.path.join(TEST_PACKAGES_PATH, | ||
vd.CUSTOM_VULNERABLE_PKG_MISSING_VENDOR_VERSION) | ||
|
||
# CPE indexing packages test configurations (t1) | ||
t1_configuration_parameters, t1_configuration_metadata, t1_test_case_ids = get_test_cases_data(t1_cases_path) | ||
t1_configurations = load_configuration_template(t1_configurations_path, t1_configuration_parameters, | ||
t1_configuration_metadata) | ||
t1_systems = [metadata['system'] for metadata in t1_configuration_metadata] | ||
|
||
# CPE indexing packages test configurations (t2) | ||
t2_configuration_parameters, t2_configuration_metadata, t2_test_case_ids = get_test_cases_data(t2_cases_path) | ||
t2_configurations = load_configuration_template(t2_configurations_path, t2_configuration_parameters, | ||
t2_configuration_metadata) | ||
t2_systems = [metadata['system'] for metadata in t2_configuration_metadata] | ||
|
||
# Set offline custom feeds configuration | ||
t1_configurations = update_configuration_template(t1_configurations, ['CUSTOM_NVD_JSON_PATH'], | ||
[custom_nvd_json_feed_path]) | ||
t2_configurations = update_configuration_template(t2_configurations, ['CUSTOM_NVD_JSON_PATH'], | ||
[custom_nvd_json_feed_path]) | ||
|
||
# Global vars | ||
t1_agent_packages = [read_json_file(custom_vulnerable_pkg_missing_vendor_path) | ||
for metadata in t1_configuration_metadata] | ||
t2_agent_packages = [read_json_file(custom_vulnerable_pkg_missing_vendor_version_path) | ||
for metadata in t2_configuration_metadata] | ||
|
||
def replace_cpe_json_fields(tags=None, values=None): | ||
"""Replace the tags and values of the generic_custom_cpe_helper.json file. | ||
Args: | ||
tags (dict): Dictionary with tags names values | ||
values (dict): Dictionary with tag values | ||
""" | ||
with open(CPE_HELPER_PATH, 'r') as file: | ||
filedata = file.read() | ||
for key, value in tags.items(): | ||
filedata = filedata.replace(key, value) | ||
for key, value in values.items(): | ||
filedata = filedata.replace(key, value) | ||
with open(CPE_HELPER_PATH, 'w') as file: | ||
file.write(filedata) | ||
|
||
|
||
def remove_item(item, remove_key=""): | ||
"""Remove recursively the tags and values of the dictionary. | ||
Args: | ||
item (dict): Dictionary | ||
remove_key (str): Item to be deleted | ||
""" | ||
if isinstance(item, dict): | ||
for key in list(item.keys()): | ||
if key == remove_key: | ||
del item[key] | ||
else: | ||
remove_item(item[key], remove_key) | ||
elif isinstance(item, list): | ||
for i in reversed(range(len(item))): | ||
if item[i] == remove_key: | ||
del item[i] | ||
else: | ||
remove_item(item[i], remove_key) | ||
else: | ||
pass | ||
return item | ||
|
||
|
||
def remove_cpe_json_fields(tags=None): | ||
"""Remove the tags and values of the generic_custom_cpe_helper.json file. | ||
Args: | ||
tags (dict): Dictionary with tags names values | ||
""" | ||
import json | ||
with open(CPE_HELPER_PATH, 'r') as file: | ||
filedata = json.load(file) | ||
filedata = remove_item(filedata, tags) | ||
with open(CPE_HELPER_PATH, 'w') as file: | ||
file.write(json.dumps(filedata, indent=4)) | ||
|
||
|
||
@pytest.fixture(scope='function') | ||
def prepare_scan(request, metadata, agent_system, agent_packages, mock_agent_with_custom_system): | ||
"""Prepare the environment to launch the vulnerability scan. | ||
- Mock an agent with a specified system. | ||
- Insert mocked vulnerables packages. | ||
- Update packages sync status. | ||
- Copy the custom CPE helper to the dictionaries folder. | ||
- Force full scan. | ||
Args: | ||
metadata (dict): Test case metadata. | ||
agent_system (str): System to set to the mocked agent. | ||
agent_packages (list): List of vulnerable packages | ||
mock_agent_with_custom_system (fixture): Mock an agent with a custom system. | ||
""" | ||
for package in agent_packages: | ||
try: | ||
version = package['version'] | ||
except KeyError: | ||
version = '' | ||
agent_db.insert_package(name=package['name'], format=package['format'], architecture=package['architecture'], | ||
agent_id=mock_agent_with_custom_system, vendor=package['vendor'], version=version) | ||
|
||
# Sync packages info | ||
agent_db.update_sync_info(agent_id=mock_agent_with_custom_system, component="syscollector-packages") | ||
agent_db.update_sync_info(agent_id=mock_agent_with_custom_system, component="syscollector-hotfixes") | ||
|
||
# Make a backup data from inital CPE helper | ||
cpe_helper_backup_data = read_json_file(CPE_HELPER_PATH) | ||
|
||
# Set the custom CPE helper | ||
copy(custom_cpe_helper_path, CPE_HELPER_PATH) | ||
|
||
# Remove the values of the CPE helper | ||
remove_cpe_json_fields(tags=metadata['missing_field']) | ||
|
||
# Replace the values of the CPE helper | ||
replace_cpe_json_fields(tags=metadata['tags'], values=metadata['values']) | ||
|
||
yield mock_agent_with_custom_system | ||
|
||
# Restore the CPE helper backup data | ||
write_json_file(CPE_HELPER_PATH, cpe_helper_backup_data) | ||
|
||
|
||
@pytest.mark.parametrize('configuration, metadata, agent_system, agent_packages', | ||
zip(t1_configurations, t1_configuration_metadata, t1_systems, t1_agent_packages), | ||
ids=t1_test_case_ids) | ||
def test_cpe_indexing_missing_fields(configuration, metadata, agent_system, agent_packages, set_wazuh_configuration_vdt, | ||
truncate_monitored_files, clean_cve_tables_func, prepare_scan, | ||
restart_modulesd_function): | ||
''' | ||
description: Check if the packages are indexed in the database by checking the respective log in the ossec.log file, | ||
and if the alert of the vulnerable package comes out when some tag are missing. | ||
test_phases: | ||
- Set a custom Wazuh configuration, with custom feeds. | ||
- Mock an agent with Windows system and vulnerable packages. | ||
- Copy a custom CPE helper and load new tags and values. | ||
- Restart wazuh-modulesd. | ||
- Check the ossec.log for specific information. | ||
wazuh_min_version: 4.5.0 | ||
tier: 1 | ||
parameters: | ||
- configuration: | ||
type: dict | ||
brief: Wazuh configuration data. Needed for set_wazuh_configuration fixture. | ||
- metadata: | ||
type: dict | ||
brief: Wazuh configuration metadata. | ||
- agent_system: | ||
type: str | ||
brief: System to set to the mocked agent. | ||
- agent_packages | ||
type: list | ||
brief: List of vulnerable packages. | ||
- set_wazuh_configuration_vdt: | ||
type: fixture | ||
brief: Set the wazuh configuration according to the configuration data. | ||
- truncate_monitored_files: | ||
type: fixture | ||
brief: Truncate all the log files and json alerts files before and after the test execution. | ||
- clean_cve_tables_func: | ||
type: fixture | ||
brief: Clean all CVE tables. | ||
- prepare_scan: | ||
type: fixture | ||
brief: Setup the initial test state. | ||
- restart_modulesd_function: | ||
type: fixture | ||
brief: Restart the wazuh-modulesd daemon. | ||
assertions: | ||
- Check for a specific log and alert. | ||
input_description: | ||
- The `configuration_cpe_indexing.yaml` file provides the module configuration for this test. | ||
- The `cases_cpe_indexing_missing_fields.yaml` file provides the test cases. | ||
expected_output: | ||
- r"The CPE .*a:{package_vendor}:{package_name}.* from the agent '{agent_id}' was indexed" | ||
- fr".*"agent":."id":"{agent_id}".*{cve} affects {package}', prefix='.*" | ||
''' | ||
for package in agent_packages: | ||
evm.check_cpe_helper_packages_indexed(package_name=metadata['values']['PRODUCT_T_VALUE_0'], | ||
package_vendor=metadata['values']['VENDOR_T_VALUE'], | ||
agent_id=prepare_scan) | ||
|
||
|
||
evm.check_vulnerability_affects_alert(agent_id=prepare_scan, | ||
package=metadata['values']['PRODUCT_T_VALUE_0'], | ||
cve=package['cveid']) | ||
|
||
|
||
@pytest.mark.parametrize('configuration, metadata, agent_system, agent_packages', | ||
zip(t2_configurations, t2_configuration_metadata, t2_systems, t2_agent_packages), | ||
ids=t2_test_case_ids) | ||
def test_cpe_indexing_missing_vendor_version(configuration, metadata, agent_system, agent_packages, | ||
set_wazuh_configuration_vdt, truncate_monitored_files, | ||
clean_cve_tables_func, prepare_scan, restart_modulesd_function): | ||
''' | ||
description: Check that when vendor and version tags are missing, and the action tag is not the correct to | ||
extract the version field, the package cannot be indexed. | ||
test_phases: | ||
- Set a custom Wazuh configuration, with custom feeds. | ||
- Mock an agent with Windows system and vulnerable packages. | ||
- Copy a custom CPE helper and load new tags and values. | ||
- Restart wazuh-modulesd. | ||
- Check the ossec.log for specific information. | ||
wazuh_min_version: 4.5.0 | ||
tier: 1 | ||
parameters: | ||
- configuration: | ||
type: dict | ||
brief: Wazuh configuration data. Needed for set_wazuh_configuration fixture. | ||
- metadata: | ||
type: dict | ||
brief: Wazuh configuration metadata. | ||
- agent_system: | ||
type: str | ||
brief: System to set to the mocked agent. | ||
- agent_packages | ||
type: list | ||
brief: List of vulnerable packages. | ||
- set_wazuh_configuration_vdt: | ||
type: fixture | ||
brief: Set the wazuh configuration according to the configuration data. | ||
- truncate_monitored_files: | ||
type: fixture | ||
brief: Truncate all the log files and json alerts files before and after the test execution. | ||
- clean_cve_tables_func: | ||
type: fixture | ||
brief: Clean all CVE tables. | ||
- prepare_scan: | ||
type: fixture | ||
brief: Setup the initial test state. | ||
- restart_modulesd_function: | ||
type: fixture | ||
brief: Restart the wazuh-modulesd daemon. | ||
assertions: | ||
- Check for a specific log and alert. | ||
input_description: | ||
- The `configuration_cpe_indexing.yaml` file provides the module configuration for this test. | ||
- The `cases_cpe_indexing_missing_vendor_version.yaml` file provides the test cases. | ||
expected_output: | ||
- fr"DEBUG: .* Couldn't get the version of the CPE for the {package_name} package." | ||
''' | ||
evm.check_version_log(package_name=metadata['values']['PRODUCT_T_VALUE_0']) |