CVEs alerts inventory for Vulnerability Detector - VDT and WDB Integration Tests implementation

[DProvinciani]

Related issue
#1242

Description

This pull request includes all the necessary test cases to cover the new Wazuh DB commands and Vulnerability Detector alerting mechanisms created as part of the epic wazuh/wazuh#7749. For details, check the description of the issue #1242 and #1261.

Vulnerability Detector:

• test_scan_results: Includes tests that check vulnerabilities insertion and removal in:
  • Log file
  • Alerts file
  • Vulnerabilities inventory database.
• test_scan_types: Includes tests for Baseline, Partial and Full scans
• test_general_settings: Includes new settings min_full_scan_interval and retry_interval

Wazuh DB:

• The set of tests implemented verify the right behavior of all the new Wazuh DB commands implemented as part of the epic CVEs alerts inventory for Vulnerability Detector wazuh#7749.

Dod

test_scan_types

test_general_settings

test_scan_results

test_windows

tests_wazuh_db

Tests

• Proven that tests pass when they have to pass.
• Proven that tests fail when they have to fail.

• Python codebase satisfies PEP-8 style style guide. pycodestyle --max-line-length=120 --show-source --show-pep8 file.py.
• Python codebase is documented following the Google Style for Python docstrings.
• The test is documented in wazuh-qa/docs.

[DProvinciani]

Jenkins execution

https://ci.wazuh.info/job/Test_integration/6716/

[juliamagan]

It is needed to change the quotes in the yaml and the test following the next format:

x = f"{var}string"
x = 'raw string'
x = "this is my raw 'string' with single quotation marks"

Some of them were requested, but there are more.

[juliamagan]

After talking with @snaow we have considered that new development or changes into existing tests should follow new repository standards about Wazuh daemons. For now, it is required to use fixtures to start only required daemons, and turn them off when the test is over. That means, that the default status of Wazuh would be off and each test should be responsible for daemons handling.
In case of the need of all Wazuh daemon, the test should disable every module not necessary for the testing in ossec.conf.

The reasons for this change are:

Faster testing
More encapsulated tests

Also, we need to implement the common fixtures for auto-configure local internal options and file monitoring.

[pereyra-m]

Validation

After implementing the changes, the proper tests were run.
Jenkins: https://ci.wazuh.info/job/Test_integration/14836/console

Test Executions	Date	By	Status
report1.zip	2021-11-02	Matias	🟢
report2.zip	2021-11-02	Matias	🟢
report3.zip	2021-11-02	Matias	🟢

[DProvinciani]

Validation

We run three times the Vulnerability Detector tests in tier 0.

Test Executions	Date	Status
test_vuldet_1.zip	2021-11-11	🟢
test_vuldet_2.zip	2021-11-11	🟢
test_vuldet_3.zip	2021-11-11	🟢

We run three times the Vulnerability Detector tests in tier 1.

Test Executions	Date	Status
vuln_det_tier_1_round1.zip	2021-11-11	🟢
vuln_det_tier_1_round2.zip	2021-11-11	🟢
vuln_det_tier_1_round3.zip	2021-11-11	🟢

Notes:

• During the execution of the tests, some random errors were observed due to the known issue tracked here (The database got locked because of simultaneous access). We followed the same approach and added the tests using this access to the list of skipped tests. The following logfile shows this known error.
• We also got some failures telling that some alerts were not in the logs. But after reviewing the logs, the alerts were right there. This is a typical case in which the FileMonitor doesn't achieve the log verification before the timeout.

Failure

Event in the logs

ossec_database_locked_test_general_settings_min_full_scan_interval_120m.py.zip

• The successful executions were done discarding the last commit in this pull request as evidence that the tests are working as expected besides the known error of the database locked. That commit skips some test cases that present some instability and intermittent failures.

[pereyra-m]

Validation

The Wazuh-DB tests were run three times

Test Executions	Date	By	Status
wazuh_db_1.zip	2021-11-11	Matias	🟢
wazuh_db_2.zip	2021-11-11	Matias	🟢
wazuh_db_3.zip	2021-11-11	Matias	🟢

[palaciosjeremias]

Validation

Successful execution of the tests in Jenkins (contains skipped tests)
https://ci.wazuh.info/job/Test_integration/15817/
https://ci.wazuh.info/job/Test_integration/15818/

[juliamagan]

We will need to improve these tests in the future moving the callbacks to common libraries, using common fixtures, and fixing the style of strings or imports. However, it is important to fix test_wazuh_db.py.

[juliamagan]

Amazon Linux was deleted.

[juliamagan]

Done in commit 0ba0725

[juliamagan]

We need to add Test full scan type

[juliamagan]

Done in commit 0ba0725

[juliamagan]

15/11/2021

We have removed the skip from the next tests to execute them locally, but they will be merged skipped:

• tests/integration/test_vulnerability_detector/test_general_settings/test_general_settings_min_full_scan_interval.py
• tests/integration/test_vulnerability_detector/test_scan_results/test_alert_vulnerability_removal.py
• tests/integration/test_vulnerability_detector/test_scan_types/test_baseline_scan_type.py
• tests/integration/test_vulnerability_detector/test_scan_types/test_partial_scan_type.py

Package

Version	Revision	Link
4.3.0	40301	https://packages-dev.wazuh.com/warehouse/pullrequests/4.3/rpm/var/wazuh-manager-4.3.0-0.commit3799ec1.x86_64.rpm

Testing

tests/integration/test_vulnerability_detector --tier 0

OS	Local	Jenkins	Notes
PS1	🔴	🟡	Failed due to known issue wazuh/wazuh#9309
PS2	🔴	🟡	Failed due to known issue wazuh/wazuh#9309
PS3	🔴	🟡	Failed due to known issue wazuh/wazuh#9309

tests/integration/test_vulnerability_detector --tier 1

OS	Local	Jenkins	Notes
PS1	🟢	🟡
PS2	🟢	🟡
PS3	🟢	🟡

tests/integration/test_wazuh_db

OS	Local	Jenkins	Notes
PS1	🟢	🟢
PS2	🟢	🟢
PS3	🟢	🟢

---

• 🟢: All pass
• 🟡: Some warnings
• 🔴: Some errors/fails
• 🔵: In progress