feat(#3361): add new test module and cases

wazuh · Apr 24, 2023 · 7975603 · 7975603
1 parent f49cb67
commit 7975603
Show file tree

Hide file tree

Showing 3 changed files with 209 additions and 0 deletions.
diff --git a/...rability_detector/test_feeds/data/configuration_template/configuration_msu_inventory.yaml b/...rability_detector/test_feeds/data/configuration_template/configuration_msu_inventory.yaml
@@ -0,0 +1,47 @@
+- sections:
+    - section: vulnerability-detector
+      elements:
+        - enabled:
+            value: 'yes'
+        - run_on_start:
+            value: 'yes'
+        - provider:
+            attributes:
+              - name: PROVIDER
+            elements:
+              - enabled:
+                  value: 'yes'
+              - os:
+                  value: OS
+
+    - section: sca
+      elements:
+      - enabled:
+          value: 'no'
+
+    - section: rootcheck
+      elements:
+      - disabled:
+          value: 'yes'
+
+    - section: syscheck
+      elements:
+      - disabled:
+          value: 'yes'
+
+    - section: wodle
+      attributes:
+        - name: 'syscollector'
+      elements:
+        - disabled:
+            value: 'yes'
+
+    - section: auth
+      elements:
+        - disabled:
+            value: 'yes'
+
+    - section: rule_test
+      elements:
+        - enabled:
+            value: 'no'
diff --git a/...tegration/test_vulnerability_detector/test_feeds/data/test_cases/cases_msu_inventory.yaml b/...tegration/test_vulnerability_detector/test_feeds/data/test_cases/cases_msu_inventory.yaml
@@ -0,0 +1,8 @@
+- name: Check Patches with no CVE present
+  description: Test patches with no associated CVE are added from the catalog
+  configuration_parameters:
+    PROVIDER: msu
+    OS: ''
+  metadata:
+    provider_name: Microsoft Security Update
+    download_timeout: 120
diff --git a/tests/integration/test_vulnerability_detector/test_feeds/test_msu_inventory.py b/tests/integration/test_vulnerability_detector/test_feeds/test_msu_inventory.py
@@ -0,0 +1,154 @@
+'''
+copyright: Copyright (C) 2015-2023, Wazuh Inc.
+
+           Created by Wazuh, Inc. <info@wazuh.com>.
+
+           This program is free software; you can redistribute it and/or modify it under the terms of GPLv2
+
+type: integration
+
+brief: Wazuh is able to detect vulnerabilities in the applications installed in agents using the Vulnerability Detector
+       module. This software audit is performed through the integration of vulnerability feeds indexed by Redhat,
+       Canonical, Debian, Amazon Linux and NVD Database.
+
+components:
+    - vulnerability_detector
+
+suite: feeds
+
+targets:
+    - manager
+
+daemons:
+    - wazuh-modulesd
+    - wazuh-db
+    - wazuh-analysisd
+
+os_platform:
+    - linux
+
+os_version:
+    - Arch Linux
+    - Amazon Linux 2022
+    - Amazon Linux 2
+    - Amazon Linux 1
+    - CentOS 8
+    - CentOS 7
+    - Debian Buster
+    - Red Hat 8
+    - Ubuntu Trusty
+    - Ubuntu Xenial
+    - Ubuntu Bionic
+    - Ubuntu Focal
+    - Ubuntu Jammy
+    - SUSE Linux Enterprise Desktop 11
+    - SUSE Linux Enterprise Desktop 12
+    - SUSE Linux Enterprise Desktop 15
+    - SUSE Linux Enterprise Server 11
+    - SUSE Linux Enterprise Server 12
+    - SUSE Linux Enterprise Server 15
+
+references:
+    - https://documentation.wazuh.com/current/user-manual/capabilities/vulnerability-detection/
+    - https://documentation.wazuh.com/current/user-manual/capabilities/syscollector.html
+
+tags:
+    - vulnerability
+    - vulnerability_detector
+    - download
+    - feeds
+'''
+import os
+import pytest
+
+from wazuh_testing.db_interface.cve_db import get_rows_from_table
+from wazuh_testing.tools.configuration import load_configuration_template, get_test_cases_data
+from wazuh_testing.modules.vulnerability_detector import event_monitor as evm
+
+
+# Reference paths
+TEST_DATA_PATH = os.path.join(os.path.dirname(os.path.realpath(__file__)), 'data')
+CONFIGURATIONS_PATH = os.path.join(TEST_DATA_PATH, 'configuration_template')
+TEST_CASES_PATH = os.path.join(TEST_DATA_PATH, 'test_cases')
+
+# Configuration and cases data
+configurations_path = os.path.join(CONFIGURATIONS_PATH, 'configuration_msu_inventory.yaml')
+cases_path = os.path.join(TEST_CASES_PATH, 'cases_msu_inventory.yaml')
+
+# Test configurations
+configuration_parameters, configuration_metadata, case_ids = get_test_cases_data(cases_path)
+configurations = load_configuration_template(configurations_path, configuration_parameters, configuration_metadata)
+
+# Variables
+patch_references = ['4465477', '5003711', '4470788']
+
+@pytest.mark.tier(level=2)
+@pytest.mark.parametrize('configuration, metadata', zip(configurations, configuration_metadata), ids=case_ids)
+def test_msu_catalog_patches(configuration, metadata, set_wazuh_configuration_vdt, truncate_monitored_files,
+                        clean_cve_tables_func, restart_modulesd_function):
+    '''
+    description: Check that patch information is added to the feed from the catalog for patches not directly related
+                 to a Vulnerability.
+
+    test_phases:
+        Setup:
+            - Set a custom Wazuh configuration.
+            - Restart wazuh-modulesd.
+        Test:
+            - Check in log that the database provider has been updated successfully.
+            - Query the DB to check patch is found in MSU_SUPERSEDENSE table
+            - Query the DB to check patch is not foundin MSU table (Has not Vulnerability linked to it).
+        Teardown:
+            - Clean the database.
+            - Stop wazuh-modulesd.
+
+        
+
+    wazuh_min_version: 4.5.0
+
+    tier: 2
+
+    parameters:
+        - configuration:
+            type: dict
+            brief: Wazuh configuration data. Needed for set_wazuh_configuration fixture.
+        - metadata:
+            type: dict
+            brief: Wazuh configuration metadata
+        - set_wazuh_configuration_vdt:
+            type: fixture
+            brief: Set the wazuh configuration according to the configuration data.
+        - truncate_monitored_files:
+            type: fixture
+            brief: Truncate all the log files and json alerts files before and after the test execution.
+        - clean_cve_tables_func:
+            type: fixture
+            brief: Clean all the CVE tables before and after running the test.
+        - restart_modulesd_function:
+            type: fixture
+            brief: Restart the wazuh-modulesd daemon.
+
+    assertions:
+        - Check that the feed is downloaded successfully.
+        - Check that the referenced patch is found in MSU_SUPERSEDENSE table
+        - Check that the referenced patch is not foundin MSU table (Has not Vulnerability linked to it).
+
+    input_description:
+        - The `configuration_msu_inventory.yaml` file provides the module configuration for this test.
+        - The `cases_msu_inventory.yaml` file provides the test cases.
+
+    expected_output:
+        - r'The update of the .* feed finished successfully'
+    '''
+    # Check that the feed has been updated successfully
+    evm.check_provider_database_update_finish_log(provider_name=metadata['provider_name'],
+                                                  timeout=metadata['download_timeout'])
+
+    for patch in patch_references:
+        # Check that patch is present in MSU_SUPERSEDENCE table
+        result = get_rows_from_table(patch, 'patch', 'MSU_SUPERSEDENCE')
+        assert result is not None, f"The Expected data for KB{patch} was not found in MSU_SUPERSEDENCE Table"
+
+        # Check that patch is not present in MSU table
+        result = get_rows_from_table(patch, 'patch', 'MSU')
+        assert result is None, f"Unexpected data found for KB{patch} in MSU Table"