Skip to content

Commit

Permalink
merge(#1915): '4.5' into 'dev branch'
Browse files Browse the repository at this point in the history
  • Loading branch information
@Deblintrake09
Deblintrake09 committed Feb 6, 2023
2 parents 5e0240d + 86eabe7 commit 7c41de2
Show file tree
Hide file tree
Showing 12 changed files with 608 additions and 38 deletions.
3 changes: 2 additions & 1 deletion CHANGELOG.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ Release report: TBD

- Add tests with new options to avoid FIM synchronization overlapping. ([#3318](https://github.com/wazuh/wazuh-qa/pull/3318)) \- (Framework + tests)
- Add Windows System folders FIM monitoring tests ([#3720](https://github.com/wazuh/wazuh-qa/pull/3720)) \- (Tests)
- Add 'test_whodata_policy_changes' tests ([#3627](https://github.com/wazuh/wazuh-qa/pull/3627)) \- (Framework + Tests)
- Add 'test_whodata_policy_changes' tests ([#3627](https://github.com/wazuh/wazuh-qa/pull/3627)) \- (Framework + Tests)
- Add test to check if active-response netsh generates alerts when firewall is disabled. ([#3787](https://github.com/wazuh/wazuh-qa/pull/3787)) \- (Framework + Tests)
- Add new tests for logcollector 'ignore' and 'restrict' options ([#3582](https://github.com/wazuh/wazuh-qa/pull/3582)) \- (Tests)
- Add 'Force reconnect' feature to agent_simulator tool. ([#3111](https://github.com/wazuh/wazuh-qa/pull/3111)) \- (Tools)
Expand Down Expand Up @@ -40,6 +40,7 @@ Release report: TBD

### Added

- Add new test to check missing fields in `cpe_helper.json` file ([#3766](https://github.com/wazuh/wazuh-qa/pull/3766)) \- (Framework + Tests)
- Add new test to check cpe_helper.json file ([#3731](https://github.com/wazuh/wazuh-qa/pull/3731))
- Add new tests analysid handling of invalid/empty rule signature IDs ([#3649]
(https://github.com/wazuh/wazuh-qa/pull/3649)) \- (Framework + Tests)
Expand Down
3 changes: 3 additions & 0 deletions deps/wazuh_testing/wazuh_testing/modules/vulnerability_detector/__init__.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,8 @@
T_800 = 800

CUSTOM_VULNERABLE_PACKAGES = 'custom_vulnerable_packages.json'
CUSTOM_VULNERABLE_PKG_EMPTY_VENDOR = 'custom_vulnerable_pkg_empty_vendor.json'
CUSTOM_VULNERABLE_PKG_EMPTY_VENDOR_VERSION = 'custom_vulnerable_pkg_empty_vendor_version.json'
CUSTOM_NVD_FEED = 'custom_nvd_feed.json'
CUSTOM_NVD_ALTERNATIVE_FEED = 'custom_nvd_alternative_feed.json'
CUSTOM_REDHAT_JSON_FEED = 'custom_redhat_json_feed.json'
Expand All @@ -28,6 +30,7 @@
CUSTOM_DEBIAN_JSON_FEED = 'custom_debian_json_feed.json'
CUSTOM_MSU_JSON_FEED = 'custom_msu.json'
CUSTOM_CPE_HELPER = 'custom_cpe_helper.json'
CUSTOM_GENERIC_CPE_HELPER = 'custom_generic_cpe_helper_one_package.json'
CUSTOM_CPE_HELPER_TEMPLATE = 'custom_cpe_helper_template.json'
CUSTOM_ARCHLINUX_JSON_FEED = 'custom_archlinux_feed.json'
CUSTOM_ALAS_JSON_FEED = 'custom_alas_feed.json'
Expand Down
13 changes: 13 additions & 0 deletions deps/wazuh_testing/wazuh_testing/modules/vulnerability_detector/event_monitor.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -510,3 +510,16 @@ def check_error_inserting_package(log_monitor=None, agent_id='000', timeout=vd.T
check_vuln_detector_event(file_monitor=log_monitor, timeout=timeout,
callback=f"ERROR: .* Could not insert the CPEs from the agent '{agent_id}' "
"into the database.")


def check_version_log(package_name='', log_monitor=None, timeout=vd.T_20):
"""Check that the version log could not be reached.
Args:
package_name (str): Package name.
log_monitor (FileMonitor): Log monitor.
timeout (str): timeout to check the event in Wazuh log.
"""
check_vuln_detector_event(file_monitor=log_monitor, timeout=timeout,
callback=fr"DEBUG: .* Couldn't get the version of the CPE for the {package_name} "
"package.")
38 changes: 38 additions & 0 deletions ...t_vulnerability_detector/data/feeds/cpe_helper/custom_generic_cpe_helper_one_package.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,38 @@
{
"VERSION_TAG": "VERSION_VALUE",
"FORMAT_TAG": "FORMAT_VALUE",
"UPDATE_TAG": "UPDATE_VALUE",
"DICTIONARY_TAG": [
{
"TARGET_TAG": "TARGET_VALUE",
"SOURCE_TAG": {
"VENDOR_S_TAG": [
"VENDOR_S_VALUE"
],
"PRODUCT_S_TAG": [
"PRODUCT_S_VALUE_0"
],
"VERSION_S_TAG": ["VERSION_S_VALUE"]
},
"TRANSLATION_TAG": {
"VENDOR_T_TAG": [
"VENDOR_T_VALUE"
],
"PRODUCT_T_TAG": [
"PRODUCT_T_VALUE_0"
],
"VERSION_T_TAG": ["VERSION_T_VALUE"]
},
"ACTION_TAG": [
"ACTION_VALUE_0",
"ACTION_VALUE_1"
]
}
],
"LICENSE_TAG": {
"TITLE_TAG": "TITLE_VALUE",
"COPYRIGHT_TAG": "COPYRIGHT_VALUE",
"DATE_TAG": "DATE_VALUE",
"TYPE_TAG" : "TYPE_VALUE"
}
}
14 changes: 14 additions & 0 deletions ...t_vulnerability_detector/data/vulnerable_packages/custom_vulnerable_pkg_empty_vendor.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
[
{
"scan": {
"id": 0,
"time": "2021-11-20T12:41:27Z"
},
"architecture": "x86_64",
"format": "win",
"name": "custom-package-0 1.0.0",
"size": 0,
"vendor": "NULL",
"cveid": "CVE-000"
}
]
15 changes: 15 additions & 0 deletions ...ability_detector/data/vulnerable_packages/custom_vulnerable_pkg_empty_vendor_version.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
[
{
"scan": {
"id": 0,
"time": "2021-11-20T12:41:27Z"
},
"architecture": "x86_64",
"format": "win",
"name": "custom-package-0 1.0.0",
"size": 0,
"vendor": "NULL",
"cveid": "CVE-000",
"version": "NULL"
}
]
229 changes: 229 additions & 0 deletions ...lnerability_detector/test_cpe_helper/data/test_cases/cases_cpe_indexing_empty_fields.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,229 @@
- name: Missing vendor field
description: Indexing CPE helper with missing vendor field
configuration_parameters:
NVD_JSON_PATH: CUSTOM_NVD_JSON_PATH
metadata:
system: WINDOWS_10
wrong_field: null
missing_field: []
tags:
VERSION_TAG: version
FORMAT_TAG: format_version
UPDATE_TAG: update_date
DICTIONARY_TAG: dictionary
TARGET_TAG: target
SOURCE_TAG: source
VENDOR_S_TAG: vendor
PRODUCT_S_TAG: product
VERSION_S_TAG: version
TRANSLATION_TAG: translation
VENDOR_T_TAG: vendor
PRODUCT_T_TAG: product
VERSION_T_TAG: version
ACTION_TAG: action
LICENSE_TAG: license
TITLE_TAG: title
COPYRIGHT_TAG: copyright
DATE_TAG: date
TYPE_TAG: type
values:
VERSION_VALUE: "1.0"
FORMAT_VALUE: "1.0"
UPDATE_VALUE: 2050-10-02T10:56Z
TARGET_VALUE: windows
VENDOR_S_VALUE: ""
PRODUCT_S_VALUE_0: ^custom-package-0.*
VERSION_S_VALUE: ^custom-package-0 ([0-9]+\\.*[0-9]*\\.*[0-9]*-*[0-9]*)
VENDOR_T_VALUE: wazuh-mocking
PRODUCT_T_VALUE_0: custom-package-0
VERSION_T_VALUE: ""
ACTION_VALUE_0: replace_product
ACTION_VALUE_1: set_version_if_product_matches
TITLE_VALUE: Dictionary of CPEs to analyze system vulnerabilities.
COPYRIGHT_VALUE: Copyright (C) 2015-2019, Wazuh Inc.
DATE_VALUE: March 6, 2019.
TYPE_VALUE: GPLv2

- name: Missing vendor and version fields
description: Indexing CPE helper with missing vendor and version fields
configuration_parameters:
NVD_JSON_PATH: CUSTOM_NVD_JSON_PATH
metadata:
system: WINDOWS_10
wrong_field: null
missing_field: []
tags:
VERSION_TAG: version
FORMAT_TAG: format_version
UPDATE_TAG: update_date
DICTIONARY_TAG: dictionary
TARGET_TAG: target
SOURCE_TAG: source
VENDOR_S_TAG: vendor
PRODUCT_S_TAG: product
VERSION_S_TAG: version
TRANSLATION_TAG: translation
VENDOR_T_TAG: vendor
PRODUCT_T_TAG: product
VERSION_T_TAG: version
ACTION_TAG: action
LICENSE_TAG: license
TITLE_TAG: title
COPYRIGHT_TAG: copyright
DATE_TAG: date
TYPE_TAG: type
values:
VERSION_VALUE: "1.0"
FORMAT_VALUE: "1.0"
UPDATE_VALUE: 2050-10-02T10:56Z
TARGET_VALUE: windows
VENDOR_S_VALUE: ""
PRODUCT_S_VALUE_0: ^custom-package-0.*
VERSION_S_VALUE: ""
VENDOR_T_VALUE: wazuh-mocking
PRODUCT_T_VALUE_0: custom-package-0
VERSION_T_VALUE: ^custom-package-0 ([0-9]+\\.*[0-9]*\\.*[0-9]*-*[0-9]*)
ACTION_VALUE_0: replace_product
ACTION_VALUE_1: set_version_if_product_matches
TITLE_VALUE: Dictionary of CPEs to analyze system vulnerabilities.
COPYRIGHT_VALUE: Copyright (C) 2015-2019, Wazuh Inc.
DATE_VALUE: March 6, 2019.
TYPE_VALUE: GPLv2

- name: Missing set_version_if_product_matches action field
description: Indexing CPE helper with missing set_version_if_product_matches action field
configuration_parameters:
NVD_JSON_PATH: CUSTOM_NVD_JSON_PATH
metadata:
system: WINDOWS_10
wrong_field: null
missing_field: []
tags:
VERSION_TAG: version
FORMAT_TAG: format_version
UPDATE_TAG: update_date
DICTIONARY_TAG: dictionary
TARGET_TAG: target
SOURCE_TAG: source
VENDOR_S_TAG: vendor
PRODUCT_S_TAG: product
VERSION_S_TAG: version
TRANSLATION_TAG: translation
VENDOR_T_TAG: vendor
PRODUCT_T_TAG: product
VERSION_T_TAG: version
ACTION_TAG: action
LICENSE_TAG: license
TITLE_TAG: title
COPYRIGHT_TAG: copyright
DATE_TAG: date
TYPE_TAG: type
values:
VERSION_VALUE: "1.0"
FORMAT_VALUE: "1.0"
UPDATE_VALUE: 2050-10-02T10:56Z
TARGET_VALUE: windows
VENDOR_S_VALUE: ""
PRODUCT_S_VALUE_0: ^custom-package-0.*
VERSION_S_VALUE: ""
VENDOR_T_VALUE: wazuh-mocking
PRODUCT_T_VALUE_0: custom-package-0
VERSION_T_VALUE: ^custom-package-0 ([0-9]+\\.*[0-9]*\\.*[0-9]*-*[0-9]*)
ACTION_VALUE_0: replace_product
ACTION_VALUE_1: ""
TITLE_VALUE: Dictionary of CPEs to analyze system vulnerabilities.
COPYRIGHT_VALUE: Copyright (C) 2015-2019, Wazuh Inc.
DATE_VALUE: March 6, 2019.
TYPE_VALUE: GPLv2

- name: Replace_vendor instead of set_version_if_product_matches action fields
description: Indexing CPE helper with replace_vendor instead of set_version_if_product_matches action fields
configuration_parameters:
NVD_JSON_PATH: CUSTOM_NVD_JSON_PATH
metadata:
system: WINDOWS_10
wrong_field: null
missing_field: []
tags:
VERSION_TAG: version
FORMAT_TAG: format_version
UPDATE_TAG: update_date
DICTIONARY_TAG: dictionary
TARGET_TAG: target
SOURCE_TAG: source
VENDOR_S_TAG: vendor
PRODUCT_S_TAG: product
VERSION_S_TAG: version
TRANSLATION_TAG: translation
VENDOR_T_TAG: vendor
PRODUCT_T_TAG: product
VERSION_T_TAG: version
ACTION_TAG: action
LICENSE_TAG: license
TITLE_TAG: title
COPYRIGHT_TAG: copyright
DATE_TAG: date
TYPE_TAG: type
values:
VERSION_VALUE: "1.0"
FORMAT_VALUE: "1.0"
UPDATE_VALUE: 2050-10-02T10:56Z
TARGET_VALUE: windows
VENDOR_S_VALUE: ""
PRODUCT_S_VALUE_0: ^custom-package-0.*
VERSION_S_VALUE: ""
VENDOR_T_VALUE: wazuh-mocking
PRODUCT_T_VALUE_0: custom-package-0
VERSION_T_VALUE: ^custom-package-0 ([0-9]+\\.*[0-9]*\\.*[0-9]*-*[0-9]*)
ACTION_VALUE_0: replace_product
ACTION_VALUE_1: replace_vendor
TITLE_VALUE: Dictionary of CPEs to analyze system vulnerabilities.
COPYRIGHT_VALUE: Copyright (C) 2015-2019, Wazuh Inc.
DATE_VALUE: March 6, 2019.
TYPE_VALUE: GPLv2

- name: Missing all source fields
description: Indexing CPE helper with missing all source fields
configuration_parameters:
NVD_JSON_PATH: CUSTOM_NVD_JSON_PATH
metadata:
system: WINDOWS_10
wrong_field: null
missing_field: []
tags:
VERSION_TAG: version
FORMAT_TAG: format_version
UPDATE_TAG: update_date
DICTIONARY_TAG: dictionary
TARGET_TAG: target
SOURCE_TAG: source
VENDOR_S_TAG: vendor
PRODUCT_S_TAG: product
VERSION_S_TAG: version
TRANSLATION_TAG: translation
VENDOR_T_TAG: vendor
PRODUCT_T_TAG: product
VERSION_T_TAG: version
ACTION_TAG: action
LICENSE_TAG: license
TITLE_TAG: title
COPYRIGHT_TAG: copyright
DATE_TAG: date
TYPE_TAG: type
values:
VERSION_VALUE: "1.0"
FORMAT_VALUE: "1.0"
UPDATE_VALUE: 2050-10-02T10:56Z
TARGET_VALUE: windows
VENDOR_S_VALUE: ""
PRODUCT_S_VALUE_0: ""
VERSION_S_VALUE: ""
VENDOR_T_VALUE: wazuh-mocking
PRODUCT_T_VALUE_0: custom-package-0
VERSION_T_VALUE: ^custom-package-0 ([0-9]+\\.*[0-9]*\\.*[0-9]*-*[0-9]*)
ACTION_VALUE_0: replace_product
ACTION_VALUE_1: replace_vendor
TITLE_VALUE: Dictionary of CPEs to analyze system vulnerabilities.
COPYRIGHT_VALUE: Copyright (C) 2015-2019, Wazuh Inc.
DATE_VALUE: March 6, 2019.
TYPE_VALUE: GPLv2
45 changes: 45 additions & 0 deletions ...ity_detector/test_cpe_helper/data/test_cases/cases_cpe_indexing_empty_vendor_version.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,45 @@
- name: Missing all the source fields and version translation field
description: Indexing CPE helper with missing all the source fields and version translation field
configuration_parameters:
NVD_JSON_PATH: CUSTOM_NVD_JSON_PATH
metadata:
system: WINDOWS_10
wrong_field: null
missing_field: []
tags:
VERSION_TAG: version
FORMAT_TAG: format_version
UPDATE_TAG: update_date
DICTIONARY_TAG: dictionary
TARGET_TAG: target
SOURCE_TAG: source
VENDOR_S_TAG: vendor
PRODUCT_S_TAG: product
VERSION_S_TAG: version
TRANSLATION_TAG: translation
VENDOR_T_TAG: vendor
PRODUCT_T_TAG: product
VERSION_T_TAG: version
ACTION_TAG: action
LICENSE_TAG: license
TITLE_TAG: title
COPYRIGHT_TAG: copyright
DATE_TAG: date
TYPE_TAG: type
values:
VERSION_VALUE: "1.0"
FORMAT_VALUE: "1.0"
UPDATE_VALUE: 2050-10-02T10:56Z
TARGET_VALUE: windows
VENDOR_S_VALUE: ""
PRODUCT_S_VALUE_0: ""
VERSION_S_VALUE: ""
VENDOR_T_VALUE: wazuh-mocking
PRODUCT_T_VALUE_0: custom-package-0
VERSION_T_VALUE: ""
ACTION_VALUE_0: replace_product
ACTION_VALUE_1: replace_vendor
TITLE_VALUE: Dictionary of CPEs to analyze system vulnerabilities.
COPYRIGHT_VALUE: Copyright (C) 2015-2019, Wazuh Inc.
DATE_VALUE: March 6, 2019.
TYPE_VALUE: GPLv2
Loading

0 comments on commit 7c41de2

Please sign in to comment.