fix(#4275): deprecate NVD update_from_year option and related changes

deps/wazuh_testing/wazuh_testing/modules/vulnerability_detector/event_monitor.py

@@ -240,26 +240,6 @@ def check_obtaining_software_failure_log(agent_id='000', num_attemps=5):
                                        f"{num_attemps} attempts. Skipping agent until the next scan.")
 
 
-def check_nvd_download_log():
-    """Check that the NVD download has started.
-
-    Args:
-        update_year (int): Year specified in <update_from_year>.
-    """
-
-    """
-        leandro
-        - #define NVD_CVE_REPO_META "https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-%d.meta"
-        - #define NVD_CVE_REPO "https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-%d.json.gz"
-        + #define NVD_CVE_REPO_META "https://feed.wazuh.com/vulnerability-detector/nvd/generated-feeds/nvd_cve_single.meta"
-        + #define NVD_CVE_REPO "https://feed.wazuh.com/vulnerability-detector/nvd/generated-feeds/nvd_cve_single.json.gz        
-    """
-
-    check_vuln_detector_event(timeout=vd.T_40, callback=fr".*Downloading .*nvd_cve_single.meta*",
-                              error_message='NVD feed download did not started',
-                              prefix=r'.*wazuh-modulesd:download.*')
-
-
 def check_invalid_provider_update_from_year_log(provider):
     """Check that the warning message is logged correctly.
 
@@ -268,8 +248,8 @@ def check_invalid_provider_update_from_year_log(provider):
     """
     if provider == 'redhat':
         callback = "INFO: 'update_from_year' option at module 'vulnerability-detector' is deprecated"
-    elif provider == 'msu':
-        callback = "WARNING: 'update_from_year' option cannot be used for 'msu' provider."
+    elif provider == 'msu' or provider == 'nvd':
+        callback = f"WARNING: 'update_from_year' option cannot be used for '{provider}' provider."
     else:
         callback = f"WARNING: Invalid option 'update_from_year' for '{provider}' provider at 'vulnerability-detector'"
 

tests/integration/test_vulnerability_detector/test_feeds/data/test_cases/cases_validate_json_feed_content.yaml

@@ -49,3 +49,14 @@
     extension: 'gz'
     decompressed_file: '/tmp/msu-updates.json'
     url: 'https://feed.wazuh.com/vulnerability-detector/windows/msu-updates.json.gz'
+
+- name: 'NVD'
+  description: 'National Vulnerability Database provider'
+  configuration_parameters:
+  metadata:
+    provider_name: 'National Vulnerability Database'
+    expected_format: 'application/gzip'
+    path: '/tmp/complete_nvd_feed.json.gz'
+    extension: 'gz'
+    decompressed_file: '/tmp/complete_nvd_feed.json'
+    url: 'https://feed.wazuh.com/vulnerability-detector/NVD/generated-feeds/complete_nvd_feed.json.gz'

tests/integration/test_vulnerability_detector/test_feeds/test_import_invalid_feed_type.py

@@ -139,9 +139,6 @@ def test_import_invalid_feed_type(configuration, metadata, set_wazuh_configurati
         - r"Failed when updating '{provider_feed_name}' database"
         - r"ERROR: .* CVE database could not be updated."
     '''
-    if metadata['target'] == 'nvd':
-        pytest.xfail(reason='no error reported when importing invalid NVD feed. '
-                            'https://github.com/wazuh/wazuh/issues/5210')
 
     # Check in log that the provider database could not be updated
     for provider_feed_name in metadata['provider_feed_names']:

tests/integration/test_vulnerability_detector/test_feeds/test_validate_feed_content.py

@@ -75,15 +75,6 @@
 # Validate JSON feed content test configurations (t1)
 _, t1_configuration_metadata, t1_case_ids = get_test_cases_data(t1_cases_path)
 
-# Add NVD from 2002 to current year configuration and metadata
-current_year = datetime.now().year
-for year in range(2002, current_year + 1):
-    t1_configuration_metadata.append({'provider_name': 'nvd', 'expected_format': 'application/gzip',
-                                      'path': f"/tmp/nvdcve-1.1-{year}.json.gz", 'extension': 'gz',
-                                      'url': f"https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-{year}.json.gz",
-                                      'decompressed_file': f"/tmp/nvd-{year}.json"})
-    t1_case_ids.append(f"NVD-{year}")
-
 # Validate XML feed content test configurations (t2)
 _, t2_configuration_metadata, t2_case_ids = get_test_cases_data(t2_cases_path)
 

tests/integration/test_vulnerability_detector/test_providers/test_enabled.py

@@ -84,20 +84,6 @@
 t2_configurations = load_configuration_template(configurations_path, t2_configuration_parameters,
                                                 t2_configuration_metadata)
 
-# Add <update_from_year> tag for NVD to download only the last year feed and speed up the testing process
-# Set it for enabled configurations
-for index, configuration in enumerate(t1_configurations):
-    if configuration['sections'][0]['elements'][1]['provider']['attributes'][0]['name'] == 'nvd':
-        configuration['sections'][0]['elements'][1]['provider']['elements'].append(
-            {'update_from_year': {'value': date.today().year}})
-
-# Set it for disabled configurations
-for index, configuration in enumerate(t2_configurations):
-    if configuration['sections'][0]['elements'][1]['provider']['attributes'][0]['name'] == 'nvd':
-        configuration['sections'][0]['elements'][1]['provider']['elements'].append(
-            {'update_from_year': {'value': date.today().year}})
-
-
 @pytest.mark.tier(level=0)
 @pytest.mark.parametrize('configuration, metadata', zip(t1_configurations, t1_configuration_metadata), ids=t1_case_ids)
 def test_enabled(configuration, metadata, set_wazuh_configuration_vdt, truncate_monitored_files,

tests/integration/test_vulnerability_detector/test_providers/test_missing_os.py

@@ -84,14 +84,6 @@
     test_enabled_cases_path)
 configurations = configuration.load_configuration_template(configurations_path, configuration_parameters,
                                                            configuration_metadata)
-
-# Add <update_from_year> tag for NVD to download only the last year feed and speed up the testing process
-for index in range(len(configurations)):
-    if configurations[index]['sections'][0]['elements'][1]['provider']['attributes'][0]['name'] == 'nvd':
-        configurations[index]['sections'][0]['elements'][1]['provider']['elements'].append(
-            {'update_from_year': {'value': date.today().year}})
-
-
 @pytest.mark.tier(level=0)
 @pytest.mark.parametrize('configuration, metadata', zip(configurations, configuration_metadata), ids=test_case_ids)
 def test_providers_missing_os(configuration, metadata, set_wazuh_configuration_vdt, truncate_monitored_files,

tests/integration/test_vulnerability_detector/test_providers/test_os.py

@@ -81,14 +81,6 @@
     test_enabled_cases_path)
 configurations = configuration.load_configuration_template(configurations_path, configuration_parameters,
                                                            configuration_metadata)
-
-# Add <update_from_year> tag for NVD to download only the last year feed and speed up the testing process
-for index in range(len(configurations)):
-    if configurations[index]['sections'][0]['elements'][1]['provider']['attributes'][0]['name'] == 'nvd':
-        configurations[index]['sections'][0]['elements'][1]['provider']['elements'].append(
-            {'update_from_year': {'value': date.today().year}})
-
-
 @pytest.mark.tier(level=0)
 @pytest.mark.parametrize('configuration, metadata', zip(configurations, configuration_metadata), ids=test_case_ids)
 def test_providers_os(configuration, metadata, set_wazuh_configuration_vdt, truncate_monitored_files,

tests/integration/test_vulnerability_detector/test_providers/test_update_from_year.py

@@ -120,21 +120,16 @@ def test_update_from_year(configuration, metadata, set_wazuh_configuration_vdt,
             brief: Restart the `modulesd` daemon and catch the ossec configuration errors.
 
     assertions:
-        - Verify that the feeds download is performed for the actual year when NVD is set as provider.
-        - Verity that when the provider is not NVD the warning message is catched.
+        - Verity that the warning message is catched.
 
     input_description:
         - The `test_providers_update_from_year.yaml` file provides the module configuration for this test.
 
     expected_output:
-        - rf".*Downloading .*nvdcve-d.d-{update_year}.meta.*"
         - "INFO: 'update_from_year' option at module 'vulnerability-detector' is deprecated"
-        - "'update_from_year' option cannot be used for 'msu' provider."
+        - "'update_from_year' option cannot be used for '{provider}' provider."
         - f"Invalid option 'update_from_year' for '{provider}' provider at 'vulnerability-detector'"
     '''
     provider = metadata['provider']
 
-    if provider == 'nvd':
-        evm.check_nvd_download_log()
-    else:
-        evm.check_invalid_provider_update_from_year_log(provider)
+    evm.check_invalid_provider_update_from_year_log(provider)