feat(#3723): Adds AlmaLinux to test_scan_results vd tests

wazuh · Aug 1, 2023 · 51623d4 · 51623d4
1 parent 76a0fcc
commit 51623d4
Show file tree

Hide file tree

Showing 14 changed files with 188 additions and 5 deletions.
diff --git a/...test_scan_results/data/configuration_template/configuration_scan_nvd_vulnerabilities.yaml b/...test_scan_results/data/configuration_template/configuration_scan_nvd_vulnerabilities.yaml
@@ -41,6 +41,12 @@
             elements:
               - enabled:
                   value: 'no'
+        - provider:
+            attributes:
+              - name: 'almalinux'
+            elements:
+              - enabled:
+                  value: 'no'
         - provider:
             attributes:
               - name: 'nvd'

diff --git a/...ults/data/configuration_template/configuration_scan_provider_and_nvd_vulnerabilities.yaml b/...ults/data/configuration_template/configuration_scan_provider_and_nvd_vulnerabilities.yaml
@@ -272,3 +272,31 @@
                   value: 'yes'
               - path:
                   value: CUSTOM_NVD_JSON_FEED
+
+
+# ALMALINUX configuration
+- sections:
+    - section: vulnerability-detector
+      elements:
+        - enabled:
+            value: 'yes'
+        - run_on_start:
+            value: 'yes'
+        - provider:
+            attributes:
+              - name: 'almalinux'
+            elements:
+              - enabled:
+                  value: 'yes'
+              - os:
+                  attributes:
+                    - path: CUSTOM_ALMA_OVAL_FEED
+                  value: '8'
+        - provider:
+            attributes:
+              - name: 'nvd'
+            elements:
+              - enabled:
+                  value: 'yes'
+              - path:
+                  value: CUSTOM_NVD_JSON_FEED
diff --git a/...scan_results/data/configuration_template/configuration_scan_provider_vulnerabilities.yaml b/...scan_results/data/configuration_template/configuration_scan_provider_vulnerabilities.yaml
@@ -271,3 +271,31 @@
                   value: 'yes'
               - path:
                   value: CUSTOM_NVD_JSON_FEED
+
+
+# ALMALINUX configuration
+- sections:
+    - section: vulnerability-detector
+      elements:
+        - enabled:
+            value: 'yes'
+        - run_on_start:
+            value: 'yes'
+        - provider:
+            attributes:
+              - name: 'almalinux'
+            elements:
+              - enabled:
+                  value: 'yes'
+              - os:
+                  attributes:
+                    - path: CUSTOM_ALMA_OVAL_FEED
+                  value: '8'
+        - provider:
+            attributes:
+              - name: 'nvd'
+            elements:
+              - enabled:
+                  value: 'yes'
+              - path:
+                  value: CUSTOM_NVD_JSON_FEED
diff --git a/..._results/data/configuration_template/configuration_scan_vulnerabilities_triaged_null.yaml b/..._results/data/configuration_template/configuration_scan_vulnerabilities_triaged_null.yaml
@@ -49,6 +49,12 @@
             elements:
               - enabled:
                   value: 'no'
+        - provider:
+            attributes:
+              - name: almalinux
+            elements:
+              - enabled:
+                  value: 'no'
         - provider:
             attributes:
               - name: nvd

diff --git a/...st_scan_results/data/configuration_template/configuration_scan_vulnerability_removal.yaml b/...st_scan_results/data/configuration_template/configuration_scan_vulnerability_removal.yaml
@@ -178,3 +178,63 @@
       elements:
         - disabled:
             value: 'no'
+
+
+# ALMALINUX configuration
+- sections:
+    - section: vulnerability-detector
+      elements:
+        - enabled:
+            value: 'yes'
+        - interval:
+            value: '5s'
+        - min_full_scan_interval:
+            value: '5s'
+        - run_on_start:
+            value: 'yes'
+        - provider:
+            attributes:
+              - name: 'almalinux'
+            elements:
+              - enabled:
+                  value: 'yes'
+              - os:
+                  attributes:
+                    - path: CUSTOM_ALMA_OVAL_FEED
+                  value: '8'
+        - provider:
+            attributes:
+              - name: 'nvd'
+            elements:
+              - enabled:
+                  value: 'yes'
+              - path:
+                  value: CUSTOM_NVD_JSON_FEED
+              - update_interval:
+                  value: '10s'
+    - section: sca
+      elements:
+      - enabled:
+          value: 'no'
+
+    - section: rootcheck
+      elements:
+      - disabled:
+          value: 'yes'
+
+    - section: syscheck
+      elements:
+      - disabled:
+          value: 'yes'
+
+    - section: wodle
+      attributes:
+        - name: 'syscollector'
+      elements:
+        - disabled:
+            value: 'yes'
+
+    - section: auth
+      elements:
+        - disabled:
+            value: 'no'
diff --git a/...on/test_vulnerability_detector/test_scan_results/data/test_cases/cases_no_agent_data.yaml b/...on/test_vulnerability_detector/test_scan_results/data/test_cases/cases_no_agent_data.yaml
@@ -74,3 +74,10 @@
     NVD_JSON_PATH: CUSTOM_NVD_JSON_PATH
   metadata:
     system: SLES15
+
+- name: 'ALMALINUX'
+  description: 'Scan ALMALINUX vulnerabilities using only the NVD feed'
+  configuration_parameters:
+    NVD_JSON_PATH: CUSTOM_NVD_JSON_PATH
+  metadata:
+    system: AlmaLinux-8
diff --git a/...tector/test_scan_results/data/test_cases/cases_scan_provider_and_nvd_vulnerabilities.yaml b/...tector/test_scan_results/data/test_cases/cases_scan_provider_and_nvd_vulnerabilities.yaml
@@ -71,3 +71,15 @@
     nvd_feed: 'custom_nvd_feed.json'
     oval_feed_tag: CUSTOM_SUSE_OVAL_FEED
     nvd_feed_tag: CUSTOM_NVD_JSON_FEED
+
+- name: 'ALMALINUX'
+  description: 'Scan ALMALINUX vulnerabilities using provider and NVD feed'
+  configuration_parameters: null
+  metadata:
+    provider_name: 'almalinux'
+    system: 'AlmaLinux-8'
+    json_feed: null
+    oval_feed: 'custom_alsa8_oval_feed.xml'
+    nvd_feed: 'custom_nvd_feed.json'
+    oval_feed_tag: CUSTOM_ALMA_OVAL_FEED
+    nvd_feed_tag: CUSTOM_NVD_JSON_FEED
diff --git a/...ility_detector/test_scan_results/data/test_cases/cases_scan_provider_vulnerabilities.yaml b/...ility_detector/test_scan_results/data/test_cases/cases_scan_provider_vulnerabilities.yaml
@@ -71,3 +71,15 @@
     nvd_feed: 'custom_nvd_alternative_feed.json'
     oval_feed_tag: CUSTOM_SUSE_OVAL_FEED
     nvd_feed_tag: CUSTOM_NVD_JSON_FEED
+
+- name: 'ALMALINUX'
+  description: 'Scan ALMALINUX vulnerabilities using provider and NVD feed'
+  configuration_parameters: null
+  metadata:
+    provider_name: 'almalinux'
+    system: 'AlmaLinux-8'
+    json_feed: null
+    oval_feed: 'custom_alsa8_oval_feed.xml'
+    nvd_feed: 'custom_nvd_alternative_feed.json'
+    oval_feed_tag: CUSTOM_ALMA_OVAL_FEED
+    nvd_feed_tag: CUSTOM_NVD_JSON_FEED
diff --git a/...rability_detector/test_scan_results/data/test_cases/cases_scan_vulnerability_removal.yaml b/...rability_detector/test_scan_results/data/test_cases/cases_scan_vulnerability_removal.yaml
@@ -54,3 +54,22 @@
     test_package_1_name: 'custom-package-1'
     test_package_0_cve: 'CVE-000'
     test_package_1_cve: 'CVE-001'
+
+- name: 'Alert vulnerability removal - ALMALINUX'
+  description: 'Alert when a package is removed from the database'
+  configuration_parameters: null
+  metadata:
+    provider_name: 'almalinux'
+    system: 'AlmaLinux-8'
+    json_feed: null
+    oval_feed: 'custom_alsa8_oval_feed.xml'
+    nvd_feed: 'custom_nvd_feed.json'
+    oval_feed_tag: CUSTOM_ALMA_OVAL_FEED
+    nvd_feed_tag: CUSTOM_NVD_JSON_FEED
+    test_package_vendor: 'WazuhIntegrationTests'
+    test_package_version: '1.0.0'
+    test_package_version_not_vulnerable: '2.1.0'
+    test_package_0_name: 'custom-package-0'
+    test_package_1_name: 'custom-package-1'
+    test_package_0_cve: 'CVE-000'
+    test_package_1_cve: 'CVE-001'
diff --git a/...ntegration/test_vulnerability_detector/test_scan_results/test_scan_nvd_vulnerabilities.py b/...ntegration/test_vulnerability_detector/test_scan_results/test_scan_nvd_vulnerabilities.py
@@ -9,7 +9,7 @@
 
 brief: Wazuh is able to detect vulnerabilities in the applications installed in agents using the Vulnerability Detector
        module. This software audit is performed through the integration of vulnerability feeds indexed by Redhat,
-       Canonical, Debian, Amazon Linux and NVD Database.
+       Canonical, Debian, Amazon Linux, Alma Linux and NVD Database.
 
 components:
     - vulnerability_detector
@@ -43,6 +43,7 @@
     - SUSE Enterprise Server 11
     - SUSE Enterprise Server 12
     - SUSE Enterprise Server 15
+    - Alma Linux 8
 
 references:
     - https://documentation.wazuh.com/current/user-manual/capabilities/vulnerability-detection/index.html

diff --git a/...st_vulnerability_detector/test_scan_results/test_scan_provider_and_nvd_vulnerabilities.py b/...st_vulnerability_detector/test_scan_results/test_scan_provider_and_nvd_vulnerabilities.py
@@ -9,7 +9,7 @@
 
 brief: Wazuh is able to detect vulnerabilities in the applications installed in agents using the Vulnerability Detector
        module. This software audit is performed through the integration of vulnerability feeds indexed by Redhat,
-       Canonical, Debian, Amazon Linux and NVD Database.
+       Canonical, Debian, Amazon Linux, Alma Linux and NVD Database.
 
 components:
     - vulnerability_detector
@@ -43,6 +43,7 @@
     - Suse Enterprise Linux Desktop 15
     - Suse Enterprise Linux Desktop 12
     - Suse Enterprise Linux Desktop 11
+    - Alma Linux 8
 
 references:
     - https://documentation.wazuh.com/current/user-manual/capabilities/vulnerability-detection/index.html

diff --git a/...ation/test_vulnerability_detector/test_scan_results/test_scan_provider_vulnerabilities.py b/...ation/test_vulnerability_detector/test_scan_results/test_scan_provider_vulnerabilities.py
@@ -9,7 +9,7 @@
 
 brief: Wazuh is able to detect vulnerabilities in the applications installed in agents using the Vulnerability Detector
        module. This software audit is performed through the integration of vulnerability feeds indexed by Redhat,
-       Canonical, Debian, Amazon Linux and NVD Database.
+       Canonical, Debian, Amazon Linux, Alma Linux and NVD Database.
 
 components:
     - vulnerability_detector
@@ -43,6 +43,7 @@
     - Suse Enterprise Linux Desktop 15
     - Suse Enterprise Linux Desktop 12
     - Suse Enterprise Linux Desktop 11
+    - Alma Linux 8
 
 references:
     - https://documentation.wazuh.com/current/user-manual/capabilities/vulnerability-detection/index.html

diff --git a/...n/test_vulnerability_detector/test_scan_results/test_scan_vulnerabilities_triaged_null.py b/...n/test_vulnerability_detector/test_scan_results/test_scan_vulnerabilities_triaged_null.py
@@ -9,7 +9,7 @@
 
 brief: Wazuh is able to detect vulnerabilities in the applications installed in agents using the Vulnerability Detector
        module. This software audit is performed through the integration of vulnerability feeds indexed by Redhat,
-       Canonical, Debian, Amazon Linux and NVD Database.
+       Canonical, Debian, Amazon Linux, Alma Linux and NVD Database.
 
 components:
     - vulnerability_detector
@@ -43,6 +43,7 @@
     - SUSE Enterprise Server 11
     - SUSE Enterprise Server 12
     - SUSE Enterprise Server 15
+    - Alma Linux
 
 references:
     - https://documentation.wazuh.com/current/user-manual/capabilities/vulnerability-detection/index.html

diff --git a/...egration/test_vulnerability_detector/test_scan_results/test_scan_vulnerability_removal.py b/...egration/test_vulnerability_detector/test_scan_results/test_scan_vulnerability_removal.py
@@ -9,7 +9,7 @@
 
 brief: Wazuh is able to detect vulnerabilities in the applications installed in agents using the Vulnerability Detector
        module. This software audit is performed through the integration of vulnerability feeds indexed by Redhat,
-       Canonical, Debian, SUSE, Amazon Linux and NVD Database.
+       Canonical, Debian, SUSE, Amazon Linux, Alma Linux and NVD Database.
 
 components:
     - vulnerability_detector
@@ -44,6 +44,7 @@
     - Suse Enterprise Linux Desktop 15
     - Suse Enterprise Linux Desktop 12
     - Suse Enterprise Linux Desktop 11
+    - Alma Linux 8
 
 references:
     - https://documentation.wazuh.com/current/user-manual/capabilities/vulnerability-detection/index.html