From 52558b16d742ee3453409aa5ccb11b0e6e81b26c Mon Sep 17 00:00:00 2001 From: marcos Date: Mon, 11 Mar 2024 16:57:01 +0100 Subject: [PATCH 001/115] Add wazuh-indexer option --- deps/wazuh_testing/wazuh_testing/tools/performance/binary.py | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/deps/wazuh_testing/wazuh_testing/tools/performance/binary.py b/deps/wazuh_testing/wazuh_testing/tools/performance/binary.py index 064ba11127..eb02eef076 100644 --- a/deps/wazuh_testing/wazuh_testing/tools/performance/binary.py +++ b/deps/wazuh_testing/wazuh_testing/tools/performance/binary.py @@ -78,6 +78,10 @@ def get_process_pids(cls, process_name, check_children=True) -> list: if any(filter(lambda x: f'{process_name}.py' in x, proc.cmdline())): pid = proc.pid break + elif process_name == 'wazuh-indexer': + if any(filter(lambda x: f'{process_name}' in x, proc.cmdline())): + pid = proc.pid + break elif process_name in proc.name(): pid = proc.pid break From c99ea7d90ed21f11533792f663b0fa5304964a14 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Santiago=20Padilla=20=C3=81lvarez?= Date: Tue, 12 Mar 2024 10:35:13 +0100 Subject: [PATCH 002/115] Change package installation with npm --- deps/wazuh_testing/wazuh_testing/tools/system.py | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/deps/wazuh_testing/wazuh_testing/tools/system.py b/deps/wazuh_testing/wazuh_testing/tools/system.py index 9726739b06..2c0bc918a8 100644 --- a/deps/wazuh_testing/wazuh_testing/tools/system.py +++ b/deps/wazuh_testing/wazuh_testing/tools/system.py @@ -497,10 +497,10 @@ def install_package(self, host, url, system='ubuntu'): result = self.get_host(host).ansible("yum", f"name={url} state=present " 'sslverify=false disable_gpg_check=True', check=False) elif system == 'macos': - package_name = url.split('/')[-1] - result = self.get_host(host).ansible("command", f"curl -LO {url}", check=False) - cmd = f"installer -pkg {package_name} -target /" - result = self.get_host(host).ansible("command", cmd, check=False) + cmd = f"npm install {url}" + result = self.get_host(host).ansible("shell", cmd, check=False) + if not result.get('failed'): + result = True logging.info(f"Package installed result {result}") From 6e382082223f31d9e7fde2533f2cf8b3f9420993 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Santiago=20Padilla=20=C3=81lvarez?= Date: Tue, 12 Mar 2024 10:43:37 +0100 Subject: [PATCH 003/115] Change package uninstallation with npm --- deps/wazuh_testing/wazuh_testing/tools/system.py | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/deps/wazuh_testing/wazuh_testing/tools/system.py b/deps/wazuh_testing/wazuh_testing/tools/system.py index 2c0bc918a8..cea7e06c1a 100644 --- a/deps/wazuh_testing/wazuh_testing/tools/system.py +++ b/deps/wazuh_testing/wazuh_testing/tools/system.py @@ -586,9 +586,10 @@ def remove_package(self, host, system, package_uninstall_name=None, custom_unins f"name={package_uninstall_name} state=absent", check=False) elif os_name == 'macos': - remove_operation_result = self.get_host(host).ansible("command", - f"brew uninstall {package_uninstall_name}", - check=False) + cmd = f"npm uninstall {package_uninstall_name}" + remove_operation_result = self.get_host(host).ansible("shell", cmd, check=False) + if not remove_operation_result.get('failed'): + remove_operation_result = True logging.info(f"Package removed result {remove_operation_result}") From 65cdacfab5088f9cca93d0a34e2955ec849b6b68 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Santiago=20Padilla=20=C3=81lvarez?= Date: Tue, 12 Mar 2024 11:10:25 +0100 Subject: [PATCH 004/115] Blank space correction --- deps/wazuh_testing/wazuh_testing/tools/system.py | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/deps/wazuh_testing/wazuh_testing/tools/system.py b/deps/wazuh_testing/wazuh_testing/tools/system.py index cea7e06c1a..b91fc4f0c3 100644 --- a/deps/wazuh_testing/wazuh_testing/tools/system.py +++ b/deps/wazuh_testing/wazuh_testing/tools/system.py @@ -243,7 +243,6 @@ def get_file_content(self, host: str, file_path: str): return result['stdout'] - def apply_config(self, config_yml_path: str, dest_path: str = WAZUH_CONF, clear_files: list = None, restart_services: list = None): """Apply the configuration described in the config_yml_path to the environment. @@ -671,7 +670,7 @@ def handle_wazuh_services(self, host, operation): if os == 'linux': result = binary_path = f"/var/ossec/bin/wazuh-control" elif os == 'macos': - result= binary_path = f"/Library/Ossec/bin/wazuh-control" + result = binary_path = f"/Library/Ossec/bin/wazuh-control" result = self.get_host(host).ansible('shell', f"{binary_path} {operation}", check=False) From 39d3d838e8014c056037ecc8d3c3d4237a0c01b1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?V=C3=ADctor=20Rebollo=20P=C3=A9rez?= Date: Wed, 20 Mar 2024 11:19:11 +0000 Subject: [PATCH 005/115] fix: update indexer configuration --- .../configurations/manager.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/tests/end_to_end/test_vulnerability_detector/configurations/manager.yaml b/tests/end_to_end/test_vulnerability_detector/configurations/manager.yaml index 06b0303a9f..646063a0df 100644 --- a/tests/end_to_end/test_vulnerability_detector/configurations/manager.yaml +++ b/tests/end_to_end/test_vulnerability_detector/configurations/manager.yaml @@ -21,10 +21,10 @@ elements: - ca: value: FILEBEAT_ROOT_CA - certificate: - value: FILEBEAT_CERTIFICATE - key: - value: FILEBEAT_KEY + - certificate: + value: FILEBEAT_CERTIFICATE + - key: + value: FILEBEAT_KEY - section: sca elements: - enabled: From b12440002a1d4c1d05a856c76d8d5374b0e5b53e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?V=C3=ADctor=20Rebollo=20P=C3=A9rez?= Date: Wed, 20 Mar 2024 11:19:47 +0000 Subject: [PATCH 006/115] fix: update wait_until_vd_is_updated regex --- deps/wazuh_testing/wazuh_testing/end_to_end/waiters.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deps/wazuh_testing/wazuh_testing/end_to_end/waiters.py b/deps/wazuh_testing/wazuh_testing/end_to_end/waiters.py index 8d2be19bc4..a118445f34 100644 --- a/deps/wazuh_testing/wazuh_testing/end_to_end/waiters.py +++ b/deps/wazuh_testing/wazuh_testing/end_to_end/waiters.py @@ -43,7 +43,7 @@ def wait_until_vd_is_updated(host_manager: HostManager) -> None: host_manager (HostManager): Host manager instance to handle the environment. """ - monitoring_data = generate_monitoring_logs(host_manager, ["INFO: Action for 'vulnerability_feed_manager' finished"], + monitoring_data = generate_monitoring_logs(host_manager, ["INFO: Vulnerability scanner module started"], [VD_FEED_UPDATE_TIMEOUT], host_manager.get_group_hosts('manager')) monitoring_events_multihost(host_manager, monitoring_data) From 54924bf6b7b7bee0b30bbbd75ff0f09fd26a7435 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Santiago=20Padilla=20=C3=81lvarez?= Date: Wed, 20 Mar 2024 16:18:00 +0100 Subject: [PATCH 007/115] Installation of npm packages for all OS --- .../wazuh_testing/tools/system.py | 51 +++++++++++-------- 1 file changed, 30 insertions(+), 21 deletions(-) diff --git a/deps/wazuh_testing/wazuh_testing/tools/system.py b/deps/wazuh_testing/wazuh_testing/tools/system.py index b91fc4f0c3..b54f8b1ffb 100644 --- a/deps/wazuh_testing/wazuh_testing/tools/system.py +++ b/deps/wazuh_testing/wazuh_testing/tools/system.py @@ -464,7 +464,7 @@ def download_file(self, host, url, dest_path, mode='755'): return result - def install_package(self, host, url, system='ubuntu'): + def install_package(self, host, url, system='ubuntu', use_npm=False): """ Installs a package on the specified host. @@ -479,31 +479,40 @@ def install_package(self, host, url, system='ubuntu'): Example: host_manager.install_package('my_host', 'http://example.com/package.deb', system='ubuntu') + # To install a package via npm: + host_manager.install_package('my_host', 'package_name', use_npm=True) """ - result = False - extension = '.msi' - if system == 'windows': - if url.lower().endswith(extension): - result = self.get_host(host).ansible("win_package", f"path={url} arguments=/passive", check=False) - else: - result = self.get_host(host).ansible("win_package", f"path={url} arguments=/S", check=False) - elif system == 'ubuntu': - result = self.get_host(host).ansible("apt", f"deb={url}", check=False) - if result['changed'] and result['stderr'] == '': - result = True - elif system == 'centos': - result = self.get_host(host).ansible("yum", f"name={url} state=present " + if use_npm: + result = self.get_host(host).ansible("shell", f"npm install -g {url}", check=False) + logging.info(f"npm package installed result {result}") + return result + + else: + result = False + extension = '.msi' + + if system == 'windows': + if url.lower().endswith(extension): + result = self.get_host(host).ansible("win_package", f"path={url} arguments=/passive", check=False) + else: + result = self.get_host(host).ansible("win_package", f"path={url} arguments=/S", check=False) + elif system == 'ubuntu': + result = self.get_host(host).ansible("apt", f"deb={url}", check=False) + if result['changed'] and result['stderr'] == '': + result = True + elif system == 'centos': + result = self.get_host(host).ansible("yum", f"name={url} state=present " 'sslverify=false disable_gpg_check=True', check=False) - elif system == 'macos': - cmd = f"npm install {url}" - result = self.get_host(host).ansible("shell", cmd, check=False) - if not result.get('failed'): - result = True + elif system == 'macos': + package_name = url.split('/')[-1] + result = self.get_host(host).ansible("command", f"curl -LO {url}", check=False) + cmd = f"installer -pkg {package_name} -target /" + result = self.get_host(host).ansible("command", cmd, check=False) - logging.info(f"Package installed result {result}") + logging.info(f"Package installed result {result}") - return result + return result def get_master_ip(self): """ From 0d9950e6167837277626515875fc83eeba3cf02f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Santiago=20Padilla=20=C3=81lvarez?= Date: Wed, 20 Mar 2024 17:20:57 +0100 Subject: [PATCH 008/115] Uninstallation of npm packages for all OS --- .../wazuh_testing/tools/system.py | 41 ++++++++++--------- 1 file changed, 22 insertions(+), 19 deletions(-) diff --git a/deps/wazuh_testing/wazuh_testing/tools/system.py b/deps/wazuh_testing/wazuh_testing/tools/system.py index b54f8b1ffb..ebcfa92794 100644 --- a/deps/wazuh_testing/wazuh_testing/tools/system.py +++ b/deps/wazuh_testing/wazuh_testing/tools/system.py @@ -553,7 +553,7 @@ def get_master(self): return master_node - def remove_package(self, host, system, package_uninstall_name=None, custom_uninstall_playbook=None): + def remove_package(self, host, system, package_uninstall_name=None, use_npm=False, custom_uninstall_playbook=None): """ Removes a package from the specified host. @@ -579,25 +579,28 @@ def remove_package(self, host, system, package_uninstall_name=None, custom_unins if custom_uninstall_playbook: remove_operation_result = self.run_playbook(host, custom_uninstall_playbook) elif package_uninstall_name: - if os_name == 'windows': - remove_operation_result = self.get_host(host).ansible("win_command", - f"{package_uninstall_name} /uninstall /quiet /S", - check=False) - elif os_name == 'linux': - os = self.get_host_variables(host)['os'].split('_')[0] - if os == 'centos': - remove_operation_result = self.get_host(host).ansible("yum", - f"name={package_uninstall_name} state=absent", - check=False) - elif os == 'ubuntu': - remove_operation_result = self.get_host(host).ansible("apt", - f"name={package_uninstall_name} state=absent", - check=False) - elif os_name == 'macos': - cmd = f"npm uninstall {package_uninstall_name}" + if use_npm: + cmd = f"npm uninstall -g {package_uninstall_name}" remove_operation_result = self.get_host(host).ansible("shell", cmd, check=False) - if not remove_operation_result.get('failed'): - remove_operation_result = True + else: + if os_name == 'windows': + remove_operation_result = self.get_host(host).ansible("win_command", + f"{package_uninstall_name} /uninstall /quiet /S", + check=False) + elif os_name == 'linux': + os = self.get_host_variables(host)['os'].split('_')[0] + if os == 'centos': + remove_operation_result = self.get_host(host).ansible("yum", + f"name={package_uninstall_name} state=absent", + check=False) + elif os == 'ubuntu': + remove_operation_result = self.get_host(host).ansible("apt", + f"name={package_uninstall_name} state=absent", + check=False) + elif os_name == 'macos': + remove_operation_result = self.get_host(host).ansible("command", + f"brew uninstall {package_uninstall_name}", + check=False) logging.info(f"Package removed result {remove_operation_result}") From a980ae5cfeeedb7d9753d62c7161c0cc6efbc28e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?V=C3=ADctor=20Rebollo=20P=C3=A9rez?= Date: Thu, 21 Mar 2024 11:43:24 +0000 Subject: [PATCH 009/115] fix: test group sync status --- .../wazuh_testing/tools/system.py | 2 +- .../test_group_sync_status.py | 21 ++++++++++++------- 2 files changed, 15 insertions(+), 8 deletions(-) diff --git a/deps/wazuh_testing/wazuh_testing/tools/system.py b/deps/wazuh_testing/wazuh_testing/tools/system.py index 9726739b06..88c33a6fc8 100644 --- a/deps/wazuh_testing/wazuh_testing/tools/system.py +++ b/deps/wazuh_testing/wazuh_testing/tools/system.py @@ -374,7 +374,7 @@ def run_command(self, host: str, cmd: str, check: bool = False): Returns: stdout (str): The output of the command execution. """ - return self.get_host(host).ansible("command", cmd, check=check)["stdout"] + return self.get_host(host).ansible("command", cmd, check=check) def run_shell(self, host: str, cmd: str, check: bool = False): """Run a shell command on the specified host and return its stdout. diff --git a/tests/system/test_cluster/test_agent_groups/test_group_sync_status.py b/tests/system/test_cluster/test_agent_groups/test_group_sync_status.py index 51e3edd7a7..828de1f938 100644 --- a/tests/system/test_cluster/test_agent_groups/test_group_sync_status.py +++ b/tests/system/test_cluster/test_agent_groups/test_group_sync_status.py @@ -147,28 +147,35 @@ def test_group_sync_status(metadata, target_node, clean_environment, group_creat first_time_check = 'synced' second_time_check = '' - # Check each 0.25 seconds/10 seconds sync_status + # Check each 0.10 seconds/10 seconds sync_status for _ in range(T_10): - time.sleep(T_025) - agent1_status = json.loads(execute_wdb_query(query, test_infra_hosts[0], host_manager))[1]['group_sync_status'] - agent2_status = json.loads(execute_wdb_query(query, test_infra_hosts[0], host_manager))[2]['group_sync_status'] + # Retrieve status information once to avoid redundant calls + status_info = json.loads(execute_wdb_query(query, test_infra_hosts[0], host_manager))[1:3] + agent1_status = status_info[0]['group_sync_status'] + agent2_status = status_info[1]['group_sync_status'] + # Determine the logic based on metadata['agent_in_group'] if metadata['agent_in_group'] == 'agent1': - if 'syncreq' == agent1_status and 'synced' == agent2_status: + if agent1_status == 'syncreq' and agent2_status == 'synced': first_time_check = "syncreq" + break elif metadata['agent_in_group'] == 'agent2': - if 'synced' == agent1_status and 'syncreq' == agent2_status: + if agent1_status == 'synced' and agent2_status == 'syncreq': first_time_check = "syncreq" + break else: if agent1_status == 'syncreq' and agent2_status == 'syncreq': first_time_check = 'syncreq' + break - time.sleep(T_5) + time.sleep(0.10) assert metadata['expected_first_check'] == first_time_check + time.sleep(T_5) + # Check after 5 seconds, sync_status if 'syncreq' in execute_wdb_query(query, test_infra_hosts[0], host_manager): second_time_check = 'syncreq' From 6fe973f6f5985000a74cb5f40bdb3ad71f002b7f Mon Sep 17 00:00:00 2001 From: rafabailon Date: Thu, 21 Mar 2024 12:54:36 +0100 Subject: [PATCH 010/115] feat: change grafana packages --- .../vuln_packages.json | 60 +++++++++---------- 1 file changed, 30 insertions(+), 30 deletions(-) diff --git a/deps/wazuh_testing/wazuh_testing/end_to_end/vulnerability_detector_packages/vuln_packages.json b/deps/wazuh_testing/wazuh_testing/end_to_end/vulnerability_detector_packages/vuln_packages.json index 9f5912d2c3..efab87aa9c 100644 --- a/deps/wazuh_testing/wazuh_testing/end_to_end/vulnerability_detector_packages/vuln_packages.json +++ b/deps/wazuh_testing/wazuh_testing/end_to_end/vulnerability_detector_packages/vuln_packages.json @@ -36,12 +36,12 @@ ], "urls": { "centos": { - "amd64": "https://dl.grafana.com/enterprise/release/grafana-enterprise-8.5.5-1.x86_64.rpm", - "arm64v8": "https://dl.grafana.com/enterprise/release/grafana-enterprise-8.5.5-1.aarch64.rpm" + "amd64": "https://dl.grafana.com/oss/release/grafana-8.5.5-1.x86_64.rpm", + "arm64v8": "https://dl.grafana.com/oss/release/grafana-8.5.5-1.aarch64.rpm" }, "ubuntu": { - "amd64": "https://dl.grafana.com/enterprise/release/grafana-enterprise_8.5.5_amd64.deb", - "arm64v8": "https://dl.grafana.com/enterprise/release/grafana-enterprise_8.5.5_arm64.deb" + "amd64": "https://dl.grafana.com/oss/release/grafana_8.5.5_amd64.deb", + "arm64v8": "https://dl.grafana.com/oss/release/grafana_8.5.5_arm64.deb" } }, "uninstall_name": "grafana*" @@ -70,12 +70,12 @@ ], "urls": { "centos": { - "amd64": "https://dl.grafana.com/enterprise/release/grafana-enterprise-8.5.6-1.x86_64.rpm", - "arm64v8": "https://dl.grafana.com/enterprise/release/grafana-enterprise-8.5.6-1.aarch64.rpm" + "amd64": "https://dl.grafana.com/oss/release/grafana-8.5.6-1.x86_64.rpm", + "arm64v8": "https://dl.grafana.com/oss/release/grafana-8.5.6-1.aarch64.rpm" }, "ubuntu": { - "amd64": "https://dl.grafana.com/enterprise/release/grafana-enterprise_8.5.6_amd64.deb", - "arm64v8": "https://dl.grafana.com/enterprise/release/grafana-enterprise_8.5.6_arm64.deb" + "amd64": "https://dl.grafana.com/oss/release/grafana_8.5.6_amd64.deb", + "arm64v8": "https://dl.grafana.com/oss/release/grafana_8.5.6_arm64.deb" } }, "uninstall_name": "grafana*" @@ -100,12 +100,12 @@ ], "urls": { "centos": { - "amd64": "https://dl.grafana.com/enterprise/release/grafana-enterprise-9.1.1-1.x86_64.rpm", - "arm64v8": "https://dl.grafana.com/enterprise/release/grafana-enterprise-9.1.1-1.aarch64.rpm" + "amd64": "https://dl.grafana.com/oss/release/grafana-9.1.1-1.x86_64.rpm", + "arm64v8": "https://dl.grafana.com/oss/release/grafana-9.1.1-1.aarch64.rpm" }, "ubuntu": { - "amd64": "https://dl.grafana.com/enterprise/release/grafana-enterprise_9.1.1_amd64.deb", - "arm64v8": "https://dl.grafana.com/enterprise/release/grafana-enterprise_9.1.1_arm64.deb" + "amd64": "https://dl.grafana.com/oss/release/grafana_9.1.1_amd64.deb", + "arm64v8": "https://dl.grafana.com/oss/release/grafana_9.1.1_arm64.deb" } }, "uninstall_name": "grafana*" @@ -122,12 +122,12 @@ ], "urls": { "centos": { - "amd64": "https://dl.grafana.com/enterprise/release/grafana-enterprise-9.2.0-1.x86_64.rpm", - "arm64v8": "https://dl.grafana.com/enterprise/release/grafana-enterprise-9.2.0-1.aarch64.rpm" + "amd64": "https://dl.grafana.com/oss/release/grafana-9.2.0-1.x86_64.rpm", + "arm64v8": "https://dl.grafana.com/oss/release/grafana-9.2.0-1.aarch64.rpm" }, "ubuntu": { - "amd64": "https://dl.grafana.com/enterprise/release/grafana-enterprise_9.2.0_amd64.deb", - "arm64v8": "https://dl.grafana.com/enterprise/release/grafana-enterprise_9.2.0_arm64.deb" + "amd64": "https://dl.grafana.com/oss/release/grafana_9.2.0_amd64.deb", + "arm64v8": "https://dl.grafana.com/oss/release/grafana_9.2.0_arm64.deb" }, "uninstall_name": "grafana*" } @@ -138,34 +138,34 @@ "CVE": [], "urls": { "centos": { - "amd64": "https://dl.grafana.com/enterprise/release/grafana-enterprise-9.4.17-1.x86_64.rpm", - "arm64v8": "https://dl.grafana.com/enterprise/release/grafana-enterprise-9.4.17-1.aarch64.rpm" + "amd64": "https://dl.grafana.com/oss/release/grafana-9.4.17-1.x86_64.rpm", + "arm64v8": "https://dl.grafana.com/oss/release/grafana-9.4.17-1.aarch64.rpm" }, "ubuntu": { - "amd64": "https://dl.grafana.com/enterprise/release/grafana-enterprise_9.4.17_amd64.deb", - "arm64v8": "https://dl.grafana.com/enterprise/release/grafana-enterprise_9.4.17_arm64.deb" + "amd64": "https://dl.grafana.com/oss/release/grafana_9.4.17_amd64.deb", + "arm64v8": "https://dl.grafana.com/oss/release/grafana_9.4.17_arm64.deb" } }, "uninstall_name": "grafana*" }, "grafana-9.5.13": { - "package_name": "grafana-enterprise", + "package_name": "grafana", "package_version": "9.5.13", "CVE": [], "urls": { "centos": { - "amd64": "https://dl.grafana.com/enterprise/release/grafana-enterprise-9.5.13-1.x86_64.rpm", - "arm64v8": "https://dl.grafana.com/enterprise/release/grafana-enterprise-9.5.13-1.aarch64.rpm" + "amd64": "https://dl.grafana.com/oss/release/grafana-9.5.13-1.x86_64.rpm", + "arm64v8": "https://dl.grafana.com/oss/release/grafana-9.5.13-1.aarch64.rpm" }, "ubuntu": { - "amd64": "https://dl.grafana.com/enterprise/release/grafana-enterprise_9.5.13_amd64.deb", - "arm64v8": "https://dl.grafana.com/enterprise/release/grafana-enterprise_9.5.13_arm64.deb" + "amd64": "https://dl.grafana.com/oss/release/grafana_9.5.13_amd64.deb", + "arm64v8": "https://dl.grafana.com/oss/release/grafana_9.5.13_arm64.deb" } }, "uninstall_name": "grafana*" }, "grafana-10.0.0": { - "package_name": "grafana-enterprise", + "package_name": "grafana", "package_version": "10.0.0", "CVE": [ "CVE-2023-4822", @@ -173,12 +173,12 @@ ], "urls": { "centos": { - "amd64": "https://dl.grafana.com/enterprise/release/grafana-enterprise-10.0.0-1.x86_64.rpm", - "arm64v8": "https://dl.grafana.com/enterprise/release/grafana-enterprise-10.0.0-1.aarch64.rpm" + "amd64": "https://dl.grafana.com/oss/release/grafana-10.0.0-1.x86_64.rpm", + "arm64v8": "https://dl.grafana.com/oss/release/grafana-10.0.0-1.aarch64.rpm" }, "ubuntu": { - "amd64": "https://dl.grafana.com/enterprise/release/grafana-enterprise_10.0.0_amd64.deb", - "arm64v8": "https://dl.grafana.com/enterprise/release/grafana-enterprise_10.0.0_arm64.deb" + "amd64": "https://dl.grafana.com/oss/release/grafana_10.0.0_amd64.deb", + "arm64v8": "https://dl.grafana.com/oss/release/grafana_10.0.0_arm64.deb" } }, "uninstall_name": "grafana*" From b69c1f00ac65a9d66fda452aa75153affcf7e653 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?V=C3=ADctor=20Rebollo=20P=C3=A9rez?= Date: Thu, 21 Mar 2024 12:47:51 +0000 Subject: [PATCH 011/115] fix: restore stoud in run command method --- deps/wazuh_testing/wazuh_testing/tools/system.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deps/wazuh_testing/wazuh_testing/tools/system.py b/deps/wazuh_testing/wazuh_testing/tools/system.py index 88c33a6fc8..9726739b06 100644 --- a/deps/wazuh_testing/wazuh_testing/tools/system.py +++ b/deps/wazuh_testing/wazuh_testing/tools/system.py @@ -374,7 +374,7 @@ def run_command(self, host: str, cmd: str, check: bool = False): Returns: stdout (str): The output of the command execution. """ - return self.get_host(host).ansible("command", cmd, check=check) + return self.get_host(host).ansible("command", cmd, check=check)["stdout"] def run_shell(self, host: str, cmd: str, check: bool = False): """Run a shell command on the specified host and return its stdout. From 8da7fbd2a20d059b6344af0bd3d8a23ac6d31405 Mon Sep 17 00:00:00 2001 From: rafabailon Date: Thu, 21 Mar 2024 13:51:06 +0100 Subject: [PATCH 012/115] feat: adapt tests --- .../cases/test_vulnerability.yaml | 211 ++++++++++-------- 1 file changed, 124 insertions(+), 87 deletions(-) diff --git a/tests/end_to_end/test_vulnerability_detector/cases/test_vulnerability.yaml b/tests/end_to_end/test_vulnerability_detector/cases/test_vulnerability.yaml index 90605a7ffb..1f81ceb697 100644 --- a/tests/end_to_end/test_vulnerability_detector/cases/test_vulnerability.yaml +++ b/tests/end_to_end/test_vulnerability_detector/cases/test_vulnerability.yaml @@ -3,19 +3,23 @@ description: | Installation of a vulnerable package macos: - Used Package: Node 17.0.1 - PKG Format - CVES: - amd64: ["CVE-2022-21824", "CVE-2022-0778", "CVE-2021-44533", "CVE-2021-44532", "CVE-2021-44531", "CVE-2021-4044"], - arm64v8: ["CVE-2022-21824", "CVE-2022-0778", "CVE-2021-44533", "CVE-2021-44532", "CVE-2021-44531", "CVE-2021-4044"], + Used Packages: Node 17.0.1 - PKG Format + CVES: + amd64: ["CVE-2022-21824", "CVE-2022-0778", "CVE-2021-44533", "CVE-2021-44532", "CVE-2021-44531", "CVE-2021-4044"], + arm64v8: ["CVE-2022-21824", "CVE-2022-0778", "CVE-2021-44533", "CVE-2021-44532", "CVE-2021-44531", "CVE-2021-4044"], windows: - Used Package: Node 17.0.1 - Exe Format + Used Packages: Node 17.0.1 - Exe Format CVE: ["CVE-2022-21824", "CVE-2022-0778", "CVE-2021-44533", "CVE-2021-44532", "CVE-2021-44531", "CVE-2021-4044"], ubuntu: - Used Package Mysql 5.5.20 - .deb Format - CVE: ["CVE-2023-22028", "CVE-2023-22026", "CVE-2023-22015", "CVE-2023-22007", "CVE-2023-21980", "CVE-2023-21977", "CVE-2022-21444", "CVE-2022-21417", "CVE-2021-22570", "CVE-2021-2356", "CVE-2020-15358", "CVE-2020-14852", "CVE-2020-14846", "CVE-2020-14845", "CVE-2020-14839", "CVE-2020-14837", "CVE-2020-14830"] + Used Packages: Mysql 5.5.20 and Grafana 8.5.5 - .deb Format + CVE: + amd64: ["CVE-2023-22028", "CVE-2023-22026", "CVE-2023-22015", "CVE-2023-22007", "CVE-2023-21980", "CVE-2023-21977", "CVE-2022-21444", "CVE-2022-21417", "CVE-2021-22570", "CVE-2021-2356", "CVE-2020-15358", "CVE-2020-14852", "CVE-2020-14846", "CVE-2020-14845", "CVE-2020-14839", "CVE-2020-14837", "CVE-2020-14830"], + arm64v8: ["CVE-2023-2183", "CVE-2023-1410", "CVE-2023-0594", "CVE-2023-0507", "CVE-2022-39324", "CVE-2022-39307", "CVE-2022-39306", "CVE-2022-39229", "CVE-2022-39201", "CVE-2022-36062", "CVE-2022-35957", "CVE-2022-31130", "CVE-2022-31123", "CVE-2022-31107", "CVE-2022-31097", "CVE-2022-23552", "CVE-2022-23498"], centos: - Used Package Openjdk 1.6.0 - .rpm Format - CVE: ["CVE-2023-21967", "CVE-2023-21954", "CVE-2023-21939", "CVE-2023-21938", "CVE-2023-21937", "CVE-2023-21930", "CVE-2014-2405", "CVE-2014-1876", "CVE-2014-0462", "CVE-2012-5373", "CVE-2012-2739"] + Used Packages: Openjdk 1.6.0 and Grafana 8.5.5 - .rpm Format + CVE: + amd64: ["CVE-2023-21967", "CVE-2023-21954", "CVE-2023-21939", "CVE-2023-21938", "CVE-2023-21937", "CVE-2023-21930", "CVE-2014-2405", "CVE-2014-1876", "CVE-2014-0462", "CVE-2012-5373", "CVE-2012-2739"], + arm64v8: ["CVE-2023-2183", "CVE-2023-1410", "CVE-2023-0594", "CVE-2023-0507", "CVE-2022-39324", "CVE-2022-39307", "CVE-2022-39306", "CVE-2022-39229", "CVE-2022-39201", "CVE-2022-36062", "CVE-2022-35957", "CVE-2022-31130", "CVE-2022-31123", "CVE-2022-31107", "CVE-2022-31097", "CVE-2022-23552", "CVE-2022-23498"], preconditions: null body: tasks: @@ -27,8 +31,10 @@ package: centos: amd64: openjdk-1.6.0 + arm64v8: grafana-8.5.5 ubuntu: amd64: mysql-5.5.20 + arm64v8: grafana-8.5.5 windows: amd64: node-v17.0.1 macos: @@ -39,22 +45,23 @@ description: | Removal of a vulnerable package macos: - Used Package: Node 17.0.1 - PKG Format - CVES Expected to mitigate: - ["CVE-2022-21824", "CVE-2022-0778", "CVE-2021-44533", "CVE-2021-44532", "CVE-2021-44531", "CVE-2021-4044"], + Used Packages: Node 17.0.1 - PKG Format + CVES Expected to mitigate: + ["CVE-2022-21824", "CVE-2022-0778", "CVE-2021-44533", "CVE-2021-44532", "CVE-2021-44531", "CVE-2021-4044"], windows: - Used Package: Node 17.0.1 - Exe Format - + Used Packages: Node 17.0.1 - Exe Format CVES Expected to mitigate: ["CVE-2022-21824", "CVE-2022-0778", "CVE-2021-44533", "CVE-2021-44532", "CVE-2021-44531", "CVE-2021-4044"], ubuntu: - Used Package Mysql 5.5.20 - .deb Format + Used Packages: Mysql 5.5.20 and Grafana 8.5.5 - .deb Format CVES Expected to mitigate: - ["CVE-2023-22028", "CVE-2023-22026", "CVE-2023-22015", "CVE-2023-22007", "CVE-2023-21980", "CVE-2023-21977", "CVE-2022-21444", "CVE-2022-21417", "CVE-2021-22570", "CVE-2021-2356", "CVE-2020-15358", "CVE-2020-14852", "CVE-2020-14846", "CVE-2020-14845", "CVE-2020-14839", "CVE-2020-14837", "CVE-2020-14830"] + amd64: ["CVE-2023-22028", "CVE-2023-22026", "CVE-2023-22015", "CVE-2023-22007", "CVE-2023-21980", "CVE-2023-21977", "CVE-2022-21444", "CVE-2022-21417", "CVE-2021-22570", "CVE-2021-2356", "CVE-2020-15358", "CVE-2020-14852", "CVE-2020-14846", "CVE-2020-14845", "CVE-2020-14839", "CVE-2020-14837", "CVE-2020-14830"], + arm64v8: ["CVE-2023-2183", "CVE-2023-1410", "CVE-2023-0594", "CVE-2023-0507", "CVE-2022-39324", "CVE-2022-39307", "CVE-2022-39306", "CVE-2022-39229", "CVE-2022-39201", "CVE-2022-36062", "CVE-2022-35957", "CVE-2022-31130", "CVE-2022-31123", "CVE-2022-31107", "CVE-2022-31097", "CVE-2022-23552", "CVE-2022-23498"], centos: - Used Package Openjdk 1.6.0 - .rpm Format + Used Packages: Openjdk 1.6.0 and Grafana 8.5.5 - .rpm Format CVE Expected to mitigate: - ["CVE-2023-21967", "CVE-2023-21954", "CVE-2023-21939", "CVE-2023-21938", "CVE-2023-21937", "CVE-2023-21930", "CVE-2014-2405", "CVE-2014-1876", "CVE-2014-0462", "CVE-2012-5373", "CVE-2012-2739"] + amd64: ["CVE-2023-21967", "CVE-2023-21954", "CVE-2023-21939", "CVE-2023-21938", "CVE-2023-21937", "CVE-2023-21930", "CVE-2014-2405", "CVE-2014-1876", "CVE-2014-0462", "CVE-2012-5373", "CVE-2012-2739"], + arm64v8: ["CVE-2023-2183", "CVE-2023-1410", "CVE-2023-0594", "CVE-2023-0507", "CVE-2022-39324", "CVE-2022-39307", "CVE-2022-39306", "CVE-2022-39229", "CVE-2022-39201", "CVE-2022-36062", "CVE-2022-35957", "CVE-2022-31130", "CVE-2022-31123", "CVE-2022-31107", "CVE-2022-31097", "CVE-2022-23552", "CVE-2022-23498"], preconditions: null body: tasks: @@ -66,8 +73,10 @@ package: centos: amd64: openjdk-1.6.0 + arm64v8: grafana-8.5.5 ubuntu: amd64: mysql-5.5.20 + arm64v8: grafana-8.5.5 windows: amd64: node-v17.0.1 macos: @@ -78,19 +87,23 @@ description: | Upgrade of a vulnerable package which maintain vulnerability macos: - Used Package: Node 17.1.0 - PKG Format - CVES: - amd64: ["CVE-2022-21824", "CVE-2022-0778", "CVE-2021-44533", "CVE-2021-44532", "CVE-2021-44531", "CVE-2021-4044"], - arm64v8: ["CVE-2022-21824", "CVE-2022-0778", "CVE-2021-44533", "CVE-2021-44532", "CVE-2021-44531", "CVE-2021-4044"], + Used Packages: Node 17.1.0 - PKG Format + CVES: + amd64: ["CVE-2022-21824", "CVE-2022-0778", "CVE-2021-44533", "CVE-2021-44532", "CVE-2021-44531", "CVE-2021-4044"], + arm64v8: ["CVE-2022-21824", "CVE-2022-0778", "CVE-2021-44533", "CVE-2021-44532", "CVE-2021-44531", "CVE-2021-4044"], windows: - Used Package: Node 17.1.0 - Exe Format - "CVE": ["CVE-2022-21824", "CVE-2022-0778", "CVE-2021-44533", "CVE-2021-44532", "CVE-2021-44531", "CVE-2021-4044"], + Used Packages: Node 17.1.0 - Exe Format + CVE: ["CVE-2022-21824", "CVE-2022-0778", "CVE-2021-44533", "CVE-2021-44532", "CVE-2021-44531", "CVE-2021-4044"], ubuntu: - Used Package Mysql 5.5.21 - .deb Format - CVE: ["CVE-2023-22028", "CVE-2023-22026", "CVE-2023-22015", "CVE-2023-22007", "CVE-2023-21980", "CVE-2023-21977", "CVE-2022-21444", "CVE-2022-21417", "CVE-2021-22570", "CVE-2021-2356", "CVE-2020-15358", "CVE-2020-14852", "CVE-2020-14846", "CVE-2020-14845", "CVE-2020-14839", "CVE-2020-14837", "CVE-2020-14830"] + Used Packages: Mysql 5.5.21 and Grafana 8.5.6 - .deb Format + CVE: + amd64: ["CVE-2023-22028", "CVE-2023-22026", "CVE-2023-22015", "CVE-2023-22007", "CVE-2023-21980", "CVE-2023-21977", "CVE-2022-21444", "CVE-2022-21417", "CVE-2021-22570", "CVE-2021-2356", "CVE-2020-15358", "CVE-2020-14852", "CVE-2020-14846", "CVE-2020-14845", "CVE-2020-14839", "CVE-2020-14837", "CVE-2020-14830"], + arm64v8: ["CVE-2023-2183", "CVE-2023-1410", "CVE-2023-0594", "CVE-2023-0507", "CVE-2022-39324", "CVE-2022-39307", "CVE-2022-39306", "CVE-2022-39229", "CVE-2022-39201", "CVE-2022-36062", "CVE-2022-35957", "CVE-2022-31130", "CVE-2022-31123", "CVE-2022-31107", "CVE-2022-31097", "CVE-2022-23552", "CVE-2022-23498"], centos: - Used Package Openjdk 1.7.0 - .rpm Format - CVE: ["CVE-2023-21967", "CVE-2023-21954", "CVE-2023-21939", "CVE-2023-21938", "CVE-2023-21937", "CVE-2023-21930", "CVE-2014-8873", "CVE-2014-2483", "CVE-2014-1876", "CVE-2013-2461", "CVE-2012-5373", "CVE-2012-2739"] + Used Packages: Openjdk 1.7.0 and Grafana 8.5.6 - .rpm Format + CVE: + amd64: ["CVE-2023-21967", "CVE-2023-21954", "CVE-2023-21939", "CVE-2023-21938", "CVE-2023-21937", "CVE-2023-21930", "CVE-2014-8873", "CVE-2014-2483", "CVE-2014-1876", "CVE-2013-2461", "CVE-2012-5373", "CVE-2012-2739"], + arm64v8: ["CVE-2023-2183", "CVE-2023-1410", "CVE-2023-0594", "CVE-2023-0507", "CVE-2022-39324", "CVE-2022-39307", "CVE-2022-39306", "CVE-2022-39229", "CVE-2022-39201", "CVE-2022-36062", "CVE-2022-35957", "CVE-2022-31130", "CVE-2022-31123", "CVE-2022-31107", "CVE-2022-31097", "CVE-2022-23552", "CVE-2022-23498"], preconditions: tasks: - operation: install_package @@ -101,8 +114,10 @@ package: centos: amd64: openjdk-1.6.0 + arm64v8: grafana-8.5.5 ubuntu: amd64: mysql-5.5.20 + arm64v8: grafana-8.5.5 windows: amd64: node-v17.0.1 macos: @@ -119,8 +134,10 @@ from: centos: amd64: openjdk-1.6.0 + arm64v8: grafana-8.5.5 ubuntu: amd64: mysql-5.5.20 + arm64v8: grafana-8.5.5 windows: amd64: node-v17.0.1 macos: @@ -129,8 +146,10 @@ to: centos: amd64: openjdk-1.7.0 + arm64v8: grafana-8.5.6 ubuntu: amd64: mysql-5.5.21 + arm64v8: grafana-8.5.6 windows: amd64: node-v17.1.0 macos: @@ -142,17 +161,21 @@ description: | Upgrade of a vulnerable package which include a new vulnerability macos: - Used Package: Node 18.11.0 - PKG Format - CVES: ["CVE-2023-38552", "CVE-2023-32559", "CVE-2023-32006", "CVE-2023-32002", "CVE-2023-30590", "CVE-2023-30588", "CVE-2023-30585", "CVE-2023-30581", "CVE-2023-23920", "CVE-2023-23919", "CVE-2023-23918", "CVE-2022-32222"], + Used Packages: Node 18.11.0 - PKG Format + CVES: ["CVE-2023-38552", "CVE-2023-32559", "CVE-2023-32006", "CVE-2023-32002", "CVE-2023-30590", "CVE-2023-30588", "CVE-2023-30585", "CVE-2023-30581", "CVE-2023-23920", "CVE-2023-23919", "CVE-2023-23918", "CVE-2022-32222"], windows: - Used Package: Node 18.0.0 - Exe Format - "CVE": ["CVE-2023-38552", "CVE-2023-32559", "CVE-2023-32006", "CVE-2023-32002", "CVE-2023-30590", "CVE-2023-30589", "CVE-2023-30588", "CVE-2023-30585", "CVE-2023-30581", "CVE-2023-23920", "CVE-2023-23919", "CVE-2023-23918", "CVE-2022-43548", "CVE-2022-35256", "CVE-2022-35255", "CVE-2022-32223", "CVE-2022-32222", "CVE-2022-32215", "CVE-2022-32214", "CVE-2022-32213", "CVE-2022-32212", "CVE-2022-3786", "CVE-2022-3602"], + Used Packages: Node 18.0.0 - Exe Format + CVE: ["CVE-2023-38552", "CVE-2023-32559", "CVE-2023-32006", "CVE-2023-32002", "CVE-2023-30590", "CVE-2023-30589", "CVE-2023-30588", "CVE-2023-30585", "CVE-2023-30581", "CVE-2023-23920", "CVE-2023-23919", "CVE-2023-23918", "CVE-2022-43548", "CVE-2022-35256", "CVE-2022-35255", "CVE-2022-32223", "CVE-2022-32222", "CVE-2022-32215", "CVE-2022-32214", "CVE-2022-32213", "CVE-2022-32212", "CVE-2022-3786", "CVE-2022-3602"], ubuntu: - Used Package Mysql 5.5.19 - .deb Format - CVE: ["CVE-2023-22026", "CVE-2023-22015", "CVE-2023-22007", "CVE-2023-21980", "CVE-2023-21977", "CVE-2022-21444", "CVE-2022-21417", "CVE-2021-22570", "CVE-2023-22007", "CVE-2023-22028", "CVE-2021-2356", "CVE-2022-21417", "CVE-2022-21444", "CVE-2023-21980", "CVE-2023-21977"] + Used Packages: Mysql 5.5.19 and Grafana 9.1.1 - .deb Format + CVE: + amd64: ["CVE-2023-22026", "CVE-2023-22015", "CVE-2023-22007", "CVE-2023-21980", "CVE-2023-21977", "CVE-2022-21444", "CVE-2022-21417", "CVE-2021-22570", "CVE-2023-22007", "CVE-2023-22028", "CVE-2021-2356", "CVE-2022-21417", "CVE-2022-21444", "CVE-2023-21980", "CVE-2023-21977"], + arm64v8: ["CVE-2023-2183", "CVE-2023-1387", "CVE-2022-39324", "CVE-2022-39307", "CVE-2022-39306", "CVE-2022-39229", "CVE-2022-39201", "CVE-2022-36062", "CVE-2022-35957", "CVE-2022-31130", "CVE-2022-31123", "CVE-2022-23552", "CVE-2022-23498"], centos: - Used Package Openjdk 1.7.0 - .rpm Format - CVE: ["CVE-2023-21967", "CVE-2023-21954", "CVE-2023-21939", "CVE-2023-21938", "CVE-2023-21937", "CVE-2023-21930", "CVE-2014-8873", "CVE-2014-2483", "CVE-2014-1876", "CVE-2013-2461", "CVE-2012-5373", "CVE-2012-2739"] + Used Packages: Openjdk 1.7.0 and Grafana 9.1.1 - .rpm Format + CVE: + amd64: ["CVE-2023-21967", "CVE-2023-21954", "CVE-2023-21939", "CVE-2023-21938", "CVE-2023-21937", "CVE-2023-21930", "CVE-2014-8873", "CVE-2014-2483", "CVE-2014-1876", "CVE-2013-2461", "CVE-2012-5373", "CVE-2012-2739"], + arm64v8: ["CVE-2023-2183", "CVE-2023-1387", "CVE-2022-39324", "CVE-2022-39307", "CVE-2022-39306", "CVE-2022-39229", "CVE-2022-39201", "CVE-2022-36062", "CVE-2022-35957", "CVE-2022-31130", "CVE-2022-31123", "CVE-2022-23552", "CVE-2022-23498"], preconditions: null body: tasks: @@ -165,8 +188,10 @@ from: centos: amd64: openjdk-1.6.0 + arm64v8: grafana-8.5.6 ubuntu: amd64: mysql-5.5.18 + arm64v8: grafana-8.5.6 windows: amd64: node-v17.1.0 macos: @@ -175,8 +200,10 @@ to: centos: amd64: openjdk-1.7.0 + arm64v8: grafana-9.1.1 ubuntu: amd64: mysql-5.5.19 + arm64v8: grafana-9.1.1 windows: amd64: node-v18.0.0 macos: @@ -190,17 +217,21 @@ new ones macos: - Used Package: Node 18.12.0 - PKG Format - "CVE": ["CVE-2023-44487", "CVE-2023-38552", "CVE-2023-32002", "CVE-2023-30590", "CVE-2023-30588", "CVE-2023-30585", "CVE-2023-23936", "CVE-2023-23920", "CVE-2023-23919", "CVE-2023-23918", "CVE-2022-43548", "CVE-2022-3786", "CVE-2022-3602"], + Used Packages: Node 18.12.0 - PKG Format + CVE: ["CVE-2023-44487", "CVE-2023-38552", "CVE-2023-32002", "CVE-2023-30590", "CVE-2023-30588", "CVE-2023-30585", "CVE-2023-23936", "CVE-2023-23920", "CVE-2023-23919", "CVE-2023-23918", "CVE-2022-43548", "CVE-2022-3786", "CVE-2022-3602"], windows: - Used Package: Node 18.1.0 - Exe Format - "CVE": ["CVE-2023-38552", "CVE-2023-32559", "CVE-2023-32006", "CVE-2023-32002", "CVE-2023-30590", "CVE-2023-30588", "CVE-2023-30585", "CVE-2023-30581", "CVE-2023-23920", "CVE-2023-23919", "CVE-2023-23918", "CVE-2022-43548", "CVE-2022-35256", "CVE-2022-35255", "CVE-2022-32222", "CVE-2022-32215", "CVE-2022-32214", "CVE-2022-32213", "CVE-2022-32212", "CVE-2022-3786", "CVE-2022-3602"], + Used Packages: Node 18.1.0 - Exe Format + CVE: ["CVE-2023-38552", "CVE-2023-32559", "CVE-2023-32006", "CVE-2023-32002", "CVE-2023-30590", "CVE-2023-30588", "CVE-2023-30585", "CVE-2023-30581", "CVE-2023-23920", "CVE-2023-23919", "CVE-2023-23918", "CVE-2022-43548", "CVE-2022-35256", "CVE-2022-35255", "CVE-2022-32222", "CVE-2022-32215", "CVE-2022-32214", "CVE-2022-32213", "CVE-2022-32212", "CVE-2022-3786", "CVE-2022-3602"], ubuntu: - Used Package Mysql 5.5.19 - .deb Format - CVE: ["CVE-2023-22026", "CVE-2023-22015", "CVE-2023-22007", "CVE-2023-21980", "CVE-2023-21977", "CVE-2022-21444", "CVE-2022-21417", "CVE-2021-22570", "CVE-2023-22007", "CVE-2023-22028", "CVE-2021-2356", "CVE-2022-21417", "CVE-2022-21444", "CVE-2023-21980", "CVE-2023-21977"] + Used Packages: Mysql 5.5.19 - .deb Format + CVE: + amd64: ["CVE-2023-22026", "CVE-2023-22015", "CVE-2023-22007", "CVE-2023-21980", "CVE-2023-21977", "CVE-2022-21444", "CVE-2022-21417", "CVE-2021-22570", "CVE-2023-22007", "CVE-2023-22028", "CVE-2021-2356", "CVE-2022-21417", "CVE-2022-21444", "CVE-2023-21980", "CVE-2023-21977"], + arm64v8: ["CVE-2023-2183", "CVE-2023-1387", "CVE-2022-39324", "CVE-2022-39307", "CVE-2022-39306", "CVE-2022-39229", "CVE-2022-39201", "CVE-2022-36062", "CVE-2022-35957", "CVE-2022-31130", "CVE-2022-31123", "CVE-2022-23552", "CVE-2022-23498"], centos: - Used Package Openjdk 1.8.0 - .rpm Format - CVE: ["CVE-2023-21967", "CVE-2023-21954", "CVE-2023-21939", "CVE-2023-21938", "CVE-2023-21937", "CVE-2023-21930", "CVE-2021-20264", "CVE-2014-1876", "CVE-2012-2739"] + Used Packages: Openjdk 1.8.0 - .rpm Format + CVE: + amd64: ["CVE-2023-21967", "CVE-2023-21954", "CVE-2023-21939", "CVE-2023-21938", "CVE-2023-21937", "CVE-2023-21930", "CVE-2021-20264", "CVE-2014-1876", "CVE-2012-2739"], + arm64v8: ["CVE-2023-2183", "CVE-2023-1387", "CVE-2022-39324", "CVE-2022-39307", "CVE-2022-39306", "CVE-2022-39229", "CVE-2022-39201", "CVE-2022-36062", "CVE-2022-35957", "CVE-2022-31130", "CVE-2022-31123", "CVE-2022-23552", "CVE-2022-23498"], preconditions: null body: tasks: @@ -213,8 +244,10 @@ from: centos: amd64: openjdk-1.7.0 + arm64v8: grafana-8.5.6 ubuntu: amd64: mysql-5.5.18 + arm64v8: grafana-8.5.6 windows: amd64: node-v18.0.0 macos: @@ -223,8 +256,10 @@ to: centos: amd64: openjdk-1.8.0 + arm64v8: grafana-9.1.1 ubuntu: amd64: mysql-5.5.19 + arm64v8: grafana-9.1.1 windows: amd64: node-v18.1.0 macos: @@ -236,17 +271,17 @@ description: | Upgrade of a vulnerable which cease to be vulnerable macos: - Used Package: Node 19.5.0 - PKG Format - "CVE": [], + Used Packages: Node 19.5.0 - PKG Format + CVE: [], windows: - Used Package: Node 19.5.0 - Exe Format - "CVE": [], + Used Packages: Node 19.5.0 - Exe Format + CVE: [], ubuntu: - Used Package Grafana 9.4.17 - .deb Format - CVE: [] + Used Packages: Grafana 9.4.17 - .deb Format + CVE: [], centos: - Used Package Grafana 9.4.17 - .rpm Format - CVE: [] + Used Packages: Grafana 9.4.17 - .rpm Format + CVE: [], preconditions: null body: tasks: @@ -286,17 +321,17 @@ description: | Upgrade of a non vulnerable package to non vulnerable macos: - Used Package: Node 19.5.0 - PKG Format - "CVE": [], + Used Packages: Node 19.5.0 - PKG Format + CVE: [], windows: - Used Package: Node 19.5.0 - Exe Format - "CVE": [], + Used Packages: Node 19.5.0 - Exe Format + CVE: [], ubuntu: - Used Package Grafana 9.5.13 - .deb Format - CVE: [] + Used Packages: Grafana 9.5.13 - .deb Format + CVE: [], centos: - Used Package Grafana 9.5.13 - .rpm Format - CVE: [] + Used Packages: Grafana 9.5.13 - .rpm Format + CVE: [], preconditions: tasks: - operation: install_package @@ -345,16 +380,16 @@ description: | Upgrade to non vulnerable package to vulnerable macos: - Used Package: Node 20.0.0 - PKG Format - "CVE": ["CVE-2023-44487", "CVE-2023-39332", "CVE-2023-39331", "CVE-2023-38552", "CVE-2023-32559", "CVE-2023-32558", "CVE-2023-32006", "CVE-2023-32005", "CVE-2023-32004", "CVE-2023-32003", "CVE-2023-32002", "CVE-2023-30590", "CVE-2023-30588", "CVE-2023-30586", "CVE-2023-30585", "CVE-2023-30581"], + Used Packages: Node 20.0.0 - PKG Format + CVE: ["CVE-2023-44487", "CVE-2023-39332", "CVE-2023-39331", "CVE-2023-38552", "CVE-2023-32559", "CVE-2023-32558", "CVE-2023-32006", "CVE-2023-32005", "CVE-2023-32004", "CVE-2023-32003", "CVE-2023-32002", "CVE-2023-30590", "CVE-2023-30588", "CVE-2023-30586", "CVE-2023-30585", "CVE-2023-30581"], windows: - Used Package: Node 20.5.1 - Exe Format - "CVE": ["CVE-2023-44487", "CVE-2023-39332", "CVE-2023-39331", "CVE-2023-38552"], + Used Packages: Node 20.5.1 - Exe Format + CVE: ["CVE-2023-44487", "CVE-2023-39332", "CVE-2023-39331", "CVE-2023-38552"], ubuntu: - Used Package Grafana 9.5.13 - .deb Format + Used Packages: Grafana 10.0.0 - .deb Format CVE: ["CVE-2023-4822", "CVE-2023-4399"], centos: - Used Package Grafana 9.5.13 - .rpm Format + Used Packages: Grafana 10.0.0 - .rpm Format CVE: ["CVE-2023-4822", "CVE-2023-4399"], preconditions: null body: @@ -367,10 +402,11 @@ package: from: centos: - amd64: firefox-91.13.0 - arm64v8: grafana-8.5.5 + amd64: grafana-9.4.17 + arm64v8: grafana-9.4.17 ubuntu: - amd64: grafana-8.5.5 + amd64: grafana-9.4.17 + arm64v8: grafana-9.4.17 windows: amd64: node-v19.6.0 macos: @@ -378,10 +414,11 @@ arm64v8: node-v19.6.0 to: centos: - amd64: firefox-91.13.0 - arm64v8: grafana-8.5.5 + amd64: grafana-10.0.0 + arm64v8: grafana-10.0.0 ubuntu: - amd64: grafana-8.5.5 + amd64: grafana-10.0.0 + arm64v8: grafana-10.0.0 windows: amd64: node-v20.5.1 macos: @@ -393,17 +430,17 @@ description: | Installation of a non vulnerable package macos: - Used Package: Node 19.5.0 - PKG Format - "CVE": [], + Used Packages: Node 19.5.0 - PKG Format + CVE: [], windows: - Used Package: Node 19.5.0 - Exe Format - "CVE": [], + Used Packages: Node 19.5.0 - Exe Format + CVE: [], ubuntu: - Used Package Grafana 9.5.13 - .deb Format - CVE: [] + Used Packages: Grafana 9.5.13 - .deb Format + CVE: [], centos: - Used Package Grafana 9.5.13 - .rpm Format - CVE: [] + Used Packages: Grafana 9.5.13 - .rpm Format + CVE: [], preconditions: null body: tasks: @@ -429,17 +466,17 @@ description: | Removal of a non vulnerable package macos: - Used Package: Node 19.5.0 - PKG Format - "CVE": [], + Used Packages: Node 19.5.0 - PKG Format + CVE: [], windows: - Used Package: Node 19.5.0 - Exe Format - "CVE": [], + Used Packages: Node 19.5.0 - Exe Format + CVE: [], ubuntu: - Used Package Grafana 9.5.13 - .deb Format + Used Packages: Grafana 9.5.13 - .deb Format CVE: [] centos: - Used Package Grafana 9.5.13 - .rpm Format - CVE: [] + Used Packages: Grafana 9.5.13 - .rpm Format + CVE: [], body: tasks: - operation: remove_package From 5f1362bf6c49d2692af5fe8fe02189925e7e9cae Mon Sep 17 00:00:00 2001 From: rafabailon Date: Fri, 22 Mar 2024 09:37:19 +0100 Subject: [PATCH 013/115] feat: Use grafana in all ubuntu and centos tests --- .../cases/test_vulnerability.yaml | 110 ++++++++---------- 1 file changed, 46 insertions(+), 64 deletions(-) diff --git a/tests/end_to_end/test_vulnerability_detector/cases/test_vulnerability.yaml b/tests/end_to_end/test_vulnerability_detector/cases/test_vulnerability.yaml index 1f81ceb697..6529c41dd5 100644 --- a/tests/end_to_end/test_vulnerability_detector/cases/test_vulnerability.yaml +++ b/tests/end_to_end/test_vulnerability_detector/cases/test_vulnerability.yaml @@ -11,15 +11,11 @@ Used Packages: Node 17.0.1 - Exe Format CVE: ["CVE-2022-21824", "CVE-2022-0778", "CVE-2021-44533", "CVE-2021-44532", "CVE-2021-44531", "CVE-2021-4044"], ubuntu: - Used Packages: Mysql 5.5.20 and Grafana 8.5.5 - .deb Format - CVE: - amd64: ["CVE-2023-22028", "CVE-2023-22026", "CVE-2023-22015", "CVE-2023-22007", "CVE-2023-21980", "CVE-2023-21977", "CVE-2022-21444", "CVE-2022-21417", "CVE-2021-22570", "CVE-2021-2356", "CVE-2020-15358", "CVE-2020-14852", "CVE-2020-14846", "CVE-2020-14845", "CVE-2020-14839", "CVE-2020-14837", "CVE-2020-14830"], - arm64v8: ["CVE-2023-2183", "CVE-2023-1410", "CVE-2023-0594", "CVE-2023-0507", "CVE-2022-39324", "CVE-2022-39307", "CVE-2022-39306", "CVE-2022-39229", "CVE-2022-39201", "CVE-2022-36062", "CVE-2022-35957", "CVE-2022-31130", "CVE-2022-31123", "CVE-2022-31107", "CVE-2022-31097", "CVE-2022-23552", "CVE-2022-23498"], + Used Packages: Grafana 8.5.5 - .deb Format + CVE: ["CVE-2023-2183", "CVE-2023-1410", "CVE-2023-0594", "CVE-2023-0507", "CVE-2022-39324", "CVE-2022-39307", "CVE-2022-39306", "CVE-2022-39229", "CVE-2022-39201", "CVE-2022-36062", "CVE-2022-35957", "CVE-2022-31130", "CVE-2022-31123", "CVE-2022-31107", "CVE-2022-31097", "CVE-2022-23552", "CVE-2022-23498"], centos: - Used Packages: Openjdk 1.6.0 and Grafana 8.5.5 - .rpm Format - CVE: - amd64: ["CVE-2023-21967", "CVE-2023-21954", "CVE-2023-21939", "CVE-2023-21938", "CVE-2023-21937", "CVE-2023-21930", "CVE-2014-2405", "CVE-2014-1876", "CVE-2014-0462", "CVE-2012-5373", "CVE-2012-2739"], - arm64v8: ["CVE-2023-2183", "CVE-2023-1410", "CVE-2023-0594", "CVE-2023-0507", "CVE-2022-39324", "CVE-2022-39307", "CVE-2022-39306", "CVE-2022-39229", "CVE-2022-39201", "CVE-2022-36062", "CVE-2022-35957", "CVE-2022-31130", "CVE-2022-31123", "CVE-2022-31107", "CVE-2022-31097", "CVE-2022-23552", "CVE-2022-23498"], + Used Packages: Grafana 8.5.5 - .rpm Format + CVE: ["CVE-2023-2183", "CVE-2023-1410", "CVE-2023-0594", "CVE-2023-0507", "CVE-2022-39324", "CVE-2022-39307", "CVE-2022-39306", "CVE-2022-39229", "CVE-2022-39201", "CVE-2022-36062", "CVE-2022-35957", "CVE-2022-31130", "CVE-2022-31123", "CVE-2022-31107", "CVE-2022-31097", "CVE-2022-23552", "CVE-2022-23498"], preconditions: null body: tasks: @@ -30,10 +26,10 @@ state_index: true package: centos: - amd64: openjdk-1.6.0 + amd64: grafana-8.5.5 arm64v8: grafana-8.5.5 ubuntu: - amd64: mysql-5.5.20 + amd64: grafana-8.5.5 arm64v8: grafana-8.5.5 windows: amd64: node-v17.0.1 @@ -53,15 +49,13 @@ CVES Expected to mitigate: ["CVE-2022-21824", "CVE-2022-0778", "CVE-2021-44533", "CVE-2021-44532", "CVE-2021-44531", "CVE-2021-4044"], ubuntu: - Used Packages: Mysql 5.5.20 and Grafana 8.5.5 - .deb Format + Used Packages: Grafana 8.5.5 - .deb Format CVES Expected to mitigate: - amd64: ["CVE-2023-22028", "CVE-2023-22026", "CVE-2023-22015", "CVE-2023-22007", "CVE-2023-21980", "CVE-2023-21977", "CVE-2022-21444", "CVE-2022-21417", "CVE-2021-22570", "CVE-2021-2356", "CVE-2020-15358", "CVE-2020-14852", "CVE-2020-14846", "CVE-2020-14845", "CVE-2020-14839", "CVE-2020-14837", "CVE-2020-14830"], - arm64v8: ["CVE-2023-2183", "CVE-2023-1410", "CVE-2023-0594", "CVE-2023-0507", "CVE-2022-39324", "CVE-2022-39307", "CVE-2022-39306", "CVE-2022-39229", "CVE-2022-39201", "CVE-2022-36062", "CVE-2022-35957", "CVE-2022-31130", "CVE-2022-31123", "CVE-2022-31107", "CVE-2022-31097", "CVE-2022-23552", "CVE-2022-23498"], + ["CVE-2023-2183", "CVE-2023-1410", "CVE-2023-0594", "CVE-2023-0507", "CVE-2022-39324", "CVE-2022-39307", "CVE-2022-39306", "CVE-2022-39229", "CVE-2022-39201", "CVE-2022-36062", "CVE-2022-35957", "CVE-2022-31130", "CVE-2022-31123", "CVE-2022-31107", "CVE-2022-31097", "CVE-2022-23552", "CVE-2022-23498"], centos: - Used Packages: Openjdk 1.6.0 and Grafana 8.5.5 - .rpm Format + Used Packages: Grafana 8.5.5 - .rpm Format CVE Expected to mitigate: - amd64: ["CVE-2023-21967", "CVE-2023-21954", "CVE-2023-21939", "CVE-2023-21938", "CVE-2023-21937", "CVE-2023-21930", "CVE-2014-2405", "CVE-2014-1876", "CVE-2014-0462", "CVE-2012-5373", "CVE-2012-2739"], - arm64v8: ["CVE-2023-2183", "CVE-2023-1410", "CVE-2023-0594", "CVE-2023-0507", "CVE-2022-39324", "CVE-2022-39307", "CVE-2022-39306", "CVE-2022-39229", "CVE-2022-39201", "CVE-2022-36062", "CVE-2022-35957", "CVE-2022-31130", "CVE-2022-31123", "CVE-2022-31107", "CVE-2022-31097", "CVE-2022-23552", "CVE-2022-23498"], + ["CVE-2023-2183", "CVE-2023-1410", "CVE-2023-0594", "CVE-2023-0507", "CVE-2022-39324", "CVE-2022-39307", "CVE-2022-39306", "CVE-2022-39229", "CVE-2022-39201", "CVE-2022-36062", "CVE-2022-35957", "CVE-2022-31130", "CVE-2022-31123", "CVE-2022-31107", "CVE-2022-31097", "CVE-2022-23552", "CVE-2022-23498"], preconditions: null body: tasks: @@ -72,10 +66,10 @@ state_index: true package: centos: - amd64: openjdk-1.6.0 + amd64: grafana-8.5.5 arm64v8: grafana-8.5.5 ubuntu: - amd64: mysql-5.5.20 + amd64: grafana-8.5.5 arm64v8: grafana-8.5.5 windows: amd64: node-v17.0.1 @@ -95,15 +89,11 @@ Used Packages: Node 17.1.0 - Exe Format CVE: ["CVE-2022-21824", "CVE-2022-0778", "CVE-2021-44533", "CVE-2021-44532", "CVE-2021-44531", "CVE-2021-4044"], ubuntu: - Used Packages: Mysql 5.5.21 and Grafana 8.5.6 - .deb Format - CVE: - amd64: ["CVE-2023-22028", "CVE-2023-22026", "CVE-2023-22015", "CVE-2023-22007", "CVE-2023-21980", "CVE-2023-21977", "CVE-2022-21444", "CVE-2022-21417", "CVE-2021-22570", "CVE-2021-2356", "CVE-2020-15358", "CVE-2020-14852", "CVE-2020-14846", "CVE-2020-14845", "CVE-2020-14839", "CVE-2020-14837", "CVE-2020-14830"], - arm64v8: ["CVE-2023-2183", "CVE-2023-1410", "CVE-2023-0594", "CVE-2023-0507", "CVE-2022-39324", "CVE-2022-39307", "CVE-2022-39306", "CVE-2022-39229", "CVE-2022-39201", "CVE-2022-36062", "CVE-2022-35957", "CVE-2022-31130", "CVE-2022-31123", "CVE-2022-31107", "CVE-2022-31097", "CVE-2022-23552", "CVE-2022-23498"], + Used Packages: Grafana 8.5.6 - .deb Format + CVE: ["CVE-2023-2183", "CVE-2023-1410", "CVE-2023-0594", "CVE-2023-0507", "CVE-2022-39324", "CVE-2022-39307", "CVE-2022-39306", "CVE-2022-39229", "CVE-2022-39201", "CVE-2022-36062", "CVE-2022-35957", "CVE-2022-31130", "CVE-2022-31123", "CVE-2022-31107", "CVE-2022-31097", "CVE-2022-23552", "CVE-2022-23498"], centos: - Used Packages: Openjdk 1.7.0 and Grafana 8.5.6 - .rpm Format - CVE: - amd64: ["CVE-2023-21967", "CVE-2023-21954", "CVE-2023-21939", "CVE-2023-21938", "CVE-2023-21937", "CVE-2023-21930", "CVE-2014-8873", "CVE-2014-2483", "CVE-2014-1876", "CVE-2013-2461", "CVE-2012-5373", "CVE-2012-2739"], - arm64v8: ["CVE-2023-2183", "CVE-2023-1410", "CVE-2023-0594", "CVE-2023-0507", "CVE-2022-39324", "CVE-2022-39307", "CVE-2022-39306", "CVE-2022-39229", "CVE-2022-39201", "CVE-2022-36062", "CVE-2022-35957", "CVE-2022-31130", "CVE-2022-31123", "CVE-2022-31107", "CVE-2022-31097", "CVE-2022-23552", "CVE-2022-23498"], + Used Packages: Grafana 8.5.6 - .rpm Format + CVE: ["CVE-2023-2183", "CVE-2023-1410", "CVE-2023-0594", "CVE-2023-0507", "CVE-2022-39324", "CVE-2022-39307", "CVE-2022-39306", "CVE-2022-39229", "CVE-2022-39201", "CVE-2022-36062", "CVE-2022-35957", "CVE-2022-31130", "CVE-2022-31123", "CVE-2022-31107", "CVE-2022-31097", "CVE-2022-23552", "CVE-2022-23498"], preconditions: tasks: - operation: install_package @@ -113,10 +103,10 @@ state_index: true package: centos: - amd64: openjdk-1.6.0 + amd64: grafana-8.5.5 arm64v8: grafana-8.5.5 ubuntu: - amd64: mysql-5.5.20 + amd64: grafana-8.5.5 arm64v8: grafana-8.5.5 windows: amd64: node-v17.0.1 @@ -133,10 +123,10 @@ package: from: centos: - amd64: openjdk-1.6.0 + amd64: grafana-8.5.5 arm64v8: grafana-8.5.5 ubuntu: - amd64: mysql-5.5.20 + amd64: grafana-8.5.5 arm64v8: grafana-8.5.5 windows: amd64: node-v17.0.1 @@ -145,10 +135,10 @@ arm64v8: node-v17.0.1 to: centos: - amd64: openjdk-1.7.0 + amd64: grafana-8.5.6 arm64v8: grafana-8.5.6 ubuntu: - amd64: mysql-5.5.21 + amd64: grafana-8.5.6 arm64v8: grafana-8.5.6 windows: amd64: node-v17.1.0 @@ -167,15 +157,11 @@ Used Packages: Node 18.0.0 - Exe Format CVE: ["CVE-2023-38552", "CVE-2023-32559", "CVE-2023-32006", "CVE-2023-32002", "CVE-2023-30590", "CVE-2023-30589", "CVE-2023-30588", "CVE-2023-30585", "CVE-2023-30581", "CVE-2023-23920", "CVE-2023-23919", "CVE-2023-23918", "CVE-2022-43548", "CVE-2022-35256", "CVE-2022-35255", "CVE-2022-32223", "CVE-2022-32222", "CVE-2022-32215", "CVE-2022-32214", "CVE-2022-32213", "CVE-2022-32212", "CVE-2022-3786", "CVE-2022-3602"], ubuntu: - Used Packages: Mysql 5.5.19 and Grafana 9.1.1 - .deb Format - CVE: - amd64: ["CVE-2023-22026", "CVE-2023-22015", "CVE-2023-22007", "CVE-2023-21980", "CVE-2023-21977", "CVE-2022-21444", "CVE-2022-21417", "CVE-2021-22570", "CVE-2023-22007", "CVE-2023-22028", "CVE-2021-2356", "CVE-2022-21417", "CVE-2022-21444", "CVE-2023-21980", "CVE-2023-21977"], - arm64v8: ["CVE-2023-2183", "CVE-2023-1387", "CVE-2022-39324", "CVE-2022-39307", "CVE-2022-39306", "CVE-2022-39229", "CVE-2022-39201", "CVE-2022-36062", "CVE-2022-35957", "CVE-2022-31130", "CVE-2022-31123", "CVE-2022-23552", "CVE-2022-23498"], + Used Packages: Grafana 9.1.1 - .deb Format + CVE: ["CVE-2023-2183", "CVE-2023-1387", "CVE-2022-39324", "CVE-2022-39307", "CVE-2022-39306", "CVE-2022-39229", "CVE-2022-39201", "CVE-2022-36062", "CVE-2022-35957", "CVE-2022-31130", "CVE-2022-31123", "CVE-2022-23552", "CVE-2022-23498"], centos: - Used Packages: Openjdk 1.7.0 and Grafana 9.1.1 - .rpm Format - CVE: - amd64: ["CVE-2023-21967", "CVE-2023-21954", "CVE-2023-21939", "CVE-2023-21938", "CVE-2023-21937", "CVE-2023-21930", "CVE-2014-8873", "CVE-2014-2483", "CVE-2014-1876", "CVE-2013-2461", "CVE-2012-5373", "CVE-2012-2739"], - arm64v8: ["CVE-2023-2183", "CVE-2023-1387", "CVE-2022-39324", "CVE-2022-39307", "CVE-2022-39306", "CVE-2022-39229", "CVE-2022-39201", "CVE-2022-36062", "CVE-2022-35957", "CVE-2022-31130", "CVE-2022-31123", "CVE-2022-23552", "CVE-2022-23498"], + Used Packages: Grafana 9.1.1 - .rpm Format + CVE: ["CVE-2023-2183", "CVE-2023-1387", "CVE-2022-39324", "CVE-2022-39307", "CVE-2022-39306", "CVE-2022-39229", "CVE-2022-39201", "CVE-2022-36062", "CVE-2022-35957", "CVE-2022-31130", "CVE-2022-31123", "CVE-2022-23552", "CVE-2022-23498"], preconditions: null body: tasks: @@ -187,10 +173,10 @@ package: from: centos: - amd64: openjdk-1.6.0 + amd64: grafana-8.5.6 arm64v8: grafana-8.5.6 ubuntu: - amd64: mysql-5.5.18 + amd64: grafana-8.5.6 arm64v8: grafana-8.5.6 windows: amd64: node-v17.1.0 @@ -199,10 +185,10 @@ arm64v8: node-v17.1.0 to: centos: - amd64: openjdk-1.7.0 + amd64: grafana-9.1.1 arm64v8: grafana-9.1.1 ubuntu: - amd64: mysql-5.5.19 + amd64: grafana-9.1.1 arm64v8: grafana-9.1.1 windows: amd64: node-v18.0.0 @@ -223,15 +209,11 @@ Used Packages: Node 18.1.0 - Exe Format CVE: ["CVE-2023-38552", "CVE-2023-32559", "CVE-2023-32006", "CVE-2023-32002", "CVE-2023-30590", "CVE-2023-30588", "CVE-2023-30585", "CVE-2023-30581", "CVE-2023-23920", "CVE-2023-23919", "CVE-2023-23918", "CVE-2022-43548", "CVE-2022-35256", "CVE-2022-35255", "CVE-2022-32222", "CVE-2022-32215", "CVE-2022-32214", "CVE-2022-32213", "CVE-2022-32212", "CVE-2022-3786", "CVE-2022-3602"], ubuntu: - Used Packages: Mysql 5.5.19 - .deb Format - CVE: - amd64: ["CVE-2023-22026", "CVE-2023-22015", "CVE-2023-22007", "CVE-2023-21980", "CVE-2023-21977", "CVE-2022-21444", "CVE-2022-21417", "CVE-2021-22570", "CVE-2023-22007", "CVE-2023-22028", "CVE-2021-2356", "CVE-2022-21417", "CVE-2022-21444", "CVE-2023-21980", "CVE-2023-21977"], - arm64v8: ["CVE-2023-2183", "CVE-2023-1387", "CVE-2022-39324", "CVE-2022-39307", "CVE-2022-39306", "CVE-2022-39229", "CVE-2022-39201", "CVE-2022-36062", "CVE-2022-35957", "CVE-2022-31130", "CVE-2022-31123", "CVE-2022-23552", "CVE-2022-23498"], + Used Packages: Grafana 9.1.1 - .deb Format + CVE: ["CVE-2023-2183", "CVE-2023-1387", "CVE-2022-39324", "CVE-2022-39307", "CVE-2022-39306", "CVE-2022-39229", "CVE-2022-39201", "CVE-2022-36062", "CVE-2022-35957", "CVE-2022-31130", "CVE-2022-31123", "CVE-2022-23552", "CVE-2022-23498"], centos: - Used Packages: Openjdk 1.8.0 - .rpm Format - CVE: - amd64: ["CVE-2023-21967", "CVE-2023-21954", "CVE-2023-21939", "CVE-2023-21938", "CVE-2023-21937", "CVE-2023-21930", "CVE-2021-20264", "CVE-2014-1876", "CVE-2012-2739"], - arm64v8: ["CVE-2023-2183", "CVE-2023-1387", "CVE-2022-39324", "CVE-2022-39307", "CVE-2022-39306", "CVE-2022-39229", "CVE-2022-39201", "CVE-2022-36062", "CVE-2022-35957", "CVE-2022-31130", "CVE-2022-31123", "CVE-2022-23552", "CVE-2022-23498"], + Used Packages: Grafana 9.1.1 - .rpm Format + CVE: ["CVE-2023-2183", "CVE-2023-1387", "CVE-2022-39324", "CVE-2022-39307", "CVE-2022-39306", "CVE-2022-39229", "CVE-2022-39201", "CVE-2022-36062", "CVE-2022-35957", "CVE-2022-31130", "CVE-2022-31123", "CVE-2022-23552", "CVE-2022-23498"], preconditions: null body: tasks: @@ -243,10 +225,10 @@ package: from: centos: - amd64: openjdk-1.7.0 + amd64: grafana-8.5.6 arm64v8: grafana-8.5.6 ubuntu: - amd64: mysql-5.5.18 + amd64: grafana-8.5.6 arm64v8: grafana-8.5.6 windows: amd64: node-v18.0.0 @@ -255,10 +237,10 @@ arm64v8: node-v18.11.0 to: centos: - amd64: openjdk-1.8.0 + amd64: grafana-9.1.1 arm64v8: grafana-9.1.1 ubuntu: - amd64: mysql-5.5.19 + amd64: grafana-9.1.1 arm64v8: grafana-9.1.1 windows: amd64: node-v18.1.0 @@ -293,11 +275,11 @@ package: from: centos: - amd64: grafana-9.2.0 - arm64v8: grafana-9.2.0 + amd64: grafana-9.1.1 + arm64v8: grafana-9.1.1 ubuntu: - amd64: grafana-9.2.0 - arm64v8: grafana-9.2.0 + amd64: grafana-9.1.1 + arm64v8: grafana-9.1.1 windows: amd64: node-v18.1.0 macos: @@ -402,11 +384,11 @@ package: from: centos: - amd64: grafana-9.4.17 - arm64v8: grafana-9.4.17 + amd64: grafana-9.5.13 + arm64v8: grafana-9.5.13 ubuntu: - amd64: grafana-9.4.17 - arm64v8: grafana-9.4.17 + amd64: grafana-9.5.13 + arm64v8: grafana-9.5.13 windows: amd64: node-v19.6.0 macos: From c5c0029cb87d8f8b28def7e95f010290760732ed Mon Sep 17 00:00:00 2001 From: rafabailon Date: Fri, 22 Mar 2024 12:09:47 +0100 Subject: [PATCH 014/115] feat: fix centos packages --- .../vuln_packages.json | 203 ++++++++++++++---- .../cases/test_vulnerability.yaml | 68 +++--- 2 files changed, 201 insertions(+), 70 deletions(-) diff --git a/deps/wazuh_testing/wazuh_testing/end_to_end/vulnerability_detector_packages/vuln_packages.json b/deps/wazuh_testing/wazuh_testing/end_to_end/vulnerability_detector_packages/vuln_packages.json index efab87aa9c..0ad8ba97e6 100644 --- a/deps/wazuh_testing/wazuh_testing/end_to_end/vulnerability_detector_packages/vuln_packages.json +++ b/deps/wazuh_testing/wazuh_testing/end_to_end/vulnerability_detector_packages/vuln_packages.json @@ -35,10 +35,6 @@ "CVE-2022-23498" ], "urls": { - "centos": { - "amd64": "https://dl.grafana.com/oss/release/grafana-8.5.5-1.x86_64.rpm", - "arm64v8": "https://dl.grafana.com/oss/release/grafana-8.5.5-1.aarch64.rpm" - }, "ubuntu": { "amd64": "https://dl.grafana.com/oss/release/grafana_8.5.5_amd64.deb", "arm64v8": "https://dl.grafana.com/oss/release/grafana_8.5.5_arm64.deb" @@ -46,6 +42,36 @@ }, "uninstall_name": "grafana*" }, + "grafana-8.5.5-1": { + "package_name": "grafana", + "package_version": "8.5.5-1", + "CVE": [ + "CVE-2023-2183", + "CVE-2023-1410", + "CVE-2023-0594", + "CVE-2023-0507", + "CVE-2022-39324", + "CVE-2022-39307", + "CVE-2022-39306", + "CVE-2022-39229", + "CVE-2022-39201", + "CVE-2022-36062", + "CVE-2022-35957", + "CVE-2022-31130", + "CVE-2022-31123", + "CVE-2022-31107", + "CVE-2022-31097", + "CVE-2022-23552", + "CVE-2022-23498" + ], + "urls": { + "centos": { + "amd64": "https://dl.grafana.com/oss/release/grafana-8.5.5-1.x86_64.rpm", + "arm64v8": "https://dl.grafana.com/oss/release/grafana-8.5.5-1.aarch64.rpm" + } + }, + "uninstall_name": "grafana*" + }, "grafana-8.5.6": { "package_name": "grafana", "package_version": "8.5.6", @@ -69,10 +95,6 @@ "CVE-2022-23498" ], "urls": { - "centos": { - "amd64": "https://dl.grafana.com/oss/release/grafana-8.5.6-1.x86_64.rpm", - "arm64v8": "https://dl.grafana.com/oss/release/grafana-8.5.6-1.aarch64.rpm" - }, "ubuntu": { "amd64": "https://dl.grafana.com/oss/release/grafana_8.5.6_amd64.deb", "arm64v8": "https://dl.grafana.com/oss/release/grafana_8.5.6_arm64.deb" @@ -80,6 +102,36 @@ }, "uninstall_name": "grafana*" }, + "grafana-8.5.6-1": { + "package_name": "grafana", + "package_version": "8.5.6-1", + "CVE": [ + "CVE-2023-2183", + "CVE-2023-1410", + "CVE-2023-0594", + "CVE-2023-0507", + "CVE-2022-39324", + "CVE-2022-39307", + "CVE-2022-39306", + "CVE-2022-39229", + "CVE-2022-39201", + "CVE-2022-36062", + "CVE-2022-35957", + "CVE-2022-31130", + "CVE-2022-31123", + "CVE-2022-31107", + "CVE-2022-31097", + "CVE-2022-23552", + "CVE-2022-23498" + ], + "urls": { + "centos": { + "amd64": "https://dl.grafana.com/oss/release/grafana-8.5.6-1.x86_64.rpm", + "arm64v8": "https://dl.grafana.com/oss/release/grafana-8.5.6-1.aarch64.rpm" + } + }, + "uninstall_name": "grafana*" + }, "grafana-9.1.1": { "package_name": "grafana", "package_version": "9.1.1", @@ -99,10 +151,6 @@ "CVE-2022-23498" ], "urls": { - "centos": { - "amd64": "https://dl.grafana.com/oss/release/grafana-9.1.1-1.x86_64.rpm", - "arm64v8": "https://dl.grafana.com/oss/release/grafana-9.1.1-1.aarch64.rpm" - }, "ubuntu": { "amd64": "https://dl.grafana.com/oss/release/grafana_9.1.1_amd64.deb", "arm64v8": "https://dl.grafana.com/oss/release/grafana_9.1.1_arm64.deb" @@ -110,37 +158,89 @@ }, "uninstall_name": "grafana*" }, + "grafana-9.1.1-1": { + "package_name": "grafana", + "package_version": "9.1.1-1", + "CVE": [ + "CVE-2023-2183", + "CVE-2023-1387", + "CVE-2022-39324", + "CVE-2022-39307", + "CVE-2022-39306", + "CVE-2022-39229", + "CVE-2022-39201", + "CVE-2022-36062", + "CVE-2022-35957", + "CVE-2022-31130", + "CVE-2022-31123", + "CVE-2022-23552", + "CVE-2022-23498" + ], + "urls": { + "centos": { + "amd64": "https://dl.grafana.com/oss/release/grafana-9.1.1-1.x86_64.rpm", + "arm64v8": "https://dl.grafana.com/oss/release/grafana-9.1.1-1.aarch64.rpm" + } + }, + "uninstall_name": "grafana*" + }, "grafana-9.2.0": { "package_name": "grafana", "package_version": "9.2.0", "CVE": [ - "CVE-2021-25804", - "CVE-2021-25803", - "CVE-2021-25802", - "CVE-2021-25801", - "CVE-2020-26664" + "CVE-2023-3128", + "CVE-2023-22462", + "CVE-2023-2183", + "CVE-2023-1410", + "CVE-2023-1387", + "CVE-2023-0594", + "CVE-2023-0507", + "CVE-2022-39328", + "CVE-2022-39324", + "CVE-2022-39307", + "CVE-2022-39306", + "CVE-2022-23552", + "CVE-2022-23498" ], "urls": { - "centos": { - "amd64": "https://dl.grafana.com/oss/release/grafana-9.2.0-1.x86_64.rpm", - "arm64v8": "https://dl.grafana.com/oss/release/grafana-9.2.0-1.aarch64.rpm" - }, "ubuntu": { "amd64": "https://dl.grafana.com/oss/release/grafana_9.2.0_amd64.deb", "arm64v8": "https://dl.grafana.com/oss/release/grafana_9.2.0_arm64.deb" - }, - "uninstall_name": "grafana*" - } + } + }, + "uninstall_name": "grafana*" + }, + "grafana-9.2.0-1": { + "package_name": "grafana", + "package_version": "9.2.0-1", + "CVE": [ + "CVE-2023-3128", + "CVE-2023-22462", + "CVE-2023-2183", + "CVE-2023-1410", + "CVE-2023-1387", + "CVE-2023-0594", + "CVE-2023-0507", + "CVE-2022-39328", + "CVE-2022-39324", + "CVE-2022-39307", + "CVE-2022-39306", + "CVE-2022-23552", + "CVE-2022-23498" + ], + "urls": { + "centos": { + "amd64": "https://dl.grafana.com/oss/release/grafana-9.2.0-1.x86_64.rpm", + "arm64v8": "https://dl.grafana.com/oss/release/grafana-9.2.0-1.aarch64.rpm" + } + }, + "uninstall_name": "grafana*" }, "grafana-9.4.17": { "package_name": "grafana", "package_version": "9.4.17", "CVE": [], "urls": { - "centos": { - "amd64": "https://dl.grafana.com/oss/release/grafana-9.4.17-1.x86_64.rpm", - "arm64v8": "https://dl.grafana.com/oss/release/grafana-9.4.17-1.aarch64.rpm" - }, "ubuntu": { "amd64": "https://dl.grafana.com/oss/release/grafana_9.4.17_amd64.deb", "arm64v8": "https://dl.grafana.com/oss/release/grafana_9.4.17_arm64.deb" @@ -148,15 +248,23 @@ }, "uninstall_name": "grafana*" }, + "grafana-9.4.17-1": { + "package_name": "grafana", + "package_version": "9.4.17-1", + "CVE": [], + "urls": { + "centos": { + "amd64": "https://dl.grafana.com/oss/release/grafana-9.4.17-1.x86_64.rpm", + "arm64v8": "https://dl.grafana.com/oss/release/grafana-9.4.17-1.aarch64.rpm" + } + }, + "uninstall_name": "grafana*" + }, "grafana-9.5.13": { "package_name": "grafana", "package_version": "9.5.13", "CVE": [], "urls": { - "centos": { - "amd64": "https://dl.grafana.com/oss/release/grafana-9.5.13-1.x86_64.rpm", - "arm64v8": "https://dl.grafana.com/oss/release/grafana-9.5.13-1.aarch64.rpm" - }, "ubuntu": { "amd64": "https://dl.grafana.com/oss/release/grafana_9.5.13_amd64.deb", "arm64v8": "https://dl.grafana.com/oss/release/grafana_9.5.13_arm64.deb" @@ -164,6 +272,18 @@ }, "uninstall_name": "grafana*" }, + "grafana-9.5.13-1": { + "package_name": "grafana", + "package_version": "9.5.13-1", + "CVE": [], + "urls": { + "centos": { + "amd64": "https://dl.grafana.com/oss/release/grafana-9.5.13-1.x86_64.rpm", + "arm64v8": "https://dl.grafana.com/oss/release/grafana-9.5.13-1.aarch64.rpm" + } + }, + "uninstall_name": "grafana*" + }, "grafana-10.0.0": { "package_name": "grafana", "package_version": "10.0.0", @@ -172,10 +292,6 @@ "CVE-2023-4399" ], "urls": { - "centos": { - "amd64": "https://dl.grafana.com/oss/release/grafana-10.0.0-1.x86_64.rpm", - "arm64v8": "https://dl.grafana.com/oss/release/grafana-10.0.0-1.aarch64.rpm" - }, "ubuntu": { "amd64": "https://dl.grafana.com/oss/release/grafana_10.0.0_amd64.deb", "arm64v8": "https://dl.grafana.com/oss/release/grafana_10.0.0_arm64.deb" @@ -183,6 +299,21 @@ }, "uninstall_name": "grafana*" }, + "grafana-10.0.0-1": { + "package_name": "grafana", + "package_version": "10.0.0-1", + "CVE": [ + "CVE-2023-4822", + "CVE-2023-4399" + ], + "urls": { + "centos": { + "amd64": "https://dl.grafana.com/oss/release/grafana-10.0.0-1.x86_64.rpm", + "arm64v8": "https://dl.grafana.com/oss/release/grafana-10.0.0-1.aarch64.rpm" + } + }, + "uninstall_name": "grafana*" + }, "vlc-3.0.6": { "package_name": "VLC media player", "package_version": "3.0.6", diff --git a/tests/end_to_end/test_vulnerability_detector/cases/test_vulnerability.yaml b/tests/end_to_end/test_vulnerability_detector/cases/test_vulnerability.yaml index 6529c41dd5..899493aa06 100644 --- a/tests/end_to_end/test_vulnerability_detector/cases/test_vulnerability.yaml +++ b/tests/end_to_end/test_vulnerability_detector/cases/test_vulnerability.yaml @@ -26,8 +26,8 @@ state_index: true package: centos: - amd64: grafana-8.5.5 - arm64v8: grafana-8.5.5 + amd64: grafana-8.5.5-1 + arm64v8: grafana-8.5.5-1 ubuntu: amd64: grafana-8.5.5 arm64v8: grafana-8.5.5 @@ -66,8 +66,8 @@ state_index: true package: centos: - amd64: grafana-8.5.5 - arm64v8: grafana-8.5.5 + amd64: grafana-8.5.5-1 + arm64v8: grafana-8.5.5-1 ubuntu: amd64: grafana-8.5.5 arm64v8: grafana-8.5.5 @@ -103,8 +103,8 @@ state_index: true package: centos: - amd64: grafana-8.5.5 - arm64v8: grafana-8.5.5 + amd64: grafana-8.5.5-1 + arm64v8: grafana-8.5.5-1 ubuntu: amd64: grafana-8.5.5 arm64v8: grafana-8.5.5 @@ -123,8 +123,8 @@ package: from: centos: - amd64: grafana-8.5.5 - arm64v8: grafana-8.5.5 + amd64: grafana-8.5.5-1 + arm64v8: grafana-8.5.5-1 ubuntu: amd64: grafana-8.5.5 arm64v8: grafana-8.5.5 @@ -135,8 +135,8 @@ arm64v8: node-v17.0.1 to: centos: - amd64: grafana-8.5.6 - arm64v8: grafana-8.5.6 + amd64: grafana-8.5.6-1 + arm64v8: grafana-8.5.6-1 ubuntu: amd64: grafana-8.5.6 arm64v8: grafana-8.5.6 @@ -173,8 +173,8 @@ package: from: centos: - amd64: grafana-8.5.6 - arm64v8: grafana-8.5.6 + amd64: grafana-8.5.6-1 + arm64v8: grafana-8.5.6-1 ubuntu: amd64: grafana-8.5.6 arm64v8: grafana-8.5.6 @@ -185,8 +185,8 @@ arm64v8: node-v17.1.0 to: centos: - amd64: grafana-9.1.1 - arm64v8: grafana-9.1.1 + amd64: grafana-9.1.1-1 + arm64v8: grafana-9.1.1-1 ubuntu: amd64: grafana-9.1.1 arm64v8: grafana-9.1.1 @@ -225,8 +225,8 @@ package: from: centos: - amd64: grafana-8.5.6 - arm64v8: grafana-8.5.6 + amd64: grafana-8.5.6-1 + arm64v8: grafana-8.5.6-1 ubuntu: amd64: grafana-8.5.6 arm64v8: grafana-8.5.6 @@ -237,8 +237,8 @@ arm64v8: node-v18.11.0 to: centos: - amd64: grafana-9.1.1 - arm64v8: grafana-9.1.1 + amd64: grafana-9.1.1-1 + arm64v8: grafana-9.1.1-1 ubuntu: amd64: grafana-9.1.1 arm64v8: grafana-9.1.1 @@ -275,8 +275,8 @@ package: from: centos: - amd64: grafana-9.1.1 - arm64v8: grafana-9.1.1 + amd64: grafana-9.1.1-1 + arm64v8: grafana-9.1.1-1 ubuntu: amd64: grafana-9.1.1 arm64v8: grafana-9.1.1 @@ -287,8 +287,8 @@ arm64v8: node-v18.12.0 to: centos: - amd64: grafana-9.4.17 - arm64v8: grafana-9.4.17 + amd64: grafana-9.4.17-1 + arm64v8: grafana-9.4.17-1 ubuntu: arm64v8: grafana-9.4.17 amd64: grafana-9.4.17 @@ -334,8 +334,8 @@ package: from: centos: - amd64: grafana-9.4.17 - arm64v8: grafana-9.4.17 + amd64: grafana-9.4.17-1 + arm64v8: grafana-9.4.17-1 ubuntu: arm64v8: grafana-9.4.17 amd64: grafana-9.4.17 @@ -346,8 +346,8 @@ arm64v8: node-v19.5.0 to: centos: - amd64: grafana-9.5.13 - arm64v8: grafana-9.5.13 + amd64: grafana-9.5.13-1 + arm64v8: grafana-9.5.13-1 ubuntu: amd64: grafana-9.5.13 arm64v8: grafana-9.5.13 @@ -384,8 +384,8 @@ package: from: centos: - amd64: grafana-9.5.13 - arm64v8: grafana-9.5.13 + amd64: grafana-9.5.13-1 + arm64v8: grafana-9.5.13-1 ubuntu: amd64: grafana-9.5.13 arm64v8: grafana-9.5.13 @@ -396,8 +396,8 @@ arm64v8: node-v19.6.0 to: centos: - amd64: grafana-10.0.0 - arm64v8: grafana-10.0.0 + amd64: grafana-10.0.0-1 + arm64v8: grafana-10.0.0-1 ubuntu: amd64: grafana-10.0.0 arm64v8: grafana-10.0.0 @@ -433,8 +433,8 @@ state_index: true package: centos: - amd64: grafana-9.5.13 - arm64v8: grafana-9.5.13 + amd64: grafana-9.5.13-1 + arm64v8: grafana-9.5.13-1 ubuntu: amd64: grafana-9.5.13 arm64v8: grafana-9.5.13 @@ -468,8 +468,8 @@ state_index: true package: centos: - amd64: grafana-9.5.13 - arm64v8: grafana-9.5.13 + amd64: grafana-9.5.13-1 + arm64v8: grafana-9.5.13-1 ubuntu: amd64: grafana-9.5.13 arm64v8: grafana-9.5.13 From 1f680a2b13562cb7ba44982427d026a5e88395cb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Santiago=20Padilla=20=C3=81lvarez?= Date: Fri, 22 Mar 2024 14:33:44 +0100 Subject: [PATCH 015/115] npm command for all vd testing OS --- .../wazuh_testing/tools/system.py | 25 ++++++++++++++++--- 1 file changed, 22 insertions(+), 3 deletions(-) diff --git a/deps/wazuh_testing/wazuh_testing/tools/system.py b/deps/wazuh_testing/wazuh_testing/tools/system.py index ebcfa92794..c0d22a7d52 100644 --- a/deps/wazuh_testing/wazuh_testing/tools/system.py +++ b/deps/wazuh_testing/wazuh_testing/tools/system.py @@ -484,7 +484,16 @@ def install_package(self, host, url, system='ubuntu', use_npm=False): """ if use_npm: - result = self.get_host(host).ansible("shell", f"npm install -g {url}", check=False) + if system == 'macos': + cmd = f"PATH=/opt/homebrew/bin:$PATH npm install -g {url}" + result = self.get_host(host).ansible("shell", cmd, check=False) + elif system == 'windows': + cmd = f"npm install -g {url}" + result = self.get_host(host).ansible("win_shell", cmd, check=False) + else: + cmd = f"npm install -g {url}" + result = self.get_host(host).ansible("shell", cmd, check=False) + logging.info(f"npm package installed result {result}") return result @@ -580,8 +589,18 @@ def remove_package(self, host, system, package_uninstall_name=None, use_npm=Fals remove_operation_result = self.run_playbook(host, custom_uninstall_playbook) elif package_uninstall_name: if use_npm: - cmd = f"npm uninstall -g {package_uninstall_name}" - remove_operation_result = self.get_host(host).ansible("shell", cmd, check=False) + if system == 'macos': + cmd = f"PATH=/opt/homebrew/bin:$PATH npm uninstall -g {package_uninstall_name}" + remove_operation_result = self.get_host(host).ansible("shell", cmd, check=False) + elif system == 'windows': + cmd = f"npm uninstall -g {package_uninstall_name}" + remove_operation_result = self.get_host(host).ansible("win_shell", cmd, check=False) + else: + cmd = f"npm uninstall -g {package_uninstall_name}" + remove_operation_result = self.get_host(host).ansible("shell", cmd, check=False) + + logging.info(f"npm package removed result {remove_operation_result}") + return remove_operation_result else: if os_name == 'windows': remove_operation_result = self.get_host(host).ansible("win_command", From 06641b7e1d2fc5ec7f6366dda3b7d90a469575f9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Santiago=20Padilla=20=C3=81lvarez?= Date: Fri, 22 Mar 2024 14:40:54 +0100 Subject: [PATCH 016/115] Helpful comments --- deps/wazuh_testing/wazuh_testing/tools/system.py | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/deps/wazuh_testing/wazuh_testing/tools/system.py b/deps/wazuh_testing/wazuh_testing/tools/system.py index c0d22a7d52..602f8e674e 100644 --- a/deps/wazuh_testing/wazuh_testing/tools/system.py +++ b/deps/wazuh_testing/wazuh_testing/tools/system.py @@ -480,7 +480,7 @@ def install_package(self, host, url, system='ubuntu', use_npm=False): Example: host_manager.install_package('my_host', 'http://example.com/package.deb', system='ubuntu') # To install a package via npm: - host_manager.install_package('my_host', 'package_name', use_npm=True) + host_manager.install_package('my_host', 'package_name', 'system_name', use_npm=True) """ if use_npm: @@ -577,6 +577,8 @@ def remove_package(self, host, system, package_uninstall_name=None, use_npm=Fals Example: host_manager.remove_package('my_host', 'my_package', system='ubuntu') + # To remove a package via npm: + host_manager.remove_package('my_host', 'system_name', 'package_name', use_npm=True) """ logging.info(f"Removing package {package_uninstall_name} from host {host}") logging.info(f"System: {system}") From 3df11bdcc78b04f3a140ccb48839c05cd3d31a90 Mon Sep 17 00:00:00 2001 From: Julia Date: Mon, 25 Mar 2024 16:29:30 +0100 Subject: [PATCH 017/115] fix: fix parser for non packages vulnerabilities --- .../end_to_end/vulnerability_detector.py | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) diff --git a/deps/wazuh_testing/wazuh_testing/end_to_end/vulnerability_detector.py b/deps/wazuh_testing/wazuh_testing/end_to_end/vulnerability_detector.py index 675a0c9bf6..bdbae26990 100644 --- a/deps/wazuh_testing/wazuh_testing/end_to_end/vulnerability_detector.py +++ b/deps/wazuh_testing/wazuh_testing/end_to_end/vulnerability_detector.py @@ -259,8 +259,8 @@ def check_vuln_state_consistency(vulnerabilities_alerts, vulnerabilities_states) if vulnerabilities_states.keys() != vulnerabilities_alerts.keys(): logging.critical("The number of agents is not the same between alerts and states") - agents_in_alerts_states = [agent for agent in vulnerabilities_states.keys() \ - if agent in vulnerabilities_alerts.keys()] + agents_in_alerts_states = [agent for agent in vulnerabilities_states.keys() + if agent in vulnerabilities_alerts.keys()] alerts_not_in_states = [] states_not_in_alerts = [] @@ -305,14 +305,19 @@ def get_vulnerabilities_from_states(vulnerabilities_states: List) -> List: try: vulnerability = Vulnerability( cve=state_vulnerability['_source']['vulnerability']['id'], - package_name=state_vulnerability['_source']['package']['name'], - package_version=state_vulnerability['_source']['package']['version'], - type=state_vulnerability['_source']['pacakge']['type'] if 'type' in state_vulnerability['_source']['vulnerability'] else None, - architecture=state_vulnerability['_source']['package']['architecture'] if 'architecture' in state_vulnerability['_source']['vulnerability'] else None + package_name=(state_vulnerability['_source']['package']['name'] + if 'package' in state_vulnerability['_source'] else None), + package_version=(state_vulnerability['_source']['package']['version'] + if 'package' in state_vulnerability['_source'] else None), + type=(state_vulnerability['_source']['pacakge']['type'] + if 'type' in state_vulnerability['_source']['vulnerability'] else None), + architecture=(state_vulnerability['_source']['package']['architecture'] + if 'architecture' in state_vulnerability['_source']['vulnerability'] else None) ) vulnerabilities.append(vulnerability) except KeyError: logging.error(f"Error parsing vulnerability: {state_vulnerability}") + raise KeyError vulnerabilities = sorted(vulnerabilities, key=lambda x: (x.cve, x.package_name, x.package_version, x.architecture)) From 9512ce2146a17a09437e9be9081a85f49482c50c Mon Sep 17 00:00:00 2001 From: marcos Date: Mon, 25 Mar 2024 16:32:33 +0100 Subject: [PATCH 018/115] fix: add alerts.json to the report --- .../wazuh_testing/end_to_end/logs.py | 15 ++++++++++++ .../test_vulnerability_detector/conftest.py | 23 +++++++++++++------ 2 files changed, 31 insertions(+), 7 deletions(-) diff --git a/deps/wazuh_testing/wazuh_testing/end_to_end/logs.py b/deps/wazuh_testing/wazuh_testing/end_to_end/logs.py index 6387efa55e..c748b9db0b 100644 --- a/deps/wazuh_testing/wazuh_testing/end_to_end/logs.py +++ b/deps/wazuh_testing/wazuh_testing/end_to_end/logs.py @@ -59,3 +59,18 @@ def get_hosts_logs(host_manager: HostManager, host_group: str = 'all') -> Dict[s host_logs[host] = host_manager.get_file_content(host, logs_filepath_os[host_os_name]) return host_logs + +def get_hosts_alerts(host_manager: HostManager, host_group: str = 'all') -> Dict[str, str]: + """ + Get the alerts in the alert.json file from the specified host group. + + Parameters: + - host_manager (HostManager): An instance of the HostManager class for managing remote hosts. + - host_group (str, optional): The name of the host group where the files will be truncated. + Default is 'all'. + """ + host_alerts = {} + for host in host_manager.get_group_hosts(host_group): + host_alerts[host] = host_manager.get_file_content(host, ALERTS_JSON_PATH) + + return host_alerts diff --git a/tests/end_to_end/test_vulnerability_detector/conftest.py b/tests/end_to_end/test_vulnerability_detector/conftest.py index 646ae67040..c057a5606a 100644 --- a/tests/end_to_end/test_vulnerability_detector/conftest.py +++ b/tests/end_to_end/test_vulnerability_detector/conftest.py @@ -42,7 +42,7 @@ def test_example(host_manager): from wazuh_testing.tools.system import HostManager from wazuh_testing.end_to_end.remote_operations_handler import launch_parallel_operations -from wazuh_testing.end_to_end.logs import get_hosts_logs +from wazuh_testing.end_to_end.logs import get_hosts_logs, get_hosts_alerts STYLE_PATH = os.path.join(os.path.dirname(__file__), '../../../deps/wazuh_testing/wazuh_testing/reporting/style.css') @@ -61,17 +61,26 @@ def collect_e2e_environment_data(test_name, host_manager) -> None: """ logging.info("Collecting environment data") environment_logs = get_hosts_logs(host_manager) + environment_alerts = get_hosts_alerts(host_manager) current_dir = os.path.dirname(__file__) - vulnerability_detector_logs_dir = os.path.join(current_dir, "logs") - tests_evidences_directory = os.path.join(str(vulnerability_detector_logs_dir), str(test_name)) + vulnerability_detector_dir = os.path.join(current_dir, "logs") + tests_evidences_directory = os.path.join(str(vulnerability_detector_dir), str(test_name)) for host in environment_logs.keys(): logging.info(f"Collecting logs for {host}") - host_logs_name_evidence = host + "_ossec.log" - evidence_file = os.path.join(tests_evidences_directory, host_logs_name_evidence) - with open(evidence_file, 'w') as evidence_file: - evidence_file.write(environment_logs[host]) + host_logs_name_evidence = host + "_ossec.log" + evidence_log_file = os.path.join(tests_evidences_directory, host_logs_name_evidence) + with open(evidence_log_file, 'w') as evidence_log_file: + evidence_log_file.write(environment_logs[host]) + + for host in environment_alerts.keys(): + logging.info(f"Collecting alerts for {host}") + if host.startswith("manager"): + host_alerts_name_evidence = host + "_alert.json" + evidence_alert_file = os.path.join(tests_evidences_directory, host_alerts_name_evidence) + with open(evidence_alert_file, 'w') as evidence_alert_file: + evidence_alert_file.write(environment_alerts[host]) def collect_evidences(test_name, evidences) -> None: From f9d309d42fc702e7b54e9092fe60a2e52fad77ae Mon Sep 17 00:00:00 2001 From: Julia Date: Mon, 25 Mar 2024 16:35:53 +0100 Subject: [PATCH 019/115] docs: update changelog --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index d904188361..ef105c3340 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -49,6 +49,7 @@ All notable changes to this project will be documented in this file. ### Fixed +- Fix parser for non package vulnerabilities ([#5146](https://github.com/wazuh/wazuh-qa/pull/5146)) \- (Framework) - Fix test_shutdown_message system test ([#5087](https://github.com/wazuh/wazuh-qa/pull/5087)) \- (Tests) - Include timeout to test_authd system tests ([#5083](https://github.com/wazuh/wazuh-qa/pull/5083)) \- (Tests) - Fix Vulnerability Detection mismatch in scans ([#5053](https://github.com/wazuh/wazuh-qa/pull/5053)) \- (Tests) From 73ec330e8a0013e2854a9c037a6e107465792bff Mon Sep 17 00:00:00 2001 From: marcos Date: Mon, 25 Mar 2024 16:49:24 +0100 Subject: [PATCH 020/115] fix: fix a typo error --- tests/end_to_end/test_vulnerability_detector/conftest.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/end_to_end/test_vulnerability_detector/conftest.py b/tests/end_to_end/test_vulnerability_detector/conftest.py index c057a5606a..9e6e396ca6 100644 --- a/tests/end_to_end/test_vulnerability_detector/conftest.py +++ b/tests/end_to_end/test_vulnerability_detector/conftest.py @@ -64,8 +64,8 @@ def collect_e2e_environment_data(test_name, host_manager) -> None: environment_alerts = get_hosts_alerts(host_manager) current_dir = os.path.dirname(__file__) - vulnerability_detector_dir = os.path.join(current_dir, "logs") - tests_evidences_directory = os.path.join(str(vulnerability_detector_dir), str(test_name)) + vulnerability_detector_logs_dir = os.path.join(current_dir, "logs") + tests_evidences_directory = os.path.join(str(vulnerability_detector_logs_dir), str(test_name)) for host in environment_logs.keys(): logging.info(f"Collecting logs for {host}") From b924e9a048a6905ccfb4bac306e5f9f7668bde60 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Santiago=20Padilla=20=C3=81lvarez?= Date: Mon, 25 Mar 2024 17:54:02 +0100 Subject: [PATCH 021/115] Arrangement of returns --- deps/wazuh_testing/wazuh_testing/tools/system.py | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/deps/wazuh_testing/wazuh_testing/tools/system.py b/deps/wazuh_testing/wazuh_testing/tools/system.py index 602f8e674e..8175a96d9d 100644 --- a/deps/wazuh_testing/wazuh_testing/tools/system.py +++ b/deps/wazuh_testing/wazuh_testing/tools/system.py @@ -495,7 +495,6 @@ def install_package(self, host, url, system='ubuntu', use_npm=False): result = self.get_host(host).ansible("shell", cmd, check=False) logging.info(f"npm package installed result {result}") - return result else: result = False @@ -521,7 +520,7 @@ def install_package(self, host, url, system='ubuntu', use_npm=False): logging.info(f"Package installed result {result}") - return result + return result def get_master_ip(self): """ @@ -602,7 +601,6 @@ def remove_package(self, host, system, package_uninstall_name=None, use_npm=Fals remove_operation_result = self.get_host(host).ansible("shell", cmd, check=False) logging.info(f"npm package removed result {remove_operation_result}") - return remove_operation_result else: if os_name == 'windows': remove_operation_result = self.get_host(host).ansible("win_command", @@ -623,7 +621,7 @@ def remove_package(self, host, system, package_uninstall_name=None, use_npm=Fals f"brew uninstall {package_uninstall_name}", check=False) - logging.info(f"Package removed result {remove_operation_result}") + logging.info(f"Package removed result {remove_operation_result}") return remove_operation_result From 2523139d4476d327774a00d907c7f2f49470b5a9 Mon Sep 17 00:00:00 2001 From: marcos Date: Tue, 26 Mar 2024 11:17:06 +0100 Subject: [PATCH 022/115] add: add description to the scan cases test --- .../test_vulnerability_detector.py | 36 +++++++++++++++++-- 1 file changed, 34 insertions(+), 2 deletions(-) diff --git a/tests/end_to_end/test_vulnerability_detector/test_vulnerability_detector.py b/tests/end_to_end/test_vulnerability_detector/test_vulnerability_detector.py index 3756bc15a2..3859c5dc10 100644 --- a/tests/end_to_end/test_vulnerability_detector/test_vulnerability_detector.py +++ b/tests/end_to_end/test_vulnerability_detector/test_vulnerability_detector.py @@ -21,7 +21,7 @@ - test_syscollector_first_scan_index: Validates that the Vulnerability Detector detects vulnerabilities within the environment in the first scan in the index. - test_syscollector_second_scan: Validates the initiation of the second Syscollector scans across all agents in the environment. - tests_syscollector_first_second_scan_consistency_index: Ensure the consistency of the agent's vulnerabilities between the first and second scans in index. - - TestScanSyscollectorCases: Validates the Vulnerability Detector's ability to detect new vulnerabilities in the environment. + - TestScanSyscollectorCases: Validates the Vulnerability Detector's ability to detect new vulnerabilities in the environment for each of the defined cases. Issue: https://github.com/wazuh/wazuh-qa/issues/4369 @@ -556,7 +556,39 @@ def get_results(self): @pytest.mark.parametrize('preconditions, body, teardown', complete_list, ids=list_ids) def test_vulnerability_detector_scans_cases(self, setup_vulnerability_tests, request, preconditions, body, teardown, setup, - host_manager, get_results): + host_manager, get_results): + """ + description: validates the Vulnerability Detector's ability to detect new vulnerabilities in the environment for each of the defined cases. + + This is the main test. It is in charge of executing each of the cases defined in test_vulnerability.yaml, + checking if all agents generate the corresponding vulnerabilities and collecting the results. + + tier: 1 + + parameters: + - setup_vulnerability_tests: + type: fixture + brief: Setup the environment to proceed with the testing + - request: pytest request object + - preconditions: the preconditions within the test cases, if any + - body: the body of the test case, which contains the tasks to be executed + - teardown: the teardown within the test cases, if any + - setup: test setup results, to check if the hosts are setup correctly + - host_manager: + type: fixture + brief: Get the host manager of the environment + - get_results: fixture to get the results of global class tests + + assertions: + - Verify that all the hosts are properly setup. + + cases: None + + tags: + - syscollector + - vulnerability_detector + """ + test_name = request.node.name setup_results = setup From 53b8e4f70595f5df44652fcdb17002e4bee6307c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?V=C3=ADctor=20Rebollo=20P=C3=A9rez?= Date: Tue, 26 Mar 2024 11:22:50 +0000 Subject: [PATCH 023/115] feat: increase timeout to 40 --- .../test_agent_groups/test_assign_agent_to_a_group.py | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/tests/system/test_cluster/test_agent_groups/test_assign_agent_to_a_group.py b/tests/system/test_cluster/test_agent_groups/test_assign_agent_to_a_group.py index 390bbc4525..c5e64523f6 100644 --- a/tests/system/test_cluster/test_agent_groups/test_assign_agent_to_a_group.py +++ b/tests/system/test_cluster/test_agent_groups/test_assign_agent_to_a_group.py @@ -66,7 +66,7 @@ # Variables test_group = 'group_test' -timeout = 25 +timeout = 40 # Tests @@ -107,12 +107,15 @@ def test_assign_agent_to_a_group(agent_target, initial_status, clean_environment restart_cluster(test_infra_agents, host_manager) time.sleep(timeout) + # Check that agent status is active in cluster check_agent_status(agent_id, agent_name, agent_ip, AGENT_STATUS_ACTIVE, host_manager, test_infra_managers) if (initial_status == AGENT_STATUS_DISCONNECTED): host_manager.control_service(host='wazuh-agent1', service=WAZUH_SERVICE_PREFIX, state=WAZUH_SERVICES_STOPPED) + time.sleep(timeout) + check_agent_status(agent_id, agent_name, agent_ip, AGENT_STATUS_DISCONNECTED, host_manager, test_infra_managers) try: @@ -123,6 +126,7 @@ def test_assign_agent_to_a_group(agent_target, initial_status, clean_environment assign_agent_to_new_group('wazuh-master', test_group, agent_id, host_manager) time.sleep(timeout) + # Check that agent has group set to group_test on Managers check_agent_groups(agent_id, test_group, test_infra_managers, host_manager) From 6988bec6761aa26393dcf03a072042f769c3d0a1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?V=C3=ADctor=20Rebollo=20P=C3=A9rez?= Date: Tue, 26 Mar 2024 11:28:51 +0000 Subject: [PATCH 024/115] feat: increase timeout to 40 --- .../test_agent_groups/test_assign_agent_to_a_group_api.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/system/test_cluster/test_agent_groups/test_assign_agent_to_a_group_api.py b/tests/system/test_cluster/test_agent_groups/test_assign_agent_to_a_group_api.py index 0567cb03fe..8b59711001 100644 --- a/tests/system/test_cluster/test_agent_groups/test_assign_agent_to_a_group_api.py +++ b/tests/system/test_cluster/test_agent_groups/test_assign_agent_to_a_group_api.py @@ -63,7 +63,7 @@ tmp_path = os.path.join(local_path, 'tmp') # Variables -timeout = 10 +timeout = 30 test_group = 'group_test' From b8eb2dac1bf42a602c08740e823b38e7d0b79fa9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?V=C3=ADctor=20Rebollo=20P=C3=A9rez?= Date: Tue, 26 Mar 2024 11:46:36 +0000 Subject: [PATCH 025/115] feat: increase timeout to 20 --- .../test_cluster/test_agent_groups/test_group_sync_status.py | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/tests/system/test_cluster/test_agent_groups/test_group_sync_status.py b/tests/system/test_cluster/test_agent_groups/test_group_sync_status.py index 828de1f938..0a0b4f50e3 100644 --- a/tests/system/test_cluster/test_agent_groups/test_group_sync_status.py +++ b/tests/system/test_cluster/test_agent_groups/test_group_sync_status.py @@ -59,7 +59,7 @@ '..', '..', 'provisioning', 'enrollment_cluster', 'roles', 'agent-role', 'files', 'ossec.conf') t1_configuration_parameters, t1_configuration_metadata, t1_case_ids = get_test_cases_data(test_cases_yaml) - +TIMEOUT_SECOND_CHECK = 10 @pytest.fixture() def group_creation_and_assignation(metadata, target_node): @@ -141,6 +141,7 @@ def test_group_sync_status(metadata, target_node, clean_environment, group_creat cluster recreates groups without syncreq status. ''' # Delete group folder + delete_agent_group(metadata['delete_target'], metadata['group_folder_deleted'], host_manager, 'folder') # Set values @@ -174,7 +175,7 @@ def test_group_sync_status(metadata, target_node, clean_environment, group_creat assert metadata['expected_first_check'] == first_time_check - time.sleep(T_5) + time.sleep(TIMEOUT_SECOND_CHECK) # Check after 5 seconds, sync_status if 'syncreq' in execute_wdb_query(query, test_infra_hosts[0], host_manager): From b6095dee555ae73fc578e009ac309ca966906ab2 Mon Sep 17 00:00:00 2001 From: Julia Date: Tue, 26 Mar 2024 16:38:51 +0100 Subject: [PATCH 026/115] fix: fix typo --- .../wazuh_testing/end_to_end/vulnerability_detector.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deps/wazuh_testing/wazuh_testing/end_to_end/vulnerability_detector.py b/deps/wazuh_testing/wazuh_testing/end_to_end/vulnerability_detector.py index bdbae26990..389b324820 100644 --- a/deps/wazuh_testing/wazuh_testing/end_to_end/vulnerability_detector.py +++ b/deps/wazuh_testing/wazuh_testing/end_to_end/vulnerability_detector.py @@ -309,7 +309,7 @@ def get_vulnerabilities_from_states(vulnerabilities_states: List) -> List: if 'package' in state_vulnerability['_source'] else None), package_version=(state_vulnerability['_source']['package']['version'] if 'package' in state_vulnerability['_source'] else None), - type=(state_vulnerability['_source']['pacakge']['type'] + type=(state_vulnerability['_source']['package']['type'] if 'type' in state_vulnerability['_source']['vulnerability'] else None), architecture=(state_vulnerability['_source']['package']['architecture'] if 'architecture' in state_vulnerability['_source']['vulnerability'] else None) From e537ebf391f34cb3a4be20e45fdd28b87f8b7a94 Mon Sep 17 00:00:00 2001 From: marcos Date: Tue, 26 Mar 2024 16:52:16 +0100 Subject: [PATCH 027/115] fix: fix install_package function --- .../end_to_end/remote_operations_handler.py | 48 +++++++++++-------- 1 file changed, 27 insertions(+), 21 deletions(-) diff --git a/deps/wazuh_testing/wazuh_testing/end_to_end/remote_operations_handler.py b/deps/wazuh_testing/wazuh_testing/end_to_end/remote_operations_handler.py index fb2198a9c1..4ad917f2b6 100644 --- a/deps/wazuh_testing/wazuh_testing/end_to_end/remote_operations_handler.py +++ b/deps/wazuh_testing/wazuh_testing/end_to_end/remote_operations_handler.py @@ -164,37 +164,43 @@ def install_package(host: str, operation_data: Dict[str, Dict], host_manager: Ho package_id = None if host_os_name in install_package_data: - if host_os_arch in install_package_data[host_os_name]: - package_id = install_package_data[host_os_name][host_os_arch] - else: - raise ValueError(f"Package for {host_os_name} and {host_os_arch} not found") + try: + if host_os_arch in install_package_data[host_os_name]: + package_id = install_package_data[host_os_name][host_os_arch] + + package_data = load_packages_metadata()[package_id] + package_url = package_data['urls'][host_os_name][host_os_arch] - package_data = load_packages_metadata()[package_id] - package_url = package_data['urls'][host_os_name][host_os_arch] + logging.info(f"Installing package on {host}") + logging.info(f"Package URL: {package_url}") - logging.info(f"Installing package on {host}") - logging.info(f"Package URL: {package_url}") + current_datetime = datetime.utcnow().isoformat() - current_datetime = datetime.utcnow().isoformat() + host_manager.install_package(host, package_url, system) - host_manager.install_package(host, package_url, system) + logging.info(f"Package {package_url} installed on {host}") - logging.info(f"Package {package_url} installed on {host}") + logging.info(f"Package installed on {host}") - logging.info(f"Package installed on {host}") + results['checks']['all_successfull'] = True - results['checks']['all_successfull'] = True + wait_is_required = 'check' in operation_data and (operation_data['check']['alerts'] or + operation_data['check']['state_index'] or + operation_data['check']['no_alerts'] or + operation_data['check']['no_indices']) - wait_is_required = 'check' in operation_data and (operation_data['check']['alerts'] or - operation_data['check']['state_index'] or - operation_data['check']['no_alerts'] or - operation_data['check']['no_indices']) + if wait_is_required: + wait_syscollector_and_vuln_scan(host_manager, host, operation_data, current_datetime) - if wait_is_required: - wait_syscollector_and_vuln_scan(host_manager, host, operation_data, current_datetime) + check_vulnerability_alerts(results, operation_data['check'], current_datetime, host_manager, host, + package_data, operation='install') + + else: + logging.error(f"Package for {host_os_name} and {host_os_arch} not found") + + except Exception as e: + logging.critical(f"Error searching package: {e}") - check_vulnerability_alerts(results, operation_data['check'], current_datetime, host_manager, host, - package_data, operation='install') else: logging.info(f"No operation to perform on {host}") From cb71001f4db7f813bdac4e54bbe84b3265935a4e Mon Sep 17 00:00:00 2001 From: Julia Date: Tue, 26 Mar 2024 18:11:12 +0100 Subject: [PATCH 028/115] fix: filter by timestamp --- .../end_to_end/remote_operations_handler.py | 10 ++-- .../wazuh_testing/end_to_end/waiters.py | 3 +- .../test_vulnerability_detector.py | 50 ++++++++++++------- 3 files changed, 38 insertions(+), 25 deletions(-) diff --git a/deps/wazuh_testing/wazuh_testing/end_to_end/remote_operations_handler.py b/deps/wazuh_testing/wazuh_testing/end_to_end/remote_operations_handler.py index fb2198a9c1..7a336dfa2c 100644 --- a/deps/wazuh_testing/wazuh_testing/end_to_end/remote_operations_handler.py +++ b/deps/wazuh_testing/wazuh_testing/end_to_end/remote_operations_handler.py @@ -22,7 +22,7 @@ """ import logging from typing import Dict, List -from datetime import datetime +from datetime import datetime, timezone from concurrent.futures import ThreadPoolExecutor from wazuh_testing.end_to_end.waiters import wait_syscollector_and_vuln_scan @@ -175,7 +175,7 @@ def install_package(host: str, operation_data: Dict[str, Dict], host_manager: Ho logging.info(f"Installing package on {host}") logging.info(f"Package URL: {package_url}") - current_datetime = datetime.utcnow().isoformat() + current_datetime = datetime.now(timezone.utc).isoformat()[:-6] host_manager.install_package(host, package_url, system) @@ -246,7 +246,7 @@ def remove_package(host: str, operation_data: Dict[str, Dict], host_manager: Hos package_data = load_packages_metadata()[package_id] - current_datetime = datetime.utcnow().isoformat() + current_datetime = datetime.now(timezone.utc).isoformat()[:-6] logging.info(f"Removing package on {host}") if 'uninstall_name' in package_data: @@ -335,7 +335,7 @@ def update_package(host: str, operation_data: Dict[str, Dict], host_manager: Hos logging.info(f"Installing package on {host}") logging.info(f"Package URL: {package_url_to}") - current_datetime = datetime.utcnow().isoformat() + current_datetime = datetime.now(timezone.utc).isoformat()[:-6] host_manager.install_package(host, package_url_to, system) logging.info(f"Package {package_url_to} installed on {host}") @@ -369,7 +369,7 @@ def launch_remote_sequential_operation_on_agent(agent: str, task_list: List[Dict host_manager (HostManager): An instance of the HostManager class containing information about hosts. """ # Convert datetime to Unix timestamp (integer) - timestamp = datetime.utcnow().isoformat() + timestamp = datetime.now(timezone.utc).isoformat()[:-6] if task_list: for task in task_list: diff --git a/deps/wazuh_testing/wazuh_testing/end_to_end/waiters.py b/deps/wazuh_testing/wazuh_testing/end_to_end/waiters.py index a118445f34..d6e4679ac8 100644 --- a/deps/wazuh_testing/wazuh_testing/end_to_end/waiters.py +++ b/deps/wazuh_testing/wazuh_testing/end_to_end/waiters.py @@ -80,7 +80,8 @@ def wait_syscollector_and_vuln_scan(host_manager: HostManager, host: str, opera [get_event_regex({'event': 'syscollector_scan_start'}), get_event_regex({'event': 'syscollector_scan_end'})], [timeout_syscollector_scan, timeout_syscollector_scan], - host_manager.get_group_hosts('agent')) + host_manager.get_group_hosts('agent'), + greater_than_timestamp=current_datetime) truncate_remote_host_group_files(host_manager, host_manager.get_group_hosts('agent')) diff --git a/tests/end_to_end/test_vulnerability_detector/test_vulnerability_detector.py b/tests/end_to_end/test_vulnerability_detector/test_vulnerability_detector.py index 3756bc15a2..f65c136efb 100644 --- a/tests/end_to_end/test_vulnerability_detector/test_vulnerability_detector.py +++ b/tests/end_to_end/test_vulnerability_detector/test_vulnerability_detector.py @@ -142,7 +142,7 @@ def setup_vulnerability_tests(host_manager: HostManager) -> Generator: logger.error("Restarting managers") host_manager.control_environment('restart', ['manager']) - utc_now_timestamp = datetime.datetime.utcnow() + utc_now_timestamp = datetime.datetime.now(datetime.timezone.utc) # Format the date and time as per the given format test_timestamp = utc_now_timestamp.strftime("%Y-%m-%dT%H:%M:%SZ") @@ -310,7 +310,10 @@ def test_syscollector_first_scan_index(self, request, host_manager, setup_vulner time.sleep(TIMEOUT_PER_AGENT_VULNERABILITY_SCAN * len(agents_to_check)) for agent in agents_to_check: - agent_all_vulnerabilities = get_indexer_values(host_manager, greater_than_timestamp=setup_vulnerability_tests, agent=agent, index='wazuh-states-vulnerabilities',)['hits']['hits'] + agent_all_vulnerabilities = get_indexer_values(host_manager, + greater_than_timestamp=setup_vulnerability_tests, + agent=agent, + index='wazuh-states-vulnerabilities',)['hits']['hits'] vuln_by_agent_index[agent] = agent_all_vulnerabilities @@ -464,30 +467,36 @@ def tests_syscollector_first_second_scan_consistency_index(self, request, host_m vuln_by_agent_index_second_scan = {} for agent in host_manager.get_group_hosts('agent'): agent_all_vulnerabilities = get_indexer_values(host_manager, - greater_than_timestamp=setup_vulnerability_tests, - index='wazuh-states-vulnerabilities', - agent=agent)['hits']['hits'] + greater_than_timestamp=setup_vulnerability_tests, + index='wazuh-states-vulnerabilities', + agent=agent)['hits']['hits'] # Only is expected alert of affected vulnerabilities vuln_by_agent_index_second_scan[agent] = agent_all_vulnerabilities test_result['evidences']['vulnerabilities_index_second_scan'] = vuln_by_agent_index_second_scan # Calculate differences between first and second scan - agent_not_found_in_first_scan = list(set(vuln_by_agent_index_second_scan.keys()) - set(results['vulnerabilities_index_first_scan'].keys())) - agent_not_found_in_second_scan = list(set(results['vulnerabilities_index_first_scan'].keys()) - set(vuln_by_agent_index_second_scan.keys())) + agent_not_found_in_first_scan = (list(set(vuln_by_agent_index_second_scan.keys()) - + set(results['vulnerabilities_index_first_scan'].keys()))) + agent_not_found_in_second_scan = (list(set(results['vulnerabilities_index_first_scan'].keys()) - + set(vuln_by_agent_index_second_scan.keys()))) - agent_found_in_all_scans = set(vuln_by_agent_index_second_scan.keys()) & set(results['vulnerabilities_index_first_scan'].keys()) + agent_found_in_all_scans = (set(vuln_by_agent_index_second_scan.keys()) & + set(results['vulnerabilities_index_first_scan'].keys())) vulnerabilities_not_found_in_first_scan = {} vulnerabilities_not_found_in_second_scan = {} for agent in agent_found_in_all_scans: vulnerabilities_second_scan = get_vulnerabilities_from_states(vuln_by_agent_index_second_scan[agent]) - vulnerabilities_first_scan = get_vulnerabilities_from_states(results['vulnerabilities_index_first_scan'][agent]) - + vulnerabilities_first_scan = get_vulnerabilities_from_states( + results['vulnerabilities_index_first_scan'][agent]) + # Calculate differences between first and second scan - vulnerabilities_not_found_second_scan = list(set(vulnerabilities_first_scan) - set(vulnerabilities_second_scan)) - vulnerabilities_not_found_first_scan = list(set(vulnerabilities_second_scan) - set(vulnerabilities_first_scan)) + vulnerabilities_not_found_second_scan = (list(set(vulnerabilities_first_scan) - + set(vulnerabilities_second_scan))) + vulnerabilities_not_found_first_scan = (list(set(vulnerabilities_second_scan) - + set(vulnerabilities_first_scan))) # Change to dict to be able to serialize vulnerabilities_not_found_first_scan = [vuln._asdict() for vuln in vulnerabilities_not_found_first_scan] @@ -498,8 +507,9 @@ def tests_syscollector_first_second_scan_consistency_index(self, request, host_m if len(vulnerabilities_not_found_first_scan) > 0: vulnerabilities_not_found_in_first_scan[agent] = vulnerabilities_not_found_first_scan - # Check if agents are the same in both scans - if len(agent_found_in_all_scans) != len(vuln_by_agent_index_second_scan) != len(results['vulnerabilities_index_first_scan']): + # Check if agents are the same in both scans + if (len(agent_found_in_all_scans) != len(vuln_by_agent_index_second_scan) != + len(results['vulnerabilities_index_first_scan'])): test_result['checks']['all_successfull'] = False logging.critical("Inconsistencies found between first and second scan in the index. Different agents found") if len(agent_not_found_in_first_scan) > 0: @@ -517,13 +527,15 @@ def tests_syscollector_first_second_scan_consistency_index(self, request, host_m test_result['evidences']['vulnerabilities_not_found_in_first_scan'] = vulnerabilities_not_found_in_first_scan if vulnerabilities_not_found_in_second_scan: - logging.critical(f"Vulnerabilities not found in second scan: {vulnerabilities_not_found_in_second_scan}") + logging.critical("Vulnerabilities not found in second scan: " + f"{vulnerabilities_not_found_in_second_scan}") test_result['evidences']['vulnerabilities_not_found_in_second_scan'] = vulnerabilities_not_found_in_second_scan - + results[test_name] = test_result if not test_result['checks']['all_successfull']: - logging_message = "Inconsistencies found between first and second scan in the index. Check evidences for more information" + logging_message = "Inconsistencies found between first and second scan in the index." \ + "Check evidences for more information" logger.critical(logging_message) pytest.fail(logging_message) @@ -555,8 +567,8 @@ def get_results(self): return self.results @pytest.mark.parametrize('preconditions, body, teardown', complete_list, ids=list_ids) - def test_vulnerability_detector_scans_cases(self, setup_vulnerability_tests, request, preconditions, body, teardown, setup, - host_manager, get_results): + def test_vulnerability_detector_scans_cases(self, setup_vulnerability_tests, request, preconditions, body, teardown, + setup, host_manager, get_results): test_name = request.node.name setup_results = setup From ce6cff7604773ba95c6092912aaff3b790ed3194 Mon Sep 17 00:00:00 2001 From: marcos Date: Wed, 27 Mar 2024 10:35:05 +0100 Subject: [PATCH 029/115] fix: fix in remove_package and update_package funtions --- .../end_to_end/remote_operations_handler.py | 106 ++++++++++-------- 1 file changed, 60 insertions(+), 46 deletions(-) diff --git a/deps/wazuh_testing/wazuh_testing/end_to_end/remote_operations_handler.py b/deps/wazuh_testing/wazuh_testing/end_to_end/remote_operations_handler.py index 4ad917f2b6..70a1eff200 100644 --- a/deps/wazuh_testing/wazuh_testing/end_to_end/remote_operations_handler.py +++ b/deps/wazuh_testing/wazuh_testing/end_to_end/remote_operations_handler.py @@ -245,33 +245,38 @@ def remove_package(host: str, operation_data: Dict[str, Dict], host_manager: Hos package_id = None if host_os_name in package_data: - if host_os_arch in package_data[host_os_name]: - package_id = package_data[host_os_name][host_os_arch] - else: - raise ValueError(f"Package for {host_os_name} and {host_os_arch} not found") + try: + if host_os_arch in package_data[host_os_name]: + package_id = package_data[host_os_name][host_os_arch] - package_data = load_packages_metadata()[package_id] + package_data = load_packages_metadata()[package_id] - current_datetime = datetime.utcnow().isoformat() + current_datetime = datetime.utcnow().isoformat() - logging.info(f"Removing package on {host}") - if 'uninstall_name' in package_data: - uninstall_name = package_data['uninstall_name'] - host_manager.remove_package(host, system, package_uninstall_name=uninstall_name) - elif 'uninstall_custom_playbook' in package_data: - host_manager.remove_package(host, system, - custom_uninstall_playbook=package_data['uninstall_custom_playbook']) + logging.info(f"Removing package on {host}") + if 'uninstall_name' in package_data: + uninstall_name = package_data['uninstall_name'] + host_manager.remove_package(host, system, package_uninstall_name=uninstall_name) + elif 'uninstall_custom_playbook' in package_data: + host_manager.remove_package(host, system, + custom_uninstall_playbook=package_data['uninstall_custom_playbook']) - wait_is_required = 'check' in operation_data and (operation_data['check']['alerts'] or - operation_data['check']['state_index'] or - operation_data['check']['no_alerts'] or - operation_data['check']['no_indices']) + wait_is_required = 'check' in operation_data and (operation_data['check']['alerts'] or + operation_data['check']['state_index'] or + operation_data['check']['no_alerts'] or + operation_data['check']['no_indices']) - if wait_is_required: - wait_syscollector_and_vuln_scan(host_manager, host, operation_data, current_datetime) + if wait_is_required: + wait_syscollector_and_vuln_scan(host_manager, host, operation_data, current_datetime) - check_vulnerability_alerts(results, operation_data['check'], current_datetime, host_manager, host, - package_data, operation='remove') + check_vulnerability_alerts(results, operation_data['check'], current_datetime, host_manager, host, + package_data, operation='remove') + + else: + logging.error(f"Package for {host_os_name} and {host_os_arch} not found") + + except Exception as e: + logging.critical(f"Error searching package: {e}") else: logging.info(f"No operation to perform on {host}") @@ -322,41 +327,50 @@ def update_package(host: str, operation_data: Dict[str, Dict], host_manager: Hos package_id_to = None if host_os_name in install_package_data_from: - if host_os_arch in install_package_data_from[host_os_name]: - package_id_from = install_package_data_from[host_os_name][host_os_arch] - else: - raise ValueError(f"Package for {host_os_name} and {host_os_arch} not found") + try: + if host_os_arch in install_package_data_from[host_os_name]: + package_id_from = install_package_data_from[host_os_name][host_os_arch] + else: + logging.error(f"Package for {host_os_name} and {host_os_arch} not found") + except Exception as e: + logging.critical(f"Error searching package: {e}") if host_os_name in install_package_data_to: - if host_os_arch in install_package_data_to[host_os_name]: - package_id_to = install_package_data_to[host_os_name][host_os_arch] - else: - raise ValueError(f"Package for {host_os_name} and {host_os_arch} not found") + try: + if host_os_arch in install_package_data_to[host_os_name]: + package_id_to = install_package_data_to[host_os_name][host_os_arch] + + package_data_from = load_packages_metadata()[package_id_from] + package_data_to = load_packages_metadata()[package_id_to] - package_data_from = load_packages_metadata()[package_id_from] - package_data_to = load_packages_metadata()[package_id_to] + package_url_to = package_data_to['urls'][host_os_name][host_os_arch] - package_url_to = package_data_to['urls'][host_os_name][host_os_arch] + logging.info(f"Installing package on {host}") + logging.info(f"Package URL: {package_url_to}") - logging.info(f"Installing package on {host}") - logging.info(f"Package URL: {package_url_to}") + current_datetime = datetime.utcnow().isoformat() + host_manager.install_package(host, package_url_to, system) - current_datetime = datetime.utcnow().isoformat() - host_manager.install_package(host, package_url_to, system) + logging.info(f"Package {package_url_to} installed on {host}") - logging.info(f"Package {package_url_to} installed on {host}") + logging.info(f"Package installed on {host}") - logging.info(f"Package installed on {host}") + wait_is_required = 'check' in operation_data and (operation_data['check']['alerts'] or + operation_data['check']['state_index'] or + operation_data['check']['no_alerts'] or + operation_data['check']['no_indices']) + if wait_is_required: + wait_syscollector_and_vuln_scan(host_manager, host, operation_data, current_datetime) - wait_is_required = 'check' in operation_data and (operation_data['check']['alerts'] or - operation_data['check']['state_index'] or - operation_data['check']['no_alerts'] or - operation_data['check']['no_indices']) - if wait_is_required: - wait_syscollector_and_vuln_scan(host_manager, host, operation_data, current_datetime) + check_vulnerability_alerts(results, operation_data['check'], current_datetime, host_manager, host, + {'from': package_data_from, 'to': package_data_to}, operation='update') + + else: + logging.error(f"Package for {host_os_name} and {host_os_arch} not found") + + except Exception as e: + logging.critical(f"Error searching package: {e}") - check_vulnerability_alerts(results, operation_data['check'], current_datetime, host_manager, host, - {'from': package_data_from, 'to': package_data_to}, operation='update') else: logging.info(f"No operation to perform on {host}") From 4acf9b17f3ceeb9753b866939443e5fa3901b93d Mon Sep 17 00:00:00 2001 From: Julia Date: Wed, 27 Mar 2024 11:27:32 +0100 Subject: [PATCH 030/115] fix: fix linter errors --- .../test_vulnerability_detector.py | 22 ++++++++++--------- 1 file changed, 12 insertions(+), 10 deletions(-) diff --git a/tests/end_to_end/test_vulnerability_detector/test_vulnerability_detector.py b/tests/end_to_end/test_vulnerability_detector/test_vulnerability_detector.py index f65c136efb..a1c7e9564d 100644 --- a/tests/end_to_end/test_vulnerability_detector/test_vulnerability_detector.py +++ b/tests/end_to_end/test_vulnerability_detector/test_vulnerability_detector.py @@ -15,13 +15,18 @@ The verification of vulnerabilities is conducted through Vulnerabilities Index and API endpoint Additionally, the tests ensure the consistency of these values. -Tests: - - TestInitialScans: Validates the initiation of Syscollector scans across all agents in the environment. - - test_syscollector_first_scan: Validates the initiation of the first Syscollector scans across all agents in the environment. - - test_syscollector_first_scan_index: Validates that the Vulnerability Detector detects vulnerabilities within the environment in the first scan in the index. - - test_syscollector_second_scan: Validates the initiation of the second Syscollector scans across all agents in the environment. - - tests_syscollector_first_second_scan_consistency_index: Ensure the consistency of the agent's vulnerabilities between the first and second scans in index. - - TestScanSyscollectorCases: Validates the Vulnerability Detector's ability to detect new vulnerabilities in the environment. +Tests: + - TestInitialScans: Validates the initiation of Syscollector scans across all agents in the environment. + - test_syscollector_first_scan: Validates the initiation of the first Syscollector scans across all agents in + the environment. + - test_syscollector_first_scan_index: Validates that the Vulnerability Detector detects vulnerabilities within + the environment in the first scan in the index. + - test_syscollector_second_scan: Validates the initiation of the second Syscollector scans across all agents in + the environment. + - tests_syscollector_first_second_scan_consistency_index: Ensure the consistency of the agent's vulnerabilities + between the first and second scans in index. + - TestScanSyscollectorCases: Validates the Vulnerability Detector's ability to detect new vulnerabilities in the + environment. Issue: https://github.com/wazuh/wazuh-qa/issues/4369 @@ -253,7 +258,6 @@ def test_syscollector_first_scan(self, request, host_manager, setup_vulnerabilit else: logger.critical("All agents has been scanned") - def test_syscollector_first_scan_index(self, request, host_manager, setup_vulnerability_tests, get_results): """ description: Validates that the Vulnerability Detector detects vulnerabilities within the environment in the @@ -341,7 +345,6 @@ def test_syscollector_first_scan_index(self, request, host_manager, setup_vulner else: logger.critical("All agents has been scanned and updated states index") - def test_syscollector_second_scan(self, request, host_manager, setup_vulnerability_tests, get_results): """ description: Validates the initiation of the second Syscollector scans across all agents in the environment. @@ -416,7 +419,6 @@ def test_syscollector_second_scan(self, request, host_manager, setup_vulnerabili else: logger.critical("Syscollector scan started in all agents") - def tests_syscollector_first_second_scan_consistency_index(self, request, host_manager, setup_vulnerability_tests, get_results): """ From 2abdb1dd27c83405a3cbadc7382956291c2a7fa1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Santiago=20Padilla=20=C3=81lvarez?= Date: Wed, 27 Mar 2024 11:28:11 +0100 Subject: [PATCH 031/115] npm preinstalled on macos for testing --- .../test_vulnerability_detector.py | 23 +++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/tests/end_to_end/test_vulnerability_detector/test_vulnerability_detector.py b/tests/end_to_end/test_vulnerability_detector/test_vulnerability_detector.py index 3756bc15a2..5d4a5c0179 100644 --- a/tests/end_to_end/test_vulnerability_detector/test_vulnerability_detector.py +++ b/tests/end_to_end/test_vulnerability_detector/test_vulnerability_detector.py @@ -109,6 +109,29 @@ def load_vulnerability_detector_configurations(host_manager): return configurations +@pytest.fixture(scope='module') +def install_npm(host_manager: HostManager): + """Ensure npm is installed on macOS agents""" + for host in host_manager.get_group_hosts('agent'): + os_type = host_manager.get_host_variables(host).get('os') + + if os_type.startswith('macos'): + + nvm_install_and_use_command = ( + "sudo -iu vagrant /bin/bash -c '" + "export NVM_DIR=\"$HOME/.nvm\" && " + "curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.39.7/install.sh | bash && " + "echo export NVM_DIR=\\\"$HOME/.nvm\\\" >> $HOME/.zshrc && " + "echo [ -s \\\"$NVM_DIR/nvm.sh\\\" ] '&&' . \\\"$NVM_DIR/nvm.sh\\\" >> $HOME/.zshrc && " + "echo [ -s \\\"$NVM_DIR/bash_completion\\\" ] '&&' . \\\"$NVM_DIR/bash_completion\\\" >> $HOME/.zshrc && " + ". \\\"$NVM_DIR/nvm.sh\\\" && " + "nvm install 21 && " + "nvm use 21'" + ) + + logger.info(f"Installing nvm and Node.js for vagrant user on {host}") + install_result = host_manager.get_host(host).ansible("shell", nvm_install_and_use_command, check=False) + logger.info(f"nvm and Node.js installation and use result on {host}: {install_result}") @pytest.fixture(scope='module') def setup_vulnerability_tests(host_manager: HostManager) -> Generator: From a1efcb89ca6e09c313046ccf6fbe880bbadb786f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Santiago=20Padilla=20=C3=81lvarez?= Date: Wed, 27 Mar 2024 12:41:37 +0100 Subject: [PATCH 032/115] Condition if npm is installed --- .../test_vulnerability_detector.py | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/tests/end_to_end/test_vulnerability_detector/test_vulnerability_detector.py b/tests/end_to_end/test_vulnerability_detector/test_vulnerability_detector.py index 5d4a5c0179..cb15ae4e93 100644 --- a/tests/end_to_end/test_vulnerability_detector/test_vulnerability_detector.py +++ b/tests/end_to_end/test_vulnerability_detector/test_vulnerability_detector.py @@ -117,6 +117,11 @@ def install_npm(host_manager: HostManager): if os_type.startswith('macos'): + nvm_check_command = "source ~/.zshrc && command -v nvm" + nvm_check_result = host_manager.get_host(host).ansible("shell", f"sudo -iu vagrant /bin/zsh -c '{nvm_check_command}'", check=False) + + if nvm_check_result['stdout'] == '': + nvm_install_and_use_command = ( "sudo -iu vagrant /bin/bash -c '" "export NVM_DIR=\"$HOME/.nvm\" && " @@ -133,6 +138,9 @@ def install_npm(host_manager: HostManager): install_result = host_manager.get_host(host).ansible("shell", nvm_install_and_use_command, check=False) logger.info(f"nvm and Node.js installation and use result on {host}: {install_result}") + else: + logger.info(f"nvm is already installed on {host}") + @pytest.fixture(scope='module') def setup_vulnerability_tests(host_manager: HostManager) -> Generator: """Setup the vulnerability tests environment From df55451c4713c3655d69630a6db573a5ee0f5fc0 Mon Sep 17 00:00:00 2001 From: Julia Date: Wed, 27 Mar 2024 12:48:51 +0100 Subject: [PATCH 033/115] fix: add timeouterror in waiters --- deps/wazuh_testing/wazuh_testing/end_to_end/waiters.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/deps/wazuh_testing/wazuh_testing/end_to_end/waiters.py b/deps/wazuh_testing/wazuh_testing/end_to_end/waiters.py index d6e4679ac8..37d742a92f 100644 --- a/deps/wazuh_testing/wazuh_testing/end_to_end/waiters.py +++ b/deps/wazuh_testing/wazuh_testing/end_to_end/waiters.py @@ -45,7 +45,7 @@ def wait_until_vd_is_updated(host_manager: HostManager) -> None: monitoring_data = generate_monitoring_logs(host_manager, ["INFO: Vulnerability scanner module started"], [VD_FEED_UPDATE_TIMEOUT], host_manager.get_group_hosts('manager')) - monitoring_events_multihost(host_manager, monitoring_data) + monitoring_events_multihost(host_manager, monitoring_data, ignore_timeout_error=False) def wait_until_vuln_scan_agents_finished(host_manager: HostManager) -> None: @@ -85,7 +85,7 @@ def wait_syscollector_and_vuln_scan(host_manager: HostManager, host: str, opera truncate_remote_host_group_files(host_manager, host_manager.get_group_hosts('agent')) - monitoring_events_multihost(host_manager, monitoring_data) + monitoring_events_multihost(host_manager, monitoring_data, ignore_timeout_error=False) logging.info(f"Waiting for vulnerability scan to finish on {host}") From 9383e98f230cffec58ca9cabf9d2925829a920f5 Mon Sep 17 00:00:00 2001 From: Julia Date: Wed, 27 Mar 2024 15:16:40 +0100 Subject: [PATCH 034/115] fix: update grafana package --- .../cases/test_vulnerability.yaml | 84 +++++++++---------- 1 file changed, 41 insertions(+), 43 deletions(-) diff --git a/tests/end_to_end/test_vulnerability_detector/cases/test_vulnerability.yaml b/tests/end_to_end/test_vulnerability_detector/cases/test_vulnerability.yaml index 899493aa06..6597f2006f 100644 --- a/tests/end_to_end/test_vulnerability_detector/cases/test_vulnerability.yaml +++ b/tests/end_to_end/test_vulnerability_detector/cases/test_vulnerability.yaml @@ -2,13 +2,13 @@ id: install_package description: | Installation of a vulnerable package - macos: + macos: Used Packages: Node 17.0.1 - PKG Format CVES: amd64: ["CVE-2022-21824", "CVE-2022-0778", "CVE-2021-44533", "CVE-2021-44532", "CVE-2021-44531", "CVE-2021-4044"], arm64v8: ["CVE-2022-21824", "CVE-2022-0778", "CVE-2021-44533", "CVE-2021-44532", "CVE-2021-44531", "CVE-2021-4044"], windows: - Used Packages: Node 17.0.1 - Exe Format + Used Packages: Node 17.0.1 - Exe Format CVE: ["CVE-2022-21824", "CVE-2022-0778", "CVE-2021-44533", "CVE-2021-44532", "CVE-2021-44531", "CVE-2021-4044"], ubuntu: Used Packages: Grafana 8.5.5 - .deb Format @@ -40,13 +40,13 @@ id: remove_package description: | Removal of a vulnerable package - macos: + macos: Used Packages: Node 17.0.1 - PKG Format CVES Expected to mitigate: ["CVE-2022-21824", "CVE-2022-0778", "CVE-2021-44533", "CVE-2021-44532", "CVE-2021-44531", "CVE-2021-4044"], windows: - Used Packages: Node 17.0.1 - Exe Format - CVES Expected to mitigate: + Used Packages: Node 17.0.1 - Exe Format + CVES Expected to mitigate: ["CVE-2022-21824", "CVE-2022-0778", "CVE-2021-44533", "CVE-2021-44532", "CVE-2021-44531", "CVE-2021-4044"], ubuntu: Used Packages: Grafana 8.5.5 - .deb Format @@ -80,13 +80,13 @@ id: upgrade_package_maintain_vulnerability description: | Upgrade of a vulnerable package which maintain vulnerability - macos: + macos: Used Packages: Node 17.1.0 - PKG Format CVES: amd64: ["CVE-2022-21824", "CVE-2022-0778", "CVE-2021-44533", "CVE-2021-44532", "CVE-2021-44531", "CVE-2021-4044"], arm64v8: ["CVE-2022-21824", "CVE-2022-0778", "CVE-2021-44533", "CVE-2021-44532", "CVE-2021-44531", "CVE-2021-4044"], windows: - Used Packages: Node 17.1.0 - Exe Format + Used Packages: Node 17.1.0 - Exe Format CVE: ["CVE-2022-21824", "CVE-2022-0778", "CVE-2021-44533", "CVE-2021-44532", "CVE-2021-44531", "CVE-2021-4044"], ubuntu: Used Packages: Grafana 8.5.6 - .deb Format @@ -150,11 +150,11 @@ id: upgrade_package_maintain_add_vulnerability description: | Upgrade of a vulnerable package which include a new vulnerability - macos: + macos: Used Packages: Node 18.11.0 - PKG Format CVES: ["CVE-2023-38552", "CVE-2023-32559", "CVE-2023-32006", "CVE-2023-32002", "CVE-2023-30590", "CVE-2023-30588", "CVE-2023-30585", "CVE-2023-30581", "CVE-2023-23920", "CVE-2023-23919", "CVE-2023-23918", "CVE-2022-32222"], windows: - Used Packages: Node 18.0.0 - Exe Format + Used Packages: Node 18.0.0 - Exe Format CVE: ["CVE-2023-38552", "CVE-2023-32559", "CVE-2023-32006", "CVE-2023-32002", "CVE-2023-30590", "CVE-2023-30589", "CVE-2023-30588", "CVE-2023-30585", "CVE-2023-30581", "CVE-2023-23920", "CVE-2023-23919", "CVE-2023-23918", "CVE-2022-43548", "CVE-2022-35256", "CVE-2022-35255", "CVE-2022-32223", "CVE-2022-32222", "CVE-2022-32215", "CVE-2022-32214", "CVE-2022-32213", "CVE-2022-32212", "CVE-2022-3786", "CVE-2022-3602"], ubuntu: Used Packages: Grafana 9.1.1 - .deb Format @@ -195,24 +195,24 @@ macos: amd64: node-v18.11.0 arm64v8: node-v18.11.0 - + - case: 'Upgrade: Maintain and new vulnerability ' id: upgrade_package_maintain_add_vulnerability description: > Upgrade of a vulnerable package which maintain vulnerabilities and include new ones - macos: + macos: Used Packages: Node 18.12.0 - PKG Format CVE: ["CVE-2023-44487", "CVE-2023-38552", "CVE-2023-32002", "CVE-2023-30590", "CVE-2023-30588", "CVE-2023-30585", "CVE-2023-23936", "CVE-2023-23920", "CVE-2023-23919", "CVE-2023-23918", "CVE-2022-43548", "CVE-2022-3786", "CVE-2022-3602"], windows: - Used Packages: Node 18.1.0 - Exe Format + Used Packages: Node 18.1.0 - Exe Format CVE: ["CVE-2023-38552", "CVE-2023-32559", "CVE-2023-32006", "CVE-2023-32002", "CVE-2023-30590", "CVE-2023-30588", "CVE-2023-30585", "CVE-2023-30581", "CVE-2023-23920", "CVE-2023-23919", "CVE-2023-23918", "CVE-2022-43548", "CVE-2022-35256", "CVE-2022-35255", "CVE-2022-32222", "CVE-2022-32215", "CVE-2022-32214", "CVE-2022-32213", "CVE-2022-32212", "CVE-2022-3786", "CVE-2022-3602"], ubuntu: - Used Packages: Grafana 9.1.1 - .deb Format - CVE: ["CVE-2023-2183", "CVE-2023-1387", "CVE-2022-39324", "CVE-2022-39307", "CVE-2022-39306", "CVE-2022-39229", "CVE-2022-39201", "CVE-2022-36062", "CVE-2022-35957", "CVE-2022-31130", "CVE-2022-31123", "CVE-2022-23552", "CVE-2022-23498"], + Used Packages: Grafana 9.2.0 - .deb Format + CVE: ["CVE-2023-3128", "CVE-2023-22462", "CVE-2023-2183", "CVE-2023-1410", "CVE-2023-1387", "CVE-2023-0594", "CVE-2023-0507", "CVE-2022-39328", "CVE-2022-39324", "CVE-2022-39307", "CVE-2022-39306", "CVE-2022-23552", "CVE-2022-23498"], centos: - Used Packages: Grafana 9.1.1 - .rpm Format + Used Packages: Grafana 9.2.0 - .rpm Format CVE: ["CVE-2023-2183", "CVE-2023-1387", "CVE-2022-39324", "CVE-2022-39307", "CVE-2022-39306", "CVE-2022-39229", "CVE-2022-39201", "CVE-2022-36062", "CVE-2022-35957", "CVE-2022-31130", "CVE-2022-31123", "CVE-2022-23552", "CVE-2022-23498"], preconditions: null body: @@ -225,11 +225,11 @@ package: from: centos: - amd64: grafana-8.5.6-1 - arm64v8: grafana-8.5.6-1 + amd64: grafana-9.1.1-1 + arm64v8: grafana-9.1.1-1 ubuntu: - amd64: grafana-8.5.6 - arm64v8: grafana-8.5.6 + amd64: grafana-9.1.1 + arm64v8: grafana-9.1.1 windows: amd64: node-v18.0.0 macos: @@ -237,26 +237,26 @@ arm64v8: node-v18.11.0 to: centos: - amd64: grafana-9.1.1-1 - arm64v8: grafana-9.1.1-1 + amd64: grafana-9.2.0-1 + arm64v8: grafana-9.2.0-1 ubuntu: - amd64: grafana-9.1.1 - arm64v8: grafana-9.1.1 + amd64: grafana-9.2.0 + arm64v8: grafana-9.2.0 windows: amd64: node-v18.1.0 macos: amd64: node-v18.12.0 arm64v8: node-v18.12.0 - + - case: 'Upgrade: Cease vulnerability' id: upgrade_package_remove_vulnerability description: | Upgrade of a vulnerable which cease to be vulnerable - macos: + macos: Used Packages: Node 19.5.0 - PKG Format CVE: [], windows: - Used Packages: Node 19.5.0 - Exe Format + Used Packages: Node 19.5.0 - Exe Format CVE: [], ubuntu: Used Packages: Grafana 9.4.17 - .deb Format @@ -275,11 +275,11 @@ package: from: centos: - amd64: grafana-9.1.1-1 - arm64v8: grafana-9.1.1-1 + amd64: grafana-9.2.0-1 + arm64v8: grafana-9.2.0-1 ubuntu: - amd64: grafana-9.1.1 - arm64v8: grafana-9.1.1 + amd64: grafana-9.2.0 + arm64v8: grafana-9.2.0 windows: amd64: node-v18.1.0 macos: @@ -297,16 +297,16 @@ macos: amd64: node-v19.5.0 arm64v8: node-v19.5.0 - + - case: 'Upgrade: Non vulnerable to non vulnerable' id: upgrade_package_nonvulnerable_to_nonvulnerable description: | Upgrade of a non vulnerable package to non vulnerable - macos: + macos: Used Packages: Node 19.5.0 - PKG Format CVE: [], windows: - Used Packages: Node 19.5.0 - Exe Format + Used Packages: Node 19.5.0 - Exe Format CVE: [], ubuntu: Used Packages: Grafana 9.5.13 - .deb Format @@ -356,16 +356,16 @@ macos: amd64: node-v19.6.0 arm64v8: node-v19.6.0 - + - case: 'Upgrade: Non vulnerable to vulnerable package' id: upgrade_package_nonvulnerable_to_vulnerable description: | Upgrade to non vulnerable package to vulnerable - macos: + macos: Used Packages: Node 20.0.0 - PKG Format CVE: ["CVE-2023-44487", "CVE-2023-39332", "CVE-2023-39331", "CVE-2023-38552", "CVE-2023-32559", "CVE-2023-32558", "CVE-2023-32006", "CVE-2023-32005", "CVE-2023-32004", "CVE-2023-32003", "CVE-2023-32002", "CVE-2023-30590", "CVE-2023-30588", "CVE-2023-30586", "CVE-2023-30585", "CVE-2023-30581"], windows: - Used Packages: Node 20.5.1 - Exe Format + Used Packages: Node 20.5.1 - Exe Format CVE: ["CVE-2023-44487", "CVE-2023-39332", "CVE-2023-39331", "CVE-2023-38552"], ubuntu: Used Packages: Grafana 10.0.0 - .deb Format @@ -406,16 +406,16 @@ macos: amd64: node-v20.0.0 arm64v8: node-v20.0.0 - + - case: Installation of a non vulnerable package id: install_package_non_vulnerable description: | Installation of a non vulnerable package - macos: + macos: Used Packages: Node 19.5.0 - PKG Format CVE: [], windows: - Used Packages: Node 19.5.0 - Exe Format + Used Packages: Node 19.5.0 - Exe Format CVE: [], ubuntu: Used Packages: Grafana 9.5.13 - .deb Format @@ -447,11 +447,11 @@ id: remove_non_vulnerable_packge description: | Removal of a non vulnerable package - macos: + macos: Used Packages: Node 19.5.0 - PKG Format CVE: [], windows: - Used Packages: Node 19.5.0 - Exe Format + Used Packages: Node 19.5.0 - Exe Format CVE: [], ubuntu: Used Packages: Grafana 9.5.13 - .deb Format @@ -478,5 +478,3 @@ macos: amd64: node-v19.6.0 arm64v8: node-v19.6.0 - - From 84a42e8207be890ef58d9080c7478e6444c3491f Mon Sep 17 00:00:00 2001 From: Julia Date: Wed, 27 Mar 2024 15:17:03 +0100 Subject: [PATCH 035/115] fix: update regex --- deps/wazuh_testing/wazuh_testing/end_to_end/regex.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/deps/wazuh_testing/wazuh_testing/end_to_end/regex.py b/deps/wazuh_testing/wazuh_testing/end_to_end/regex.py index cd1c4136d0..ce3300f3a4 100644 --- a/deps/wazuh_testing/wazuh_testing/end_to_end/regex.py +++ b/deps/wazuh_testing/wazuh_testing/end_to_end/regex.py @@ -46,10 +46,10 @@ 'parameters': ['HOST_NAME', 'CVE', 'PACKAGE_NAME', 'PACKAGE_VERSION', 'ARCHITECTURE'] }, 'vuln_affected': { - 'regex': 'CVE.*? affects.*"?' + 'regex': 'CVE.* affects.*"?' }, 'vuln_mitigated': { - 'regex': "The .* that affected .* was solved due to a package removal" + 'regex': "The .* that affected .* was solved due to a package removal.*" } } From 934f1c5f278159e36b85fc4b9ff897ee35dc0747 Mon Sep 17 00:00:00 2001 From: marcos Date: Wed, 27 Mar 2024 15:30:11 +0100 Subject: [PATCH 036/115] fix: add "error" to logging error messages --- .../wazuh_testing/end_to_end/remote_operations_handler.py | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/deps/wazuh_testing/wazuh_testing/end_to_end/remote_operations_handler.py b/deps/wazuh_testing/wazuh_testing/end_to_end/remote_operations_handler.py index 70a1eff200..e4037a2320 100644 --- a/deps/wazuh_testing/wazuh_testing/end_to_end/remote_operations_handler.py +++ b/deps/wazuh_testing/wazuh_testing/end_to_end/remote_operations_handler.py @@ -196,7 +196,7 @@ def install_package(host: str, operation_data: Dict[str, Dict], host_manager: Ho package_data, operation='install') else: - logging.error(f"Package for {host_os_name} and {host_os_arch} not found") + logging.error(f"Error: Package for {host_os_name} and {host_os_arch} not found") except Exception as e: logging.critical(f"Error searching package: {e}") @@ -273,7 +273,7 @@ def remove_package(host: str, operation_data: Dict[str, Dict], host_manager: Hos package_data, operation='remove') else: - logging.error(f"Package for {host_os_name} and {host_os_arch} not found") + logging.error(f"Error: Package for {host_os_name} and {host_os_arch} not found") except Exception as e: logging.critical(f"Error searching package: {e}") @@ -331,7 +331,7 @@ def update_package(host: str, operation_data: Dict[str, Dict], host_manager: Hos if host_os_arch in install_package_data_from[host_os_name]: package_id_from = install_package_data_from[host_os_name][host_os_arch] else: - logging.error(f"Package for {host_os_name} and {host_os_arch} not found") + logging.error(f"Error: Package for {host_os_name} and {host_os_arch} not found") except Exception as e: logging.critical(f"Error searching package: {e}") @@ -366,7 +366,7 @@ def update_package(host: str, operation_data: Dict[str, Dict], host_manager: Hos {'from': package_data_from, 'to': package_data_to}, operation='update') else: - logging.error(f"Package for {host_os_name} and {host_os_arch} not found") + logging.error(f"Error: Package for {host_os_name} and {host_os_arch} not found") except Exception as e: logging.critical(f"Error searching package: {e}") From 8ec19effb1e3da71b0b67b0dcb41183da624cfcc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Santiago=20Padilla=20=C3=81lvarez?= Date: Wed, 27 Mar 2024 15:33:11 +0100 Subject: [PATCH 037/115] homebrew for npm installation --- .../test_vulnerability_detector.py | 81 +++++++++++++------ 1 file changed, 57 insertions(+), 24 deletions(-) diff --git a/tests/end_to_end/test_vulnerability_detector/test_vulnerability_detector.py b/tests/end_to_end/test_vulnerability_detector/test_vulnerability_detector.py index cb15ae4e93..549e33ad74 100644 --- a/tests/end_to_end/test_vulnerability_detector/test_vulnerability_detector.py +++ b/tests/end_to_end/test_vulnerability_detector/test_vulnerability_detector.py @@ -111,35 +111,68 @@ def load_vulnerability_detector_configurations(host_manager): @pytest.fixture(scope='module') def install_npm(host_manager: HostManager): - """Ensure npm is installed on macOS agents""" + """Ensure npm is installed on macOS agents.""" for host in host_manager.get_group_hosts('agent'): os_type = host_manager.get_host_variables(host).get('os') if os_type.startswith('macos'): - - nvm_check_command = "source ~/.zshrc && command -v nvm" - nvm_check_result = host_manager.get_host(host).ansible("shell", f"sudo -iu vagrant /bin/zsh -c '{nvm_check_command}'", check=False) - - if nvm_check_result['stdout'] == '': - - nvm_install_and_use_command = ( - "sudo -iu vagrant /bin/bash -c '" - "export NVM_DIR=\"$HOME/.nvm\" && " - "curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.39.7/install.sh | bash && " - "echo export NVM_DIR=\\\"$HOME/.nvm\\\" >> $HOME/.zshrc && " - "echo [ -s \\\"$NVM_DIR/nvm.sh\\\" ] '&&' . \\\"$NVM_DIR/nvm.sh\\\" >> $HOME/.zshrc && " - "echo [ -s \\\"$NVM_DIR/bash_completion\\\" ] '&&' . \\\"$NVM_DIR/bash_completion\\\" >> $HOME/.zshrc && " - ". \\\"$NVM_DIR/nvm.sh\\\" && " - "nvm install 21 && " - "nvm use 21'" - ) - - logger.info(f"Installing nvm and Node.js for vagrant user on {host}") - install_result = host_manager.get_host(host).ansible("shell", nvm_install_and_use_command, check=False) - logger.info(f"nvm and Node.js installation and use result on {host}: {install_result}") - + # Check if Homebrew is installed. + logger.info(f"Checking and installing Homebrew on {host}") + brew_check_command = "source /Users/vagrant/.zprofile && command -v brew" + brew_check_result = host_manager.get_host(host).ansible( + "shell", + brew_check_command, + become=True, + become_user='vagrant', + check=False + ) + logger.info(f"Brew check result on {host}: {brew_check_result}") + # Install Homebrew if it is not already installed. + if brew_check_result['rc'] != 0: + logger.info("Installing Homebrew") + brew_install_command = 'NONINTERACTIVE=1 /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"' + install_result = host_manager.get_host(host).ansible("shell", + brew_install_command, + become=True, + become_user='vagrant', + check=False) + logger.info(f"Homebrew installation result on {host}: {install_result}") + + add_brew_to_path = """ + echo 'eval "$(/opt/homebrew/bin/brew shellenv)"' >> /Users/vagrant/.zprofile + eval "$(/opt/homebrew/bin/brew shellenv)" + """ + path_result = host_manager.get_host(host).ansible("shell", + add_brew_to_path, + become=True, + become_user='vagrant', + check=False) + logger.info(f"Adding Homebrew to PATH result on {host}: {path_result}") + else: + logger.info("Homebrew is already installed.") + # Check if Node and npm is installed + logger.info(f"Checking and installing npm on {host}") + node_check_command = "PATH=/opt/homebrew/bin:$PATH && command -v node" + node_check_result = host_manager.get_host(host).ansible( + "shell", + node_check_command, + become=True, + become_user='vagrant', + check=False + ) + logger.info(f"Node check result on {host}: {node_check_result}") + # Install node if it is not already installed. + if node_check_result['rc'] != 0: + logger.info("Installing Node.js and npm") + node_install_command = "PATH=/opt/homebrew/bin:$PATH && brew install node" + node_install_result = host_manager.get_host(host).ansible("shell", + node_install_command, + become=True, + become_user='vagrant', + check=False) + logger.info(f"Node.js and npm installation result on {host}: {node_install_result}") else: - logger.info(f"nvm is already installed on {host}") + logger.info("Node.js and npm are already installed.") @pytest.fixture(scope='module') def setup_vulnerability_tests(host_manager: HostManager) -> Generator: From c2511fb39622c93b3951652172e641171ae33cb8 Mon Sep 17 00:00:00 2001 From: Julia Date: Wed, 27 Mar 2024 17:38:33 +0100 Subject: [PATCH 038/115] refactor: delete extra steps in setup --- .../test_vulnerability_detector.py | 19 ++----------------- 1 file changed, 2 insertions(+), 17 deletions(-) diff --git a/tests/end_to_end/test_vulnerability_detector/test_vulnerability_detector.py b/tests/end_to_end/test_vulnerability_detector/test_vulnerability_detector.py index a1c7e9564d..7d2860f0be 100644 --- a/tests/end_to_end/test_vulnerability_detector/test_vulnerability_detector.py +++ b/tests/end_to_end/test_vulnerability_detector/test_vulnerability_detector.py @@ -130,6 +130,8 @@ def setup_vulnerability_tests(host_manager: HostManager) -> Generator: logger.error("Configuring environment") configure_environment(host_manager, load_vulnerability_detector_configurations(host_manager)) + logger.error("Save the Wazuh indexer username and password into the Wazuh manager keystore") + save_indexer_credentials_into_keystore(host_manager) # Truncate alerts and logs of managers and agents logger.error("Truncate managers and agents logs") @@ -141,12 +143,6 @@ def setup_vulnerability_tests(host_manager: HostManager) -> Generator: logger.error("Restarting managers") host_manager.control_environment('restart', ['manager']) - logger.error("Save the Wazuh indexer username and password into the Wazuh manager keystore") - save_indexer_credentials_into_keystore(host_manager) - - logger.error("Restarting managers") - host_manager.control_environment('restart', ['manager']) - utc_now_timestamp = datetime.datetime.now(datetime.timezone.utc) # Format the date and time as per the given format @@ -156,17 +152,6 @@ def setup_vulnerability_tests(host_manager: HostManager) -> Generator: logger.error("Wait until Vulnerability Detector has update all the feeds") wait_until_vd_is_updated(host_manager) - # Truncate alerts and logs of managers and agents - logger.error("Truncate managers and agents logs") - truncate_remote_host_group_files(host_manager, 'all', 'logs') - - # Re-Register agents: https://github.com/wazuh/wazuh/issues/21185 - logger.error("Removing agents") - host_manager.remove_agents() - - # Wait until agents are registered again - time.sleep(15) - # Start agents host_manager.control_environment('start', ['agent']) From 086431d41b6e7a513e79b0d6c30fcdeb5e75346d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?V=C3=ADctor=20Rebollo=20P=C3=A9rez?= Date: Mon, 1 Apr 2024 14:42:44 +0100 Subject: [PATCH 039/115] fix: include timeout before gather group id --- .../system/test_cluster/test_agent_groups/test_remove_group.py | 3 +++ 1 file changed, 3 insertions(+) diff --git a/tests/system/test_cluster/test_agent_groups/test_remove_group.py b/tests/system/test_cluster/test_agent_groups/test_remove_group.py index 8e8810df37..104e6becb7 100644 --- a/tests/system/test_cluster/test_agent_groups/test_remove_group.py +++ b/tests/system/test_cluster/test_agent_groups/test_remove_group.py @@ -100,6 +100,7 @@ def test_remove_group(metadata, group, target_node, pre_configured_groups, clean ''' # Get group IDs group_ids = {} + timeout_get_groups_id = 3 for manager in test_infra_managers: group_ids[manager] = str(get_group_id(group, manager, host_manager)) @@ -112,6 +113,8 @@ def test_remove_group(metadata, group, target_node, pre_configured_groups, clean messages_path=messages_path, tmp_path=tmp_path).run(update_position=True) + sleep(timeout_get_groups_id) + for manager in test_infra_managers: group_ids[manager] = str(get_group_id(group, manager, host_manager)) From ec40e06cff5179c20008d5ccb5afd4dc0b3fcb8a Mon Sep 17 00:00:00 2001 From: marcos Date: Mon, 1 Apr 2024 15:47:49 +0200 Subject: [PATCH 040/115] docs: update changelog --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index d904188361..16cd6af857 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,6 +6,7 @@ All notable changes to this project will be documented in this file. ### Added +- Add alert.json file to Vulnerability Detector E2E test report ([#5105](https://github.com/wazuh/wazuh-qa/issues/5105)) \- (Framework) - Add documentation about markers for system tests ([#5080](https://github.com/wazuh/wazuh-qa/pull/5080)) \- (Documentation) - Add AWS Custom Buckets Integration tests ([#4675](https://github.com/wazuh/wazuh-qa/pull/4675)) \- (Framework + Tests) - Add Vulnerability Detector end to end tests ([#4878](https://github.com/wazuh/wazuh-qa/pull/4878)) \- (Framework + Tests) From af7ba540763c3f445479f379b4dbed5d40b4ce23 Mon Sep 17 00:00:00 2001 From: marcos Date: Mon, 1 Apr 2024 16:15:27 +0200 Subject: [PATCH 041/115] fix: review changes and update changelog --- CHANGELOG.md | 1 + .../test_vulnerability_detector.py | 14 ++++++++++++-- 2 files changed, 13 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index d904188361..f8e279727d 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -49,6 +49,7 @@ All notable changes to this project will be documented in this file. ### Fixed +- Fix Vulnerability Detector E2E tests by adding description to all tests([#5151](https://github.com/wazuh/wazuh-qa/pull/5151)) \- (Tests) - Fix test_shutdown_message system test ([#5087](https://github.com/wazuh/wazuh-qa/pull/5087)) \- (Tests) - Include timeout to test_authd system tests ([#5083](https://github.com/wazuh/wazuh-qa/pull/5083)) \- (Tests) - Fix Vulnerability Detection mismatch in scans ([#5053](https://github.com/wazuh/wazuh-qa/pull/5053)) \- (Tests) diff --git a/tests/end_to_end/test_vulnerability_detector/test_vulnerability_detector.py b/tests/end_to_end/test_vulnerability_detector/test_vulnerability_detector.py index 3859c5dc10..73909b9fbc 100644 --- a/tests/end_to_end/test_vulnerability_detector/test_vulnerability_detector.py +++ b/tests/end_to_end/test_vulnerability_detector/test_vulnerability_detector.py @@ -581,8 +581,18 @@ def test_vulnerability_detector_scans_cases(self, setup_vulnerability_tests, req assertions: - Verify that all the hosts are properly setup. - - cases: None + - Verify whether vulnerabilities remain, appear or disappear, and whether alerts appear. + + cases: + - install_package + - remove_package + - upgrade_package_maintain_vulnerability + - upgrade_package_maintain_add_vulnerability + - upgrade_package_remove_vulnerability + - upgrade_package_nonvulnerable_to_nonvulnerable + - upgrade_package_nonvulnerable_to_vulnerable + - install_package_non_vulnerable + - remove_non_vulnerable_packge tags: - syscollector From 380a64151ef8257f01f59c04df9fb3121f9d01ad Mon Sep 17 00:00:00 2001 From: marcos Date: Mon, 1 Apr 2024 16:20:23 +0200 Subject: [PATCH 042/115] docs:update changelog --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 16cd6af857..d9b14aed8d 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,7 +6,7 @@ All notable changes to this project will be documented in this file. ### Added -- Add alert.json file to Vulnerability Detector E2E test report ([#5105](https://github.com/wazuh/wazuh-qa/issues/5105)) \- (Framework) +- Add alert.json file to Vulnerability Detector E2E test report ([#5147](https://github.com/wazuh/wazuh-qa/pull/5147)) \- (Framework) - Add documentation about markers for system tests ([#5080](https://github.com/wazuh/wazuh-qa/pull/5080)) \- (Documentation) - Add AWS Custom Buckets Integration tests ([#4675](https://github.com/wazuh/wazuh-qa/pull/4675)) \- (Framework + Tests) - Add Vulnerability Detector end to end tests ([#4878](https://github.com/wazuh/wazuh-qa/pull/4878)) \- (Framework + Tests) From 2fbc82f3cc2ad2a25f8cb7c0abd2fac307e32527 Mon Sep 17 00:00:00 2001 From: marcos Date: Mon, 1 Apr 2024 16:34:40 +0200 Subject: [PATCH 043/115] docs: update changelog --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index d904188361..43f09deb9b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -49,6 +49,7 @@ All notable changes to this project will be documented in this file. ### Fixed +- Fix remote_operations_handler functions to Vulnerability Detector E2E tests ([#5155](https://github.com/wazuh/wazuh-qa/pull/5155)) \- (Framework) - Fix test_shutdown_message system test ([#5087](https://github.com/wazuh/wazuh-qa/pull/5087)) \- (Tests) - Include timeout to test_authd system tests ([#5083](https://github.com/wazuh/wazuh-qa/pull/5083)) \- (Tests) - Fix Vulnerability Detection mismatch in scans ([#5053](https://github.com/wazuh/wazuh-qa/pull/5053)) \- (Tests) From faf20d672aadc7a7d3b53551aa5c03763a61c3b3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Santiago=20Padilla=20=C3=81lvarez?= <147649306+santipadilla@users.noreply.github.com> Date: Tue, 2 Apr 2024 09:06:13 +0200 Subject: [PATCH 044/115] Update deps/wazuh_testing/wazuh_testing/tools/system.py MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Víctor Rebollo Pérez --- .../wazuh_testing/tools/system.py | 24 +++++++++++-------- 1 file changed, 14 insertions(+), 10 deletions(-) diff --git a/deps/wazuh_testing/wazuh_testing/tools/system.py b/deps/wazuh_testing/wazuh_testing/tools/system.py index 8175a96d9d..d771da14f8 100644 --- a/deps/wazuh_testing/wazuh_testing/tools/system.py +++ b/deps/wazuh_testing/wazuh_testing/tools/system.py @@ -590,17 +590,21 @@ def remove_package(self, host, system, package_uninstall_name=None, use_npm=Fals remove_operation_result = self.run_playbook(host, custom_uninstall_playbook) elif package_uninstall_name: if use_npm: - if system == 'macos': - cmd = f"PATH=/opt/homebrew/bin:$PATH npm uninstall -g {package_uninstall_name}" - remove_operation_result = self.get_host(host).ansible("shell", cmd, check=False) - elif system == 'windows': - cmd = f"npm uninstall -g {package_uninstall_name}" - remove_operation_result = self.get_host(host).ansible("win_shell", cmd, check=False) - else: - cmd = f"npm uninstall -g {package_uninstall_name}" - remove_operation_result = self.get_host(host).ansible("shell", cmd, check=False) +# Define the npm uninstall command +cmd = f"npm uninstall -g {package_uninstall_name}" + +if system == 'macos': + cmd = f"PATH=/opt/homebrew/bin:$PATH {cmd}" + shell_type = "shell" +elif system == 'windows': + shell_type = "win_shell" +else: + shell_type = "shell" + +# Execute the command and log the result +remove_operation_result = self.get_host(host).ansible(shell_type, cmd, check=False) +logging.info(f"npm package removed result {remove_operation_result}") - logging.info(f"npm package removed result {remove_operation_result}") else: if os_name == 'windows': remove_operation_result = self.get_host(host).ansible("win_command", From dfb7964a332f6fee77ef57623cfd57c047292eca Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Santiago=20Padilla=20=C3=81lvarez?= Date: Tue, 2 Apr 2024 09:30:08 +0200 Subject: [PATCH 045/115] update changelog --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 5083ebf02f..6a5b7a704c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,6 +6,7 @@ All notable changes to this project will be documented in this file. ### Added +- Add support for the installation/uninstallation of npm packages ([#5092](https://github.com/wazuh/wazuh-qa/pull/5092)) \- (Tests) - Add documentation about markers for system tests ([#5080](https://github.com/wazuh/wazuh-qa/pull/5080)) \- (Documentation) - Add AWS Custom Buckets Integration tests ([#4675](https://github.com/wazuh/wazuh-qa/pull/4675)) \- (Framework + Tests) - Add Vulnerability Detector end to end tests ([#4878](https://github.com/wazuh/wazuh-qa/pull/4878)) \- (Framework + Tests) From 3f357db33b9f7e8ba66b900a37bb3eaefde4ead6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Santiago=20Padilla=20=C3=81lvarez?= Date: Tue, 2 Apr 2024 09:35:32 +0200 Subject: [PATCH 046/115] correction of spaces --- .../wazuh_testing/tools/system.py | 27 +++++++++---------- 1 file changed, 13 insertions(+), 14 deletions(-) diff --git a/deps/wazuh_testing/wazuh_testing/tools/system.py b/deps/wazuh_testing/wazuh_testing/tools/system.py index d771da14f8..44efc49338 100644 --- a/deps/wazuh_testing/wazuh_testing/tools/system.py +++ b/deps/wazuh_testing/wazuh_testing/tools/system.py @@ -590,21 +590,20 @@ def remove_package(self, host, system, package_uninstall_name=None, use_npm=Fals remove_operation_result = self.run_playbook(host, custom_uninstall_playbook) elif package_uninstall_name: if use_npm: -# Define the npm uninstall command -cmd = f"npm uninstall -g {package_uninstall_name}" - -if system == 'macos': - cmd = f"PATH=/opt/homebrew/bin:$PATH {cmd}" - shell_type = "shell" -elif system == 'windows': - shell_type = "win_shell" -else: - shell_type = "shell" - -# Execute the command and log the result -remove_operation_result = self.get_host(host).ansible(shell_type, cmd, check=False) -logging.info(f"npm package removed result {remove_operation_result}") + # Define the npm uninstall command + cmd = f"npm uninstall -g {package_uninstall_name}" + + if system == 'macos': + cmd = f"PATH=/opt/homebrew/bin:$PATH {cmd}" + shell_type = "shell" + elif system == 'windows': + shell_type = "win_shell" + else: + shell_type = "shell" + # Execute the command and log the result + remove_operation_result = self.get_host(host).ansible(shell_type, cmd, check=False) + logging.info(f"npm package removed result {remove_operation_result}") else: if os_name == 'windows': remove_operation_result = self.get_host(host).ansible("win_command", From 99be98778053d80f263205bc05e9fb9fe46b0ccc Mon Sep 17 00:00:00 2001 From: marcos Date: Tue, 2 Apr 2024 09:43:34 +0200 Subject: [PATCH 047/115] fix: review changes --- deps/wazuh_testing/wazuh_testing/end_to_end/logs.py | 12 ++++++++---- .../test_vulnerability_detector/conftest.py | 11 +++++------ 2 files changed, 13 insertions(+), 10 deletions(-) diff --git a/deps/wazuh_testing/wazuh_testing/end_to_end/logs.py b/deps/wazuh_testing/wazuh_testing/end_to_end/logs.py index c748b9db0b..7fa59317c3 100644 --- a/deps/wazuh_testing/wazuh_testing/end_to_end/logs.py +++ b/deps/wazuh_testing/wazuh_testing/end_to_end/logs.py @@ -52,6 +52,9 @@ def get_hosts_logs(host_manager: HostManager, host_group: str = 'all') -> Dict[s - host_manager (HostManager): An instance of the HostManager class for managing remote hosts. - host_group (str, optional): The name of the host group where the files will be truncated. Default is 'all'. + + Returns: + - host_logs (Dict[str, str]): Dictionary containing the logs from the ossec.log file of each host """ host_logs = {} for host in host_manager.get_group_hosts(host_group): @@ -60,17 +63,18 @@ def get_hosts_logs(host_manager: HostManager, host_group: str = 'all') -> Dict[s return host_logs -def get_hosts_alerts(host_manager: HostManager, host_group: str = 'all') -> Dict[str, str]: +def get_hosts_alerts(host_manager: HostManager) -> Dict[str, str]: """ Get the alerts in the alert.json file from the specified host group. Parameters: - host_manager (HostManager): An instance of the HostManager class for managing remote hosts. - - host_group (str, optional): The name of the host group where the files will be truncated. - Default is 'all'. + + Returns: + - host_alerts (Dict[str, str]): Dictionary containing the alerts from the alert.json file of each manager """ host_alerts = {} - for host in host_manager.get_group_hosts(host_group): + for host in host_manager.get_group_hosts("manager"): host_alerts[host] = host_manager.get_file_content(host, ALERTS_JSON_PATH) return host_alerts diff --git a/tests/end_to_end/test_vulnerability_detector/conftest.py b/tests/end_to_end/test_vulnerability_detector/conftest.py index 9e6e396ca6..1c1baaee10 100644 --- a/tests/end_to_end/test_vulnerability_detector/conftest.py +++ b/tests/end_to_end/test_vulnerability_detector/conftest.py @@ -75,12 +75,11 @@ def collect_e2e_environment_data(test_name, host_manager) -> None: evidence_log_file.write(environment_logs[host]) for host in environment_alerts.keys(): - logging.info(f"Collecting alerts for {host}") - if host.startswith("manager"): - host_alerts_name_evidence = host + "_alert.json" - evidence_alert_file = os.path.join(tests_evidences_directory, host_alerts_name_evidence) - with open(evidence_alert_file, 'w') as evidence_alert_file: - evidence_alert_file.write(environment_alerts[host]) + logging.info(f"Collecting alerts for {host}") + host_alerts_name_evidence = host + "_alert.json" + evidence_alert_file = os.path.join(tests_evidences_directory, host_alerts_name_evidence) + with open(evidence_alert_file, 'w') as evidence_alert_file: + evidence_alert_file.write(environment_alerts[host]) def collect_evidences(test_name, evidences) -> None: From b6a687ec2572f10506bd35594116d13a8e28021d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Santiago=20Padilla=20=C3=81lvarez?= Date: Tue, 2 Apr 2024 09:47:04 +0200 Subject: [PATCH 048/115] npm methods --- .../wazuh_testing/tools/system.py | 77 +++++++++++++++++++ 1 file changed, 77 insertions(+) diff --git a/deps/wazuh_testing/wazuh_testing/tools/system.py b/deps/wazuh_testing/wazuh_testing/tools/system.py index 44efc49338..99b0843385 100644 --- a/deps/wazuh_testing/wazuh_testing/tools/system.py +++ b/deps/wazuh_testing/wazuh_testing/tools/system.py @@ -522,6 +522,40 @@ def install_package(self, host, url, system='ubuntu', use_npm=False): return result +def install_npm_package(self, host, url, system='ubuntu'): + """ + Installs a package on the specified host using npm. + + Args: + host (str): The target host on which to install the package. + url (str): The URL or name of the package to be installed. + system (str, optional): The operating system type. Defaults to 'ubuntu'. + Supported values: 'windows', 'ubuntu', 'centos', 'macos'. + + Returns: + Dict: Testinfra Ansible Response of the operation + + Example: + host_manager.install_package('my_host', 'package_name', 'system_name') + """ + + # Define the npm install command + cmd = f"npm install -g {url}" + + if system == 'macos': + cmd = f"PATH=/opt/homebrew/bin:$PATH {cmd}" + shell_type = "shell" + elif system == 'windows': + shell_type = "win_shell" + else: + shell_type = "shell" + + # Execute the command and log the result + result = self.get_host(host).ansible(shell_type, cmd, check=False) + logging.info(f"npm package installed result {result}") + + return result + def get_master_ip(self): """ Retrieves the IP address of the master node from the inventory. @@ -628,6 +662,49 @@ def remove_package(self, host, system, package_uninstall_name=None, use_npm=Fals return remove_operation_result +def remove_npm_package(self, host, system, package_uninstall_name=None, custom_uninstall_playbook=None): + """ + Removes a package from the specified host using npm. + + Args: + host (str): The target host from which to remove the package. + package_name (str): The name of the package to be removed. + system (str): The operating system type. + Supported values: 'windows', 'ubuntu', 'centos', 'macos'. + + Returns: + Dict: Testinfra Ansible Response of the operation + + Example: + host_manager.remove_npm_package('my_host', 'system_name', 'package_name') + """ + logging.info(f"Removing package {package_uninstall_name} from host {host}") + logging.info(f"System: {system}") + + remove_operation_result = False + + os_name = self.get_host_variables(host)['os_name'] + + if custom_uninstall_playbook: + remove_operation_result = self.run_playbook(host, custom_uninstall_playbook) + else package_uninstall_name: + # Define the npm uninstall command + cmd = f"npm uninstall -g {package_uninstall_name}" + + if system == 'macos': + cmd = f"PATH=/opt/homebrew/bin:$PATH {cmd}" + shell_type = "shell" + elif system == 'windows': + shell_type = "win_shell" + else: + shell_type = "shell" + + # Execute the command and log the result + remove_operation_result = self.get_host(host).ansible(shell_type, cmd, check=False) + logging.info(f"npm package removed result {remove_operation_result}") + + return remove_operation_result + def run_playbook(self, host, playbook_name, params=None): """ Executes an Ansible playbook on the specified host. From 7ce59409dd40a46b8edd2e2196d1ba1e6dc7356f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Santiago=20Padilla=20=C3=81lvarez?= Date: Tue, 2 Apr 2024 09:53:04 +0200 Subject: [PATCH 049/115] small changes in the methods for clarity --- .../wazuh_testing/tools/system.py | 18 +++++++++++------- 1 file changed, 11 insertions(+), 7 deletions(-) diff --git a/deps/wazuh_testing/wazuh_testing/tools/system.py b/deps/wazuh_testing/wazuh_testing/tools/system.py index 99b0843385..bac9e1cffb 100644 --- a/deps/wazuh_testing/wazuh_testing/tools/system.py +++ b/deps/wazuh_testing/wazuh_testing/tools/system.py @@ -473,6 +473,7 @@ def install_package(self, host, url, system='ubuntu', use_npm=False): url (str): The URL or name of the package to be installed. system (str, optional): The operating system type. Defaults to 'ubuntu'. Supported values: 'windows', 'ubuntu', 'centos'. + use_npm (bool): Determinates whether to use npm for the installation. Returns: Dict: Testinfra Ansible Response of the operation @@ -484,18 +485,20 @@ def install_package(self, host, url, system='ubuntu', use_npm=False): """ if use_npm: + # Define the npm install command + cmd = f"npm install -g {url}" + if system == 'macos': - cmd = f"PATH=/opt/homebrew/bin:$PATH npm install -g {url}" - result = self.get_host(host).ansible("shell", cmd, check=False) + cmd = f"PATH=/opt/homebrew/bin:$PATH {cmd}" + shell_type = "shell" elif system == 'windows': - cmd = f"npm install -g {url}" - result = self.get_host(host).ansible("win_shell", cmd, check=False) + shell_type = "win_shell" else: - cmd = f"npm install -g {url}" - result = self.get_host(host).ansible("shell", cmd, check=False) + shell_type = "shell" + # Execute the command and log the result + result = self.get_host(host).ansible(shell_type, cmd, check=False) logging.info(f"npm package installed result {result}") - else: result = False extension = '.msi' @@ -604,6 +607,7 @@ def remove_package(self, host, system, package_uninstall_name=None, use_npm=Fals package_name (str): The name of the package to be removed. system (str): The operating system type. Supported values: 'windows', 'ubuntu', 'centos'. + use_npm (bool): Determinates whether to use npm for the uninstallation. Returns: Dict: Testinfra Ansible Response of the operation From b1da35a1fb87428a5059f7574e32fed607aa28a7 Mon Sep 17 00:00:00 2001 From: marcos Date: Tue, 2 Apr 2024 11:02:56 +0200 Subject: [PATCH 050/115] fix: review changes --- .../test_vulnerability_detector.py | 25 +++++++++++++------ 1 file changed, 17 insertions(+), 8 deletions(-) diff --git a/tests/end_to_end/test_vulnerability_detector/test_vulnerability_detector.py b/tests/end_to_end/test_vulnerability_detector/test_vulnerability_detector.py index 73909b9fbc..26c94cdb2e 100644 --- a/tests/end_to_end/test_vulnerability_detector/test_vulnerability_detector.py +++ b/tests/end_to_end/test_vulnerability_detector/test_vulnerability_detector.py @@ -558,22 +558,31 @@ def get_results(self): def test_vulnerability_detector_scans_cases(self, setup_vulnerability_tests, request, preconditions, body, teardown, setup, host_manager, get_results): """ - description: validates the Vulnerability Detector's ability to detect new vulnerabilities in the environment for each of the defined cases. + description: Validates the Vulnerability Detector's ability to detect new vulnerabilities in the environment for each of the defined cases. - This is the main test. It is in charge of executing each of the cases defined in test_vulnerability.yaml, - checking if all agents generate the corresponding vulnerabilities and collecting the results. + This test evaluates the effectiveness of the Vulnerability Detector in real-world scenarios, focusing on the installation, removal, + or upgrade of various vulnerable and non-vulnerable packages in the environment. It ensures that all agents generate the expected + vulnerabilities and associated alerts. - tier: 1 + tier: 0 parameters: - setup_vulnerability_tests: type: fixture brief: Setup the environment to proceed with the testing - request: pytest request object - - preconditions: the preconditions within the test cases, if any - - body: the body of the test case, which contains the tasks to be executed - - teardown: the teardown within the test cases, if any - - setup: test setup results, to check if the hosts are setup correctly + - preconditions: + type: fixture + brief: The preconditions within the test cases, if any + - body: + type: fixture + brief: The body of the test case, which contains the tasks to be executed + - teardown: + type: fixture + brief: The teardown within the test cases, if any + - setup: + type: fixture + brief: Test setup results, to check if the hosts are setup correctly - host_manager: type: fixture brief: Get the host manager of the environment From 22830b632cf7f940e26392355b7f9cbb0c5fd413 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Santiago=20Padilla=20=C3=81lvarez?= Date: Tue, 2 Apr 2024 11:42:20 +0200 Subject: [PATCH 051/115] changes in the remote_operation module --- .../end_to_end/remote_operations_handler.py | 21 ++++++++++++++++--- 1 file changed, 18 insertions(+), 3 deletions(-) diff --git a/deps/wazuh_testing/wazuh_testing/end_to_end/remote_operations_handler.py b/deps/wazuh_testing/wazuh_testing/end_to_end/remote_operations_handler.py index fb2198a9c1..11ab380e13 100644 --- a/deps/wazuh_testing/wazuh_testing/end_to_end/remote_operations_handler.py +++ b/deps/wazuh_testing/wazuh_testing/end_to_end/remote_operations_handler.py @@ -177,7 +177,12 @@ def install_package(host: str, operation_data: Dict[str, Dict], host_manager: Ho current_datetime = datetime.utcnow().isoformat() - host_manager.install_package(host, package_url, system) + use_npm = package_data.get('use_npm', False) + + if use_npm: + host_manager.install_npm_package(host, package_url, system) + else: + host_manager.install_package(host, package_url, system, use_npm=use_npm) logging.info(f"Package {package_url} installed on {host}") @@ -245,13 +250,17 @@ def remove_package(host: str, operation_data: Dict[str, Dict], host_manager: Hos raise ValueError(f"Package for {host_os_name} and {host_os_arch} not found") package_data = load_packages_metadata()[package_id] + use_npm = package_data.get('use_npm', False) current_datetime = datetime.utcnow().isoformat() logging.info(f"Removing package on {host}") if 'uninstall_name' in package_data: uninstall_name = package_data['uninstall_name'] - host_manager.remove_package(host, system, package_uninstall_name=uninstall_name) + if use_npm: + host_manager.remove_npm_package(host, system, package_uninstall_name=uninstall_name) + else: + host_manager.remove_package(host, system, package_uninstall_name=uninstall_name, use_npm=use_npm) elif 'uninstall_custom_playbook' in package_data: host_manager.remove_package(host, system, custom_uninstall_playbook=package_data['uninstall_custom_playbook']) @@ -336,7 +345,13 @@ def update_package(host: str, operation_data: Dict[str, Dict], host_manager: Hos logging.info(f"Package URL: {package_url_to}") current_datetime = datetime.utcnow().isoformat() - host_manager.install_package(host, package_url_to, system) + + use_npm = package_data_to.get('use_npm', False) + + if use_npm: + host_manager.install_npm_package(host, package_url_to, system) + else: + host_manager.install_package(host, package_url_to, system, use_npm=use_npm) logging.info(f"Package {package_url_to} installed on {host}") From 86b0c05a508eb65c0c042c9bdf2b0b4107400172 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?V=C3=ADctor=20Rebollo=20P=C3=A9rez?= Date: Tue, 2 Apr 2024 10:59:53 +0100 Subject: [PATCH 052/115] fix: increase group hash timeout --- .../test_cluster/test_agent_groups/test_group_hash.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tests/system/test_cluster/test_agent_groups/test_group_hash.py b/tests/system/test_cluster/test_agent_groups/test_group_hash.py index be985cbd02..9b670805ff 100644 --- a/tests/system/test_cluster/test_agent_groups/test_group_hash.py +++ b/tests/system/test_cluster/test_agent_groups/test_group_hash.py @@ -107,13 +107,13 @@ def test_group_hash(target_node, group, n_agents, configure_groups, clean_enviro # Restart agent restart_cluster(test_infra_agents, host_manager) - time.sleep(fw.T_10) + time.sleep(fw.T_20) # Assing group for multigroups case for agent in range(n_agents): if group != 'default': assign_agent_to_new_group(test_infra_managers[0], group, agents_data[agent][1], host_manager) - time.sleep(fw.T_10) + time.sleep(fw.T_20) # Calculate global hash expected_global_hash = calculate_global_hash(test_infra_managers[0], host_manager) @@ -129,7 +129,7 @@ def test_group_hash(target_node, group, n_agents, configure_groups, clean_enviro # Unassign one agent from group unassign_agent_from_group(test_infra_managers[0], group, agents_data[0][1], host_manager) - time.sleep(fw.T_10) + time.sleep(fw.T_20) # Calculate global hash expected_global_hash = calculate_global_hash(test_infra_managers[0], host_manager) From 3dbeca0e283fd99ee9bb72331756bddee9f36e2c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?V=C3=ADctor=20Rebollo=20P=C3=A9rez?= Date: Tue, 2 Apr 2024 11:00:17 +0100 Subject: [PATCH 053/115] fix: increase guess group timeout --- .../test_agent_groups/data/guess_group_messages_master.yaml | 4 ++-- .../test_agent_groups/data/guess_group_messages_worker.yaml | 6 +++--- .../test_agent_groups/test_assign_groups_guess.py | 1 + 3 files changed, 6 insertions(+), 5 deletions(-) diff --git a/tests/system/test_cluster/test_agent_groups/data/guess_group_messages_master.yaml b/tests/system/test_cluster/test_agent_groups/data/guess_group_messages_master.yaml index d7a718a22b..817b1bb70b 100644 --- a/tests/system/test_cluster/test_agent_groups/data/guess_group_messages_master.yaml +++ b/tests/system/test_cluster/test_agent_groups/data/guess_group_messages_master.yaml @@ -4,7 +4,7 @@ wazuh-master: timeout: 30 - regex: ".*Group assigned: 'GROUP_ID'" path: /var/ossec/logs/ossec.log - timeout: 10 + timeout: 30 - regex: .*Agent 'AGENT_ID' group is 'GROUP_ID' path: /var/ossec/logs/ossec.log - timeout: 10 + timeout: 30 diff --git a/tests/system/test_cluster/test_agent_groups/data/guess_group_messages_worker.yaml b/tests/system/test_cluster/test_agent_groups/data/guess_group_messages_worker.yaml index 096bb776d1..94a6e78078 100644 --- a/tests/system/test_cluster/test_agent_groups/data/guess_group_messages_worker.yaml +++ b/tests/system/test_cluster/test_agent_groups/data/guess_group_messages_worker.yaml @@ -5,14 +5,14 @@ wazuh-worker1: timeout: 30 - regex: ".*Message received from master node: '{\"error\":0,\"message\":\"ok\",\"data\":{\"group\":\"GROUP_ID\"}}'" path: /var/ossec/logs/ossec.log - timeout: 10 + timeout: 30 - regex: .*Agent 'AGENT_ID' group is 'GROUP_ID' path: /var/ossec/logs/ossec.log - timeout: 10 + timeout: 30 wazuh-master: - regex: .*Agent 'AGENT_ID' with file 'merged.mg' MD5 .* path: /var/ossec/logs/ossec.log timeout: 30 - regex: ".*Group assigned: 'GROUP_ID'" path: /var/ossec/logs/ossec.log - timeout: 10 + timeout: 30 diff --git a/tests/system/test_cluster/test_agent_groups/test_assign_groups_guess.py b/tests/system/test_cluster/test_agent_groups/test_assign_groups_guess.py index b59db3ea1a..1afb93165a 100644 --- a/tests/system/test_cluster/test_agent_groups/test_assign_groups_guess.py +++ b/tests/system/test_cluster/test_agent_groups/test_assign_groups_guess.py @@ -276,6 +276,7 @@ def test_guess_multigroups(n_agents, target_node, status_guess_agent_group, clea # Run the callback checks for the ossec.log messages_path = master_messages_path if target_node == 'wazuh-master' else worker_messages_path replace_regex_in_file(['AGENT_ID', 'GROUP_ID'], [agent1_id, expected_group], messages_path) + HostMonitor(inventory_path=inventory_path, messages_path=messages_path, tmp_path=tmp_path).run(update_position=True) From d9172cef20c527002b5c23b35ec2e6ae0682aed3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?V=C3=ADctor=20Rebollo=20P=C3=A9rez?= Date: Tue, 2 Apr 2024 11:01:29 +0100 Subject: [PATCH 054/115] fix: agent setup environment --- .../test_agent_enrollment.py | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/tests/system/test_cluster/test_agent_enrollment/test_agent_enrollment.py b/tests/system/test_cluster/test_agent_enrollment/test_agent_enrollment.py index 2cb61ca7a5..b97350ceb6 100644 --- a/tests/system/test_cluster/test_agent_enrollment/test_agent_enrollment.py +++ b/tests/system/test_cluster/test_agent_enrollment/test_agent_enrollment.py @@ -25,17 +25,27 @@ # Remove the agent once the test has finished @pytest.fixture(scope='module') -def clean_environment(): - yield +def setup_environment(): + host_manager.control_service(host='wazuh-agent1', service='wazuh', state="stopped") agent_id = host_manager.run_command('wazuh-master', f'cut -c 1-3 {WAZUH_PATH}/etc/client.keys') host_manager.get_host('wazuh-master').ansible("command", f'{WAZUH_PATH}/bin/manage_agents -r {agent_id}', check=False) + host_manager.clear_file(host='wazuh-agent1', file_path=os.path.join(WAZUH_PATH, 'etc', 'client.keys')) + host_manager.clear_file(host='wazuh-agent1', file_path=os.path.join(WAZUH_LOGS_PATH, 'ossec.log')) + + yield + host_manager.control_service(host='wazuh-agent1', service='wazuh', state="stopped") + agent_id = host_manager.run_command('wazuh-master', f'cut -c 1-3 {WAZUH_PATH}/etc/client.keys') + host_manager.get_host('wazuh-master').ansible("command", f'{WAZUH_PATH}/bin/manage_agents -r {agent_id}', + check=False) host_manager.clear_file(host='wazuh-agent1', file_path=os.path.join(WAZUH_PATH, 'etc', 'client.keys')) host_manager.clear_file(host='wazuh-agent1', file_path=os.path.join(WAZUH_LOGS_PATH, 'ossec.log')) + host_manager.control_service(host='wazuh-agent1', service='wazuh', state="start") + -def test_agent_enrollment(clean_environment): +def test_agent_enrollment(setup_environment): """Check agent enrollment process works as expected. An agent pointing to a worker should be able to register itself into the master by starting Wazuh-agent process.""" # Clean ossec.log and cluster.log From 2126cdd2faa6275ab3ab8daa8820b6e889bc0f32 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Santiago=20Padilla=20=C3=81lvarez?= Date: Tue, 2 Apr 2024 12:29:50 +0200 Subject: [PATCH 055/115] autouse fix --- .../test_vulnerability_detector/test_vulnerability_detector.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/end_to_end/test_vulnerability_detector/test_vulnerability_detector.py b/tests/end_to_end/test_vulnerability_detector/test_vulnerability_detector.py index 549e33ad74..8029812d03 100644 --- a/tests/end_to_end/test_vulnerability_detector/test_vulnerability_detector.py +++ b/tests/end_to_end/test_vulnerability_detector/test_vulnerability_detector.py @@ -109,7 +109,7 @@ def load_vulnerability_detector_configurations(host_manager): return configurations -@pytest.fixture(scope='module') +@pytest.fixture(scope='module', autouse=True) def install_npm(host_manager: HostManager): """Ensure npm is installed on macOS agents.""" for host in host_manager.get_group_hosts('agent'): From 998c839e00a48bccc54fa00cb95cf87b30616b0a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Santiago=20Padilla=20=C3=81lvarez?= Date: Tue, 2 Apr 2024 12:32:45 +0200 Subject: [PATCH 056/115] Clarity comment --- .../test_vulnerability_detector/test_vulnerability_detector.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/end_to_end/test_vulnerability_detector/test_vulnerability_detector.py b/tests/end_to_end/test_vulnerability_detector/test_vulnerability_detector.py index 8029812d03..8b26638724 100644 --- a/tests/end_to_end/test_vulnerability_detector/test_vulnerability_detector.py +++ b/tests/end_to_end/test_vulnerability_detector/test_vulnerability_detector.py @@ -111,7 +111,7 @@ def load_vulnerability_detector_configurations(host_manager): @pytest.fixture(scope='module', autouse=True) def install_npm(host_manager: HostManager): - """Ensure npm is installed on macOS agents.""" + """Check and install npm if not already installed""" for host in host_manager.get_group_hosts('agent'): os_type = host_manager.get_host_variables(host).get('os') From dc3fe02e7d10c50479692b88feae687ac75a3ffb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?V=C3=ADctor=20Rebollo=20P=C3=A9rez?= Date: Tue, 2 Apr 2024 12:43:24 +0100 Subject: [PATCH 057/115] fix: increase timeout guess group --- .../data/guess_group_messages_master.yaml | 6 +++--- .../data/guess_group_messages_worker.yaml | 10 +++++----- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/tests/system/test_cluster/test_agent_groups/data/guess_group_messages_master.yaml b/tests/system/test_cluster/test_agent_groups/data/guess_group_messages_master.yaml index 817b1bb70b..ebd971cabc 100644 --- a/tests/system/test_cluster/test_agent_groups/data/guess_group_messages_master.yaml +++ b/tests/system/test_cluster/test_agent_groups/data/guess_group_messages_master.yaml @@ -1,10 +1,10 @@ wazuh-master: - regex: .*Agent 'AGENT_ID' with file 'merged.mg' MD5 .* path: var/ossec/logs/ossec.log - timeout: 30 + timeout: 60 - regex: ".*Group assigned: 'GROUP_ID'" path: /var/ossec/logs/ossec.log - timeout: 30 + timeout: 60 - regex: .*Agent 'AGENT_ID' group is 'GROUP_ID' path: /var/ossec/logs/ossec.log - timeout: 30 + timeout: 60 diff --git a/tests/system/test_cluster/test_agent_groups/data/guess_group_messages_worker.yaml b/tests/system/test_cluster/test_agent_groups/data/guess_group_messages_worker.yaml index 94a6e78078..a354ee9817 100644 --- a/tests/system/test_cluster/test_agent_groups/data/guess_group_messages_worker.yaml +++ b/tests/system/test_cluster/test_agent_groups/data/guess_group_messages_worker.yaml @@ -2,17 +2,17 @@ wazuh-worker1: - regex: ".*Sending message to master node: '{\"daemon_name\":\"remoted\",\"message\":{\"command\":\"assigngroup\",\ \"parameters\":{\"agent\":\"AGENT_ID\",\"md5\":.*" path: /var/ossec/logs/ossec.log - timeout: 30 + timeout: 60 - regex: ".*Message received from master node: '{\"error\":0,\"message\":\"ok\",\"data\":{\"group\":\"GROUP_ID\"}}'" path: /var/ossec/logs/ossec.log - timeout: 30 + timeout: 60 - regex: .*Agent 'AGENT_ID' group is 'GROUP_ID' path: /var/ossec/logs/ossec.log - timeout: 30 + timeout: 60 wazuh-master: - regex: .*Agent 'AGENT_ID' with file 'merged.mg' MD5 .* path: /var/ossec/logs/ossec.log - timeout: 30 + timeout: 60 - regex: ".*Group assigned: 'GROUP_ID'" path: /var/ossec/logs/ossec.log - timeout: 30 + timeout: 60 From abb850f24b579bb0561da12d822b0ec10e01d7d6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Santiago=20Padilla=20=C3=81lvarez?= Date: Tue, 2 Apr 2024 14:25:48 +0200 Subject: [PATCH 058/115] install npm from its url not from brew --- .../test_vulnerability_detector.py | 64 ++++++------------- 1 file changed, 20 insertions(+), 44 deletions(-) diff --git a/tests/end_to_end/test_vulnerability_detector/test_vulnerability_detector.py b/tests/end_to_end/test_vulnerability_detector/test_vulnerability_detector.py index 8b26638724..caa0e728fb 100644 --- a/tests/end_to_end/test_vulnerability_detector/test_vulnerability_detector.py +++ b/tests/end_to_end/test_vulnerability_detector/test_vulnerability_detector.py @@ -112,47 +112,14 @@ def load_vulnerability_detector_configurations(host_manager): @pytest.fixture(scope='module', autouse=True) def install_npm(host_manager: HostManager): """Check and install npm if not already installed""" - for host in host_manager.get_group_hosts('agent'): - os_type = host_manager.get_host_variables(host).get('os') - - if os_type.startswith('macos'): - # Check if Homebrew is installed. - logger.info(f"Checking and installing Homebrew on {host}") - brew_check_command = "source /Users/vagrant/.zprofile && command -v brew" - brew_check_result = host_manager.get_host(host).ansible( - "shell", - brew_check_command, - become=True, - become_user='vagrant', - check=False - ) - logger.info(f"Brew check result on {host}: {brew_check_result}") - # Install Homebrew if it is not already installed. - if brew_check_result['rc'] != 0: - logger.info("Installing Homebrew") - brew_install_command = 'NONINTERACTIVE=1 /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"' - install_result = host_manager.get_host(host).ansible("shell", - brew_install_command, - become=True, - become_user='vagrant', - check=False) - logger.info(f"Homebrew installation result on {host}: {install_result}") - - add_brew_to_path = """ - echo 'eval "$(/opt/homebrew/bin/brew shellenv)"' >> /Users/vagrant/.zprofile - eval "$(/opt/homebrew/bin/brew shellenv)" - """ - path_result = host_manager.get_host(host).ansible("shell", - add_brew_to_path, - become=True, - become_user='vagrant', - check=False) - logger.info(f"Adding Homebrew to PATH result on {host}: {path_result}") - else: - logger.info("Homebrew is already installed.") + + target_os_groups = ['macos'] + + for group in target_os_groups: + for host in host_manager.get_group_hosts(group): # Check if Node and npm is installed logger.info(f"Checking and installing npm on {host}") - node_check_command = "PATH=/opt/homebrew/bin:$PATH && command -v node" + node_check_command = "PATH=/usr/local/bin:$PATH && command -v node" node_check_result = host_manager.get_host(host).ansible( "shell", node_check_command, @@ -164,12 +131,21 @@ def install_npm(host_manager: HostManager): # Install node if it is not already installed. if node_check_result['rc'] != 0: logger.info("Installing Node.js and npm") - node_install_command = "PATH=/opt/homebrew/bin:$PATH && brew install node" + # Download Node.js package + download_command = "curl -o /tmp/node-v21.7.1.pkg https://nodejs.org/dist/v21.7.1/node-v21.7.1.pkg" + download_result = host_manager.get_host(host).ansible("shell", + download_command, + become=True, + become_user='vagrant', + check=False) + logger.info(f"Node.js package download result on {host}: {download_result}") + # Install Node.js + node_install_command = "sudo installer -pkg /tmp/node-v21.7.1.pkg -target /" node_install_result = host_manager.get_host(host).ansible("shell", - node_install_command, - become=True, - become_user='vagrant', - check=False) + node_install_command, + become=True, + become_user='vagrant', + check=False) logger.info(f"Node.js and npm installation result on {host}: {node_install_result}") else: logger.info("Node.js and npm are already installed.") From 41150e3696a709e5b2c5fcb6ee3ad9ae88663329 Mon Sep 17 00:00:00 2001 From: Julia Date: Tue, 2 Apr 2024 14:26:14 +0200 Subject: [PATCH 059/115] feat: add delete index --- .../wazuh_testing/end_to_end/indexer_api.py | 22 +++++++++++++++++++ .../test_vulnerability_detector.py | 11 +++++++--- 2 files changed, 30 insertions(+), 3 deletions(-) diff --git a/deps/wazuh_testing/wazuh_testing/end_to_end/indexer_api.py b/deps/wazuh_testing/wazuh_testing/end_to_end/indexer_api.py index 32a1a680e0..ac69cdf404 100644 --- a/deps/wazuh_testing/wazuh_testing/end_to_end/indexer_api.py +++ b/deps/wazuh_testing/wazuh_testing/end_to_end/indexer_api.py @@ -93,3 +93,25 @@ def get_indexer_values(host_manager: HostManager, credentials: dict = {'user': ' json=data) return response.json() + + +def delete_index(host_manager: HostManager, credentials: dict = {'user': 'admin', 'password': 'changeme'}, + index: str = 'wazuh-alerts*'): + """ + Delete index from the Wazuh Indexer API. + + Args: + host_manager: An instance of the HostManager class containing information about hosts. + credentials (Optional): A dictionary containing the Indexer credentials. Defaults to + {'user': 'admin', 'password': 'changeme'}. + index (Optional): The Indexer index name. Defaults to 'wazuh-alerts*'. + """ + logging.info(f"Deleting {index} index") + + url = f"https://{host_manager.get_master_ip()}:9200/{index}/" + headers = { + 'Content-Type': 'application/json', + } + + requests.delete(url=url, verify=False, + auth=requests.auth.HTTPBasicAuth(credentials['user'], credentials['password']), headers=headers) diff --git a/tests/end_to_end/test_vulnerability_detector/test_vulnerability_detector.py b/tests/end_to_end/test_vulnerability_detector/test_vulnerability_detector.py index 7d2860f0be..37f73dac2f 100644 --- a/tests/end_to_end/test_vulnerability_detector/test_vulnerability_detector.py +++ b/tests/end_to_end/test_vulnerability_detector/test_vulnerability_detector.py @@ -58,7 +58,7 @@ from wazuh_testing.end_to_end.waiters import wait_until_vd_is_updated from wazuh_testing.end_to_end.monitoring import generate_monitoring_logs, monitoring_events_multihost from wazuh_testing.end_to_end.regex import get_event_regex -from wazuh_testing.end_to_end.indexer_api import get_indexer_values +from wazuh_testing.end_to_end.indexer_api import get_indexer_values, delete_index from wazuh_testing.tools.configuration import load_configuration_template from wazuh_testing.tools.system import HostManager from wazuh_testing.end_to_end.remote_operations_handler import launch_parallel_operations @@ -140,14 +140,15 @@ def setup_vulnerability_tests(host_manager: HostManager) -> Generator: # Restart managers and stop agents logger.error("Stopping agents") host_manager.control_environment('stop', ['agent']) - logger.error("Restarting managers") - host_manager.control_environment('restart', ['manager']) utc_now_timestamp = datetime.datetime.now(datetime.timezone.utc) # Format the date and time as per the given format test_timestamp = utc_now_timestamp.strftime("%Y-%m-%dT%H:%M:%SZ") + logger.error("Restarting managers") + host_manager.control_environment('restart', ['manager']) + # Wait until VD is updated logger.error("Wait until Vulnerability Detector has update all the feeds") wait_until_vd_is_updated(host_manager) @@ -161,6 +162,10 @@ def setup_vulnerability_tests(host_manager: HostManager) -> Generator: logger.error("Truncate managers and agents logs") truncate_remote_host_group_files(host_manager, 'all', 'logs') + # Delete vulnerability index + logger.error("Delete vulnerability index") + delete_index(host_manager, index='wazuh-states-vulnerabilities') + logger.error("Restoring original configuration") restore_configuration(host_manager, hosts_configuration_backup) From 225bb8865ea0f0fde6cb767c55f1dcf4a994d4f4 Mon Sep 17 00:00:00 2001 From: Julia Date: Tue, 2 Apr 2024 14:26:37 +0200 Subject: [PATCH 060/115] refactor: update test name --- .../test_vulnerability_detector/test_vulnerability_detector.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/end_to_end/test_vulnerability_detector/test_vulnerability_detector.py b/tests/end_to_end/test_vulnerability_detector/test_vulnerability_detector.py index 37f73dac2f..5567fd59a7 100644 --- a/tests/end_to_end/test_vulnerability_detector/test_vulnerability_detector.py +++ b/tests/end_to_end/test_vulnerability_detector/test_vulnerability_detector.py @@ -248,7 +248,7 @@ def test_syscollector_first_scan(self, request, host_manager, setup_vulnerabilit else: logger.critical("All agents has been scanned") - def test_syscollector_first_scan_index(self, request, host_manager, setup_vulnerability_tests, get_results): + def test_vulnerability_first_scan_index(self, request, host_manager, setup_vulnerability_tests, get_results): """ description: Validates that the Vulnerability Detector detects vulnerabilities within the environment in the first scan in the index. From 05dc86e69fc9af24bdfa81e30ba7ac317bb97526 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Santiago=20Padilla=20=C3=81lvarez?= Date: Tue, 2 Apr 2024 14:30:41 +0200 Subject: [PATCH 061/115] update changelog --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 5083ebf02f..7ad383cf00 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,6 +6,7 @@ All notable changes to this project will be documented in this file. ### Added +- Add fix to provision macOS endpoints with npm ([#5128](https://github.com/wazuh/wazuh-qa/pull/5158)) \- (Tests) - Add documentation about markers for system tests ([#5080](https://github.com/wazuh/wazuh-qa/pull/5080)) \- (Documentation) - Add AWS Custom Buckets Integration tests ([#4675](https://github.com/wazuh/wazuh-qa/pull/4675)) \- (Framework + Tests) - Add Vulnerability Detector end to end tests ([#4878](https://github.com/wazuh/wazuh-qa/pull/4878)) \- (Framework + Tests) From 22bc0007bdbf2491a5008a208b2ac7384798b99f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Santiago=20Padilla=20=C3=81lvarez?= Date: Tue, 2 Apr 2024 14:42:49 +0200 Subject: [PATCH 062/115] corrected path --- deps/wazuh_testing/wazuh_testing/tools/system.py | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/deps/wazuh_testing/wazuh_testing/tools/system.py b/deps/wazuh_testing/wazuh_testing/tools/system.py index bac9e1cffb..4c4b207ba2 100644 --- a/deps/wazuh_testing/wazuh_testing/tools/system.py +++ b/deps/wazuh_testing/wazuh_testing/tools/system.py @@ -489,7 +489,7 @@ def install_package(self, host, url, system='ubuntu', use_npm=False): cmd = f"npm install -g {url}" if system == 'macos': - cmd = f"PATH=/opt/homebrew/bin:$PATH {cmd}" + cmd = f"PATH=/usr/local/bin:$PATH {cmd}" shell_type = "shell" elif system == 'windows': shell_type = "win_shell" @@ -546,7 +546,7 @@ def install_npm_package(self, host, url, system='ubuntu'): cmd = f"npm install -g {url}" if system == 'macos': - cmd = f"PATH=/opt/homebrew/bin:$PATH {cmd}" + cmd = f"PATH=/usr/local/bin:$PATH {cmd}" shell_type = "shell" elif system == 'windows': shell_type = "win_shell" @@ -632,7 +632,7 @@ def remove_package(self, host, system, package_uninstall_name=None, use_npm=Fals cmd = f"npm uninstall -g {package_uninstall_name}" if system == 'macos': - cmd = f"PATH=/opt/homebrew/bin:$PATH {cmd}" + cmd = f"PATH=/usr/local/bin:$PATH {cmd}" shell_type = "shell" elif system == 'windows': shell_type = "win_shell" @@ -696,7 +696,7 @@ def remove_npm_package(self, host, system, package_uninstall_name=None, custom_u cmd = f"npm uninstall -g {package_uninstall_name}" if system == 'macos': - cmd = f"PATH=/opt/homebrew/bin:$PATH {cmd}" + cmd = f"PATH=/usr/local/bin:$PATH {cmd}" shell_type = "shell" elif system == 'windows': shell_type = "win_shell" From 5240c903cdbd8d6acdd56b6a24d26067889551fa Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Santiago=20Padilla=20=C3=81lvarez?= Date: Tue, 2 Apr 2024 17:11:34 +0200 Subject: [PATCH 063/115] change macos packages --- .../vuln_packages.json | 252 +++++++++--------- .../cases/test_vulnerability.yaml | 161 +++++------ 2 files changed, 210 insertions(+), 203 deletions(-) diff --git a/deps/wazuh_testing/wazuh_testing/end_to_end/vulnerability_detector_packages/vuln_packages.json b/deps/wazuh_testing/wazuh_testing/end_to_end/vulnerability_detector_packages/vuln_packages.json index 9f5912d2c3..999e12b601 100644 --- a/deps/wazuh_testing/wazuh_testing/end_to_end/vulnerability_detector_packages/vuln_packages.json +++ b/deps/wazuh_testing/wazuh_testing/end_to_end/vulnerability_detector_packages/vuln_packages.json @@ -296,11 +296,7 @@ "CVE-2021-4044" ], "urls": { - "macos": { - "amd64": "https://nodejs.org/dist/v17.0.1/node-v17.0.1.pkg", - "arm64v8": "https://nodejs.org/dist/v17.0.1/node-v17.0.1.pkg" - }, - "windows": { + "windows": { "amd64": "https://nodejs.org/dist/v17.0.1/node-v17.0.1-x64.msi" } }, @@ -318,11 +314,7 @@ "CVE-2021-4044" ], "urls": { - "macos": { - "amd64": "https://nodejs.org/dist/v17.1.0/node-v17.1.0.pkg", - "arm64v8": "https://nodejs.org/dist/v17.1.0/node-v17.1.0.pkg" - }, - "windows": { + "windows": { "amd64": "https://nodejs.org/dist/v17.1.0/node-v17.1.0-x64.msi" } }, @@ -357,11 +349,7 @@ "CVE-2022-3602" ], "urls": { - "macos": { - "amd64": "https://nodejs.org/dist/v18.0.0/node-v18.0.0.pkg", - "arm64v8": "https://nodejs.org/dist/v18.0.0/node-v18.0.0.pkg" - }, - "windows": { + "windows": { "amd64": "https://nodejs.org/dist/v18.0.0/node-v18.0.0-x64.msi" } }, @@ -394,73 +382,18 @@ "CVE-2022-3602" ], "urls": { - "windows": { + "windows": { "amd64": "https://nodejs.org/dist/v18.1.0/node-v18.1.0-x64.msi" } }, "uninstall_name": "node*" }, - "node-v18.11.0": { - "package_name": "node", - "package_version": "18.11.0", - "CVE": [ - "CVE-2023-38552", - "CVE-2023-32559", - "CVE-2023-32006", - "CVE-2023-32002", - "CVE-2023-30590", - "CVE-2023-30588", - "CVE-2023-30585", - "CVE-2023-30581", - "CVE-2023-23920", - "CVE-2023-23919", - "CVE-2023-23918", - "CVE-2022-32222" - ], - "urls": { - "macos": { - "amd64": "https://nodejs.org/dist/v18.11.0/node-v18.11.0.pkg", - "arm64v8": "https://nodejs.org/dist/v18.11.0/node-v18.11.0.pkg" - } - }, - "uninstall_name": "node*" - }, - "node-v18.12.0": { - "package_name": "node", - "package_version": "18.12.0", - "CVE": [ - "CVE-2023-44487", - "CVE-2023-38552", - "CVE-2023-32002", - "CVE-2023-30590", - "CVE-2023-30588", - "CVE-2023-30585", - "CVE-2023-23936", - "CVE-2023-23920", - "CVE-2023-23919", - "CVE-2023-23918", - "CVE-2022-43548", - "CVE-2022-3786", - "CVE-2022-3602" - ], - "urls": { - "macos": { - "amd64": "https://nodejs.org/dist/v18.12.0/node-v18.12.0.pkg", - "arm64v8": "https://nodejs.org/dist/v18.12.0/node-v18.12.0.pkg" - } - }, - "uninstall_name": "node*" - }, "node-v19.5.0": { "package_name": "node", "package_version": "19.5.0", "CVE": [], "urls": { - "macos": { - "amd64": "https://nodejs.org/dist/v19.5.0/node-v19.5.0.pkg", - "arm64v8": "https://nodejs.org/dist/v19.5.0/node-v19.5.0.pkg" - }, - "windows": { + "windows": { "amd64": "https://nodejs.org/dist/v19.5.0/win-x86/node.exe" } }, @@ -471,59 +404,12 @@ "package_version": "19.6.0", "CVE": [], "urls": { - "macos": { - "amd64": "https://nodejs.org/dist/v19.6.0/node-v19.6.0.pkg", - "arm64v8": "https://nodejs.org/dist/v19.6.0/node-v19.6.0.pkg" - }, "windows": { "amd64": "https://nodejs.org/dist/v19.6.0/win-x86/node.exe" } }, "uninstall_name": "node*" }, - "node-v20.0.0": { - "package_name": "node", - "package_version": "20.0.0", - "CVE": [ - "CVE-2022-21824" - ], - "urls": { - "macos": { - "amd64": "https://nodejs.org/dist/v20.0.0/node-v20.0.0.pkg", - "arm64v8": "https://nodejs.org/dist/v20.0.0/node-v20.0.0.pkg" - } - }, - "uninstall_name": "node*" - }, - "node-v20.1.0": { - "package_name": "node", - "package_version": "20.1.0", - "CVE": [ - "CVE-2023-44487", - "CVE-2023-39332", - "CVE-2023-39331", - "CVE-2023-38552", - "CVE-2023-32559", - "CVE-2023-32558", - "CVE-2023-32006", - "CVE-2023-32005", - "CVE-2023-32004", - "CVE-2023-32003", - "CVE-2023-32002", - "CVE-2023-30590", - "CVE-2023-30588", - "CVE-2023-30586", - "CVE-2023-30585", - "CVE-2023-30581" - ], - "urls": { - "macos": { - "amd64": "https://nodejs.org/dist/v20.1.0/node-v20.1.0.pkg", - "arm64v8": "https://nodejs.org/dist/v20.1.0/node-v20.1.0.pkg" - } - }, - "uninstall_name": "node*" - }, "node-v20.5.1": { "package_name": "node", "package_version": "20.5.1", @@ -626,9 +512,9 @@ "CVE-2023-22007", "CVE-2023-22028", "CVE-2021-2356", - "CVE-2022-21417", - "CVE-2022-21444", - "CVE-2023-21980", + "CVE-2022-21417", + "CVE-2022-21444", + "CVE-2023-21980", "CVE-2023-21977" ], "urls": { @@ -763,5 +649,125 @@ } }, "uninstall_name": "*openjdk*" - } + }, + "http-proxy-0.5.9": { + "package_name": "http-proxy", + "package_version": "0.5.9", + "CVE": [ + "CVE-2017-16014" + ], + "urls": { + "macos": { + "amd64": "http-proxy@0.5.9", + "arm64v8": "http-proxy@0.5.9" + } + }, + "uninstall_name": "*http-proxy*", + "use_npm": true + }, + "http-proxy-0.5.10": { + "package_name": "http-proxy", + "package_version": "0.5.10", + "CVE": [ + "CVE-2017-16014" + ], + "urls": { + "macos": { + "amd64": "http-proxy@0.5.10", + "arm64v8": "http-proxy@0.5.10" + } + }, + "uninstall_name": "*http-proxy*", + "use_npm": true + }, + "systeminformation-4.34.23": { + "package_name": "systeminformation", + "package_version": "4.34.23", + "CVE": [ + "CVE-2021-21388", + "CVE-2021-21315" + ], + "urls": { + "macos": { + "amd64": "systeminformation@4.34.23", + "arm64v8": "systeminformation@4.34.23" + } + }, + "uninstall_name": "*systeminformation*", + "use_npm": true + }, + "systeminformation-5.0.0": { + "package_name": "systeminformation", + "package_version": "5.0.0", + "CVE": [ + "CVE-2021-21388", + "CVE-2021-21315", + "CVE-2023-42810" + ], + "urls": { + "macos": { + "amd64": "systeminformation@5.0.0", + "arm64v8": "systeminformation@5.0.0" + } + }, + "uninstall_name": "*systeminformation*", + "use_npm": true + }, + "http-proxy-0.7.0": { + "package_name": "http-proxy", + "package_version": "0.7.0", + "CVE": [ + ], + "urls": { + "macos": { + "amd64": "http-proxy@0.7.0", + "arm64v8": "http-proxy@0.7.0" + } + }, + "uninstall_name": "*http-proxy*", + "use_npm": true + }, + "http-proxy-0.7.2": { + "package_name": "http-proxy", + "package_version": "0.7.2", + "CVE": [ + ], + "urls": { + "macos": { + "amd64": "http-proxy@0.7.2", + "arm64v8": "http-proxy@0.7.2" + } + }, + "uninstall_name": "*http-proxy*", + "use_npm": true + }, + "luxon-2.5.2": { + "package_name": "luxon", + "package_version": "2.5.2", + "CVE": [ + ], + "urls": { + "macos": { + "amd64": "luxon@2.5.2", + "arm64v8": "luxon@2.5.2" + } + }, + "uninstall_name": "*luxon*", + "use_npm": true + }, + "luxon-3.0.0": { + "package_name": "luxon", + "package_version": "3.0.0", + "CVE": [ + "CVE-2022-31129" + ], + "urls": { + "macos": { + "amd64": "luxon@3.0.0", + "arm64v8": "luxon@3.0.0" + } + }, + "uninstall_name": "*luxon*", + "use_npm": true + }, } diff --git a/tests/end_to_end/test_vulnerability_detector/cases/test_vulnerability.yaml b/tests/end_to_end/test_vulnerability_detector/cases/test_vulnerability.yaml index 90605a7ffb..c984259ab3 100644 --- a/tests/end_to_end/test_vulnerability_detector/cases/test_vulnerability.yaml +++ b/tests/end_to_end/test_vulnerability_detector/cases/test_vulnerability.yaml @@ -2,13 +2,13 @@ id: install_package description: | Installation of a vulnerable package - macos: - Used Package: Node 17.0.1 - PKG Format + macos: + Used Package: http-proxy 0.5.9 - npm Format CVES: - amd64: ["CVE-2022-21824", "CVE-2022-0778", "CVE-2021-44533", "CVE-2021-44532", "CVE-2021-44531", "CVE-2021-4044"], - arm64v8: ["CVE-2022-21824", "CVE-2022-0778", "CVE-2021-44533", "CVE-2021-44532", "CVE-2021-44531", "CVE-2021-4044"], + amd64: ["CVE-2017-16014"], + arm64v8: ["CVE-2017-16014"], windows: - Used Package: Node 17.0.1 - Exe Format + Used Package: Node 17.0.1 - Exe Format CVE: ["CVE-2022-21824", "CVE-2022-0778", "CVE-2021-44533", "CVE-2021-44532", "CVE-2021-44531", "CVE-2021-4044"], ubuntu: Used Package Mysql 5.5.20 - .deb Format @@ -32,20 +32,20 @@ windows: amd64: node-v17.0.1 macos: - amd64: node-v17.0.1 - arm64v8: node-v17.0.1 + amd64: http-proxy-0.5.9 + arm64v8: http-proxy-0.5.9 - case: Remove vulnerable package id: remove_package description: | Removal of a vulnerable package - macos: - Used Package: Node 17.0.1 - PKG Format + macos: + Used Package: http-proxy 0.5.9 - npm Format CVES Expected to mitigate: - ["CVE-2022-21824", "CVE-2022-0778", "CVE-2021-44533", "CVE-2021-44532", "CVE-2021-44531", "CVE-2021-4044"], + ["CVE-2017-16014"], windows: - Used Package: Node 17.0.1 - Exe Format + Used Package: Node 17.0.1 - Exe Format - CVES Expected to mitigate: + CVES Expected to mitigate: ["CVE-2022-21824", "CVE-2022-0778", "CVE-2021-44533", "CVE-2021-44532", "CVE-2021-44531", "CVE-2021-4044"], ubuntu: Used Package Mysql 5.5.20 - .deb Format @@ -71,19 +71,19 @@ windows: amd64: node-v17.0.1 macos: - amd64: node-v17.0.1 - arm64v8: node-v17.0.1 + amd64: http-proxy-0.5.9 + arm64v8: http-proxy-0.5.9 - case: 'Upgrade: Maintain Vulnerability' id: upgrade_package_maintain_vulnerability description: | Upgrade of a vulnerable package which maintain vulnerability - macos: - Used Package: Node 17.1.0 - PKG Format + macos: + Used Package: http-proxy 0.5.10 - npm Format CVES: - amd64: ["CVE-2022-21824", "CVE-2022-0778", "CVE-2021-44533", "CVE-2021-44532", "CVE-2021-44531", "CVE-2021-4044"], - arm64v8: ["CVE-2022-21824", "CVE-2022-0778", "CVE-2021-44533", "CVE-2021-44532", "CVE-2021-44531", "CVE-2021-4044"], + amd64: ["CVE-2017-16014"], + arm64v8: ["CVE-2017-16014"], windows: - Used Package: Node 17.1.0 - Exe Format + Used Package: Node 17.1.0 - Exe Format "CVE": ["CVE-2022-21824", "CVE-2022-0778", "CVE-2021-44533", "CVE-2021-44532", "CVE-2021-44531", "CVE-2021-4044"], ubuntu: Used Package Mysql 5.5.21 - .deb Format @@ -106,8 +106,8 @@ windows: amd64: node-v17.0.1 macos: - amd64: node-v17.0.1 - arm64v8: node-v17.0.1 + amd64: http-proxy-0.5.9 + arm64v8: http-proxy-0.5.9 body: tasks: - operation: update_package @@ -124,8 +124,8 @@ windows: amd64: node-v17.0.1 macos: - amd64: node-v17.0.1 - arm64v8: node-v17.0.1 + amd64: http-proxy-0.5.10 + arm64v8: http-proxy-0.5.10 to: centos: amd64: openjdk-1.7.0 @@ -134,18 +134,18 @@ windows: amd64: node-v17.1.0 macos: - amd64: node-v17.1.0 - arm64v8: node-v17.1.0 + amd64: http-proxy-0.5.10 + arm64v8: http-proxy-0.5.10 - case: 'Upgrade: New vulnerability ' id: upgrade_package_maintain_add_vulnerability description: | Upgrade of a vulnerable package which include a new vulnerability - macos: - Used Package: Node 18.11.0 - PKG Format - CVES: ["CVE-2023-38552", "CVE-2023-32559", "CVE-2023-32006", "CVE-2023-32002", "CVE-2023-30590", "CVE-2023-30588", "CVE-2023-30585", "CVE-2023-30581", "CVE-2023-23920", "CVE-2023-23919", "CVE-2023-23918", "CVE-2022-32222"], + macos: + Used Package: systeminformation 5.0.0 - npm Format + CVES: ["CVE-2021-21388", "CVE-2021-21315", "CVE-2023-42810"], windows: - Used Package: Node 18.0.0 - Exe Format + Used Package: Node 18.0.0 - Exe Format "CVE": ["CVE-2023-38552", "CVE-2023-32559", "CVE-2023-32006", "CVE-2023-32002", "CVE-2023-30590", "CVE-2023-30589", "CVE-2023-30588", "CVE-2023-30585", "CVE-2023-30581", "CVE-2023-23920", "CVE-2023-23919", "CVE-2023-23918", "CVE-2022-43548", "CVE-2022-35256", "CVE-2022-35255", "CVE-2022-32223", "CVE-2022-32222", "CVE-2022-32215", "CVE-2022-32214", "CVE-2022-32213", "CVE-2022-32212", "CVE-2022-3786", "CVE-2022-3602"], ubuntu: Used Package Mysql 5.5.19 - .deb Format @@ -170,8 +170,8 @@ windows: amd64: node-v17.1.0 macos: - amd64: node-v17.1.0 - arm64v8: node-v17.1.0 + amd64: systeminformation-4.34.23 + arm64v8: systeminformation-4.34.23 to: centos: amd64: openjdk-1.7.0 @@ -180,20 +180,20 @@ windows: amd64: node-v18.0.0 macos: - amd64: node-v18.11.0 - arm64v8: node-v18.11.0 - + amd64: systeminformation-5.0.0 + arm64v8: systeminformation-5.0.0 + - case: 'Upgrade: Maintain and new vulnerability ' id: upgrade_package_maintain_add_vulnerability description: > Upgrade of a vulnerable package which maintain vulnerabilities and include new ones - macos: - Used Package: Node 18.12.0 - PKG Format - "CVE": ["CVE-2023-44487", "CVE-2023-38552", "CVE-2023-32002", "CVE-2023-30590", "CVE-2023-30588", "CVE-2023-30585", "CVE-2023-23936", "CVE-2023-23920", "CVE-2023-23919", "CVE-2023-23918", "CVE-2022-43548", "CVE-2022-3786", "CVE-2022-3602"], + macos: + Used Package: systeminformation 5.0.0 - npm Format + "CVE": ["CVE-2021-21388", "CVE-2021-21315", "CVE-2023-42810"], windows: - Used Package: Node 18.1.0 - Exe Format + Used Package: Node 18.1.0 - Exe Format "CVE": ["CVE-2023-38552", "CVE-2023-32559", "CVE-2023-32006", "CVE-2023-32002", "CVE-2023-30590", "CVE-2023-30588", "CVE-2023-30585", "CVE-2023-30581", "CVE-2023-23920", "CVE-2023-23919", "CVE-2023-23918", "CVE-2022-43548", "CVE-2022-35256", "CVE-2022-35255", "CVE-2022-32222", "CVE-2022-32215", "CVE-2022-32214", "CVE-2022-32213", "CVE-2022-32212", "CVE-2022-3786", "CVE-2022-3602"], ubuntu: Used Package Mysql 5.5.19 - .deb Format @@ -218,8 +218,8 @@ windows: amd64: node-v18.0.0 macos: - amd64: node-v18.11.0 - arm64v8: node-v18.11.0 + amd64: systeminformation-4.34.23 + arm64v8: systeminformation-4.34.23 to: centos: amd64: openjdk-1.8.0 @@ -228,18 +228,18 @@ windows: amd64: node-v18.1.0 macos: - amd64: node-v18.12.0 - arm64v8: node-v18.12.0 - + amd64: systeminformation-5.0.0 + arm64v8: systeminformation-5.0.0 + - case: 'Upgrade: Cease vulnerability' id: upgrade_package_remove_vulnerability description: | Upgrade of a vulnerable which cease to be vulnerable - macos: - Used Package: Node 19.5.0 - PKG Format + macos: + Used Package: http-proxy 0.7.0 - npm Format "CVE": [], windows: - Used Package: Node 19.5.0 - Exe Format + Used Package: Node 19.5.0 - Exe Format "CVE": [], ubuntu: Used Package Grafana 9.4.17 - .deb Format @@ -266,8 +266,8 @@ windows: amd64: node-v18.1.0 macos: - amd64: node-v18.12.0 - arm64v8: node-v18.12.0 + amd64: http-proxy-0.5.10 + arm64v8: http-proxy-0.5.10 to: centos: amd64: grafana-9.4.17 @@ -278,18 +278,18 @@ windows: amd64: node-v19.5.0 macos: - amd64: node-v19.5.0 - arm64v8: node-v19.5.0 - + amd64: http-proxy-0.7.0 + arm64v8: http-proxy-0.7.0 + - case: 'Upgrade: Non vulnerable to non vulnerable' id: upgrade_package_nonvulnerable_to_nonvulnerable description: | Upgrade of a non vulnerable package to non vulnerable - macos: - Used Package: Node 19.5.0 - PKG Format + macos: + Used Package: http-proxy 0.7.2 - npm Format "CVE": [], windows: - Used Package: Node 19.5.0 - Exe Format + Used Package: Node 19.5.0 - Exe Format "CVE": [], ubuntu: Used Package Grafana 9.5.13 - .deb Format @@ -307,6 +307,9 @@ package: windows: amd64: node-v19.5.0 + macos: + amd64: http-proxy-0.7.0 + arm64v8: http-proxy-0.7.0 body: tasks: - operation: update_package @@ -325,8 +328,8 @@ windows: amd64: node-v19.5.0 macos: - amd64: node-v19.5.0 - arm64v8: node-v19.5.0 + amd64: http-proxy-0.7.0 + arm64v8: http-proxy-0.7.0 to: centos: amd64: grafana-9.5.13 @@ -337,18 +340,18 @@ windows: amd64: node-v19.6.0 macos: - amd64: node-v19.6.0 - arm64v8: node-v19.6.0 - + amd64: http-proxy-0.7.2 + arm64v8: http-proxy-0.7.2 + - case: 'Upgrade: Non vulnerable to vulnerable package' id: upgrade_package_nonvulnerable_to_vulnerable description: | Upgrade to non vulnerable package to vulnerable - macos: - Used Package: Node 20.0.0 - PKG Format - "CVE": ["CVE-2023-44487", "CVE-2023-39332", "CVE-2023-39331", "CVE-2023-38552", "CVE-2023-32559", "CVE-2023-32558", "CVE-2023-32006", "CVE-2023-32005", "CVE-2023-32004", "CVE-2023-32003", "CVE-2023-32002", "CVE-2023-30590", "CVE-2023-30588", "CVE-2023-30586", "CVE-2023-30585", "CVE-2023-30581"], + macos: + Used Package: luxon 3.0.0 - npm Format + "CVE": ["CVE-2022-31129"], windows: - Used Package: Node 20.5.1 - Exe Format + Used Package: Node 20.5.1 - Exe Format "CVE": ["CVE-2023-44487", "CVE-2023-39332", "CVE-2023-39331", "CVE-2023-38552"], ubuntu: Used Package Grafana 9.5.13 - .deb Format @@ -374,8 +377,8 @@ windows: amd64: node-v19.6.0 macos: - amd64: node-v19.6.0 - arm64v8: node-v19.6.0 + amd64: luxon-2.5.2 + arm64v8: luxon-2.5.2 to: centos: amd64: firefox-91.13.0 @@ -385,18 +388,18 @@ windows: amd64: node-v20.5.1 macos: - amd64: node-v20.0.0 - arm64v8: node-v20.0.0 - + amd64: luxon-3.0.0 + arm64v8: luxon-3.0.0 + - case: Installation of a non vulnerable package id: install_package_non_vulnerable description: | Installation of a non vulnerable package - macos: - Used Package: Node 19.5.0 - PKG Format + macos: + Used Package: http-proxy 0.7.0 - npm Format "CVE": [], windows: - Used Package: Node 19.5.0 - Exe Format + Used Package: Node 19.5.0 - Exe Format "CVE": [], ubuntu: Used Package Grafana 9.5.13 - .deb Format @@ -422,17 +425,17 @@ windows: amd64: node-v19.5.0 macos: - amd64: node-v19.6.0 - arm64v8: node-v19.6.0 + amd64: http-proxy-0.7.0 + arm64v8: http-proxy-0.7.0 - case: 'Remove: Non vulnerable package' id: remove_non_vulnerable_packge description: | Removal of a non vulnerable package - macos: - Used Package: Node 19.5.0 - PKG Format + macos: + Used Package: http-proxy 0.7.0 - npm Format "CVE": [], windows: - Used Package: Node 19.5.0 - Exe Format + Used Package: Node 19.5.0 - Exe Format "CVE": [], ubuntu: Used Package Grafana 9.5.13 - .deb Format @@ -457,7 +460,5 @@ windows: amd64: node-v19.5.0 macos: - amd64: node-v19.6.0 - arm64v8: node-v19.6.0 - - + amd64: http-proxy-0.7.0 + arm64v8: http-proxy-0.7.0 From 9b5774a85beb0af21f5a6ce3740509fd85712d79 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Santiago=20Padilla=20=C3=81lvarez?= Date: Tue, 2 Apr 2024 17:20:38 +0200 Subject: [PATCH 064/115] else correction --- deps/wazuh_testing/wazuh_testing/tools/system.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deps/wazuh_testing/wazuh_testing/tools/system.py b/deps/wazuh_testing/wazuh_testing/tools/system.py index 4c4b207ba2..5ebdd82fc9 100644 --- a/deps/wazuh_testing/wazuh_testing/tools/system.py +++ b/deps/wazuh_testing/wazuh_testing/tools/system.py @@ -691,7 +691,7 @@ def remove_npm_package(self, host, system, package_uninstall_name=None, custom_u if custom_uninstall_playbook: remove_operation_result = self.run_playbook(host, custom_uninstall_playbook) - else package_uninstall_name: + else: # Define the npm uninstall command cmd = f"npm uninstall -g {package_uninstall_name}" From eea576b2737cb1afb0a13b8dd09801781e6defaf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Juan=20Marcos=20S=C3=A1nchez=20Delgado?= <101177239+MARCOSD4@users.noreply.github.com> Date: Wed, 3 Apr 2024 09:54:53 +0200 Subject: [PATCH 065/115] fix: fix space in changelog MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Julia Magán <80041853+juliamagan@users.noreply.github.com> --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index b41b010fa9..8719a99c5c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -49,7 +49,7 @@ All notable changes to this project will be documented in this file. ### Fixed -- Fix Vulnerability Detector E2E tests by adding description to all tests([#5151](https://github.com/wazuh/wazuh-qa/pull/5151)) \- (Tests) +- Fix Vulnerability Detector E2E tests by adding description to all tests ([#5151](https://github.com/wazuh/wazuh-qa/pull/5151)) \- (Tests) - Fix remote_operations_handler functions to Vulnerability Detector E2E tests ([#5155](https://github.com/wazuh/wazuh-qa/pull/5155)) \- (Framework) - Fix test_shutdown_message system test ([#5087](https://github.com/wazuh/wazuh-qa/pull/5087)) \- (Tests) - Include timeout to test_authd system tests ([#5083](https://github.com/wazuh/wazuh-qa/pull/5083)) \- (Tests) From e2d413bbfc76b9e7f4e1a1f93d8c1e991a44980f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?V=C3=ADctor=20Rebollo=20P=C3=A9rez?= Date: Wed, 3 Apr 2024 09:42:31 +0100 Subject: [PATCH 066/115] fix: restore setup env fixture --- .../test_agent_enrollment/test_agent_enrollment.py | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) diff --git a/tests/system/test_cluster/test_agent_enrollment/test_agent_enrollment.py b/tests/system/test_cluster/test_agent_enrollment/test_agent_enrollment.py index b97350ceb6..3196d1499f 100644 --- a/tests/system/test_cluster/test_agent_enrollment/test_agent_enrollment.py +++ b/tests/system/test_cluster/test_agent_enrollment/test_agent_enrollment.py @@ -26,12 +26,6 @@ # Remove the agent once the test has finished @pytest.fixture(scope='module') def setup_environment(): - host_manager.control_service(host='wazuh-agent1', service='wazuh', state="stopped") - agent_id = host_manager.run_command('wazuh-master', f'cut -c 1-3 {WAZUH_PATH}/etc/client.keys') - host_manager.get_host('wazuh-master').ansible("command", f'{WAZUH_PATH}/bin/manage_agents -r {agent_id}', - check=False) - host_manager.clear_file(host='wazuh-agent1', file_path=os.path.join(WAZUH_PATH, 'etc', 'client.keys')) - host_manager.clear_file(host='wazuh-agent1', file_path=os.path.join(WAZUH_LOGS_PATH, 'ossec.log')) yield @@ -48,6 +42,7 @@ def setup_environment(): def test_agent_enrollment(setup_environment): """Check agent enrollment process works as expected. An agent pointing to a worker should be able to register itself into the master by starting Wazuh-agent process.""" + # Clean ossec.log and cluster.log host_manager.clear_file(host='wazuh-master', file_path=os.path.join(WAZUH_LOGS_PATH, 'ossec.log')) host_manager.clear_file(host='wazuh-worker1', file_path=os.path.join(WAZUH_LOGS_PATH, 'ossec.log')) @@ -57,7 +52,7 @@ def test_agent_enrollment(setup_environment): # Start the agent enrollment process by restarting the wazuh-agent host_manager.control_service(host='wazuh-master', service='wazuh', state="restarted") host_manager.control_service(host='wazuh-worker1', service='wazuh', state="restarted") - host_manager.get_host('wazuh-agent1').ansible('command', f'service wazuh-agent restart', check=False) + host_manager.control_service(host='wazuh-agent1', service='wazuh', state="restarted") # Run the callback checks for the ossec.log and the cluster.log HostMonitor(inventory_path=inventory_path, From f45a1a2acd377fd06055c210d3794152f980d007 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?V=C3=ADctor=20Rebollo=20P=C3=A9rez?= Date: Wed, 3 Apr 2024 10:13:49 +0100 Subject: [PATCH 067/115] docs: include 5134 changelog --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index d904188361..d99f9035eb 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -49,6 +49,7 @@ All notable changes to this project will be documented in this file. ### Fixed +- Fix enrollment cluster system testS ([#5134](https://github.com/wazuh/wazuh-qa/pull/5134/)) \- (Tests) - Fix test_shutdown_message system test ([#5087](https://github.com/wazuh/wazuh-qa/pull/5087)) \- (Tests) - Include timeout to test_authd system tests ([#5083](https://github.com/wazuh/wazuh-qa/pull/5083)) \- (Tests) - Fix Vulnerability Detection mismatch in scans ([#5053](https://github.com/wazuh/wazuh-qa/pull/5053)) \- (Tests) From a7847b256c7e5ab99b45a96be0a33f7ae7053b51 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?V=C3=ADctor=20Rebollo=20P=C3=A9rez?= Date: Wed, 3 Apr 2024 10:14:29 +0100 Subject: [PATCH 068/115] refac: remove redundant commentaries --- .../test_cluster/test_agent_groups/test_group_sync_status.py | 2 -- 1 file changed, 2 deletions(-) diff --git a/tests/system/test_cluster/test_agent_groups/test_group_sync_status.py b/tests/system/test_cluster/test_agent_groups/test_group_sync_status.py index 0a0b4f50e3..07878fb677 100644 --- a/tests/system/test_cluster/test_agent_groups/test_group_sync_status.py +++ b/tests/system/test_cluster/test_agent_groups/test_group_sync_status.py @@ -150,12 +150,10 @@ def test_group_sync_status(metadata, target_node, clean_environment, group_creat # Check each 0.10 seconds/10 seconds sync_status for _ in range(T_10): - # Retrieve status information once to avoid redundant calls status_info = json.loads(execute_wdb_query(query, test_infra_hosts[0], host_manager))[1:3] agent1_status = status_info[0]['group_sync_status'] agent2_status = status_info[1]['group_sync_status'] - # Determine the logic based on metadata['agent_in_group'] if metadata['agent_in_group'] == 'agent1': if agent1_status == 'syncreq' and agent2_status == 'synced': first_time_check = "syncreq" From f1194589a5f32f44d9d944141d20e4479790c51e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?V=C3=ADctor=20Rebollo=20P=C3=A9rez?= Date: Wed, 3 Apr 2024 10:14:44 +0100 Subject: [PATCH 069/115] refac: move timeout to global variable --- .../test_cluster/test_agent_groups/test_remove_group.py | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/tests/system/test_cluster/test_agent_groups/test_remove_group.py b/tests/system/test_cluster/test_agent_groups/test_remove_group.py index 104e6becb7..44b8188107 100644 --- a/tests/system/test_cluster/test_agent_groups/test_remove_group.py +++ b/tests/system/test_cluster/test_agent_groups/test_remove_group.py @@ -29,7 +29,7 @@ # Variables t1_configuration_parameters, t1_configuration_metadata, t1_case_ids = get_test_cases_data(t1_cases_path) queries = ['sql select `group` from agent;', 'sql select name from `group`;', 'sql select id_group from belongs;'] - +TIMEOUT_GET_GROUPS_ID = 3 # Fixtures @pytest.fixture() @@ -100,7 +100,6 @@ def test_remove_group(metadata, group, target_node, pre_configured_groups, clean ''' # Get group IDs group_ids = {} - timeout_get_groups_id = 3 for manager in test_infra_managers: group_ids[manager] = str(get_group_id(group, manager, host_manager)) @@ -113,7 +112,7 @@ def test_remove_group(metadata, group, target_node, pre_configured_groups, clean messages_path=messages_path, tmp_path=tmp_path).run(update_position=True) - sleep(timeout_get_groups_id) + sleep(TIMEOUT_GET_GROUPS_ID) for manager in test_infra_managers: group_ids[manager] = str(get_group_id(group, manager, host_manager)) From ced84eab984347a68f64bed90a2e1bc9a58484d0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?V=C3=ADctor=20Rebollo=20P=C3=A9rez?= Date: Wed, 3 Apr 2024 10:23:41 +0100 Subject: [PATCH 070/115] docs: fix typo --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index d99f9035eb..83c1997024 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -49,7 +49,7 @@ All notable changes to this project will be documented in this file. ### Fixed -- Fix enrollment cluster system testS ([#5134](https://github.com/wazuh/wazuh-qa/pull/5134/)) \- (Tests) +- Fix enrollment cluster system tests ([#5134](https://github.com/wazuh/wazuh-qa/pull/5134/)) \- (Tests) - Fix test_shutdown_message system test ([#5087](https://github.com/wazuh/wazuh-qa/pull/5087)) \- (Tests) - Include timeout to test_authd system tests ([#5083](https://github.com/wazuh/wazuh-qa/pull/5083)) \- (Tests) - Fix Vulnerability Detection mismatch in scans ([#5053](https://github.com/wazuh/wazuh-qa/pull/5053)) \- (Tests) From 0f098db962a82f2710afce9dccb0951ae272e66d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?V=C3=ADctor=20Rebollo=20P=C3=A9rez?= Date: Wed, 3 Apr 2024 10:39:40 +0100 Subject: [PATCH 071/115] fix: remove start agent in setup yield --- .../test_cluster/test_agent_enrollment/test_agent_enrollment.py | 1 - 1 file changed, 1 deletion(-) diff --git a/tests/system/test_cluster/test_agent_enrollment/test_agent_enrollment.py b/tests/system/test_cluster/test_agent_enrollment/test_agent_enrollment.py index 3196d1499f..65016c2ea2 100644 --- a/tests/system/test_cluster/test_agent_enrollment/test_agent_enrollment.py +++ b/tests/system/test_cluster/test_agent_enrollment/test_agent_enrollment.py @@ -35,7 +35,6 @@ def setup_environment(): check=False) host_manager.clear_file(host='wazuh-agent1', file_path=os.path.join(WAZUH_PATH, 'etc', 'client.keys')) host_manager.clear_file(host='wazuh-agent1', file_path=os.path.join(WAZUH_LOGS_PATH, 'ossec.log')) - host_manager.control_service(host='wazuh-agent1', service='wazuh', state="start") From ba4854b425a99614faca812dd902b2b2a8ed15bc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?V=C3=ADctor=20Rebollo=20P=C3=A9rez?= Date: Wed, 3 Apr 2024 11:06:09 +0100 Subject: [PATCH 072/115] style: rename fixture --- .../test_agent_enrollment/test_agent_enrollment.py | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/tests/system/test_cluster/test_agent_enrollment/test_agent_enrollment.py b/tests/system/test_cluster/test_agent_enrollment/test_agent_enrollment.py index 65016c2ea2..1126656086 100644 --- a/tests/system/test_cluster/test_agent_enrollment/test_agent_enrollment.py +++ b/tests/system/test_cluster/test_agent_enrollment/test_agent_enrollment.py @@ -25,7 +25,7 @@ # Remove the agent once the test has finished @pytest.fixture(scope='module') -def setup_environment(): +def clean_environment(): yield @@ -37,8 +37,7 @@ def setup_environment(): host_manager.clear_file(host='wazuh-agent1', file_path=os.path.join(WAZUH_LOGS_PATH, 'ossec.log')) - -def test_agent_enrollment(setup_environment): +def test_agent_enrollment(clean_environment): """Check agent enrollment process works as expected. An agent pointing to a worker should be able to register itself into the master by starting Wazuh-agent process.""" From e293cb4e3fb9f94430842425ea83cc2d06f1e205 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?V=C3=ADctor=20Rebollo=20P=C3=A9rez?= Date: Wed, 3 Apr 2024 11:06:44 +0100 Subject: [PATCH 073/115] style: remove extra white space --- .../test_cluster/test_agent_enrollment/test_agent_enrollment.py | 1 - 1 file changed, 1 deletion(-) diff --git a/tests/system/test_cluster/test_agent_enrollment/test_agent_enrollment.py b/tests/system/test_cluster/test_agent_enrollment/test_agent_enrollment.py index 1126656086..7fc9b2b1bf 100644 --- a/tests/system/test_cluster/test_agent_enrollment/test_agent_enrollment.py +++ b/tests/system/test_cluster/test_agent_enrollment/test_agent_enrollment.py @@ -40,7 +40,6 @@ def clean_environment(): def test_agent_enrollment(clean_environment): """Check agent enrollment process works as expected. An agent pointing to a worker should be able to register itself into the master by starting Wazuh-agent process.""" - # Clean ossec.log and cluster.log host_manager.clear_file(host='wazuh-master', file_path=os.path.join(WAZUH_LOGS_PATH, 'ossec.log')) host_manager.clear_file(host='wazuh-worker1', file_path=os.path.join(WAZUH_LOGS_PATH, 'ossec.log')) From 5a6eba739cba5d46adba281498615092e23ac08c Mon Sep 17 00:00:00 2001 From: Julia Date: Wed, 3 Apr 2024 17:08:00 +0200 Subject: [PATCH 074/115] docs: update changelog --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 43f09deb9b..777b75c591 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -49,6 +49,7 @@ All notable changes to this project will be documented in this file. ### Fixed +- Fix timestamps alerts and logs filter ([#5157](https://github.com/wazuh/wazuh-qa/pull/5157)) \- (Framework + Tests) - Fix remote_operations_handler functions to Vulnerability Detector E2E tests ([#5155](https://github.com/wazuh/wazuh-qa/pull/5155)) \- (Framework) - Fix test_shutdown_message system test ([#5087](https://github.com/wazuh/wazuh-qa/pull/5087)) \- (Tests) - Include timeout to test_authd system tests ([#5083](https://github.com/wazuh/wazuh-qa/pull/5083)) \- (Tests) From fbdadb205fe44654a0674dfa3fb0f19551c7d57b Mon Sep 17 00:00:00 2001 From: Julia Date: Wed, 3 Apr 2024 17:10:39 +0200 Subject: [PATCH 075/115] fix: fix conditions --- .../wazuh_testing/end_to_end/vulnerability_detector.py | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/deps/wazuh_testing/wazuh_testing/end_to_end/vulnerability_detector.py b/deps/wazuh_testing/wazuh_testing/end_to_end/vulnerability_detector.py index 389b324820..bb2a86025b 100644 --- a/deps/wazuh_testing/wazuh_testing/end_to_end/vulnerability_detector.py +++ b/deps/wazuh_testing/wazuh_testing/end_to_end/vulnerability_detector.py @@ -310,9 +310,11 @@ def get_vulnerabilities_from_states(vulnerabilities_states: List) -> List: package_version=(state_vulnerability['_source']['package']['version'] if 'package' in state_vulnerability['_source'] else None), type=(state_vulnerability['_source']['package']['type'] - if 'type' in state_vulnerability['_source']['vulnerability'] else None), + if 'package' in state_vulnerability['_source'] + and 'type' in state_vulnerability['_source']['package'] else None), architecture=(state_vulnerability['_source']['package']['architecture'] - if 'architecture' in state_vulnerability['_source']['vulnerability'] else None) + if 'package' in state_vulnerability['_source'] + and 'architecture' in state_vulnerability['_source']['package'] else None) ) vulnerabilities.append(vulnerability) except KeyError: From e4802a8b5b2bca74799361479838609ffc2b197d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Santiago=20Padilla=20=C3=81lvarez?= Date: Wed, 3 Apr 2024 17:11:06 +0200 Subject: [PATCH 076/115] space correction --- .../wazuh_testing/tools/system.py | 122 +++++++++--------- 1 file changed, 61 insertions(+), 61 deletions(-) diff --git a/deps/wazuh_testing/wazuh_testing/tools/system.py b/deps/wazuh_testing/wazuh_testing/tools/system.py index 5ebdd82fc9..9526696fe6 100644 --- a/deps/wazuh_testing/wazuh_testing/tools/system.py +++ b/deps/wazuh_testing/wazuh_testing/tools/system.py @@ -243,6 +243,7 @@ def get_file_content(self, host: str, file_path: str): return result['stdout'] + def apply_config(self, config_yml_path: str, dest_path: str = WAZUH_CONF, clear_files: list = None, restart_services: list = None): """Apply the configuration described in the config_yml_path to the environment. @@ -483,7 +484,6 @@ def install_package(self, host, url, system='ubuntu', use_npm=False): # To install a package via npm: host_manager.install_package('my_host', 'package_name', 'system_name', use_npm=True) """ - if use_npm: # Define the npm install command cmd = f"npm install -g {url}" @@ -514,7 +514,7 @@ def install_package(self, host, url, system='ubuntu', use_npm=False): result = True elif system == 'centos': result = self.get_host(host).ansible("yum", f"name={url} state=present " - 'sslverify=false disable_gpg_check=True', check=False) + 'sslverify=false disable_gpg_check=True', check=False) elif system == 'macos': package_name = url.split('/')[-1] result = self.get_host(host).ansible("command", f"curl -LO {url}", check=False) @@ -525,39 +525,39 @@ def install_package(self, host, url, system='ubuntu', use_npm=False): return result -def install_npm_package(self, host, url, system='ubuntu'): - """ - Installs a package on the specified host using npm. + def install_npm_package(self, host, url, system='ubuntu'): + """ + Installs a package on the specified host using npm. - Args: - host (str): The target host on which to install the package. - url (str): The URL or name of the package to be installed. - system (str, optional): The operating system type. Defaults to 'ubuntu'. - Supported values: 'windows', 'ubuntu', 'centos', 'macos'. + Args: + host (str): The target host on which to install the package. + url (str): The URL or name of the package to be installed. + system (str, optional): The operating system type. Defaults to 'ubuntu'. + Supported values: 'windows', 'ubuntu', 'centos', 'macos'. - Returns: - Dict: Testinfra Ansible Response of the operation + Returns: + Dict: Testinfra Ansible Response of the operation - Example: - host_manager.install_package('my_host', 'package_name', 'system_name') - """ + Example: + host_manager.install_package('my_host', 'package_name', 'system_name') + """ - # Define the npm install command - cmd = f"npm install -g {url}" + # Define the npm install command + cmd = f"npm install -g {url}" - if system == 'macos': - cmd = f"PATH=/usr/local/bin:$PATH {cmd}" - shell_type = "shell" - elif system == 'windows': - shell_type = "win_shell" - else: - shell_type = "shell" + if system == 'macos': + cmd = f"PATH=/usr/local/bin:$PATH {cmd}" + shell_type = "shell" + elif system == 'windows': + shell_type = "win_shell" + else: + shell_type = "shell" - # Execute the command and log the result - result = self.get_host(host).ansible(shell_type, cmd, check=False) - logging.info(f"npm package installed result {result}") + # Execute the command and log the result + result = self.get_host(host).ansible(shell_type, cmd, check=False) + logging.info(f"npm package installed result {result}") - return result + return result def get_master_ip(self): """ @@ -666,48 +666,48 @@ def remove_package(self, host, system, package_uninstall_name=None, use_npm=Fals return remove_operation_result -def remove_npm_package(self, host, system, package_uninstall_name=None, custom_uninstall_playbook=None): - """ - Removes a package from the specified host using npm. - - Args: - host (str): The target host from which to remove the package. - package_name (str): The name of the package to be removed. - system (str): The operating system type. - Supported values: 'windows', 'ubuntu', 'centos', 'macos'. + def remove_npm_package(self, host, system, package_uninstall_name=None, custom_uninstall_playbook=None): + """ + Removes a package from the specified host using npm. - Returns: - Dict: Testinfra Ansible Response of the operation + Args: + host (str): The target host from which to remove the package. + package_name (str): The name of the package to be removed. + system (str): The operating system type. + Supported values: 'windows', 'ubuntu', 'centos', 'macos'. - Example: - host_manager.remove_npm_package('my_host', 'system_name', 'package_name') - """ - logging.info(f"Removing package {package_uninstall_name} from host {host}") - logging.info(f"System: {system}") + Returns: + Dict: Testinfra Ansible Response of the operation - remove_operation_result = False + Example: + host_manager.remove_npm_package('my_host', 'system_name', 'package_name') + """ + logging.info(f"Removing package {package_uninstall_name} from host {host}") + logging.info(f"System: {system}") - os_name = self.get_host_variables(host)['os_name'] + remove_operation_result = False - if custom_uninstall_playbook: - remove_operation_result = self.run_playbook(host, custom_uninstall_playbook) - else: - # Define the npm uninstall command - cmd = f"npm uninstall -g {package_uninstall_name}" + os_name = self.get_host_variables(host)['os_name'] - if system == 'macos': - cmd = f"PATH=/usr/local/bin:$PATH {cmd}" - shell_type = "shell" - elif system == 'windows': - shell_type = "win_shell" + if custom_uninstall_playbook: + remove_operation_result = self.run_playbook(host, custom_uninstall_playbook) else: - shell_type = "shell" + # Define the npm uninstall command + cmd = f"npm uninstall -g {package_uninstall_name}" - # Execute the command and log the result - remove_operation_result = self.get_host(host).ansible(shell_type, cmd, check=False) - logging.info(f"npm package removed result {remove_operation_result}") + if system == 'macos': + cmd = f"PATH=/usr/local/bin:$PATH {cmd}" + shell_type = "shell" + elif system == 'windows': + shell_type = "win_shell" + else: + shell_type = "shell" - return remove_operation_result + # Execute the command and log the result + remove_operation_result = self.get_host(host).ansible(shell_type, cmd, check=False) + logging.info(f"npm package removed result {remove_operation_result}") + + return remove_operation_result def run_playbook(self, host, playbook_name, params=None): """ From bd4ff989a5b92086939cf7de00988780b3b3db91 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Santiago=20Padilla=20=C3=81lvarez?= Date: Wed, 3 Apr 2024 17:17:16 +0200 Subject: [PATCH 077/115] update changelog --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 5083ebf02f..fc963f0886 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -21,6 +21,7 @@ All notable changes to this project will be documented in this file. ### Changed +- Changes macOS packages with new ones that generate vulnerabilities ([#5174](https://github.com/wazuh/wazuh-qa/pull/5174)) \- (Tests) - Update Packages in TestScanSyscollectorCases ([#4997](https://github.com/wazuh/wazuh-qa/pull/4997)) \- (Framework + Tests) - Reduced test_shutdown_message runtime ([#4986](https://github.com/wazuh/wazuh-qa/pull/4986)) \- (Tests) - Change e2e vd configuration keystore ([#4952](https://github.com/wazuh/wazuh-qa/pull/4952)) \- (Framework) From bbacb75c8581a9fc0427ee9ef6321d6cde870e17 Mon Sep 17 00:00:00 2001 From: Julia Date: Wed, 3 Apr 2024 17:59:19 +0200 Subject: [PATCH 078/115] fix: fix condition for package name and version --- .../wazuh_testing/end_to_end/vulnerability_detector.py | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/deps/wazuh_testing/wazuh_testing/end_to_end/vulnerability_detector.py b/deps/wazuh_testing/wazuh_testing/end_to_end/vulnerability_detector.py index bb2a86025b..e2c6dd1efb 100644 --- a/deps/wazuh_testing/wazuh_testing/end_to_end/vulnerability_detector.py +++ b/deps/wazuh_testing/wazuh_testing/end_to_end/vulnerability_detector.py @@ -306,9 +306,11 @@ def get_vulnerabilities_from_states(vulnerabilities_states: List) -> List: vulnerability = Vulnerability( cve=state_vulnerability['_source']['vulnerability']['id'], package_name=(state_vulnerability['_source']['package']['name'] - if 'package' in state_vulnerability['_source'] else None), + if 'package' in state_vulnerability['_source'] + and 'name' in state_vulnerability['_source']['package'] else None), package_version=(state_vulnerability['_source']['package']['version'] - if 'package' in state_vulnerability['_source'] else None), + if 'package' in state_vulnerability['_source'] + and 'version' in state_vulnerability['_source']['package'] else None), type=(state_vulnerability['_source']['package']['type'] if 'package' in state_vulnerability['_source'] and 'type' in state_vulnerability['_source']['package'] else None), From 1623db4b24d4cbf3b276cfb1a40cf04763f801e2 Mon Sep 17 00:00:00 2001 From: Julia Date: Thu, 4 Apr 2024 10:13:13 +0200 Subject: [PATCH 079/115] feat: add fixture to modify macos timezone --- .../test_vulnerability_detector/conftest.py | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/tests/end_to_end/test_vulnerability_detector/conftest.py b/tests/end_to_end/test_vulnerability_detector/conftest.py index 646ae67040..f7f7adff14 100644 --- a/tests/end_to_end/test_vulnerability_detector/conftest.py +++ b/tests/end_to_end/test_vulnerability_detector/conftest.py @@ -399,3 +399,14 @@ def pytest_html_results_summary(prefix, summary, postfix): def pytest_configure(config): if not config.option.css: config.option.css = [STYLE_PATH] + + +@pytest.fixture(scope="session", autouse=True) +def modify_timezone(request): + inventory_path = request.config.getoption('--inventory-path') + host_manager = HostManager(inventory_path) + hosts = host_manager.get_group_hosts('agent') + + for host in hosts: + if host_manager.get_host_variables(host)['os'] and 'macos' in host_manager.get_host_variables(host)['os']: + host_manager.run_command(host, 'systemsetup -settimezone GMT') From 5e8d1ea6fd55b3a1eff7025f78792f165417073d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Santiago=20Padilla=20=C3=81lvarez?= Date: Thu, 4 Apr 2024 12:22:21 +0200 Subject: [PATCH 080/115] modification of npm methods --- .../end_to_end/remote_operations_handler.py | 16 +-- .../wazuh_testing/tools/system.py | 118 ++++++------------ 2 files changed, 48 insertions(+), 86 deletions(-) diff --git a/deps/wazuh_testing/wazuh_testing/end_to_end/remote_operations_handler.py b/deps/wazuh_testing/wazuh_testing/end_to_end/remote_operations_handler.py index fdf7228783..24ee82368a 100644 --- a/deps/wazuh_testing/wazuh_testing/end_to_end/remote_operations_handler.py +++ b/deps/wazuh_testing/wazuh_testing/end_to_end/remote_operations_handler.py @@ -167,7 +167,7 @@ def install_package(host: str, operation_data: Dict[str, Dict], host_manager: Ho try: if host_os_arch in install_package_data[host_os_name]: package_id = install_package_data[host_os_name][host_os_arch] - + package_data = load_packages_metadata()[package_id] package_url = package_data['urls'][host_os_name][host_os_arch] @@ -181,7 +181,7 @@ def install_package(host: str, operation_data: Dict[str, Dict], host_manager: Ho if use_npm: host_manager.install_npm_package(host, package_url, system) else: - host_manager.install_package(host, package_url, system, use_npm=use_npm) + host_manager.install_package(host, package_url, system) logging.info(f"Package {package_url} installed on {host}") @@ -199,10 +199,10 @@ def install_package(host: str, operation_data: Dict[str, Dict], host_manager: Ho check_vulnerability_alerts(results, operation_data['check'], current_datetime, host_manager, host, package_data, operation='install') - + else: logging.error(f"Error: Package for {host_os_name} and {host_os_arch} not found") - + except Exception as e: logging.critical(f"Error searching package: {e}") @@ -266,7 +266,7 @@ def remove_package(host: str, operation_data: Dict[str, Dict], host_manager: Hos if use_npm: host_manager.remove_npm_package(host, system, package_uninstall_name=uninstall_name) else: - host_manager.remove_package(host, system, package_uninstall_name=uninstall_name, use_npm=use_npm) + host_manager.remove_package(host, system, package_uninstall_name=uninstall_name) elif 'uninstall_custom_playbook' in package_data: host_manager.remove_package(host, system, custom_uninstall_playbook=package_data['uninstall_custom_playbook']) @@ -343,7 +343,7 @@ def update_package(host: str, operation_data: Dict[str, Dict], host_manager: Hos try: if host_os_arch in install_package_data_to[host_os_name]: package_id_to = install_package_data_to[host_os_name][host_os_arch] - + package_data_from = load_packages_metadata()[package_id_from] package_data_to = load_packages_metadata()[package_id_to] @@ -359,7 +359,7 @@ def update_package(host: str, operation_data: Dict[str, Dict], host_manager: Hos if use_npm: host_manager.install_npm_package(host, package_url_to, system) else: - host_manager.install_package(host, package_url_to, system, use_npm=use_npm) + host_manager.install_package(host, package_url_to, system) logging.info(f"Package {package_url_to} installed on {host}") @@ -374,7 +374,7 @@ def update_package(host: str, operation_data: Dict[str, Dict], host_manager: Hos check_vulnerability_alerts(results, operation_data['check'], current_datetime, host_manager, host, {'from': package_data_from, 'to': package_data_to}, operation='update') - + else: logging.error(f"Error: Package for {host_os_name} and {host_os_arch} not found") diff --git a/deps/wazuh_testing/wazuh_testing/tools/system.py b/deps/wazuh_testing/wazuh_testing/tools/system.py index 9526696fe6..7b6b88dc0f 100644 --- a/deps/wazuh_testing/wazuh_testing/tools/system.py +++ b/deps/wazuh_testing/wazuh_testing/tools/system.py @@ -465,7 +465,7 @@ def download_file(self, host, url, dest_path, mode='755'): return result - def install_package(self, host, url, system='ubuntu', use_npm=False): + def install_package(self, host, url, system='ubuntu'): """ Installs a package on the specified host. @@ -474,54 +474,35 @@ def install_package(self, host, url, system='ubuntu', use_npm=False): url (str): The URL or name of the package to be installed. system (str, optional): The operating system type. Defaults to 'ubuntu'. Supported values: 'windows', 'ubuntu', 'centos'. - use_npm (bool): Determinates whether to use npm for the installation. Returns: Dict: Testinfra Ansible Response of the operation Example: host_manager.install_package('my_host', 'http://example.com/package.deb', system='ubuntu') - # To install a package via npm: - host_manager.install_package('my_host', 'package_name', 'system_name', use_npm=True) """ - if use_npm: - # Define the npm install command - cmd = f"npm install -g {url}" + result = False + extension = '.msi' - if system == 'macos': - cmd = f"PATH=/usr/local/bin:$PATH {cmd}" - shell_type = "shell" - elif system == 'windows': - shell_type = "win_shell" + if system == 'windows': + if url.lower().endswith(extension): + result = self.get_host(host).ansible("win_package", f"path={url} arguments=/passive", check=False) else: - shell_type = "shell" - - # Execute the command and log the result - result = self.get_host(host).ansible(shell_type, cmd, check=False) - logging.info(f"npm package installed result {result}") - else: - result = False - extension = '.msi' - - if system == 'windows': - if url.lower().endswith(extension): - result = self.get_host(host).ansible("win_package", f"path={url} arguments=/passive", check=False) - else: - result = self.get_host(host).ansible("win_package", f"path={url} arguments=/S", check=False) - elif system == 'ubuntu': - result = self.get_host(host).ansible("apt", f"deb={url}", check=False) - if result['changed'] and result['stderr'] == '': - result = True - elif system == 'centos': - result = self.get_host(host).ansible("yum", f"name={url} state=present " + result = self.get_host(host).ansible("win_package", f"path={url} arguments=/S", check=False) + elif system == 'ubuntu': + result = self.get_host(host).ansible("apt", f"deb={url}", check=False) + if result['changed'] and result['stderr'] == '': + result = True + elif system == 'centos': + result = self.get_host(host).ansible("yum", f"name={url} state=present " 'sslverify=false disable_gpg_check=True', check=False) - elif system == 'macos': - package_name = url.split('/')[-1] - result = self.get_host(host).ansible("command", f"curl -LO {url}", check=False) - cmd = f"installer -pkg {package_name} -target /" - result = self.get_host(host).ansible("command", cmd, check=False) + elif system == 'macos': + package_name = url.split('/')[-1] + result = self.get_host(host).ansible("command", f"curl -LO {url}", check=False) + cmd = f"installer -pkg {package_name} -target /" + result = self.get_host(host).ansible("command", cmd, check=False) - logging.info(f"Package installed result {result}") + logging.info(f"Package installed result {result}") return result @@ -598,7 +579,7 @@ def get_master(self): return master_node - def remove_package(self, host, system, package_uninstall_name=None, use_npm=False, custom_uninstall_playbook=None): + def remove_package(self, host, system, package_uninstall_name=None, custom_uninstall_playbook=None): """ Removes a package from the specified host. @@ -607,15 +588,12 @@ def remove_package(self, host, system, package_uninstall_name=None, use_npm=Fals package_name (str): The name of the package to be removed. system (str): The operating system type. Supported values: 'windows', 'ubuntu', 'centos'. - use_npm (bool): Determinates whether to use npm for the uninstallation. Returns: Dict: Testinfra Ansible Response of the operation Example: host_manager.remove_package('my_host', 'my_package', system='ubuntu') - # To remove a package via npm: - host_manager.remove_package('my_host', 'system_name', 'package_name', use_npm=True) """ logging.info(f"Removing package {package_uninstall_name} from host {host}") logging.info(f"System: {system}") @@ -627,42 +605,26 @@ def remove_package(self, host, system, package_uninstall_name=None, use_npm=Fals if custom_uninstall_playbook: remove_operation_result = self.run_playbook(host, custom_uninstall_playbook) elif package_uninstall_name: - if use_npm: - # Define the npm uninstall command - cmd = f"npm uninstall -g {package_uninstall_name}" - - if system == 'macos': - cmd = f"PATH=/usr/local/bin:$PATH {cmd}" - shell_type = "shell" - elif system == 'windows': - shell_type = "win_shell" - else: - shell_type = "shell" - - # Execute the command and log the result - remove_operation_result = self.get_host(host).ansible(shell_type, cmd, check=False) - logging.info(f"npm package removed result {remove_operation_result}") - else: - if os_name == 'windows': - remove_operation_result = self.get_host(host).ansible("win_command", - f"{package_uninstall_name} /uninstall /quiet /S", - check=False) - elif os_name == 'linux': - os = self.get_host_variables(host)['os'].split('_')[0] - if os == 'centos': - remove_operation_result = self.get_host(host).ansible("yum", - f"name={package_uninstall_name} state=absent", - check=False) - elif os == 'ubuntu': - remove_operation_result = self.get_host(host).ansible("apt", - f"name={package_uninstall_name} state=absent", - check=False) - elif os_name == 'macos': - remove_operation_result = self.get_host(host).ansible("command", - f"brew uninstall {package_uninstall_name}", - check=False) - - logging.info(f"Package removed result {remove_operation_result}") + if os_name == 'windows': + remove_operation_result = self.get_host(host).ansible("win_command", + f"{package_uninstall_name} /uninstall /quiet /S", + check=False) + elif os_name == 'linux': + os = self.get_host_variables(host)['os'].split('_')[0] + if os == 'centos': + remove_operation_result = self.get_host(host).ansible("yum", + f"name={package_uninstall_name} state=absent", + check=False) + elif os == 'ubuntu': + remove_operation_result = self.get_host(host).ansible("apt", + f"name={package_uninstall_name} state=absent", + check=False) + elif os_name == 'macos': + remove_operation_result = self.get_host(host).ansible("command", + f"brew uninstall {package_uninstall_name}", + check=False) + + logging.info(f"Package removed result {remove_operation_result}") return remove_operation_result From 63aca8fbea99cddca93089fa0debb4714e76ed95 Mon Sep 17 00:00:00 2001 From: RamosFe Date: Wed, 31 Jan 2024 14:35:57 -0300 Subject: [PATCH 081/115] fix: fixes response of agent_simulator for ar msg. --- deps/wazuh_testing/wazuh_testing/tools/agent_simulator.py | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/deps/wazuh_testing/wazuh_testing/tools/agent_simulator.py b/deps/wazuh_testing/wazuh_testing/tools/agent_simulator.py index c1384ca57d..07616e8d06 100644 --- a/deps/wazuh_testing/wazuh_testing/tools/agent_simulator.py +++ b/deps/wazuh_testing/wazuh_testing/tools/agent_simulator.py @@ -540,7 +540,11 @@ def process_command(self, sender, message_list): sender.send_event(self.create_event(f'#!-req {req_code} ' f'{{"error":0, "message":"ok", "data":[]}} ')) elif command == 'getconfig': - response_json = '{"client":{"config-profile":"centos8","notify_time":10,"time-reconnect":60}}' + if "active-response" in message_list: + response_json = '{{"active-response":{"disabled":"no"}}' + else: + response_json = '{"client":{"config-profile":"centos8","notify_time":10,"time-reconnect":60}}' + sender.send_event(self.create_event(f'#!-req {req_code} ok {response_json}')) elif command == 'getstate': response_json = '{"error":0,"data":{"global":{"start":"2021-02-26, 06:41:26","end":"2021-02-26 08:49:19"}}}' From d47a63829cf4224371e615a44a8bdf82940db9b2 Mon Sep 17 00:00:00 2001 From: RamosFe Date: Wed, 31 Jan 2024 15:20:33 -0300 Subject: [PATCH 082/115] fix: deleted xfail for PUT active-response. --- CHANGELOG.md | 4 ++++ tests/performance/test_api/test_api_endpoints_performance.py | 3 --- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 783b7c378c..134e5e4345 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -16,6 +16,7 @@ All notable changes to this project will be documented in this file. ### Fixed - Add an IT to check that the agent erases its wazuh-agent.state file ([#4716](https://github.com/wazuh/wazuh-qa/pull/4716)) \- (Core) +- Fixed agent_simulator response for active-response configuration commands. ([#4895](https://github.com/wazuh/wazuh-qa/pull/4895)) \- (Framework) ## [4.8.2] - TBD @@ -73,7 +74,10 @@ All notable changes to this project will be documented in this file. - Update framework known flaws file ([#4443](https://github.com/wazuh/wazuh-qa/pull/4443)) \- (Tests) - Align migration tool system tests to the tool's new output directory structure ([#4561](https://github.com/wazuh/wazuh-qa/pull/4561)) \- (Tests) - Update the migration tool's system tests to match the new log file naming convention ([#4618](https://github.com/wazuh/wazuh-qa/pull/4618)) \- (Tests) +<<<<<<< HEAD - Update file descriptors threshold values used in cluster performance tests ([#5073](https://github.com/wazuh/wazuh-qa/pull/5073)) \- (Tests) +======= +>>>>>>> 2c1dde384 (fix: deleted xfail for PUT active-response.) ### Fixed diff --git a/tests/performance/test_api/test_api_endpoints_performance.py b/tests/performance/test_api/test_api_endpoints_performance.py index b74d01dda4..d5475b75bc 100755 --- a/tests/performance/test_api/test_api_endpoints_performance.py +++ b/tests/performance/test_api/test_api_endpoints_performance.py @@ -14,9 +14,6 @@ api_details = dict() xfailed_items = { - '/active-response': {'message': 'Agent simulator not handling active-response messages: ' - 'https://github.com/wazuh/wazuh-qa/issues/1266', - 'method': 'put'}, '/agents/group': {'message': 'Investigate performance issues with PUT /agents/group API endpoint: ' 'https://github.com/wazuh/wazuh/issues/13872', 'method': 'put'}, From ca4f8d5b835a6d63b7791044f076e7ac20bb584b Mon Sep 17 00:00:00 2001 From: Julia Date: Thu, 4 Apr 2024 13:30:27 +0200 Subject: [PATCH 083/115] refactor: add windows commands --- .../wazuh_testing/tools/system.py | 18 ++++++++++++++---- 1 file changed, 14 insertions(+), 4 deletions(-) diff --git a/deps/wazuh_testing/wazuh_testing/tools/system.py b/deps/wazuh_testing/wazuh_testing/tools/system.py index 9726739b06..445838d79f 100644 --- a/deps/wazuh_testing/wazuh_testing/tools/system.py +++ b/deps/wazuh_testing/wazuh_testing/tools/system.py @@ -362,7 +362,7 @@ def make_api_call(self, host, port=55000, method='GET', endpoint='/', request_bo f'method={method} headers="{headers}" {request_body} ' f'validate_certs=no', check=check) - def run_command(self, host: str, cmd: str, check: bool = False): + def run_command(self, host: str, cmd: str, check: bool = False, system: str = 'linux'): """Run a command on the specified host and return its stdout. Args: @@ -370,13 +370,18 @@ def run_command(self, host: str, cmd: str, check: bool = False): cmd (str): Command to execute check (bool, optional): Ansible check mode("Dry Run"), by default it is enabled so no changes will be applied. Default `False` + system (str): The operating system type. Defaults to 'linux'. + Supported values: 'windows', 'macos', 'linux'. Returns: stdout (str): The output of the command execution. """ - return self.get_host(host).ansible("command", cmd, check=check)["stdout"] + if system == 'windows': + return self.get_host(host).ansible("win_command", cmd, check=check) + else: + return self.get_host(host).ansible("command", cmd, check=check)["stdout"] - def run_shell(self, host: str, cmd: str, check: bool = False): + def run_shell(self, host: str, cmd: str, check: bool = False, system: str = 'linux'): """Run a shell command on the specified host and return its stdout. The difference with run_command is that here, shell symbols like &, |, etc. are interpreted. @@ -386,11 +391,16 @@ def run_shell(self, host: str, cmd: str, check: bool = False): cmd (str): Shell command to execute check (bool, optional): Ansible check mode("Dry Run"), by default it is enabled so no changes will be applied. Default `False` + system (str): The operating system type. Defaults to 'linux'. + Supported values: 'windows', 'macos', 'linux'. Returns: stdout (str): The output of the command execution. """ - return self.get_host(host).ansible('shell', cmd, check=check)['stdout'] + if system == 'windows': + return self.get_host(host).ansible("win_shell", cmd, check=check) + else: + return self.get_host(host).ansible('shell', cmd, check=check)['stdout'] def get_host_ip(self, host: str, interface: str): """Get the Ansible object for communicating with the specified host. From 80890bf391ec97a1d939295fb5423e40a04cb7ba Mon Sep 17 00:00:00 2001 From: Julia Date: Thu, 4 Apr 2024 13:30:54 +0200 Subject: [PATCH 084/115] feat: change windows timezone --- tests/end_to_end/test_vulnerability_detector/conftest.py | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/tests/end_to_end/test_vulnerability_detector/conftest.py b/tests/end_to_end/test_vulnerability_detector/conftest.py index f7f7adff14..e260781463 100644 --- a/tests/end_to_end/test_vulnerability_detector/conftest.py +++ b/tests/end_to_end/test_vulnerability_detector/conftest.py @@ -408,5 +408,9 @@ def modify_timezone(request): hosts = host_manager.get_group_hosts('agent') for host in hosts: - if host_manager.get_host_variables(host)['os'] and 'macos' in host_manager.get_host_variables(host)['os']: - host_manager.run_command(host, 'systemsetup -settimezone GMT') + if host_manager.get_host_variables(host)['os_name'] == 'macos': + command = 'systemsetup -settimezone GMT' + elif host_manager.get_host_variables(host)['os_name'] == 'windows': + command = 'Set-TimeZone -Id "UTC"' + + host_manager.run_shell(host, command, system=host_manager.get_host_variables(host)['os_name']) From bbf41a980fd24676f541ed6e79eada5eb1873e7b Mon Sep 17 00:00:00 2001 From: RamosFe Date: Thu, 1 Feb 2024 11:31:52 -0300 Subject: [PATCH 085/115] fix: added fix to CHANGELOG.md. --- CHANGELOG.md | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 134e5e4345..483103f506 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -74,10 +74,7 @@ All notable changes to this project will be documented in this file. - Update framework known flaws file ([#4443](https://github.com/wazuh/wazuh-qa/pull/4443)) \- (Tests) - Align migration tool system tests to the tool's new output directory structure ([#4561](https://github.com/wazuh/wazuh-qa/pull/4561)) \- (Tests) - Update the migration tool's system tests to match the new log file naming convention ([#4618](https://github.com/wazuh/wazuh-qa/pull/4618)) \- (Tests) -<<<<<<< HEAD - Update file descriptors threshold values used in cluster performance tests ([#5073](https://github.com/wazuh/wazuh-qa/pull/5073)) \- (Tests) -======= ->>>>>>> 2c1dde384 (fix: deleted xfail for PUT active-response.) ### Fixed @@ -718,4 +715,4 @@ Release report: https://github.com/wazuh/wazuh/issues/13321 - Avoid problematic race-condition on VD integration tests for Windows [#1047](https://github.com/wazuh/wazuh-qa/pull/1047) - QA Integration tests stabilization [#1002](https://github.com/wazuh/wazuh-qa/pull/1002) ### Deleted -- Deleted `behind_proxy_server` API config test. ([#1065](https://github.com/wazuh/wazuh-qa/pull/1065)) +- Deleted `behind_proxy_server` API config test. ([#1065](https://github.com/wazuh/wazuh-qa/pull/1065)) \ No newline at end of file From 220e419bd3750d0c02c7026476a853bf9c3a17d8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Santiago=20Padilla=20=C3=81lvarez?= Date: Thu, 4 Apr 2024 14:01:48 +0200 Subject: [PATCH 086/115] use of the install_package method --- .../test_vulnerability_detector.py | 27 +++++++------------ 1 file changed, 10 insertions(+), 17 deletions(-) diff --git a/tests/end_to_end/test_vulnerability_detector/test_vulnerability_detector.py b/tests/end_to_end/test_vulnerability_detector/test_vulnerability_detector.py index caa0e728fb..b44af6990f 100644 --- a/tests/end_to_end/test_vulnerability_detector/test_vulnerability_detector.py +++ b/tests/end_to_end/test_vulnerability_detector/test_vulnerability_detector.py @@ -113,6 +113,9 @@ def load_vulnerability_detector_configurations(host_manager): def install_npm(host_manager: HostManager): """Check and install npm if not already installed""" + node_version = "v21.7.1" + node_package_url = f"https://nodejs.org/dist/{node_version}/node-{node_version}.pkg" + target_os_groups = ['macos'] for group in target_os_groups: @@ -130,23 +133,13 @@ def install_npm(host_manager: HostManager): logger.info(f"Node check result on {host}: {node_check_result}") # Install node if it is not already installed. if node_check_result['rc'] != 0: - logger.info("Installing Node.js and npm") - # Download Node.js package - download_command = "curl -o /tmp/node-v21.7.1.pkg https://nodejs.org/dist/v21.7.1/node-v21.7.1.pkg" - download_result = host_manager.get_host(host).ansible("shell", - download_command, - become=True, - become_user='vagrant', - check=False) - logger.info(f"Node.js package download result on {host}: {download_result}") - # Install Node.js - node_install_command = "sudo installer -pkg /tmp/node-v21.7.1.pkg -target /" - node_install_result = host_manager.get_host(host).ansible("shell", - node_install_command, - become=True, - become_user='vagrant', - check=False) - logger.info(f"Node.js and npm installation result on {host}: {node_install_result}") + logger.info(f"Installing Node.js and npm using package: {node_package_url}") + + # Use the install_package method to handle the installation. + install_result = host_manager.install_package(host, node_package_url, system='macos') + + # Logging the result of installation attempt. + logger.info(f"Node.js and npm installation result on {host}: {install_result}") else: logger.info("Node.js and npm are already installed.") From 0c5eb98f745c0fc1de7f853ef55d5c730a1305b6 Mon Sep 17 00:00:00 2001 From: Julia Date: Thu, 4 Apr 2024 14:05:04 +0200 Subject: [PATCH 087/115] fix: add variable --- tests/end_to_end/test_vulnerability_detector/conftest.py | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/end_to_end/test_vulnerability_detector/conftest.py b/tests/end_to_end/test_vulnerability_detector/conftest.py index e260781463..b942a4e542 100644 --- a/tests/end_to_end/test_vulnerability_detector/conftest.py +++ b/tests/end_to_end/test_vulnerability_detector/conftest.py @@ -406,6 +406,7 @@ def modify_timezone(request): inventory_path = request.config.getoption('--inventory-path') host_manager = HostManager(inventory_path) hosts = host_manager.get_group_hosts('agent') + command = '' for host in hosts: if host_manager.get_host_variables(host)['os_name'] == 'macos': From c0e9601f29a369b8cc9bd34c603cd420820c8eca Mon Sep 17 00:00:00 2001 From: Julia Date: Thu, 4 Apr 2024 17:17:45 +0200 Subject: [PATCH 088/115] refactor: add comment --- .../wazuh_testing/end_to_end/remote_operations_handler.py | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/deps/wazuh_testing/wazuh_testing/end_to_end/remote_operations_handler.py b/deps/wazuh_testing/wazuh_testing/end_to_end/remote_operations_handler.py index 70e76b435b..768ef677f0 100644 --- a/deps/wazuh_testing/wazuh_testing/end_to_end/remote_operations_handler.py +++ b/deps/wazuh_testing/wazuh_testing/end_to_end/remote_operations_handler.py @@ -174,7 +174,7 @@ def install_package(host: str, operation_data: Dict[str, Dict], host_manager: Ho logging.info(f"Installing package on {host}") logging.info(f"Package URL: {package_url}") - current_datetime = datetime.now(timezone.utc).isoformat()[:-6] + current_datetime = datetime.now(timezone.utc).isoformat()[:-6] # Delete timezone offset host_manager.install_package(host, package_url, system) logging.info(f"Package {package_url} installed on {host}") @@ -250,7 +250,7 @@ def remove_package(host: str, operation_data: Dict[str, Dict], host_manager: Hos package_data = load_packages_metadata()[package_id] - current_datetime = datetime.now(timezone.utc).isoformat()[:-6] + current_datetime = datetime.now(timezone.utc).isoformat()[:-6] # Delete timezone offset logging.info(f"Removing package on {host}") if 'uninstall_name' in package_data: @@ -347,7 +347,7 @@ def update_package(host: str, operation_data: Dict[str, Dict], host_manager: Hos logging.info(f"Installing package on {host}") logging.info(f"Package URL: {package_url_to}") - current_datetime = datetime.now(timezone.utc).isoformat()[:-6] + current_datetime = datetime.now(timezone.utc).isoformat()[:-6] # Delete timezone offset host_manager.install_package(host, package_url_to, system) logging.info(f"Package {package_url_to} installed on {host}") @@ -388,7 +388,7 @@ def launch_remote_sequential_operation_on_agent(agent: str, task_list: List[Dict host_manager (HostManager): An instance of the HostManager class containing information about hosts. """ # Convert datetime to Unix timestamp (integer) - timestamp = datetime.now(timezone.utc).isoformat()[:-6] + timestamp = datetime.now(timezone.utc).isoformat()[:-6] # Delete timezone offset if task_list: for task in task_list: From a1ba4f4c790adf4ca5cd19710f5fa853984ce99e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Santiago=20Padilla=20=C3=81lvarez?= Date: Thu, 4 Apr 2024 17:19:42 +0200 Subject: [PATCH 089/115] fixed name to uninstall --- .../vuln_packages.json | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/deps/wazuh_testing/wazuh_testing/end_to_end/vulnerability_detector_packages/vuln_packages.json b/deps/wazuh_testing/wazuh_testing/end_to_end/vulnerability_detector_packages/vuln_packages.json index 999e12b601..54ec619dce 100644 --- a/deps/wazuh_testing/wazuh_testing/end_to_end/vulnerability_detector_packages/vuln_packages.json +++ b/deps/wazuh_testing/wazuh_testing/end_to_end/vulnerability_detector_packages/vuln_packages.json @@ -662,7 +662,7 @@ "arm64v8": "http-proxy@0.5.9" } }, - "uninstall_name": "*http-proxy*", + "uninstall_name": "http-proxy", "use_npm": true }, "http-proxy-0.5.10": { @@ -677,7 +677,7 @@ "arm64v8": "http-proxy@0.5.10" } }, - "uninstall_name": "*http-proxy*", + "uninstall_name": "http-proxy", "use_npm": true }, "systeminformation-4.34.23": { @@ -693,7 +693,7 @@ "arm64v8": "systeminformation@4.34.23" } }, - "uninstall_name": "*systeminformation*", + "uninstall_name": "systeminformation", "use_npm": true }, "systeminformation-5.0.0": { @@ -710,7 +710,7 @@ "arm64v8": "systeminformation@5.0.0" } }, - "uninstall_name": "*systeminformation*", + "uninstall_name": "systeminformation", "use_npm": true }, "http-proxy-0.7.0": { @@ -724,7 +724,7 @@ "arm64v8": "http-proxy@0.7.0" } }, - "uninstall_name": "*http-proxy*", + "uninstall_name": "http-proxy", "use_npm": true }, "http-proxy-0.7.2": { @@ -738,7 +738,7 @@ "arm64v8": "http-proxy@0.7.2" } }, - "uninstall_name": "*http-proxy*", + "uninstall_name": "http-proxy", "use_npm": true }, "luxon-2.5.2": { @@ -752,7 +752,7 @@ "arm64v8": "luxon@2.5.2" } }, - "uninstall_name": "*luxon*", + "uninstall_name": "luxon", "use_npm": true }, "luxon-3.0.0": { @@ -767,7 +767,7 @@ "arm64v8": "luxon@3.0.0" } }, - "uninstall_name": "*luxon*", + "uninstall_name": "luxon", "use_npm": true - }, + } } From 297f63f544af48f2955241ff26bdf7bfc2c63d5b Mon Sep 17 00:00:00 2001 From: Julia Date: Thu, 4 Apr 2024 17:25:27 +0200 Subject: [PATCH 090/115] fix: fix loop for more agents --- tests/end_to_end/test_vulnerability_detector/conftest.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tests/end_to_end/test_vulnerability_detector/conftest.py b/tests/end_to_end/test_vulnerability_detector/conftest.py index b942a4e542..02553a5ded 100644 --- a/tests/end_to_end/test_vulnerability_detector/conftest.py +++ b/tests/end_to_end/test_vulnerability_detector/conftest.py @@ -413,5 +413,7 @@ def modify_timezone(request): command = 'systemsetup -settimezone GMT' elif host_manager.get_host_variables(host)['os_name'] == 'windows': command = 'Set-TimeZone -Id "UTC"' + else: + continue host_manager.run_shell(host, command, system=host_manager.get_host_variables(host)['os_name']) From 88d80bdff3240f5b57f8d138c65ed8fbd7f5c98b Mon Sep 17 00:00:00 2001 From: Julia Date: Fri, 5 Apr 2024 08:27:24 +0200 Subject: [PATCH 091/115] docs: update changelog --- CHANGELOG.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 6fda09788d..37f66fe039 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -49,7 +49,8 @@ All notable changes to this project will be documented in this file. ### Fixed -- Fix enrollment cluster system tests ([#5134](https://github.com/wazuh/wazuh-qa/pull/5134/)) \- (Tests) +- Fix macOS and Windows agents timezone ([#5178](https://github.com/wazuh/wazuh-qa/pull/5178)) \- (Framework) +- Fix enrollment cluster system tests ([#5134](https://github.com/wazuh/wazuh-qa/pull/5134)) \- (Tests) - Fix `test_synchronization` system test ([#5089](https://github.com/wazuh/wazuh-qa/pull/5089)) \- (Framework + Tests) - Fix number of files and their size for `test_zip_size_limit` ([#5133](https://github.com/wazuh/wazuh-qa/pull/5133)) \- (Tests) - Fix test_shutdown_message system test ([#5087](https://github.com/wazuh/wazuh-qa/pull/5087)) \- (Tests) From a5ba51da25612b85d1c44a62d4b7adf27675c487 Mon Sep 17 00:00:00 2001 From: Julia Date: Fri, 5 Apr 2024 11:24:29 +0200 Subject: [PATCH 092/115] fix: fix conflicts solution --- .../wazuh_testing/end_to_end/remote_operations_handler.py | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/deps/wazuh_testing/wazuh_testing/end_to_end/remote_operations_handler.py b/deps/wazuh_testing/wazuh_testing/end_to_end/remote_operations_handler.py index a36996c50b..3f43f670cd 100644 --- a/deps/wazuh_testing/wazuh_testing/end_to_end/remote_operations_handler.py +++ b/deps/wazuh_testing/wazuh_testing/end_to_end/remote_operations_handler.py @@ -261,7 +261,10 @@ def remove_package(host: str, operation_data: Dict[str, Dict], host_manager: Hos logging.info(f"Removing package on {host}") if 'uninstall_name' in package_data: uninstall_name = package_data['uninstall_name'] - host_manager.remove_package(host, system, package_uninstall_name=uninstall_name) + if use_npm: + host_manager.remove_npm_package(host, system, package_uninstall_name=uninstall_name) + else: + host_manager.remove_package(host, system, package_uninstall_name=uninstall_name) elif 'uninstall_custom_playbook' in package_data: host_manager.remove_package(host, system, custom_uninstall_playbook=package_data['uninstall_custom_playbook']) From 99f48ec33d82a24da8e75dc88d98123e0d3e55d1 Mon Sep 17 00:00:00 2001 From: Julia Date: Fri, 5 Apr 2024 12:03:47 +0200 Subject: [PATCH 093/115] refactor: bump revision --- version.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/version.json b/version.json index 3b24506aa1..a8c13cb3dd 100644 --- a/version.json +++ b/version.json @@ -1,4 +1,4 @@ { "version": "4.8.0", - "revision": "40806" + "revision": "40807" } From af9f9683a9b723c39764bddc1b94873047f0b10f Mon Sep 17 00:00:00 2001 From: MARCOSD4 Date: Tue, 16 Apr 2024 10:26:53 +0200 Subject: [PATCH 094/115] fix: fix packages and tests descriptions --- .../vuln_packages.json | 4 ++-- .../cases/test_vulnerability.yaml | 24 +++++++++---------- 2 files changed, 14 insertions(+), 14 deletions(-) diff --git a/deps/wazuh_testing/wazuh_testing/end_to_end/vulnerability_detector_packages/vuln_packages.json b/deps/wazuh_testing/wazuh_testing/end_to_end/vulnerability_detector_packages/vuln_packages.json index 0c275d80a7..aeb29cfcb3 100644 --- a/deps/wazuh_testing/wazuh_testing/end_to_end/vulnerability_detector_packages/vuln_packages.json +++ b/deps/wazuh_testing/wazuh_testing/end_to_end/vulnerability_detector_packages/vuln_packages.json @@ -525,7 +525,7 @@ "CVE": [], "urls": { "windows": { - "amd64": "https://nodejs.org/dist/v19.5.0/win-x86/node.exe" + "amd64": "https://nodejs.org/dist/v19.5.0/node-v19.5.0-x64.msi" } }, "uninstall_name": "node*" @@ -536,7 +536,7 @@ "CVE": [], "urls": { "windows": { - "amd64": "https://nodejs.org/dist/v19.6.0/win-x86/node.exe" + "amd64": "https://nodejs.org/dist/v19.6.0/node-v19.6.0-x64.msi" } }, "uninstall_name": "node*" diff --git a/tests/end_to_end/test_vulnerability_detector/cases/test_vulnerability.yaml b/tests/end_to_end/test_vulnerability_detector/cases/test_vulnerability.yaml index 23f639ebb2..51fbad62e6 100644 --- a/tests/end_to_end/test_vulnerability_detector/cases/test_vulnerability.yaml +++ b/tests/end_to_end/test_vulnerability_detector/cases/test_vulnerability.yaml @@ -8,7 +8,7 @@ amd64: ["CVE-2017-16014"], arm64v8: ["CVE-2017-16014"], windows: - Used Package: Node 17.0.1 - Exe Format + Used Package: Node 17.0.1 - .msi Format CVE: ["CVE-2022-21824", "CVE-2022-0778", "CVE-2021-44533", "CVE-2021-44532", "CVE-2021-44531", "CVE-2021-4044"], ubuntu: Used Packages: Grafana 8.5.5 - .deb Format @@ -45,7 +45,7 @@ CVES Expected to mitigate: ["CVE-2017-16014"], windows: - Used Package: Node 17.0.1 - Exe Format + Used Package: Node 17.0.1 - .msi Format CVES Expected to mitigate: ["CVE-2022-21824", "CVE-2022-0778", "CVE-2021-44533", "CVE-2021-44532", "CVE-2021-44531", "CVE-2021-4044"], ubuntu: @@ -86,7 +86,7 @@ amd64: ["CVE-2017-16014"], arm64v8: ["CVE-2017-16014"], windows: - Used Package: Node 17.1.0 - Exe Format + Used Package: Node 17.1.0 - .msi Format "CVE": ["CVE-2022-21824", "CVE-2022-0778", "CVE-2021-44533", "CVE-2021-44532", "CVE-2021-44531", "CVE-2021-4044"], ubuntu: Used Packages: Grafana 8.5.6 - .deb Format @@ -131,8 +131,8 @@ windows: amd64: node-v17.0.1 macos: - amd64: http-proxy-0.5.10 - arm64v8: http-proxy-0.5.10 + amd64: http-proxy-0.5.9 + arm64v8: http-proxy-0.5.9 to: centos: amd64: grafana-8.5.6-1 @@ -154,7 +154,7 @@ Used Package: systeminformation 5.0.0 - npm Format CVE: ["CVE-2021-21388", "CVE-2021-21315", "CVE-2023-42810"], windows: - Used Package: Node 18.0.0 - Exe Format + Used Package: Node 18.0.0 - .msi Format "CVE": ["CVE-2023-38552", "CVE-2023-32559", "CVE-2023-32006", "CVE-2023-32002", "CVE-2023-30590", "CVE-2023-30589", "CVE-2023-30588", "CVE-2023-30585", "CVE-2023-30581", "CVE-2023-23920", "CVE-2023-23919", "CVE-2023-23918", "CVE-2022-43548", "CVE-2022-35256", "CVE-2022-35255", "CVE-2022-32223", "CVE-2022-32222", "CVE-2022-32215", "CVE-2022-32214", "CVE-2022-32213", "CVE-2022-32212", "CVE-2022-3786", "CVE-2022-3602"], ubuntu: Used Packages: Grafana 9.1.1 - .deb Format @@ -206,7 +206,7 @@ Used Package: systeminformation 5.0.0 - npm Format "CVE": ["CVE-2021-21388", "CVE-2021-21315", "CVE-2023-42810"], windows: - Used Package: Node 18.1.0 - Exe Format + Used Package: Node 18.1.0 - .msi Format "CVE": ["CVE-2023-38552", "CVE-2023-32559", "CVE-2023-32006", "CVE-2023-32002", "CVE-2023-30590", "CVE-2023-30588", "CVE-2023-30585", "CVE-2023-30581", "CVE-2023-23920", "CVE-2023-23919", "CVE-2023-23918", "CVE-2022-43548", "CVE-2022-35256", "CVE-2022-35255", "CVE-2022-32222", "CVE-2022-32215", "CVE-2022-32214", "CVE-2022-32213", "CVE-2022-32212", "CVE-2022-3786", "CVE-2022-3602"], ubuntu: Used Packages: Grafana 9.2.0 - .deb Format @@ -256,7 +256,7 @@ Used Package: http-proxy 0.7.0 - npm Format "CVE": [], windows: - Used Package: Node 19.5.0 - Exe Format + Used Package: Node 19.5.0 - .msi Format "CVE": [], ubuntu: Used Packages: Grafana 9.4.17 - .deb Format @@ -306,7 +306,7 @@ Used Package: http-proxy 0.7.2 - npm Format "CVE": [], windows: - Used Package: Node 19.5.0 - Exe Format + Used Package: Node 19.6.0 - .msi Format "CVE": [], ubuntu: Used Packages: Grafana 9.5.13 - .deb Format @@ -368,7 +368,7 @@ Used Package: luxon 3.0.0 - npm Format "CVE": ["CVE-2022-31129"], windows: - Used Package: Node 20.5.1 - Exe Format + Used Package: Node 20.5.1 - .msi Format "CVE": ["CVE-2023-44487", "CVE-2023-39332", "CVE-2023-39331", "CVE-2023-38552"], ubuntu: Used Packages: Grafana 10.0.0 - .deb Format @@ -418,7 +418,7 @@ Used Package: http-proxy 0.7.0 - npm Format "CVE": [], windows: - Used Package: Node 19.5.0 - Exe Format + Used Package: Node 19.5.0 - .msi Format "CVE": [], ubuntu: Used Packages: Grafana 9.5.13 - .deb Format @@ -454,7 +454,7 @@ Used Package: http-proxy 0.7.0 - npm Format "CVE": [], windows: - Used Package: Node 19.5.0 - Exe Format + Used Package: Node 19.5.0 - .msi Format "CVE": [], ubuntu: Used Packages: Grafana 9.5.13 - .deb Format From a201dd1d4827b524aadf33e1252ad02116adcf75 Mon Sep 17 00:00:00 2001 From: MARCOSD4 Date: Wed, 17 Apr 2024 16:36:11 +0200 Subject: [PATCH 095/115] fix: fix vulnerabilities and packages --- .../vuln_packages.json | 39 ++++++++++++++++++- .../cases/test_vulnerability.yaml | 26 ++++++------- 2 files changed, 50 insertions(+), 15 deletions(-) diff --git a/deps/wazuh_testing/wazuh_testing/end_to_end/vulnerability_detector_packages/vuln_packages.json b/deps/wazuh_testing/wazuh_testing/end_to_end/vulnerability_detector_packages/vuln_packages.json index 0c275d80a7..49158337d3 100644 --- a/deps/wazuh_testing/wazuh_testing/end_to_end/vulnerability_detector_packages/vuln_packages.json +++ b/deps/wazuh_testing/wazuh_testing/end_to_end/vulnerability_detector_packages/vuln_packages.json @@ -455,6 +455,8 @@ "package_name": "node", "package_version": "18.0.0", "CVE": [ + "CVE-2023-44487", + "CVE-2023-23936", "CVE-2023-38552", "CVE-2023-32559", "CVE-2023-32006", @@ -490,6 +492,9 @@ "package_name": "node", "package_version": "18.1.0", "CVE": [ + "CVE-2023-44487", + "CVE-2023-23936", + "CVE-2023-30589", "CVE-2023-38552", "CVE-2023-32559", "CVE-2023-32006", @@ -519,10 +524,36 @@ }, "uninstall_name": "node*" }, + "node-v18.20.0": { + "package_name": "node", + "package_version": "18.20.0", + "CVE": [], + "urls": { + "windows": { + "amd64": "https://nodejs.org/dist/v18.20.0/node-v18.20.0-x64.msi" + } + }, + "uninstall_name": "node*" + }, + "node-v18.20.2": { + "package_name": "node", + "package_version": "18.20.2", + "CVE": [], + "urls": { + "windows": { + "amd64": "https://nodejs.org/dist/v18.20.2/node-v18.20.2-x64.msi" + } + }, + "uninstall_name": "node*" + }, "node-v19.5.0": { "package_name": "node", "package_version": "19.5.0", - "CVE": [], + "CVE": [ + "CVE-2023-23936", + "CVE-2023-23920", + "CVE-2023-23918" + ], "urls": { "windows": { "amd64": "https://nodejs.org/dist/v19.5.0/win-x86/node.exe" @@ -533,7 +564,11 @@ "node-v19.6.0": { "package_name": "node", "package_version": "19.6.0", - "CVE": [], + "CVE": [ + "CVE-2023-23936", + "CVE-2023-23920", + "CVE-2023-23918" + ], "urls": { "windows": { "amd64": "https://nodejs.org/dist/v19.6.0/win-x86/node.exe" diff --git a/tests/end_to_end/test_vulnerability_detector/cases/test_vulnerability.yaml b/tests/end_to_end/test_vulnerability_detector/cases/test_vulnerability.yaml index 23f639ebb2..8f742915fd 100644 --- a/tests/end_to_end/test_vulnerability_detector/cases/test_vulnerability.yaml +++ b/tests/end_to_end/test_vulnerability_detector/cases/test_vulnerability.yaml @@ -155,7 +155,7 @@ CVE: ["CVE-2021-21388", "CVE-2021-21315", "CVE-2023-42810"], windows: Used Package: Node 18.0.0 - Exe Format - "CVE": ["CVE-2023-38552", "CVE-2023-32559", "CVE-2023-32006", "CVE-2023-32002", "CVE-2023-30590", "CVE-2023-30589", "CVE-2023-30588", "CVE-2023-30585", "CVE-2023-30581", "CVE-2023-23920", "CVE-2023-23919", "CVE-2023-23918", "CVE-2022-43548", "CVE-2022-35256", "CVE-2022-35255", "CVE-2022-32223", "CVE-2022-32222", "CVE-2022-32215", "CVE-2022-32214", "CVE-2022-32213", "CVE-2022-32212", "CVE-2022-3786", "CVE-2022-3602"], + "CVE": ["CVE-2023-44487", CVE-2023-23936", CVE-2023-38552", "CVE-2023-32559", "CVE-2023-32006", "CVE-2023-32002", "CVE-2023-30590", "CVE-2023-30589", "CVE-2023-30588", "CVE-2023-30585", "CVE-2023-30581", "CVE-2023-23920", "CVE-2023-23919", "CVE-2023-23918", "CVE-2022-43548", "CVE-2022-35256", "CVE-2022-35255", "CVE-2022-32223", "CVE-2022-32222", "CVE-2022-32215", "CVE-2022-32214", "CVE-2022-32213", "CVE-2022-32212", "CVE-2022-3786", "CVE-2022-3602"], ubuntu: Used Packages: Grafana 9.1.1 - .deb Format CVE: ["CVE-2023-2183", "CVE-2023-1387", "CVE-2022-39324", "CVE-2022-39307", "CVE-2022-39306", "CVE-2022-39229", "CVE-2022-39201", "CVE-2022-36062", "CVE-2022-35957", "CVE-2022-31130", "CVE-2022-31123", "CVE-2022-23552", "CVE-2022-23498"], @@ -207,7 +207,7 @@ "CVE": ["CVE-2021-21388", "CVE-2021-21315", "CVE-2023-42810"], windows: Used Package: Node 18.1.0 - Exe Format - "CVE": ["CVE-2023-38552", "CVE-2023-32559", "CVE-2023-32006", "CVE-2023-32002", "CVE-2023-30590", "CVE-2023-30588", "CVE-2023-30585", "CVE-2023-30581", "CVE-2023-23920", "CVE-2023-23919", "CVE-2023-23918", "CVE-2022-43548", "CVE-2022-35256", "CVE-2022-35255", "CVE-2022-32222", "CVE-2022-32215", "CVE-2022-32214", "CVE-2022-32213", "CVE-2022-32212", "CVE-2022-3786", "CVE-2022-3602"], + "CVE": ["CVE-2023-44487, CVE-2023-23936, CVE-2023-30589, CVE-2023-38552", "CVE-2023-32559", "CVE-2023-32006", "CVE-2023-32002", "CVE-2023-30590", "CVE-2023-30588", "CVE-2023-30585", "CVE-2023-30581", "CVE-2023-23920", "CVE-2023-23919", "CVE-2023-23918", "CVE-2022-43548", "CVE-2022-35256", "CVE-2022-35255", "CVE-2022-32222", "CVE-2022-32215", "CVE-2022-32214", "CVE-2022-32213", "CVE-2022-32212", "CVE-2022-3786", "CVE-2022-3602"], ubuntu: Used Packages: Grafana 9.2.0 - .deb Format CVE: ["CVE-2023-3128", "CVE-2023-22462", "CVE-2023-2183", "CVE-2023-1410", "CVE-2023-1387", "CVE-2023-0594", "CVE-2023-0507", "CVE-2022-39328", "CVE-2022-39324", "CVE-2022-39307", "CVE-2022-39306", "CVE-2022-23552", "CVE-2022-23498"], @@ -256,7 +256,7 @@ Used Package: http-proxy 0.7.0 - npm Format "CVE": [], windows: - Used Package: Node 19.5.0 - Exe Format + Used Package: Node 18.20.0 - Exe Format "CVE": [], ubuntu: Used Packages: Grafana 9.4.17 - .deb Format @@ -293,7 +293,7 @@ arm64v8: grafana-9.4.17 amd64: grafana-9.4.17 windows: - amd64: node-v19.5.0 + amd64: node-v18.20.0 macos: amd64: http-proxy-0.7.0 arm64v8: http-proxy-0.7.0 @@ -306,7 +306,7 @@ Used Package: http-proxy 0.7.2 - npm Format "CVE": [], windows: - Used Package: Node 19.5.0 - Exe Format + Used Package: Node 18.20.2 - Exe Format "CVE": [], ubuntu: Used Packages: Grafana 9.5.13 - .deb Format @@ -323,7 +323,7 @@ state_index: true package: windows: - amd64: node-v19.5.0 + amd64: node-v18.20.0 macos: amd64: http-proxy-0.7.0 arm64v8: http-proxy-0.7.0 @@ -343,7 +343,7 @@ arm64v8: grafana-9.4.17 amd64: grafana-9.4.17 windows: - amd64: node-v19.5.0 + amd64: node-v18.20.0 macos: amd64: http-proxy-0.7.0 arm64v8: http-proxy-0.7.0 @@ -355,7 +355,7 @@ amd64: grafana-9.5.13 arm64v8: grafana-9.5.13 windows: - amd64: node-v19.6.0 + amd64: node-v18.20.2 macos: amd64: http-proxy-0.7.2 arm64v8: http-proxy-0.7.2 @@ -393,7 +393,7 @@ amd64: grafana-9.5.13 arm64v8: grafana-9.5.13 windows: - amd64: node-v19.6.0 + amd64: node-v18.20.2 macos: amd64: luxon-2.5.2 arm64v8: luxon-2.5.2 @@ -418,7 +418,7 @@ Used Package: http-proxy 0.7.0 - npm Format "CVE": [], windows: - Used Package: Node 19.5.0 - Exe Format + Used Package: Node 18.20.0 - Exe Format "CVE": [], ubuntu: Used Packages: Grafana 9.5.13 - .deb Format @@ -442,7 +442,7 @@ amd64: grafana-9.5.13 arm64v8: grafana-9.5.13 windows: - amd64: node-v19.5.0 + amd64: node-v18.20.0 macos: amd64: http-proxy-0.7.0 arm64v8: http-proxy-0.7.0 @@ -454,7 +454,7 @@ Used Package: http-proxy 0.7.0 - npm Format "CVE": [], windows: - Used Package: Node 19.5.0 - Exe Format + Used Package: Node 18.20.0 - Exe Format "CVE": [], ubuntu: Used Packages: Grafana 9.5.13 - .deb Format @@ -477,7 +477,7 @@ amd64: grafana-9.5.13 arm64v8: grafana-9.5.13 windows: - amd64: node-v19.5.0 + amd64: node-v18.20.0 macos: amd64: http-proxy-0.7.0 arm64v8: http-proxy-0.7.0 From a3e63ff303523579fbadcb6936d4a0de43b1a3d4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?V=C3=ADctor=20Rebollo=20P=C3=A9rez?= Date: Thu, 18 Apr 2024 11:02:25 +0100 Subject: [PATCH 096/115] feat: refactor indexer api including filter param --- .../wazuh_testing/end_to_end/indexer_api.py | 44 ++----------------- .../end_to_end/remote_operations_handler.py | 11 +++-- .../end_to_end/vulnerability_detector.py | 26 ++++++++++- .../test_vulnerability_detector.py | 18 ++++---- 4 files changed, 43 insertions(+), 56 deletions(-) diff --git a/deps/wazuh_testing/wazuh_testing/end_to_end/indexer_api.py b/deps/wazuh_testing/wazuh_testing/end_to_end/indexer_api.py index ac69cdf404..a781e4abfc 100644 --- a/deps/wazuh_testing/wazuh_testing/end_to_end/indexer_api.py +++ b/deps/wazuh_testing/wazuh_testing/end_to_end/indexer_api.py @@ -22,7 +22,7 @@ def get_indexer_values(host_manager: HostManager, credentials: dict = {'user': 'admin', 'password': 'changeme'}, - index: str = 'wazuh-alerts*', greater_than_timestamp=None, agent: str = '') -> Dict: + index: str = 'wazuh-alerts*', filter: dict | None = None, size: int = 10000) -> Dict: """ Get values from the Wazuh Indexer API. @@ -44,47 +44,11 @@ def get_indexer_values(host_manager: HostManager, credentials: dict = {'user': ' 'Content-Type': 'application/json', } - data = { - "query": { - "match_all": {} - } - } - - if greater_than_timestamp and agent: - query = { - "bool": { - "must": [ - {"range": {"@timestamp": {"gte": f"{greater_than_timestamp}"}}}, - {"match": {"agent.name": f"{agent}"}} - ] - } - } - - data['query'] = query - elif greater_than_timestamp: - query = { - "bool": { - "must": [ - {"range": {"@timestamp": {"gte": f"{greater_than_timestamp}"}}} - ] - } - } - - data['query'] = query - elif agent: - query = { - "bool": { - "must": [ - {"match": {"agent.name": f"{agent}"}} - ] - } - } - - data['query'] = query + data = {} + data['query'] = filter param = { - 'pretty': 'true', - 'size': 10000, + 'size': size, } response = requests.get(url=url, params=param, verify=False, diff --git a/deps/wazuh_testing/wazuh_testing/end_to_end/remote_operations_handler.py b/deps/wazuh_testing/wazuh_testing/end_to_end/remote_operations_handler.py index 3f43f670cd..f91edb127d 100644 --- a/deps/wazuh_testing/wazuh_testing/end_to_end/remote_operations_handler.py +++ b/deps/wazuh_testing/wazuh_testing/end_to_end/remote_operations_handler.py @@ -28,7 +28,7 @@ from wazuh_testing.end_to_end.waiters import wait_syscollector_and_vuln_scan from wazuh_testing.tools.system import HostManager from wazuh_testing.end_to_end.vulnerability_detector import check_vuln_alert_indexer, check_vuln_state_index, \ - load_packages_metadata, parse_vulnerability_detector_alerts + load_packages_metadata, parse_vulnerability_detector_alerts, create_vulnerability_states_indexer_filter, create_alerts_filter from wazuh_testing.end_to_end.indexer_api import get_indexer_values @@ -43,12 +43,11 @@ def check_vulnerability_alerts(results: Dict, check_data: Dict, current_datetime vulnerability_index = {} for agent in host_manager.get_group_hosts('agent'): - agent_all_alerts = parse_vulnerability_detector_alerts(get_indexer_values(host_manager, - greater_than_timestamp=current_datetime, - agent=agent)['hits']['hits']) + alerts_filter = create_alerts_filter(agent, current_datetime) + index_vuln_filter = create_vulnerability_states_indexer_filter(agent, current_datetime) - agent_all_vulnerabilities = get_indexer_values(host_manager, greater_than_timestamp=current_datetime, - agent=agent, + agent_all_alerts = parse_vulnerability_detector_alerts(get_indexer_values(host_manager, filter=alerts_filter)['hits']['hits']) + agent_all_vulnerabilities = get_indexer_values(host_manager, filter=index_vuln_filter, index='wazuh-states-vulnerabilities')['hits']['hits'] vulnerability_alerts[agent] = agent_all_alerts['affected'] diff --git a/deps/wazuh_testing/wazuh_testing/end_to_end/vulnerability_detector.py b/deps/wazuh_testing/wazuh_testing/end_to_end/vulnerability_detector.py index e2c6dd1efb..ff1582b443 100644 --- a/deps/wazuh_testing/wazuh_testing/end_to_end/vulnerability_detector.py +++ b/deps/wazuh_testing/wazuh_testing/end_to_end/vulnerability_detector.py @@ -31,6 +31,28 @@ Vulnerability = namedtuple('Vulnerability', ['cve', 'package_name', 'package_version', 'type', 'architecture']) +def create_vulnerability_states_indexer_filter(target_agent: str, greater_than_timestamp: str) -> dict: + return _create_filter(target_agent, greater_than_timestamp, 'vulnerability.detected_at') + + +def create_alerts_filter(target_agent: str, greater_than_timestamp: str) -> dict: + return _create_filter(target_agent, greater_than_timestamp, '@timestamp') + + +def _create_filter(target_agent: str, greater_than_timestamp: str, timestamp_field: str) -> dict: + filter = { + 'bool': { + 'must': [] + } + } + if greater_than_timestamp: + filter['bool']['must'].append({'range': {timestamp_field: {'gte': greater_than_timestamp}}}) + if target_agent: + filter['bool']['must'].append({'match': {'agent.name': target_agent}}) + + return filter + + def load_packages_metadata() -> Dict: """ Load packages metadata from the packages.json file. @@ -78,8 +100,8 @@ def check_vuln_state_index(host_manager: HostManager, host: str, package: Dict[s package (dict): Dictionary containing package data. current_datetime (str): Datetime to filter the vulnerability state index. """ - index_vuln_state_content = get_indexer_values(host_manager, index='wazuh-states-vulnerabilities', - greater_than_timestamp=current_datetime)['hits']['hits'] + filter = create_vulnerability_states_indexer_filter(host, current_datetime) + index_vuln_state_content = get_indexer_values(host_manager, index='wazuh-states-vulnerabilities', filter=filter)['hits']['hits'] expected_alerts_not_found = [] logging.info(f"Checking vulnerability state index {package}") diff --git a/tests/end_to_end/test_vulnerability_detector/test_vulnerability_detector.py b/tests/end_to_end/test_vulnerability_detector/test_vulnerability_detector.py index 6a0590f1ad..8c11d3be5a 100644 --- a/tests/end_to_end/test_vulnerability_detector/test_vulnerability_detector.py +++ b/tests/end_to_end/test_vulnerability_detector/test_vulnerability_detector.py @@ -57,7 +57,8 @@ from wazuh_testing.tools.configuration import load_configuration_template from wazuh_testing.tools.system import HostManager from wazuh_testing.end_to_end.remote_operations_handler import launch_parallel_operations -from wazuh_testing.end_to_end.vulnerability_detector import get_vulnerabilities_from_states +from wazuh_testing.end_to_end.vulnerability_detector import get_vulnerabilities_from_states, \ + create_vulnerability_states_indexer_filter, create_alerts_filter from wazuh_testing.modules.syscollector import TIMEOUT_SYSCOLLECTOR_SCAN @@ -332,10 +333,10 @@ def test_vulnerability_first_scan_index(self, request, host_manager, setup_vulne time.sleep(TIMEOUT_PER_AGENT_VULNERABILITY_SCAN * len(agents_to_check)) for agent in agents_to_check: - agent_all_vulnerabilities = get_indexer_values(host_manager, - greater_than_timestamp=setup_vulnerability_tests, - agent=agent, - index='wazuh-states-vulnerabilities',)['hits']['hits'] + agent_all_vulnerabilities = get_indexer_values(host_manager, + filter=create_vulnerability_states_indexer_filter(target_agent=agent, + greater_than_timestamp=setup_vulnerability_tests), + index='wazuh-states-vulnerabilities')['hits']['hits'] vuln_by_agent_index[agent] = agent_all_vulnerabilities @@ -486,10 +487,11 @@ def tests_syscollector_first_second_scan_consistency_index(self, request, host_m vuln_by_agent_index_second_scan = {} for agent in host_manager.get_group_hosts('agent'): + filter = create_alerts_filter(target_agent=agent, greater_than_timestamp=setup_vulnerability_tests) agent_all_vulnerabilities = get_indexer_values(host_manager, - greater_than_timestamp=setup_vulnerability_tests, - index='wazuh-states-vulnerabilities', - agent=agent)['hits']['hits'] + filter=filter, + index='wazuh-states-vulnerabilities')['hits']['hits'] + # Only is expected alert of affected vulnerabilities vuln_by_agent_index_second_scan[agent] = agent_all_vulnerabilities From adb2d302e625f0dab1021553caf333f41ade7596 Mon Sep 17 00:00:00 2001 From: Raul Del Pozo Moreno Date: Thu, 18 Apr 2024 15:54:06 +0200 Subject: [PATCH 097/115] Bump to 4.7.4 --- CHANGELOG.md | 4 +++- deps/wazuh_testing/wazuh_testing/qa_docs/schema.yaml | 1 + version.json | 4 ++-- 3 files changed, 6 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 6a83a52e9b..0b6aae55ca 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,7 +2,9 @@ All notable changes to this project will be documented in this file. -## [4.7.3] - TBD +## [4.7.4] - TBD + +## [4.7.3] - 04/03/2024 ### Changed diff --git a/deps/wazuh_testing/wazuh_testing/qa_docs/schema.yaml b/deps/wazuh_testing/wazuh_testing/qa_docs/schema.yaml index 17e4b34fb3..1ad1cb96dd 100644 --- a/deps/wazuh_testing/wazuh_testing/qa_docs/schema.yaml +++ b/deps/wazuh_testing/wazuh_testing/qa_docs/schema.yaml @@ -199,6 +199,7 @@ predefined_values: - 4.7.1 - 4.7.2 - 4.7.3 + - 4.7.4 tags: - active_response - agentd diff --git a/version.json b/version.json index d3f15c4c7c..a311035993 100644 --- a/version.json +++ b/version.json @@ -1,4 +1,4 @@ { - "version": "4.7.3", - "revision": "40714" + "version": "4.7.4", + "revision": "40715" } From e36a8d3413e8e300c583a27c031a86ae16766293 Mon Sep 17 00:00:00 2001 From: MARCOSD4 Date: Thu, 18 Apr 2024 17:42:47 +0200 Subject: [PATCH 098/115] docs: update changelog --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 3ad892e633..c80e1fa39b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -52,6 +52,7 @@ All notable changes to this project will be documented in this file. ### Fixed +- Fix vulnerabilities and add new packages to Vulnerability Detector E2E tests ([#5234](https://github.com/wazuh/wazuh-qa/pull/5234)) \- (Tests) - Fix provision macOS endpoints with npm ([#5128](https://github.com/wazuh/wazuh-qa/pull/5158)) \- (Tests) - Fix timestamps alerts and logs filter ([#5157](https://github.com/wazuh/wazuh-qa/pull/5157)) \- (Framework + Tests) - Fix macOS and Windows agents timezone ([#5178](https://github.com/wazuh/wazuh-qa/pull/5178)) \- (Framework) From 0d04571d11cc5c7ce6cd18856c144b6214079d26 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?V=C3=ADctor=20Rebollo=20P=C3=A9rez?= Date: Thu, 18 Apr 2024 16:58:08 +0100 Subject: [PATCH 099/115] fix: unbound query in case of empty filter --- deps/wazuh_testing/wazuh_testing/end_to_end/indexer_api.py | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/deps/wazuh_testing/wazuh_testing/end_to_end/indexer_api.py b/deps/wazuh_testing/wazuh_testing/end_to_end/indexer_api.py index a781e4abfc..fefd2e4b62 100644 --- a/deps/wazuh_testing/wazuh_testing/end_to_end/indexer_api.py +++ b/deps/wazuh_testing/wazuh_testing/end_to_end/indexer_api.py @@ -18,7 +18,7 @@ from wazuh_testing.tools.system import HostManager -STATE_INDEX_NAME = 'wazuh-vulnerabilities-states' +STATE_INDEX_NAME = 'wazuh-states-vulnerabilities' def get_indexer_values(host_manager: HostManager, credentials: dict = {'user': 'admin', 'password': 'changeme'}, @@ -45,7 +45,8 @@ def get_indexer_values(host_manager: HostManager, credentials: dict = {'user': ' } data = {} - data['query'] = filter + if filter: + data['query'] = filter param = { 'size': size, From 8d27ac3096686b9e23f5afd70fd3aa2ecf6043d7 Mon Sep 17 00:00:00 2001 From: Julia Date: Fri, 19 Apr 2024 09:56:03 +0200 Subject: [PATCH 100/115] docs: update changelog --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index c80e1fa39b..4b3bb11f29 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -52,6 +52,7 @@ All notable changes to this project will be documented in this file. ### Fixed +- Fix packages in Windows and macOS upgrade cases ([#5223](https://github.com/wazuh/wazuh-qa/pull/5223)) \- (Framework + Tests) - Fix vulnerabilities and add new packages to Vulnerability Detector E2E tests ([#5234](https://github.com/wazuh/wazuh-qa/pull/5234)) \- (Tests) - Fix provision macOS endpoints with npm ([#5128](https://github.com/wazuh/wazuh-qa/pull/5158)) \- (Tests) - Fix timestamps alerts and logs filter ([#5157](https://github.com/wazuh/wazuh-qa/pull/5157)) \- (Framework + Tests) From 9caf7096d432a85c658eb4fa288fc3a66009676b Mon Sep 17 00:00:00 2001 From: Julia Date: Fri, 19 Apr 2024 10:08:57 +0200 Subject: [PATCH 101/115] refactor: bump revision --- version.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/version.json b/version.json index a8c13cb3dd..2fc219708b 100644 --- a/version.json +++ b/version.json @@ -1,4 +1,4 @@ { "version": "4.8.0", - "revision": "40807" + "revision": "40808" } From 751e3279f1ff5511d470ec03920400972db1ac1e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?V=C3=ADctor=20Rebollo=20P=C3=A9rez?= Date: Fri, 19 Apr 2024 09:30:19 +0100 Subject: [PATCH 102/115] docs: update get_indexer_values docstring --- deps/wazuh_testing/wazuh_testing/end_to_end/indexer_api.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/deps/wazuh_testing/wazuh_testing/end_to_end/indexer_api.py b/deps/wazuh_testing/wazuh_testing/end_to_end/indexer_api.py index fefd2e4b62..2c2b312d1e 100644 --- a/deps/wazuh_testing/wazuh_testing/end_to_end/indexer_api.py +++ b/deps/wazuh_testing/wazuh_testing/end_to_end/indexer_api.py @@ -31,8 +31,8 @@ def get_indexer_values(host_manager: HostManager, credentials: dict = {'user': ' credentials (Optional): A dictionary containing the Indexer credentials. Defaults to {'user': 'admin', 'password': 'changeme'}. index (Optional): The Indexer index name. Defaults to 'wazuh-alerts*'. - greater_than_timestamp (Optional): The timestamp to filter the results. Defaults to None. - agent (Optional): The agent name to filter the results. Defaults to ''. + filter (Optional): A dictionary containing the query filter. Defaults to None. + size (Optional): The number of results to retrieve. Defaults to 10000. Returns: Dict: A dictionary containing the values retrieved from the Indexer API. From d0cdea69bc10a755c8306887581b1a34e8274616 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?V=C3=ADctor=20Rebollo=20P=C3=A9rez?= Date: Fri, 19 Apr 2024 09:41:34 +0100 Subject: [PATCH 103/115] refac: get_index_values function --- .../wazuh_testing/end_to_end/indexer_api.py | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) diff --git a/deps/wazuh_testing/wazuh_testing/end_to_end/indexer_api.py b/deps/wazuh_testing/wazuh_testing/end_to_end/indexer_api.py index 2c2b312d1e..68674f24ce 100644 --- a/deps/wazuh_testing/wazuh_testing/end_to_end/indexer_api.py +++ b/deps/wazuh_testing/wazuh_testing/end_to_end/indexer_api.py @@ -40,18 +40,14 @@ def get_indexer_values(host_manager: HostManager, credentials: dict = {'user': ' logging.info(f"Getting values from the Indexer API for index {index}") url = f"https://{host_manager.get_master_ip()}:9200/{index}/_search" - headers = { - 'Content-Type': 'application/json', - } data = {} + param = {'size': size} + headers = {'Content-Type': 'application/json'} + if filter: data['query'] = filter - param = { - 'size': size, - } - response = requests.get(url=url, params=param, verify=False, auth=requests.auth.HTTPBasicAuth(credentials['user'], credentials['password']), headers=headers, From 51a9ab0e4ee0102a0d794590b91327cb69477595 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?V=C3=ADctor=20Rebollo=20P=C3=A9rez?= Date: Fri, 19 Apr 2024 09:50:12 +0100 Subject: [PATCH 104/115] refac: migrate indexer filter to indexer_api module --- .../wazuh_testing/end_to_end/indexer_api.py | 22 +++++++++++++++ .../end_to_end/remote_operations_handler.py | 8 ++++-- .../end_to_end/vulnerability_detector.py | 28 +++---------------- .../test_vulnerability_detector.py | 12 ++++---- 4 files changed, 37 insertions(+), 33 deletions(-) diff --git a/deps/wazuh_testing/wazuh_testing/end_to_end/indexer_api.py b/deps/wazuh_testing/wazuh_testing/end_to_end/indexer_api.py index 68674f24ce..eef4c08094 100644 --- a/deps/wazuh_testing/wazuh_testing/end_to_end/indexer_api.py +++ b/deps/wazuh_testing/wazuh_testing/end_to_end/indexer_api.py @@ -21,6 +21,28 @@ STATE_INDEX_NAME = 'wazuh-states-vulnerabilities' +def create_vulnerability_states_indexer_filter(target_agent: str, greater_than_timestamp: str) -> dict: + return _create_filter(target_agent, greater_than_timestamp, 'vulnerability.detected_at') + + +def create_alerts_filter(target_agent: str, greater_than_timestamp: str) -> dict: + return _create_filter(target_agent, greater_than_timestamp, '@timestamp') + + +def _create_filter(target_agent: str, greater_than_timestamp: str, timestamp_field: str) -> dict: + filter = { + 'bool': { + 'must': [] + } + } + if greater_than_timestamp: + filter['bool']['must'].append({'range': {timestamp_field: {'gte': greater_than_timestamp}}}) + if target_agent: + filter['bool']['must'].append({'match': {'agent.name': target_agent}}) + + return filter + + def get_indexer_values(host_manager: HostManager, credentials: dict = {'user': 'admin', 'password': 'changeme'}, index: str = 'wazuh-alerts*', filter: dict | None = None, size: int = 10000) -> Dict: """ diff --git a/deps/wazuh_testing/wazuh_testing/end_to_end/remote_operations_handler.py b/deps/wazuh_testing/wazuh_testing/end_to_end/remote_operations_handler.py index f91edb127d..3477aa75c7 100644 --- a/deps/wazuh_testing/wazuh_testing/end_to_end/remote_operations_handler.py +++ b/deps/wazuh_testing/wazuh_testing/end_to_end/remote_operations_handler.py @@ -28,8 +28,9 @@ from wazuh_testing.end_to_end.waiters import wait_syscollector_and_vuln_scan from wazuh_testing.tools.system import HostManager from wazuh_testing.end_to_end.vulnerability_detector import check_vuln_alert_indexer, check_vuln_state_index, \ - load_packages_metadata, parse_vulnerability_detector_alerts, create_vulnerability_states_indexer_filter, create_alerts_filter -from wazuh_testing.end_to_end.indexer_api import get_indexer_values + load_packages_metadata, parse_vulnerability_detector_alerts +from wazuh_testing.end_to_end.indexer_api import get_indexer_values, \ + create_vulnerability_states_indexer_filter, create_alerts_filter def check_vulnerability_alerts(results: Dict, check_data: Dict, current_datetime: str, host_manager: HostManager, @@ -46,7 +47,8 @@ def check_vulnerability_alerts(results: Dict, check_data: Dict, current_datetime alerts_filter = create_alerts_filter(agent, current_datetime) index_vuln_filter = create_vulnerability_states_indexer_filter(agent, current_datetime) - agent_all_alerts = parse_vulnerability_detector_alerts(get_indexer_values(host_manager, filter=alerts_filter)['hits']['hits']) + agent_all_alerts = parse_vulnerability_detector_alerts(get_indexer_values(host_manager, + filter=alerts_filter)['hits']['hits']) agent_all_vulnerabilities = get_indexer_values(host_manager, filter=index_vuln_filter, index='wazuh-states-vulnerabilities')['hits']['hits'] diff --git a/deps/wazuh_testing/wazuh_testing/end_to_end/vulnerability_detector.py b/deps/wazuh_testing/wazuh_testing/end_to_end/vulnerability_detector.py index ff1582b443..98f36a79d5 100644 --- a/deps/wazuh_testing/wazuh_testing/end_to_end/vulnerability_detector.py +++ b/deps/wazuh_testing/wazuh_testing/end_to_end/vulnerability_detector.py @@ -23,7 +23,7 @@ from typing import Dict, List from wazuh_testing.tools.system import HostManager -from wazuh_testing.end_to_end.indexer_api import get_indexer_values +from wazuh_testing.end_to_end.indexer_api import get_indexer_values, create_vulnerability_states_indexer_filter from wazuh_testing.end_to_end.regex import REGEX_PATTERNS from collections import namedtuple @@ -31,28 +31,6 @@ Vulnerability = namedtuple('Vulnerability', ['cve', 'package_name', 'package_version', 'type', 'architecture']) -def create_vulnerability_states_indexer_filter(target_agent: str, greater_than_timestamp: str) -> dict: - return _create_filter(target_agent, greater_than_timestamp, 'vulnerability.detected_at') - - -def create_alerts_filter(target_agent: str, greater_than_timestamp: str) -> dict: - return _create_filter(target_agent, greater_than_timestamp, '@timestamp') - - -def _create_filter(target_agent: str, greater_than_timestamp: str, timestamp_field: str) -> dict: - filter = { - 'bool': { - 'must': [] - } - } - if greater_than_timestamp: - filter['bool']['must'].append({'range': {timestamp_field: {'gte': greater_than_timestamp}}}) - if target_agent: - filter['bool']['must'].append({'match': {'agent.name': target_agent}}) - - return filter - - def load_packages_metadata() -> Dict: """ Load packages metadata from the packages.json file. @@ -101,7 +79,9 @@ def check_vuln_state_index(host_manager: HostManager, host: str, package: Dict[s current_datetime (str): Datetime to filter the vulnerability state index. """ filter = create_vulnerability_states_indexer_filter(host, current_datetime) - index_vuln_state_content = get_indexer_values(host_manager, index='wazuh-states-vulnerabilities', filter=filter)['hits']['hits'] + index_vuln_state_content = get_indexer_values(host_manager, + index='wazuh-states-vulnerabilities', + filter=filter)['hits']['hits'] expected_alerts_not_found = [] logging.info(f"Checking vulnerability state index {package}") diff --git a/tests/end_to_end/test_vulnerability_detector/test_vulnerability_detector.py b/tests/end_to_end/test_vulnerability_detector/test_vulnerability_detector.py index 8c11d3be5a..6fa5fb7963 100644 --- a/tests/end_to_end/test_vulnerability_detector/test_vulnerability_detector.py +++ b/tests/end_to_end/test_vulnerability_detector/test_vulnerability_detector.py @@ -53,12 +53,12 @@ from wazuh_testing.end_to_end.waiters import wait_until_vd_is_updated from wazuh_testing.end_to_end.monitoring import generate_monitoring_logs, monitoring_events_multihost from wazuh_testing.end_to_end.regex import get_event_regex -from wazuh_testing.end_to_end.indexer_api import get_indexer_values, delete_index +from wazuh_testing.end_to_end.indexer_api import get_indexer_values, delete_index, \ + create_vulnerability_states_indexer_filter, create_alerts_filter from wazuh_testing.tools.configuration import load_configuration_template from wazuh_testing.tools.system import HostManager from wazuh_testing.end_to_end.remote_operations_handler import launch_parallel_operations -from wazuh_testing.end_to_end.vulnerability_detector import get_vulnerabilities_from_states, \ - create_vulnerability_states_indexer_filter, create_alerts_filter +from wazuh_testing.end_to_end.vulnerability_detector import get_vulnerabilities_from_states from wazuh_testing.modules.syscollector import TIMEOUT_SYSCOLLECTOR_SCAN @@ -333,9 +333,9 @@ def test_vulnerability_first_scan_index(self, request, host_manager, setup_vulne time.sleep(TIMEOUT_PER_AGENT_VULNERABILITY_SCAN * len(agents_to_check)) for agent in agents_to_check: - agent_all_vulnerabilities = get_indexer_values(host_manager, - filter=create_vulnerability_states_indexer_filter(target_agent=agent, - greater_than_timestamp=setup_vulnerability_tests), + filter = create_vulnerability_states_indexer_filter(agent, setup_vulnerability_tests) + agent_all_vulnerabilities = get_indexer_values(host_manager, + filter=filter, index='wazuh-states-vulnerabilities')['hits']['hits'] vuln_by_agent_index[agent] = agent_all_vulnerabilities From 522222581092ad7812eb0c3faf6de5afeeff597b Mon Sep 17 00:00:00 2001 From: MARCOSD4 Date: Fri, 19 Apr 2024 11:56:17 +0200 Subject: [PATCH 105/115] feat: include vulnerabilities and alerts statistics --- .../tools/performance/statistic.py | 104 +++++++++++++----- .../tools/performance/statistic_headers.py | 4 + 2 files changed, 82 insertions(+), 26 deletions(-) diff --git a/deps/wazuh_testing/wazuh_testing/tools/performance/statistic.py b/deps/wazuh_testing/wazuh_testing/tools/performance/statistic.py index 51a57fec16..d989d424f0 100644 --- a/deps/wazuh_testing/wazuh_testing/tools/performance/statistic.py +++ b/deps/wazuh_testing/wazuh_testing/tools/performance/statistic.py @@ -82,6 +82,12 @@ def __init__(self, target='agent', time_step=5, dst_dir=gettempdir(), use_state_ self.daemon = 'wazuh-db' self.use_state_file = False logger.warning("Wazuhdb stat monitoring from State File is not supported. Will get data from API.") + elif self.target == "vulnerabilities": + self.use_state_file = False + logger.warning("Vulnerabilities index monitoring from State File is not supported. Will get data from API.") + elif self.target == "alerts": + self.use_state_file = False + logger.warning("Alerts monitoring from State File is not supported. Will get data from API.") else: raise ValueError(f'The target {self.target} is not a valid one.') @@ -149,6 +155,8 @@ def _parse_api_data(self): API_URL = f"https://{self.ip}:{self.port}" DAEMONS_ENDPOINT= f"/manager/daemons/stats?daemons_list={self.daemon}&wait_for_complete=true" + VULNS_ENDOPOINT= f"/wazuh-states-vulnerabilities/_count" + ALERTS_ENDPOINT= f"/wazuh-alerts-4.x-*/_count" TOKEN_ENDPOINT="/security/user/authenticate" logging.info("Getting statistics data from API for {}".format(self.target)) @@ -156,30 +164,59 @@ def _parse_api_data(self): max_retries = 3 token_response = None daemon_response = None - # Try to get the response token three times - for _ in range(max_retries): - try: - token_response = requests.get(API_URL + TOKEN_ENDPOINT, verify=False, - auth=requests.auth.HTTPBasicAuth("wazuh", "wazuh")) - if token_response.status_code == 200: - break - except requests.exceptions.RequestException as e: - logging.error(f"Error getting token from API: {str(e)}") - else: - logging.error("Retrying get API data, status code {}".format(token_response.status_code)) - - for _ in range(max_retries): - try: - daemons_response = requests.get(API_URL + DAEMONS_ENDPOINT, verify=False, - headers={'Authorization': 'Bearer ' + token_response.json()['data']['token']}) - if daemons_response.status_code == 200: - break - except requests.exceptions.RequestException as e: - logging.error(f"Error fetching {self.daemon} datafrom API: {str(e)}") + data = None + + if(self.target == "vulnerabilities"): + for _ in range(max_retries): + try: + response = requests.get(API_URL + VULNS_ENDOPOINT, verify=False, + auth=requests.auth.HTTPBasicAuth("admin", "admin")) + if response.status_code == 200: + data = response.json()['count'] + break + except requests.exceptions.RequestException as e: + logging.error(f"Error fetching {self.target} datafrom API: {str(e)}") + else: + logging.error("Failed to fetch vulnerabilities data after 3 attempts") + + elif(self.target == "alerts"): + for _ in range(max_retries): + try: + response = requests.get(API_URL + ALERTS_ENDPOINT, verify=False, + auth=requests.auth.HTTPBasicAuth("admin", "admin")) + if response.status_code == 200: + data = response.json()['count'] + break + except requests.exceptions.RequestException as e: + logging.error(f"Error fetching {self.target} datafrom API: {str(e)}") + else: + logging.error("Failed to fetch alerts data after 3 attempts") + else: - logging.error("Failed to fetch daemons data after 3 attempts") + # Try to get the response token three times + for _ in range(max_retries): + try: + token_response = requests.get(API_URL + TOKEN_ENDPOINT, verify=False, + auth=requests.auth.HTTPBasicAuth("wazuh", "wazuh")) + if token_response.status_code == 200: + break + except requests.exceptions.RequestException as e: + logging.error(f"Error getting token from API: {str(e)}") + else: + logging.error("Retrying get API data, status code {}".format(token_response.status_code)) + + for _ in range(max_retries): + try: + response = requests.get(API_URL + DAEMONS_ENDPOINT, verify=False, + headers={'Authorization': 'Bearer ' + token_response.json()['data']['token']}) + if response.status_code == 200: + data = response.json()['data']['affected_items'][0] + break + except requests.exceptions.RequestException as e: + logging.error(f"Error fetching {self.daemon} datafrom API: {str(e)}") + else: + logging.error("Failed to fetch daemons data after 3 attempts") - data = daemons_response.json()['data']['affected_items'][0] self._write_csv(data, self.target, self.csv_file) @@ -199,6 +236,10 @@ def _write_csv(self, data, target, csv_file): csv_header = headers.remoted_header if self.use_state_file else headers.remoted_api_header elif target == "wazuhdb": csv_header = headers.wazuhdb_header + elif target == "vulnerabilities": + csv_header = headers.vulns_header + elif target == "alerts": + csv_header = headers.alerts_header else: csv_header = headers.agentd_header @@ -212,10 +253,11 @@ def _write_csv(self, data, target, csv_file): timestamp = datetime.fromtimestamp(time()).strftime('%Y-%m-%d %H:%M:%S') if self.use_state_file == False: - format = r"%Y-%m-%dT%H:%M:%S+%f:00" - datetime_timestamp = datetime.strptime(data['timestamp'], format) - datetime_uptime = datetime.strptime(data['uptime'], format) - interval = (datetime_timestamp - datetime_uptime).total_seconds() + if target not in ["vulnerabilities", "alerts"]: + format = r"%Y-%m-%dT%H:%M:%S+%f:00" + datetime_timestamp = datetime.strptime(data['timestamp'], format) + datetime_uptime = datetime.strptime(data['uptime'], format) + interval = (datetime_timestamp - datetime_uptime).total_seconds() if target == "analysis": metrics = data['metrics'] @@ -298,6 +340,16 @@ def _write_csv(self, data, target, csv_file): decoded['monitor'] / interval, # 62 decoded['remote'] / interval, # 63 )) + elif target == "vulnerabilities": + logger.info("Writing vulnerabilities data from API info to {}.".format(csv_file)) + log.write(("{0}\n").format( + data + )) + elif target == "alerts": + logger.info("Writing alerts data from API info to {}.".format(csv_file)) + log.write(("{0}\n").format( + data + )) elif target == "remote": metrics = data['metrics'] received_messages = metrics['messages']['received_breakdown'] diff --git a/deps/wazuh_testing/wazuh_testing/tools/performance/statistic_headers.py b/deps/wazuh_testing/wazuh_testing/tools/performance/statistic_headers.py index a7b15c0423..711028ce8d 100644 --- a/deps/wazuh_testing/wazuh_testing/tools/performance/statistic_headers.py +++ b/deps/wazuh_testing/wazuh_testing/tools/performance/statistic_headers.py @@ -165,6 +165,10 @@ "Number of messages", "Number of events buffered"] +vulns_header = ["Total"] + +alerts_header = ["Total"] + wazuhdb_header = ["Timestamp", "API Timestamp", From bdadff49461312d14c4c9f56cf075aefe6c9534f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?V=C3=ADctor=20Rebollo=20P=C3=A9rez?= Date: Fri, 19 Apr 2024 11:10:06 +0100 Subject: [PATCH 106/115] docs: include indexer filters docstring --- .../wazuh_testing/end_to_end/indexer_api.py | 28 +++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/deps/wazuh_testing/wazuh_testing/end_to_end/indexer_api.py b/deps/wazuh_testing/wazuh_testing/end_to_end/indexer_api.py index eef4c08094..f2b3c4a0a4 100644 --- a/deps/wazuh_testing/wazuh_testing/end_to_end/indexer_api.py +++ b/deps/wazuh_testing/wazuh_testing/end_to_end/indexer_api.py @@ -22,14 +22,42 @@ def create_vulnerability_states_indexer_filter(target_agent: str, greater_than_timestamp: str) -> dict: + """Create a filter for the Indexer API for the vulnerability state index. + + Args: + target_agent: The target agent to filter on. + greater_than_timestamp: The timestamp to filter on. + + Returns: + dict: A dictionary containing the filter. + """ return _create_filter(target_agent, greater_than_timestamp, 'vulnerability.detected_at') def create_alerts_filter(target_agent: str, greater_than_timestamp: str) -> dict: + """Create a filter for the Indexer API for the alerts index. + + Args: + target_agent: The target agent to filter on. + greater_than_timestamp: The timestamp to filter on. + + Returns: + dict: A dictionary containing the filter. + """ return _create_filter(target_agent, greater_than_timestamp, '@timestamp') def _create_filter(target_agent: str, greater_than_timestamp: str, timestamp_field: str) -> dict: + """Create a filter for the Indexer API. + + Args: + target_agent: The target agent to filter on. + greater_than_timestamp: The timestamp to filter on. + timestamp_field: The timestamp field to filter on. + + Returns: + dict: A dictionary containing the filter. + """ filter = { 'bool': { 'must': [] From fa1fa74932937c7bd7826b32fd97da3b6d091b29 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?V=C3=ADctor=20Rebollo=20P=C3=A9rez?= Date: Fri, 19 Apr 2024 12:40:14 +0100 Subject: [PATCH 107/115] fix: use vulns filter instead of alerts in second scan test --- .../test_vulnerability_detector/test_vulnerability_detector.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/tests/end_to_end/test_vulnerability_detector/test_vulnerability_detector.py b/tests/end_to_end/test_vulnerability_detector/test_vulnerability_detector.py index 6fa5fb7963..ef97ef88e5 100644 --- a/tests/end_to_end/test_vulnerability_detector/test_vulnerability_detector.py +++ b/tests/end_to_end/test_vulnerability_detector/test_vulnerability_detector.py @@ -487,7 +487,8 @@ def tests_syscollector_first_second_scan_consistency_index(self, request, host_m vuln_by_agent_index_second_scan = {} for agent in host_manager.get_group_hosts('agent'): - filter = create_alerts_filter(target_agent=agent, greater_than_timestamp=setup_vulnerability_tests) + filter = create_vulnerability_states_indexer_filter(target_agent=agent, + greater_than_timestamp=setup_vulnerability_tests) agent_all_vulnerabilities = get_indexer_values(host_manager, filter=filter, index='wazuh-states-vulnerabilities')['hits']['hits'] From 89b125020ad5170355f6c29306ab0642cd646347 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?V=C3=ADctor=20Rebollo=20P=C3=A9rez?= Date: Fri, 19 Apr 2024 12:50:58 +0100 Subject: [PATCH 108/115] refac: filters method --- .../wazuh_testing/end_to_end/indexer_api.py | 29 +++++++++++++++---- 1 file changed, 23 insertions(+), 6 deletions(-) diff --git a/deps/wazuh_testing/wazuh_testing/end_to_end/indexer_api.py b/deps/wazuh_testing/wazuh_testing/end_to_end/indexer_api.py index f2b3c4a0a4..1661234336 100644 --- a/deps/wazuh_testing/wazuh_testing/end_to_end/indexer_api.py +++ b/deps/wazuh_testing/wazuh_testing/end_to_end/indexer_api.py @@ -21,7 +21,8 @@ STATE_INDEX_NAME = 'wazuh-states-vulnerabilities' -def create_vulnerability_states_indexer_filter(target_agent: str, greater_than_timestamp: str) -> dict: +def create_vulnerability_states_indexer_filter(target_agent: str | None = None, + greater_than_timestamp: str | None = None) -> dict: """Create a filter for the Indexer API for the vulnerability state index. Args: @@ -31,10 +32,17 @@ def create_vulnerability_states_indexer_filter(target_agent: str, greater_than_t Returns: dict: A dictionary containing the filter. """ - return _create_filter(target_agent, greater_than_timestamp, 'vulnerability.detected_at') + timestamp_filter = None + if greater_than_timestamp: + timestamp_filter = { + 'greater_than_timestamp': greater_than_timestamp, + 'timestamp_name': 'vulnerability.detected_at' + } + return _create_filter(target_agent, timestamp_filter) -def create_alerts_filter(target_agent: str, greater_than_timestamp: str) -> dict: + +def create_alerts_filter(target_agent: str | None = None, greater_than_timestamp: str | None = None) -> dict: """Create a filter for the Indexer API for the alerts index. Args: @@ -44,10 +52,17 @@ def create_alerts_filter(target_agent: str, greater_than_timestamp: str) -> dict Returns: dict: A dictionary containing the filter. """ - return _create_filter(target_agent, greater_than_timestamp, '@timestamp') + timestamp_filter = None + if greater_than_timestamp: + timestamp_filter = { + 'greater_than_timestamp': greater_than_timestamp, + 'timestamp_name': '@timestamp' + } + + return _create_filter(target_agent, timestamp_filter) -def _create_filter(target_agent: str, greater_than_timestamp: str, timestamp_field: str) -> dict: +def _create_filter(target_agent: str | None = None, timestamp_filter: dict | None = None) -> dict: """Create a filter for the Indexer API. Args: @@ -63,7 +78,9 @@ def _create_filter(target_agent: str, greater_than_timestamp: str, timestamp_fie 'must': [] } } - if greater_than_timestamp: + if timestamp_filter: + timestamp_field = timestamp_filter['timestamp_name'] + greater_than_timestamp = timestamp_filter['greater_than_timestamp'] filter['bool']['must'].append({'range': {timestamp_field: {'gte': greater_than_timestamp}}}) if target_agent: filter['bool']['must'].append({'match': {'agent.name': target_agent}}) From c4cf2da90dca4c5e4c554a47187ca8efaa82a1c2 Mon Sep 17 00:00:00 2001 From: RamosFe Date: Fri, 19 Apr 2024 11:09:50 -0300 Subject: [PATCH 109/115] fix: Fixed typo. --- deps/wazuh_testing/wazuh_testing/tools/agent_simulator.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deps/wazuh_testing/wazuh_testing/tools/agent_simulator.py b/deps/wazuh_testing/wazuh_testing/tools/agent_simulator.py index 07616e8d06..7d5f194991 100644 --- a/deps/wazuh_testing/wazuh_testing/tools/agent_simulator.py +++ b/deps/wazuh_testing/wazuh_testing/tools/agent_simulator.py @@ -541,7 +541,7 @@ def process_command(self, sender, message_list): f'{{"error":0, "message":"ok", "data":[]}} ')) elif command == 'getconfig': if "active-response" in message_list: - response_json = '{{"active-response":{"disabled":"no"}}' + response_json = '{"active-response":{"disabled":"no"}}' else: response_json = '{"client":{"config-profile":"centos8","notify_time":10,"time-reconnect":60}}' From 6c96d7d4f58e190658a5a3cadc6e8d8b3cd274da Mon Sep 17 00:00:00 2001 From: Julia Date: Tue, 23 Apr 2024 09:06:03 +0200 Subject: [PATCH 110/115] refactor: bump revision --- version.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/version.json b/version.json index a311035993..97eaf9d5f9 100644 --- a/version.json +++ b/version.json @@ -1,4 +1,4 @@ { "version": "4.7.4", - "revision": "40715" + "revision": "40716" } From 982c56891d0efc5081bf5aa1d109d07e9f3befc3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?V=C3=ADctor=20Rebollo=20P=C3=A9rez?= Date: Tue, 23 Apr 2024 10:07:53 +0100 Subject: [PATCH 111/115] doc: include 5266 pr changelog --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 3ad892e633..1954d6689b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -23,6 +23,7 @@ All notable changes to this project will be documented in this file. ### Changed +- Update to replace timestamp filter with vulnerabilities detected_at field.([#5266](https://github.com/wazuh/wazuh-qa/pull/5266)) \- (Framework + Tests) - Changes macOS packages with new ones that generate vulnerabilities ([#5174](https://github.com/wazuh/wazuh-qa/pull/5174)) \- (Tests) - Refactor initial scan Vulnerability E2E tests ([#5081](https://github.com/wazuh/wazuh-qa/pull/5081)) \- (Framework + Tests) - Update Packages in TestScanSyscollectorCases ([#4997](https://github.com/wazuh/wazuh-qa/pull/4997)) \- (Framework + Tests) From b0a2fa58b24f54f24b9d3a9a99fca4f91cbf037d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?V=C3=ADctor=20Rebollo=20P=C3=A9rez?= Date: Tue, 23 Apr 2024 10:08:33 +0100 Subject: [PATCH 112/115] doc: improve 5266 pr changelog entry --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 1954d6689b..e6d6237c2f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -23,7 +23,7 @@ All notable changes to this project will be documented in this file. ### Changed -- Update to replace timestamp filter with vulnerabilities detected_at field.([#5266](https://github.com/wazuh/wazuh-qa/pull/5266)) \- (Framework + Tests) +- Replace timestamp filter with vulnerabilities detected_at field.([#5266](https://github.com/wazuh/wazuh-qa/pull/5266)) \- (Framework + Tests) - Changes macOS packages with new ones that generate vulnerabilities ([#5174](https://github.com/wazuh/wazuh-qa/pull/5174)) \- (Tests) - Refactor initial scan Vulnerability E2E tests ([#5081](https://github.com/wazuh/wazuh-qa/pull/5081)) \- (Framework + Tests) - Update Packages in TestScanSyscollectorCases ([#4997](https://github.com/wazuh/wazuh-qa/pull/4997)) \- (Framework + Tests) From 1d540a8d130ac628c72c3989c56d7efb69e9276f Mon Sep 17 00:00:00 2001 From: MARCOSD4 Date: Thu, 25 Apr 2024 09:52:24 +0200 Subject: [PATCH 113/115] docs: edit comments --- .../wazuh_testing/tools/performance/statistic.py | 14 +++++++------- .../tools/performance/statistic_headers.py | 4 ++-- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/deps/wazuh_testing/wazuh_testing/tools/performance/statistic.py b/deps/wazuh_testing/wazuh_testing/tools/performance/statistic.py index d989d424f0..1803941c7e 100644 --- a/deps/wazuh_testing/wazuh_testing/tools/performance/statistic.py +++ b/deps/wazuh_testing/wazuh_testing/tools/performance/statistic.py @@ -23,7 +23,7 @@ class StatisticMonitor: """This class generates a Python object to monitor the statistics file generated by Wazuh. It also recovers data - using Wazuh's API for the analysisd, remoted and wazuh-db daemons. + using Wazuh's API for the analysisd, remoted and wazuh-db daemons and for alerts and vulnerabilities indexes. There are four files: wazuh-analysisd.state, wazuh-remoted.state, wazuh-agentd.state and wazuh-logcollector.state and each one of them has unique characteristics and data. This class will parse the file, extract the data to a @@ -151,7 +151,7 @@ def _parse_state_file(self): def _parse_api_data(self): - """Read the data from the statistics file generated by Wazuh API.""" + """Read the data generated by Wazuh API.""" API_URL = f"https://{self.ip}:{self.port}" DAEMONS_ENDPOINT= f"/manager/daemons/stats?daemons_list={self.daemon}&wait_for_complete=true" @@ -175,7 +175,7 @@ def _parse_api_data(self): data = response.json()['count'] break except requests.exceptions.RequestException as e: - logging.error(f"Error fetching {self.target} datafrom API: {str(e)}") + logging.error(f"Error fetching {self.target} data from API: {str(e)}") else: logging.error("Failed to fetch vulnerabilities data after 3 attempts") @@ -188,7 +188,7 @@ def _parse_api_data(self): data = response.json()['count'] break except requests.exceptions.RequestException as e: - logging.error(f"Error fetching {self.target} datafrom API: {str(e)}") + logging.error(f"Error fetching {self.target} data from API: {str(e)}") else: logging.error("Failed to fetch alerts data after 3 attempts") @@ -221,7 +221,7 @@ def _parse_api_data(self): def _write_csv(self, data, target, csv_file): - """Write the data collected from the .state into a CSV file. + """Write the data collected into a CSV file. Args: data (dict): dictionary containing the info from the .state file. @@ -341,12 +341,12 @@ def _write_csv(self, data, target, csv_file): decoded['remote'] / interval, # 63 )) elif target == "vulnerabilities": - logger.info("Writing vulnerabilities data from API info to {}.".format(csv_file)) + logger.info("Writing vulnerabilities data info to {}.".format(csv_file)) log.write(("{0}\n").format( data )) elif target == "alerts": - logger.info("Writing alerts data from API info to {}.".format(csv_file)) + logger.info("Writing alerts data info to {}.".format(csv_file)) log.write(("{0}\n").format( data )) diff --git a/deps/wazuh_testing/wazuh_testing/tools/performance/statistic_headers.py b/deps/wazuh_testing/wazuh_testing/tools/performance/statistic_headers.py index 711028ce8d..3cd8567be5 100644 --- a/deps/wazuh_testing/wazuh_testing/tools/performance/statistic_headers.py +++ b/deps/wazuh_testing/wazuh_testing/tools/performance/statistic_headers.py @@ -165,9 +165,9 @@ "Number of messages", "Number of events buffered"] -vulns_header = ["Total"] +vulns_header = ["Total vulnerabilities"] -alerts_header = ["Total"] +alerts_header = ["Total alerts"] wazuhdb_header = ["Timestamp", From 028e453164019697a785b13bd90afbc28c4a35ad Mon Sep 17 00:00:00 2001 From: Julia Date: Thu, 25 Apr 2024 09:56:37 +0200 Subject: [PATCH 114/115] refactor: bump revision --- version.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/version.json b/version.json index 97eaf9d5f9..b3c2b7b62d 100644 --- a/version.json +++ b/version.json @@ -1,4 +1,4 @@ { "version": "4.7.4", - "revision": "40716" + "revision": "40717" } From 5e177becd4b0a68a6db49138beeebebaeb6b6d19 Mon Sep 17 00:00:00 2001 From: MARCOSD4 Date: Fri, 26 Apr 2024 09:03:13 +0200 Subject: [PATCH 115/115] docs: update changelog --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 5083ebf02f..b62fa79cdc 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,6 +6,7 @@ All notable changes to this project will be documented in this file. ### Added +- Add functionality to obtain statistics and metrics from the indexer. ([#5090](https://github.com/wazuh/wazuh-qa/pull/5090)) \- (Framework) - Add documentation about markers for system tests ([#5080](https://github.com/wazuh/wazuh-qa/pull/5080)) \- (Documentation) - Add AWS Custom Buckets Integration tests ([#4675](https://github.com/wazuh/wazuh-qa/pull/4675)) \- (Framework + Tests) - Add Vulnerability Detector end to end tests ([#4878](https://github.com/wazuh/wazuh-qa/pull/4878)) \- (Framework + Tests)