Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Vulnerability Detector E2E Tests #4878

Merged
merged 151 commits into from
Feb 2, 2024
Merged
Show file tree
Hide file tree
Changes from 146 commits
Commits
Show all changes
151 commits
Select commit Hold shift + click to select a range
0efe5c6
feat: first vd tests scan structure
Rebits Oct 26, 2023
ae6729c
Merge branch 'fix/jq-requirement' into enhacement/4590-vd-basic-test-…
Rebits Nov 6, 2023
5b787f0
feat: create generate check alert function
Rebits Nov 6, 2023
e8992cc
feat: created test_vulnerability_detector basic tests structure
Rebits Nov 7, 2023
baddbd4
refac: improve tests readability
Rebits Nov 8, 2023
21176da
feat: include extra steps to Vulns verifications E2E
Rebits Nov 14, 2023
b9f1101
feat: create modules for E2E Vuln operations
Rebits Nov 15, 2023
8c52410
fix: minnor errors in E2E VD tests
Rebits Nov 20, 2023
b6406e1
refac: improve configuration module for E2E
Rebits Nov 20, 2023
e0b6bd7
refact: improve indexer_api module
Rebits Nov 20, 2023
f3b4617
docs: include docstrings to logs E2E module
Rebits Nov 20, 2023
152baf3
docs: include docstrings for monitoring module
Rebits Nov 20, 2023
2c7ea3f
fix: replace docstring placeholders
Rebits Nov 20, 2023
0ea1237
feat: remove non-basic VD tests
Rebits Nov 20, 2023
1ebf9d6
refac: remove non-used fixtures
Rebits Nov 20, 2023
2031f47
refact: remove testing inventory
Rebits Nov 20, 2023
07b9c97
refact: remove non-used vuln-packages module
Rebits Nov 20, 2023
98734a2
docs: include test docstrings
Rebits Nov 21, 2023
ea79262
refac: logs path variable
Rebits Nov 21, 2023
be7a936
refac: e2e modules and restore IT monitoring
Rebits Nov 21, 2023
63b87c4
docs: improve indexer api documentation
Rebits Nov 21, 2023
69642ab
feat: include control environment in the host manager class
Rebits Nov 21, 2023
a3cdad7
refac: remove unnused Debian ansible indexer task
Rebits Nov 21, 2023
3dafc39
docs: include docstring for some HostManager methods
Rebits Nov 21, 2023
086706d
docs: improve docstring of some host manager methods
Rebits Nov 21, 2023
a1a76b5
docs: standarize module docstrings
Rebits Nov 21, 2023
0219de0
feat: include logger for VD E2E tests
Rebits Nov 21, 2023
b1f7304
fix: syscollector end regex
Rebits Nov 21, 2023
63be1bc
Merge branch '4.8.0' into enhacement/4590-vd-basic-test-cases-syscoll…
Rebits Nov 21, 2023
afc6f49
feat: include armv agents into VD E2E tests
Rebits Nov 21, 2023
87a36a8
fix: e2e vd environment dictionary
Rebits Nov 21, 2023
1d31d7d
fix: replace filebeat version to 2
Rebits Nov 21, 2023
e53b116
feat: include enrollment name as hostname by default
Rebits Nov 22, 2023
c192df4
fix: angent name provision names
Rebits Nov 22, 2023
126c845
fix: increased timeout for Finished scan waiter
Rebits Nov 23, 2023
753e58a
feat: rename test_scans to test_vd
Rebits Nov 23, 2023
1d25dce
fix: VD E2E environment
Rebits Nov 23, 2023
0606ce8
fix: error in environments dict
Rebits Nov 23, 2023
c6d57ae
fix: errors in remove_operations handlers and HostManager class
Rebits Nov 24, 2023
bcf316d
style: remove raw string from base_path
Rebits Nov 24, 2023
4e4e379
style: pep8 e2e monitoring module
Rebits Nov 24, 2023
0fcfb6d
style: rename restore backup conf function
Rebits Nov 24, 2023
e4f5036
refac: make configure_host more readable
Rebits Nov 24, 2023
aa9a96a
docs: remove Elasticsearch references
Rebits Nov 27, 2023
2f1f35f
docs: remove Elasticsearch from functions docstrings
Rebits Nov 27, 2023
a8c21e3
style: fix PEP8 style errors
Rebits Nov 27, 2023
8b456ef
style: fix pep8 in monitoring module
Rebits Nov 27, 2023
300dbcc
refac: remove monitoring_events_host_monitoring function
Rebits Nov 27, 2023
fba8d16
feat: include interval parameters to monitoring function
Rebits Nov 27, 2023
e14ce41
style: fix pep8 style errors in regex module
Rebits Nov 27, 2023
d746846
style: include typing for get_regex function
Rebits Nov 27, 2023
33f6ff8
style: pep8 for test vulnerability E2E
Rebits Nov 27, 2023
9aa7fa5
style: rename manager to host_manager
Rebits Nov 27, 2023
d50fda8
refac: remove unnused yaml regex file
Rebits Nov 27, 2023
a6cc0e5
style: renamed some macos configuration tasks
Rebits Nov 27, 2023
063334f
style: added final empty line to ansible playbook
Rebits Nov 27, 2023
310437f
style: fix pep8 style errors of remote handler module
Rebits Nov 27, 2023
b8212e3
fix: renamed todo function to check vd consistency
Rebits Nov 27, 2023
64909e7
refac: rename basic cases e2e environment name
Rebits Nov 27, 2023
cbb9a7a
style: fix imports in VD tests
Rebits Nov 27, 2023
4141f0e
style: remove extra white space in ansible task
Rebits Nov 27, 2023
e0a7933
refac: logs E2E module
Rebits Nov 27, 2023
feb1646
fix: truncate logs after VD tests module
Rebits Nov 27, 2023
ff3c337
refac: include TIMEOUT_SYSCOLLECTOR to syscollector module
Rebits Nov 27, 2023
505cd9d
refac: unnused environment file
Rebits Nov 27, 2023
372138c
fix: add break in get master ip
Rebits Nov 27, 2023
cce910b
refac: install package from system module
Rebits Nov 27, 2023
5aac515
refac: move file host manager
Rebits Nov 27, 2023
f213e5b
fix: move_file preserve by defaul the permissions
Rebits Nov 27, 2023
9fa5a67
refac: remove unnused var
Rebits Nov 27, 2023
5e4f1ab
refac: imports in waiters module
Rebits Nov 27, 2023
853015c
Merge branch 'enhacement/4590-vd-basic-test-cases-syscollector-scan' …
Rebits Nov 27, 2023
dfa6071
fix: remove VD from template
Rebits Nov 28, 2023
50e2274
fix: change configuration to match refactor VD
Rebits Nov 28, 2023
05b92a9
fix: VD E2E configuration load function
Rebits Nov 28, 2023
33078ba
fix: addapt VD to refactor
Rebits Nov 28, 2023
556ac82
feat: include support for check indices and fix indexer api method
Rebits Nov 29, 2023
3b835aa
feat: include packages for VD E2E testing
Rebits Dec 5, 2023
46059a9
Merge branch '4.8.0' into enhacement/4591-vd-vuln-cases
Rebits Dec 13, 2023
54937f0
fix: imports errors
Rebits Dec 28, 2023
ed0f26d
fix: centos vuln package
Rebits Jan 4, 2024
9ac2457
Merge branch '4.8.0' into enhacement/4591-vd-vuln-cases
Rebits Jan 11, 2024
52b70be
feat: improve logging and reports in VD E2E tests
Rebits Jan 12, 2024
f5c96e2
fix: stabilize E2E Vulnerability tests
Rebits Jan 17, 2024
940fb60
refac: remote operations in install/remote/update package functions
Rebits Jan 23, 2024
a74db5e
style: fix minor style errors in soem E2E libraries
Rebits Jan 23, 2024
e696a54
fix: macOS provisioning
Rebits Jan 23, 2024
531e1fc
style: improve typing in monitoring and configuration
Rebits Jan 23, 2024
80a0574
fix: macos provisioning restart task
Rebits Jan 23, 2024
2c7b088
style: fix pep8 indexer_api
Rebits Jan 31, 2024
1c55cfb
refac: monitoring module
Rebits Jan 31, 2024
748eb81
fix: errors in remote operations functions
Rebits Jan 31, 2024
2156714
feat: include evidence gathering logic
Rebits Jan 31, 2024
bfd14d6
fix: bug in indexer alert gathering
Rebits Jan 31, 2024
f9f9649
feat: include all cases of VD E2E
Rebits Jan 31, 2024
5b200a1
feat: include host manager utilities
Rebits Jan 31, 2024
140b9c1
feat: complete tests cases for VD
Rebits Jan 31, 2024
c31a963
refac: vd e2e tests
Rebits Jan 31, 2024
7551cc2
feat: include remove vlc software playbook
Rebits Jan 31, 2024
ebd738a
docs: improve configuraiton docstrings
Rebits Jan 31, 2024
120de9d
docs: improve logs and indexer docstrings and typing
Rebits Jan 31, 2024
bb11bb1
feat: include logging to configuration and logs modules
Rebits Jan 31, 2024
8aabf2b
refac: removing duplicate function
Rebits Jan 31, 2024
7f352af
feat: include logging to regex module
Rebits Jan 31, 2024
001e44d
docs: improve regex module docstrings
Rebits Jan 31, 2024
99cf24d
style: format manager and agent configurations
Rebits Jan 31, 2024
e0e24b7
style: remove extra whitespaces
Rebits Jan 31, 2024
c12db5a
fix: packages lists JSON format
Rebits Jan 31, 2024
de57b63
style: remove extra whitespaces
Rebits Jan 31, 2024
3c79ee5
style: remove extra white space
Rebits Jan 31, 2024
6ed6337
refac: removed unnused function
Rebits Jan 31, 2024
2a3aebb
style: fix remove_package debugging messages
Rebits Jan 31, 2024
135a120
fix: replace grafana-enterprise by grafana package name
Rebits Jan 31, 2024
b244c6a
refac: replace monitoring data function in VD waiter
Rebits Jan 31, 2024
77d7484
refac: remove unnecessary commentaries in VLC remove package playbook
Rebits Jan 31, 2024
506b2c0
refac: rename VLC removal playbook name
Rebits Jan 31, 2024
6b85c98
style: remmove unnecessary commentaries in waiters module
Rebits Jan 31, 2024
825deaf
style: improve VD E2E conftest readability
Rebits Jan 31, 2024
296dc40
style: format yaml VD cases
Rebits Jan 31, 2024
8b50ed3
style: fix pep8 wazuh api
Rebits Jan 31, 2024
b3bd818
fix: error in indexer validation values for update tasks
Rebits Jan 31, 2024
aaf636b
fix: include gathering evidences in test vd E2E
Rebits Jan 31, 2024
b36f5a8
fix: monitoring module
Rebits Feb 1, 2024
e1aa385
fix: remote operations handler module
Rebits Feb 1, 2024
4592611
feat: increase syscollector scan timeout
Rebits Feb 1, 2024
d850cc0
fix: minor errors in test VD E2E
Rebits Feb 1, 2024
fd2ac3e
fix: include setup fixture to Test VD E2E
Rebits Feb 1, 2024
25764f6
fix: remove unnecesary prints
Rebits Feb 1, 2024
33d2cfb
fix: no key vulnerabilities
Rebits Feb 1, 2024
eff5d46
fix: bad formatted Packages info
Rebits Feb 1, 2024
382f42a
fix: wrong vd case
Rebits Feb 1, 2024
2aa05a2
fix: wrong pytest version in E2E tests and Vuln JSON included in setup
Rebits Feb 2, 2024
f58c810
fix: replace hardcoded 5 by scan interval
Rebits Feb 2, 2024
92d3c84
style: replace loggers level and migrate waiter
Rebits Feb 2, 2024
23f4531
fix: remove unnused host and update module docstring
Rebits Feb 2, 2024
cb04d16
refac: move wait_syscollector_and_vuln_scan to waiters
Rebits Feb 2, 2024
745718f
refac: move timeouts to VD module
Rebits Feb 2, 2024
40c7c56
style: pep8 to system module
Rebits Feb 2, 2024
a6a5a50
fix: hardcoded host to remove vlc playbook
Rebits Feb 2, 2024
e2b6f32
style: macos tasks name consistency
Rebits Feb 2, 2024
262994a
fix: duplicated agent/manager configuration
Rebits Feb 2, 2024
156d4a7
refac: remove unnused teardown
Rebits Feb 2, 2024
1c25b5c
fix: style errors and remove logs fixture
Rebits Feb 2, 2024
59fc28e
docs: remove outdated commentary
Rebits Feb 2, 2024
e7203df
style: fix capitalization of logging messages
Rebits Feb 2, 2024
0f983ae
fix: remove critical logging from monitoring
Rebits Feb 2, 2024
dd9a70a
fix: report generation E2E VD
Rebits Feb 2, 2024
f6f9b13
fix: setup stages for only one OS
Rebits Feb 2, 2024
1313024
fix: node vuln package in windows structure
Rebits Feb 2, 2024
34d967a
fix: update nonvuln package case
Rebits Feb 2, 2024
a0e7df6
Merge branch '4.8.0' into enhacement/4591-vd-vuln-cases
Rebits Feb 2, 2024
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions deps/wazuh_testing/setup.py
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,7 @@
'data/qactl_conf_validator_schema.json',
'data/all_disabled_ossec.conf',
'tools/migration_tool/delta_schema.json',
'end_to_end/vulnerability_detector_packages/vuln_packages.json',
'tools/migration_tool/CVE_JSON_5.0_bundled.json'
]

Expand Down
16 changes: 16 additions & 0 deletions deps/wazuh_testing/wazuh_testing/end_to_end/__init__.py
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,22 @@

fetched_alerts_json_path = os.path.join(gettempdir(), 'alerts.json')

base_path = {
'linux': '/var/ossec',
'windows': r'C:\Program Files (x86)\ossec-agent',
juliamagan marked this conversation as resolved.
Show resolved Hide resolved
'macos': '/Library/Ossec'
}
configuration_filepath_os = {
'linux': os.path.join(base_path['linux'], 'etc', 'ossec.conf'),
'windows': os.path.join(base_path['windows'], 'ossec.conf'),
'macos': os.path.join(base_path['macos'], 'etc', 'ossec.conf')
}
logs_filepath_os = {
'linux': os.path.join(base_path['linux'], 'logs', 'ossec.log'),
'windows': os.path.join(base_path['windows'], 'ossec.log'),
'macos': os.path.join(base_path['macos'], 'logs', 'ossec.log')
}


@retry(Exception, attempts=3, delay=5)
def get_alert_indexer_api(query, credentials, ip_address, index='wazuh-alerts-4.x-*'):
Expand Down
204 changes: 204 additions & 0 deletions deps/wazuh_testing/wazuh_testing/end_to_end/configuration.py
Original file line number Diff line number Diff line change
@@ -0,0 +1,204 @@
"""
Module for change configurations of remote hosts.
----------------------------------------

This module provides functions for configuring and managing remote host
configurations using the HostManager class and related tools.

Functions:
- backup_configurations: Backup configurations for all hosts in the specified host manager.
- restore_configuration: Restore configurations for all hosts in the specified host manager.
- configure_host: Configure a specific host.
- configure_environment: Configure the environment for all hosts in the specified host manager.


Copyright (C) 2015, Wazuh Inc.
Created by Wazuh, Inc. <[email protected]>.
This program is a free software; you can redistribute it and/or modify it under the terms of GPLv2
"""
import xml.dom.minidom
import logging

from multiprocessing.pool import ThreadPool
from typing import Dict, List

from wazuh_testing.end_to_end import configuration_filepath_os
from wazuh_testing.tools.configuration import set_section_wazuh_conf
from wazuh_testing.tools.system import HostManager


def backup_configurations(host_manager: HostManager) -> Dict[str, str]:
"""
Backup configurations for all hosts in the specified host manager.

Args:
host_manager: An instance of the HostManager class containing information about hosts.

Returns:
dict: A dictionary mapping host names to their configurations.

Example of returned dictionary:
{
'manager': '<ossec_config>...</ossec_config>',
'agent1': ...
}
"""
logging.info("Backing up configurations")
backup_configurations = {}
for host in host_manager.get_group_hosts('all'):
host_os_name = host_manager.get_host_variables(host)['os_name']
configuration_filepath = configuration_filepath_os[host_os_name]

backup_configurations[host] = host_manager.get_file_content(str(host),
configuration_filepath)
logging.info("Configurations backed up")
return backup_configurations


def restore_configuration(host_manager: HostManager, configuration: Dict[str, List]) -> None:
"""
Restore configurations for all hosts in the specified host manager.

Args:
host_manager: An instance of the HostManager class containing information about hosts.
configuration: A dictionary mapping host names to their configurations.

Example of configuration dictionary:
{
'manager': '<ossec_config>...</ossec_config>',
'agent1': ...
}
"""
logging.info("Restoring configurations")
for host in host_manager.get_group_hosts('all'):
host_os_name = host_manager.get_host_variables(host)['os_name']
configuration_filepath = configuration_filepath_os[host_os_name]

host_manager.modify_file_content(host, configuration_filepath, configuration[host])
logging.info("Configurations restored")


def configure_host(host: str, host_configuration: Dict[str, Dict], host_manager: HostManager) -> None:
"""
Configure a specific host.

Args:
host: The name of the host to be configured.
host_configuration: Role of the configured host for the host. Check below for example.
host_manager: An instance of the HostManager class containing information about hosts.

Note: The host_configuration dictionary must contain a list of sections and elements to be configured. The sections
not included in the dictionary will not be modified maintaining the current configuration.


Example of host_configuration dictionary:
{
"manager1":[
{
"sections":[
{
"section":"vulnerability-detection",
"elements":[
{
"enabled":{
"value":"yes"
}
},
{
"index-status":{
"value":"yes"
}
},
{
"feed-update-interval":{
"value":"2h"
}
}
]
},
],
"metadata":{}
}
],
}
"""
logging.info(f"Configuring host {host}")

host_os = host_manager.get_host_variables(host)['os_name']
config_file_path = configuration_filepath_os[host_os]

host_config = host_configuration.get(host)

if not host_config:
raise TypeError(f"Host {host} configuration does not include a valid role (manager or agent):"
f"{host_configuration}")

current_config = host_manager.get_file_content(str(host), config_file_path)

# Extract the sections from the first element of host_config

sections = host_config[0].get('sections')

# Combine the current hos configuration and the desired configuration
new_config_unformatted = set_section_wazuh_conf(sections, current_config.split("\n"))

# Format new configuration
new_config_formatted_xml = xml.dom.minidom.parseString(''.join(new_config_unformatted))

# Get rid of the first no expected XML version line
new_config_formatted_xml = new_config_formatted_xml.toprettyxml().split("\n")[1:]

final_configuration = "\n".join(new_config_formatted_xml)

host_manager.modify_file_content(str(host), config_file_path, final_configuration)

logging.info(f"Host {host} configured")


def configure_environment(host_manager: HostManager, configurations: Dict[str, List]) -> None:
"""
Configure the environment for all hosts in the specified host manager.

Args:
host_manager: An instance of the HostManager class containing information about hosts.
configurations: A dictionary mapping host roles to their configuration details.

Example of host_configurations dictionary:
{
"manager1":[
{
"sections":[
{
"section":"vulnerability-detection",
"elements":[
{
"enabled":{
"value":"yes"
}
},
{
"index-status":{
"value":"yes"
}
},
{
"feed-update-interval":{
"value":"2h"
}
}
]
},
],
"metadata":{}
}
],
}
"""
logging.info("Configuring environment")
configure_environment_parallel_map = [(host, configurations) for host in host_manager.get_group_hosts('all')]

with ThreadPool() as pool:
pool.starmap(configure_host,
[(host, config, host_manager) for host, config in configure_environment_parallel_map])

logging.info("Environment configured")
83 changes: 83 additions & 0 deletions deps/wazuh_testing/wazuh_testing/end_to_end/indexer_api.py
Original file line number Diff line number Diff line change
@@ -0,0 +1,83 @@
"""
Wazuh API Indexer Module.
-----------------------------------

This module provides functions to interact with the Wazuh Indexer API.

Functions:
- get_indexer_values: Retrieves values from the Indexer API.

Copyright (C) 2015, Wazuh Inc.
Created by Wazuh, Inc. <[email protected]>.
This program is a free software; you can redistribute it and/or modify it under the terms of GPLv2
"""
import requests
import logging
from typing import Dict

from wazuh_testing.tools.system import HostManager


STATE_INDEX_NAME = 'wazuh-vulnerabilities-states'


def get_indexer_values(host_manager: HostManager, credentials: dict = {'user': 'admin', 'password': 'changeme'},
index: str = 'wazuh-alerts*', greater_than_timestamp=None) -> Dict:
"""
Get values from the Wazuh Indexer API.

Args:
host_manager: An instance of the HostManager class containing information about hosts.
credentials (Optional): A dictionary containing the Indexer credentials. Defaults to
{'user': 'admin', 'password': 'changeme'}.
index (Optional): The Indexer index name. Defaults to 'wazuh-alerts*'.
greater_than_timestamp (Optional): The timestamp to filter the results. Defaults to None.

Returns:
Dict: A dictionary containing the values retrieved from the Indexer API.
"""
logging.info(f"Getting values from the Indexer API for index {index}")

url = f"https://{host_manager.get_master_ip()}:9200/{index}/_search"
headers = {
'Content-Type': 'application/json',
}

data = {
"query": {
"match_all": {}
}
}

if greater_than_timestamp:
query = {
"bool": {
"must": [
{"match_all": {}},
{"range": {"@timestamp": {"gte": f"{greater_than_timestamp}"}}}
]
}
}

sort = [
{
"@timestamp": {
"order": "desc"
}
}
]

data['query'] = query
data['sort'] = sort

param = {
'pretty': 'true',
'size': 10000,
}

response = requests.get(url=url, params=param, verify=False,
auth=requests.auth.HTTPBasicAuth(credentials['user'], credentials['password']),
headers=headers,
json=data)

return response.json()
61 changes: 61 additions & 0 deletions deps/wazuh_testing/wazuh_testing/end_to_end/logs.py
Original file line number Diff line number Diff line change
@@ -0,0 +1,61 @@
"""
Logs management module for remote hosts.
---------------------------------------

Description:
This module provides functions for truncating logs and alerts for Wazuh agents and managers.

Functions:
- truncate_remote_host_group_files: Truncate the specified files in all the host of a group
- get_hosts_logs: Get the logs from the specified host group


Copyright (C) 2015, Wazuh Inc.
Created by Wazuh, Inc. <[email protected]>.
This program is a free software; you can redistribute it and/or modify it under the terms of GPLv2
"""
from typing import Dict

from wazuh_testing import ALERTS_JSON_PATH
from wazuh_testing.end_to_end import logs_filepath_os
from wazuh_testing.tools.system import HostManager


def truncate_remote_host_group_files(host_manager: HostManager, host_group: str,
file_to_truncate: str = 'logs') -> None:
"""
Truncate log or alert files on remote hosts in a specified host group.

Parameters:
- host_manager (HostManager): An instance of the HostManager class for managing remote hosts.
- host_group (str): The name of the host group where the files will be truncated.
- file_to_truncate (str, optional): The type of file to truncate. Default is 'logs'.
Possible values are 'logs' for log files or 'alerts' for alert files.
"""
for host in host_manager.get_group_hosts(host_group):
if file_to_truncate == 'logs':
host_os_name = host_manager.get_host_variables(host)['os_name']
log_file_path = logs_filepath_os[host_os_name]
elif file_to_truncate == 'alerts':
log_file_path = ALERTS_JSON_PATH
else:
log_file_path = file_to_truncate

host_manager.truncate_file(host, log_file_path)


def get_hosts_logs(host_manager: HostManager, host_group: str = 'all') -> Dict[str, str]:
"""
Get the logs from the specified host group.

Parameters:
- host_manager (HostManager): An instance of the HostManager class for managing remote hosts.
- host_group (str, optional): The name of the host group where the files will be truncated.
Default is 'all'.
"""
host_logs = {}
for host in host_manager.get_group_hosts(host_group):
host_os_name = host_manager.get_host_variables(host)['os_name']
host_logs[host] = host_manager.get_file_content(host, logs_filepath_os[host_os_name])

return host_logs
Loading