From 51623d46c976364022a0868c685474fe78cf0073 Mon Sep 17 00:00:00 2001 From: Mateo Cervilla Date: Fri, 28 Jul 2023 18:21:24 -0300 Subject: [PATCH] feat(#3723): Adds AlmaLinux to test_scan_results vd tests --- ...onfiguration_scan_nvd_vulnerabilities.yaml | 6 ++ ...scan_provider_and_nvd_vulnerabilities.yaml | 28 +++++++++ ...uration_scan_provider_vulnerabilities.yaml | 28 +++++++++ ...ion_scan_vulnerabilities_triaged_null.yaml | 6 ++ ...figuration_scan_vulnerability_removal.yaml | 60 +++++++++++++++++++ .../data/test_cases/cases_no_agent_data.yaml | 7 +++ ...scan_provider_and_nvd_vulnerabilities.yaml | 12 ++++ .../cases_scan_provider_vulnerabilities.yaml | 12 ++++ .../cases_scan_vulnerability_removal.yaml | 19 ++++++ .../test_scan_nvd_vulnerabilities.py | 3 +- ...t_scan_provider_and_nvd_vulnerabilities.py | 3 +- .../test_scan_provider_vulnerabilities.py | 3 +- .../test_scan_vulnerabilities_triaged_null.py | 3 +- .../test_scan_vulnerability_removal.py | 3 +- 14 files changed, 188 insertions(+), 5 deletions(-) diff --git a/tests/integration/test_vulnerability_detector/test_scan_results/data/configuration_template/configuration_scan_nvd_vulnerabilities.yaml b/tests/integration/test_vulnerability_detector/test_scan_results/data/configuration_template/configuration_scan_nvd_vulnerabilities.yaml index e10e2b0fd9..c05e57379c 100644 --- a/tests/integration/test_vulnerability_detector/test_scan_results/data/configuration_template/configuration_scan_nvd_vulnerabilities.yaml +++ b/tests/integration/test_vulnerability_detector/test_scan_results/data/configuration_template/configuration_scan_nvd_vulnerabilities.yaml @@ -41,6 +41,12 @@ elements: - enabled: value: 'no' + - provider: + attributes: + - name: 'almalinux' + elements: + - enabled: + value: 'no' - provider: attributes: - name: 'nvd' diff --git a/tests/integration/test_vulnerability_detector/test_scan_results/data/configuration_template/configuration_scan_provider_and_nvd_vulnerabilities.yaml b/tests/integration/test_vulnerability_detector/test_scan_results/data/configuration_template/configuration_scan_provider_and_nvd_vulnerabilities.yaml index 45c2c3bfb7..1d259b049e 100644 --- a/tests/integration/test_vulnerability_detector/test_scan_results/data/configuration_template/configuration_scan_provider_and_nvd_vulnerabilities.yaml +++ b/tests/integration/test_vulnerability_detector/test_scan_results/data/configuration_template/configuration_scan_provider_and_nvd_vulnerabilities.yaml @@ -272,3 +272,31 @@ value: 'yes' - path: value: CUSTOM_NVD_JSON_FEED + + +# ALMALINUX configuration +- sections: + - section: vulnerability-detector + elements: + - enabled: + value: 'yes' + - run_on_start: + value: 'yes' + - provider: + attributes: + - name: 'almalinux' + elements: + - enabled: + value: 'yes' + - os: + attributes: + - path: CUSTOM_ALMA_OVAL_FEED + value: '8' + - provider: + attributes: + - name: 'nvd' + elements: + - enabled: + value: 'yes' + - path: + value: CUSTOM_NVD_JSON_FEED diff --git a/tests/integration/test_vulnerability_detector/test_scan_results/data/configuration_template/configuration_scan_provider_vulnerabilities.yaml b/tests/integration/test_vulnerability_detector/test_scan_results/data/configuration_template/configuration_scan_provider_vulnerabilities.yaml index c064db94f5..8ea5cf77cc 100644 --- a/tests/integration/test_vulnerability_detector/test_scan_results/data/configuration_template/configuration_scan_provider_vulnerabilities.yaml +++ b/tests/integration/test_vulnerability_detector/test_scan_results/data/configuration_template/configuration_scan_provider_vulnerabilities.yaml @@ -271,3 +271,31 @@ value: 'yes' - path: value: CUSTOM_NVD_JSON_FEED + + +# ALMALINUX configuration +- sections: + - section: vulnerability-detector + elements: + - enabled: + value: 'yes' + - run_on_start: + value: 'yes' + - provider: + attributes: + - name: 'almalinux' + elements: + - enabled: + value: 'yes' + - os: + attributes: + - path: CUSTOM_ALMA_OVAL_FEED + value: '8' + - provider: + attributes: + - name: 'nvd' + elements: + - enabled: + value: 'yes' + - path: + value: CUSTOM_NVD_JSON_FEED diff --git a/tests/integration/test_vulnerability_detector/test_scan_results/data/configuration_template/configuration_scan_vulnerabilities_triaged_null.yaml b/tests/integration/test_vulnerability_detector/test_scan_results/data/configuration_template/configuration_scan_vulnerabilities_triaged_null.yaml index 38d57b9746..15a4d45e3f 100644 --- a/tests/integration/test_vulnerability_detector/test_scan_results/data/configuration_template/configuration_scan_vulnerabilities_triaged_null.yaml +++ b/tests/integration/test_vulnerability_detector/test_scan_results/data/configuration_template/configuration_scan_vulnerabilities_triaged_null.yaml @@ -49,6 +49,12 @@ elements: - enabled: value: 'no' + - provider: + attributes: + - name: almalinux + elements: + - enabled: + value: 'no' - provider: attributes: - name: nvd diff --git a/tests/integration/test_vulnerability_detector/test_scan_results/data/configuration_template/configuration_scan_vulnerability_removal.yaml b/tests/integration/test_vulnerability_detector/test_scan_results/data/configuration_template/configuration_scan_vulnerability_removal.yaml index fb675f8093..99c3545a16 100644 --- a/tests/integration/test_vulnerability_detector/test_scan_results/data/configuration_template/configuration_scan_vulnerability_removal.yaml +++ b/tests/integration/test_vulnerability_detector/test_scan_results/data/configuration_template/configuration_scan_vulnerability_removal.yaml @@ -178,3 +178,63 @@ elements: - disabled: value: 'no' + + +# ALMALINUX configuration +- sections: + - section: vulnerability-detector + elements: + - enabled: + value: 'yes' + - interval: + value: '5s' + - min_full_scan_interval: + value: '5s' + - run_on_start: + value: 'yes' + - provider: + attributes: + - name: 'almalinux' + elements: + - enabled: + value: 'yes' + - os: + attributes: + - path: CUSTOM_ALMA_OVAL_FEED + value: '8' + - provider: + attributes: + - name: 'nvd' + elements: + - enabled: + value: 'yes' + - path: + value: CUSTOM_NVD_JSON_FEED + - update_interval: + value: '10s' + - section: sca + elements: + - enabled: + value: 'no' + + - section: rootcheck + elements: + - disabled: + value: 'yes' + + - section: syscheck + elements: + - disabled: + value: 'yes' + + - section: wodle + attributes: + - name: 'syscollector' + elements: + - disabled: + value: 'yes' + + - section: auth + elements: + - disabled: + value: 'no' diff --git a/tests/integration/test_vulnerability_detector/test_scan_results/data/test_cases/cases_no_agent_data.yaml b/tests/integration/test_vulnerability_detector/test_scan_results/data/test_cases/cases_no_agent_data.yaml index 3482d58a35..8a7db2e9c1 100644 --- a/tests/integration/test_vulnerability_detector/test_scan_results/data/test_cases/cases_no_agent_data.yaml +++ b/tests/integration/test_vulnerability_detector/test_scan_results/data/test_cases/cases_no_agent_data.yaml @@ -74,3 +74,10 @@ NVD_JSON_PATH: CUSTOM_NVD_JSON_PATH metadata: system: SLES15 + +- name: 'ALMALINUX' + description: 'Scan ALMALINUX vulnerabilities using only the NVD feed' + configuration_parameters: + NVD_JSON_PATH: CUSTOM_NVD_JSON_PATH + metadata: + system: AlmaLinux-8 diff --git a/tests/integration/test_vulnerability_detector/test_scan_results/data/test_cases/cases_scan_provider_and_nvd_vulnerabilities.yaml b/tests/integration/test_vulnerability_detector/test_scan_results/data/test_cases/cases_scan_provider_and_nvd_vulnerabilities.yaml index 2ca86f4af9..21ec40c469 100644 --- a/tests/integration/test_vulnerability_detector/test_scan_results/data/test_cases/cases_scan_provider_and_nvd_vulnerabilities.yaml +++ b/tests/integration/test_vulnerability_detector/test_scan_results/data/test_cases/cases_scan_provider_and_nvd_vulnerabilities.yaml @@ -71,3 +71,15 @@ nvd_feed: 'custom_nvd_feed.json' oval_feed_tag: CUSTOM_SUSE_OVAL_FEED nvd_feed_tag: CUSTOM_NVD_JSON_FEED + +- name: 'ALMALINUX' + description: 'Scan ALMALINUX vulnerabilities using provider and NVD feed' + configuration_parameters: null + metadata: + provider_name: 'almalinux' + system: 'AlmaLinux-8' + json_feed: null + oval_feed: 'custom_alsa8_oval_feed.xml' + nvd_feed: 'custom_nvd_feed.json' + oval_feed_tag: CUSTOM_ALMA_OVAL_FEED + nvd_feed_tag: CUSTOM_NVD_JSON_FEED diff --git a/tests/integration/test_vulnerability_detector/test_scan_results/data/test_cases/cases_scan_provider_vulnerabilities.yaml b/tests/integration/test_vulnerability_detector/test_scan_results/data/test_cases/cases_scan_provider_vulnerabilities.yaml index 0e2b7c7e0c..50acbc2529 100644 --- a/tests/integration/test_vulnerability_detector/test_scan_results/data/test_cases/cases_scan_provider_vulnerabilities.yaml +++ b/tests/integration/test_vulnerability_detector/test_scan_results/data/test_cases/cases_scan_provider_vulnerabilities.yaml @@ -71,3 +71,15 @@ nvd_feed: 'custom_nvd_alternative_feed.json' oval_feed_tag: CUSTOM_SUSE_OVAL_FEED nvd_feed_tag: CUSTOM_NVD_JSON_FEED + +- name: 'ALMALINUX' + description: 'Scan ALMALINUX vulnerabilities using provider and NVD feed' + configuration_parameters: null + metadata: + provider_name: 'almalinux' + system: 'AlmaLinux-8' + json_feed: null + oval_feed: 'custom_alsa8_oval_feed.xml' + nvd_feed: 'custom_nvd_alternative_feed.json' + oval_feed_tag: CUSTOM_ALMA_OVAL_FEED + nvd_feed_tag: CUSTOM_NVD_JSON_FEED diff --git a/tests/integration/test_vulnerability_detector/test_scan_results/data/test_cases/cases_scan_vulnerability_removal.yaml b/tests/integration/test_vulnerability_detector/test_scan_results/data/test_cases/cases_scan_vulnerability_removal.yaml index 886b6ea83d..89422f38cc 100644 --- a/tests/integration/test_vulnerability_detector/test_scan_results/data/test_cases/cases_scan_vulnerability_removal.yaml +++ b/tests/integration/test_vulnerability_detector/test_scan_results/data/test_cases/cases_scan_vulnerability_removal.yaml @@ -54,3 +54,22 @@ test_package_1_name: 'custom-package-1' test_package_0_cve: 'CVE-000' test_package_1_cve: 'CVE-001' + +- name: 'Alert vulnerability removal - ALMALINUX' + description: 'Alert when a package is removed from the database' + configuration_parameters: null + metadata: + provider_name: 'almalinux' + system: 'AlmaLinux-8' + json_feed: null + oval_feed: 'custom_alsa8_oval_feed.xml' + nvd_feed: 'custom_nvd_feed.json' + oval_feed_tag: CUSTOM_ALMA_OVAL_FEED + nvd_feed_tag: CUSTOM_NVD_JSON_FEED + test_package_vendor: 'WazuhIntegrationTests' + test_package_version: '1.0.0' + test_package_version_not_vulnerable: '2.1.0' + test_package_0_name: 'custom-package-0' + test_package_1_name: 'custom-package-1' + test_package_0_cve: 'CVE-000' + test_package_1_cve: 'CVE-001' diff --git a/tests/integration/test_vulnerability_detector/test_scan_results/test_scan_nvd_vulnerabilities.py b/tests/integration/test_vulnerability_detector/test_scan_results/test_scan_nvd_vulnerabilities.py index 41f208fe0a..a09caf49f2 100644 --- a/tests/integration/test_vulnerability_detector/test_scan_results/test_scan_nvd_vulnerabilities.py +++ b/tests/integration/test_vulnerability_detector/test_scan_results/test_scan_nvd_vulnerabilities.py @@ -9,7 +9,7 @@ brief: Wazuh is able to detect vulnerabilities in the applications installed in agents using the Vulnerability Detector module. This software audit is performed through the integration of vulnerability feeds indexed by Redhat, - Canonical, Debian, Amazon Linux and NVD Database. + Canonical, Debian, Amazon Linux, Alma Linux and NVD Database. components: - vulnerability_detector @@ -43,6 +43,7 @@ - SUSE Enterprise Server 11 - SUSE Enterprise Server 12 - SUSE Enterprise Server 15 + - Alma Linux 8 references: - https://documentation.wazuh.com/current/user-manual/capabilities/vulnerability-detection/index.html diff --git a/tests/integration/test_vulnerability_detector/test_scan_results/test_scan_provider_and_nvd_vulnerabilities.py b/tests/integration/test_vulnerability_detector/test_scan_results/test_scan_provider_and_nvd_vulnerabilities.py index 43dbe2fa73..36885584e0 100644 --- a/tests/integration/test_vulnerability_detector/test_scan_results/test_scan_provider_and_nvd_vulnerabilities.py +++ b/tests/integration/test_vulnerability_detector/test_scan_results/test_scan_provider_and_nvd_vulnerabilities.py @@ -9,7 +9,7 @@ brief: Wazuh is able to detect vulnerabilities in the applications installed in agents using the Vulnerability Detector module. This software audit is performed through the integration of vulnerability feeds indexed by Redhat, - Canonical, Debian, Amazon Linux and NVD Database. + Canonical, Debian, Amazon Linux, Alma Linux and NVD Database. components: - vulnerability_detector @@ -43,6 +43,7 @@ - Suse Enterprise Linux Desktop 15 - Suse Enterprise Linux Desktop 12 - Suse Enterprise Linux Desktop 11 + - Alma Linux 8 references: - https://documentation.wazuh.com/current/user-manual/capabilities/vulnerability-detection/index.html diff --git a/tests/integration/test_vulnerability_detector/test_scan_results/test_scan_provider_vulnerabilities.py b/tests/integration/test_vulnerability_detector/test_scan_results/test_scan_provider_vulnerabilities.py index b2bfd8bc33..e1a57e07a2 100644 --- a/tests/integration/test_vulnerability_detector/test_scan_results/test_scan_provider_vulnerabilities.py +++ b/tests/integration/test_vulnerability_detector/test_scan_results/test_scan_provider_vulnerabilities.py @@ -9,7 +9,7 @@ brief: Wazuh is able to detect vulnerabilities in the applications installed in agents using the Vulnerability Detector module. This software audit is performed through the integration of vulnerability feeds indexed by Redhat, - Canonical, Debian, Amazon Linux and NVD Database. + Canonical, Debian, Amazon Linux, Alma Linux and NVD Database. components: - vulnerability_detector @@ -43,6 +43,7 @@ - Suse Enterprise Linux Desktop 15 - Suse Enterprise Linux Desktop 12 - Suse Enterprise Linux Desktop 11 + - Alma Linux 8 references: - https://documentation.wazuh.com/current/user-manual/capabilities/vulnerability-detection/index.html diff --git a/tests/integration/test_vulnerability_detector/test_scan_results/test_scan_vulnerabilities_triaged_null.py b/tests/integration/test_vulnerability_detector/test_scan_results/test_scan_vulnerabilities_triaged_null.py index bd3b47868d..d95b131138 100644 --- a/tests/integration/test_vulnerability_detector/test_scan_results/test_scan_vulnerabilities_triaged_null.py +++ b/tests/integration/test_vulnerability_detector/test_scan_results/test_scan_vulnerabilities_triaged_null.py @@ -9,7 +9,7 @@ brief: Wazuh is able to detect vulnerabilities in the applications installed in agents using the Vulnerability Detector module. This software audit is performed through the integration of vulnerability feeds indexed by Redhat, - Canonical, Debian, Amazon Linux and NVD Database. + Canonical, Debian, Amazon Linux, Alma Linux and NVD Database. components: - vulnerability_detector @@ -43,6 +43,7 @@ - SUSE Enterprise Server 11 - SUSE Enterprise Server 12 - SUSE Enterprise Server 15 + - Alma Linux references: - https://documentation.wazuh.com/current/user-manual/capabilities/vulnerability-detection/index.html diff --git a/tests/integration/test_vulnerability_detector/test_scan_results/test_scan_vulnerability_removal.py b/tests/integration/test_vulnerability_detector/test_scan_results/test_scan_vulnerability_removal.py index 145a1059cc..27dac672b0 100644 --- a/tests/integration/test_vulnerability_detector/test_scan_results/test_scan_vulnerability_removal.py +++ b/tests/integration/test_vulnerability_detector/test_scan_results/test_scan_vulnerability_removal.py @@ -9,7 +9,7 @@ brief: Wazuh is able to detect vulnerabilities in the applications installed in agents using the Vulnerability Detector module. This software audit is performed through the integration of vulnerability feeds indexed by Redhat, - Canonical, Debian, SUSE, Amazon Linux and NVD Database. + Canonical, Debian, SUSE, Amazon Linux, Alma Linux and NVD Database. components: - vulnerability_detector @@ -44,6 +44,7 @@ - Suse Enterprise Linux Desktop 15 - Suse Enterprise Linux Desktop 12 - Suse Enterprise Linux Desktop 11 + - Alma Linux 8 references: - https://documentation.wazuh.com/current/user-manual/capabilities/vulnerability-detection/index.html