def test_no_feed_changes(clean_vuln_tables, get_configuration, configure_environment, restart_modulesd): """Check if the feed is imported successfully by default.""" vd.check_feed_imported_successfully( wazuh_log_monitor=wazuh_log_monitor, log_system_name=vd.ARCH_LOG, expected_vulnerabilities_number=vd.ARCH_NUM_CUSTOM_VULNERABILITIES)
def test_invalid_msu_feed(clean_vuln_tables, get_configuration, configure_environment, remove_field_feed): """ Check if vulnerability detector behaves as expected when importing MSU feed with missing fields """ vd.check_feed_imported_successfully(wazuh_log_monitor=wazuh_log_monitor, log_system_name=vd.MSU_LOG, expected_vulnerabilities_number=0) vd.check_if_modulesd_is_running()
def test_extra_tags_debian_feed(test_values, clean_vuln_tables, get_configuration, configure_environment, modify_feed): """ Check if vulnerability detector behaves as expected when importing Debian OVAL feed with extra tags """ vd.check_feed_imported_successfully(wazuh_log_monitor=wazuh_log_monitor, log_system_name=vd.BUSTER_LOG, expected_vulnerabilities_number=vd.DEBIAN_NUM_CUSTOM_VULNERABILITIES, timeout=vd.DEBIAN_IMPORT_FEED_TIMEOUT, check_vuln_number=False) vd.check_if_modulesd_is_running()
def test_invalid_values_msu_feed(test_data, custom_input, clean_vuln_tables, get_configuration, configure_environment, modify_feed): """ Check if vulnerability detector behaves as expected when importing MSU feed with wrong field values """ # If the field is "key" and the input type is not the field type, then look for error messages vd.check_feed_imported_successfully(wazuh_log_monitor=wazuh_log_monitor, log_system_name=vd.MSU_LOG, expected_vulnerabilities_number=0) vd.check_if_modulesd_is_running()
def test_missing_canonical_feed(clean_vuln_tables, get_configuration, configure_environment, remove_tag_feed): """Test to check vulnerability detector behavior when importing Debian feed with missing tags""" if remove_tag_feed['name'] in xfail_list: pytest.xfail('Xfailing due to issue: https://github.com/wazuh/wazuh/issues/5322') if remove_tag_feed['name'] in key_tags: # It is necessary increase timeout due to the download of a JSON aux file for Debian vd.check_failure_when_importing_feed(wazuh_log_monitor=wazuh_log_monitor, timeout=vd.DEBIAN_IMPORT_FEED_TIMEOUT) else: # It is necessary increase timeout due to the download of a JSON aux file for Debian vd.check_feed_imported_successfully(wazuh_log_monitor=wazuh_log_monitor, log_system_name=vd.BUSTER_LOG, expected_vulnerabilities_number=vd.DEBIAN_NUM_CUSTOM_VULNERABILITIES, timeout=vd.DEBIAN_IMPORT_FEED_TIMEOUT, check_vuln_number=False) vd.check_if_modulesd_is_running()
def test_extra_tags_arch_linux_feed(test_values, clean_vuln_tables, get_configuration, configure_environment, modify_feed): """Check if Vulnerability Detector behaves as expected while importing Arch Linux JSON feed with extra tags.""" inserted_tag = test_values[0] if type(inserted_tag) in [str]: vd.check_feed_imported_successfully( wazuh_log_monitor=wazuh_log_monitor, log_system_name=vd.ARCH_LOG, expected_vulnerabilities_number=vd.ARCH_NUM_CUSTOM_VULNERABILITIES) else: vd.check_failure_when_importing_feed( wazuh_log_monitor=wazuh_log_monitor) vd.check_if_modulesd_is_running()
def test_missing_canonical_feed(clean_vuln_tables, get_configuration, configure_environment, remove_tag_feed): """Test to check vulnerability detector behavior when importing canonical feed with missing tags""" if remove_tag_feed['name'] in xfail_tags: pytest.xfail("Xfailing due https://github.com/wazuh/wazuh/issues/5275") if remove_tag_feed['name'] in key_tags: vd.check_failure_when_importing_feed( wazuh_log_monitor=wazuh_log_monitor) else: vd.check_feed_imported_successfully( wazuh_log_monitor=wazuh_log_monitor, log_system_name=vd.BIONIC_LOG, expected_vulnerabilities_number=vd. CANONICAL_NUM_CUSTOM_VULNERABILITIES) vd.check_if_modulesd_is_running()
def test_invalid_syntax_canonical_feed(test_data, clean_vuln_tables, get_configuration, configure_environment, modify_feed): """ Check if vulnerability detector behaves as expected when importing Canonical OVAL feeds with syntax errors """ if test_data['expected_fail']: vd.check_failure_when_importing_feed( wazuh_log_monitor=wazuh_log_monitor) else: vd.check_feed_imported_successfully( wazuh_log_monitor=wazuh_log_monitor, log_system_name=vd.BIONIC_LOG, expected_vulnerabilities_number=vd. CANONICAL_NUM_CUSTOM_VULNERABILITIES) vd.check_if_modulesd_is_running()
def test_extra_fields_redhat_feed(test_data, clean_vuln_tables, get_configuration, configure_environment, modify_feed): """ Check if vulnerability detector behaves as expected when importing redhat OVAL feed with syntax errors """ if test_data['expected_fail']: vd.check_failure_when_importing_feed( wazuh_log_monitor=wazuh_log_monitor) else: vd.check_feed_imported_successfully( wazuh_log_monitor=wazuh_log_monitor, log_system_name='Red Hat Enterprise Linux 8', expected_vulnerabilities_number=vd. REDHAT_NUM_CUSTOM_VULNERABILITIES, check_vuln_number=False) vd.check_if_modulesd_is_running()
def test_invalid_type_custom_feeds(manage_files, clean_vuln_tables, get_configuration, configure_environment, restart_modulesd): """ Check that when importing bad feed files, vulnerability report a log parse error otherwise they are imported correctly """ custom_feed = get_configuration['metadata']['custom_feed'] log_system_name = get_configuration['metadata']['log_system_name'] if get_configuration['metadata']['feed'] == 'nvd': pytest.xfail( "Add error messages to this case use. Issue: https://github.com/wazuh/wazuh/issues/5210" ) if custom_feed in correctly_imported_feeds: if '.gz' in custom_feed or '.bz2' in custom_feed: vd.check_feed_uncompressed_successfully( wazuh_log_monitor=wazuh_log_monitor, feed=custom_feed) vd.check_feed_imported_successfully( wazuh_log_monitor=wazuh_log_monitor, log_system_name=log_system_name, expected_vulnerabilities_number=get_configuration['metadata'] ['expected_num_vulnerabilities']) vd.clean_vuln_and_sys_programs_tables() else: expected_vulnerabilities_number = 1 if log_system_name == 'JSON Red Hat Enterprise Linux' else 0 test_skipped = 1 if get_configuration['metadata'][ 'feed'] == 'msu' and custom_feed == '/tmp/dummy.json' else 0 if get_configuration['metadata'][ 'feed'] != 'json debian' and not test_skipped: vd.check_failure_when_importing_feed( wazuh_log_monitor=wazuh_log_monitor, expected_vulnerabilities_number=expected_vulnerabilities_number ) else: if custom_feed != '/tmp/dummy.json': vd.check_log_event( wazuh_log_monitor=wazuh_log_monitor, log_event=f"Couldn't get the Debian feed .*") if expected_vulnerabilities_number > 0: vd.clean_vuln_and_sys_programs_tables()
def test_extra_fields_redhat_feed(clean_vuln_tables, test_values, get_configuration, configure_environment, modify_feed): """ Check if vulnerability detector behaves as expected when importing Red Hat OVAL feed with extra fields """ inserted_tag = test_values[0] if inserted_tag != ' ' and type(inserted_tag) in [str, int]: vd.check_feed_imported_successfully(wazuh_log_monitor=wazuh_log_monitor, log_system_name='Red Hat Enterprise Linux 8', expected_vulnerabilities_number=vd.REDHAT_NUM_CUSTOM_VULNERABILITIES, timeout=vd.VULN_DETECTOR_GLOBAL_TIMEOUT, check_vuln_number=False) else: vd.check_failure_when_importing_feed(wazuh_log_monitor=wazuh_log_monitor, timeout=vd.VULN_DETECTOR_GLOBAL_TIMEOUT) vd.check_if_modulesd_is_running()
def test_extra_fields_msu_feed(clean_vuln_tables, test_values, get_configuration, configure_environment, modify_feed): """ Check if vulnerability detector behaves as expected when importing MSU feed with extra fields """ field = test_values[0] if type(field) in [str]: vd.check_feed_imported_successfully( wazuh_log_monitor=wazuh_log_monitor, log_system_name=vd.MSU_LOG, expected_vulnerabilities_number=0) else: vd.check_failure_when_importing_feed( wazuh_log_monitor=wazuh_log_monitor, parser_error=True) vd.check_if_modulesd_is_running()
def test_invalid_archlinux_feed(clean_vuln_tables, get_configuration, configure_environment, remove_field_feed): """Check if the feed is imported successfully by default.""" if remove_field_feed not in key_tags: expected_vulnerabilities = vd.ARCH_NUM_CUSTOM_VULNERABILITIES if remove_field_feed == 'issues': expected_vulnerabilities -= 4 vd.check_feed_imported_successfully( wazuh_log_monitor=wazuh_log_monitor, log_system_name=vd.ARCH_LOG, expected_vulnerabilities_number=expected_vulnerabilities, timeout=vd.VULN_DETECTOR_SCAN_TIMEOUT) vd.check_if_modulesd_is_running() else: vd.check_failure_when_importing_feed( wazuh_log_monitor=wazuh_log_monitor)
def test_extra_tags_canonical_feed(test_values, clean_vuln_tables, get_configuration, configure_environment, modify_feed): """ Check if vulnerability detector behaves as expected when importing Canonical OVAL feed with extra tags """ inserted_tag = test_values[0] if inserted_tag != ' ' and type(inserted_tag) in [str, int]: vd.check_feed_imported_successfully( wazuh_log_monitor=wazuh_log_monitor, log_system_name=vd.BIONIC_LOG, expected_vulnerabilities_number=vd. CANONICAL_NUM_CUSTOM_VULNERABILITIES) else: vd.check_failure_when_importing_feed( wazuh_log_monitor=wazuh_log_monitor) vd.check_if_modulesd_is_running()
def test_invalid_values_debian_feed(test_data, custom_input, clean_vuln_tables, get_configuration, configure_environment, restart_modulesd, modify_feed): """ Check if vulnerability detector behaves as expected when importing Debian OVAL feed with wrong tag values """ if test_data['expected_fail']: vd.check_failure_when_importing_feed( wazuh_log_monitor=wazuh_log_monitor, timeout=vd.DEBIAN_IMPORT_FEED_TIMEOUT) else: vd.check_feed_imported_successfully( wazuh_log_monitor=wazuh_log_monitor, log_system_name=vd.BUSTER_LOG, expected_vulnerabilities_number=vd. DEBIAN_NUM_CUSTOM_VULNERABILITIES, timeout=vd.DEBIAN_IMPORT_FEED_TIMEOUT, check_vuln_number=False) vd.check_if_modulesd_is_running()
def test_invalid_values_arch_linux_feed(test_data, custom_input, clean_vuln_tables, get_configuration, configure_environment, modify_feed): """Check if Vulnerability Detector behaves as expected while importing Arch Linux feed with syntax errors.""" if any(isinstance(custom_input, x) for x in test_data['type']): expected_vulnerabilities = vd.ARCH_NUM_CUSTOM_VULNERABILITIES if test_data['field'] == 'packages' and isinstance(custom_input, list): # In this case, wazuh have to think that there are multiples packages with the 5 example vulnerabilities, # instead of only one package. For this reason we have to increase the number of expected vulnerabilities. expected_vulnerabilities = expected_vulnerabilities + 5 * ( len(custom_input) - 1) vd.check_feed_imported_successfully( wazuh_log_monitor=wazuh_log_monitor, log_system_name=vd.ARCH_LOG, expected_vulnerabilities_number=expected_vulnerabilities) else: vd.check_failure_when_importing_feed( wazuh_log_monitor=wazuh_log_monitor, timeout=10) vd.check_if_modulesd_is_running()
def test_invalid_values_canonical_feed(test_data, custom_input, clean_vuln_tables, get_configuration, configure_environment, modify_feed): """ Check if vulnerability detector behaves as expected when importing Canonical OVAL feed with wrong tag values """ if test_data['name'] == 'dpkginfo_test': pytest.xfail( 'Xfailing due to issue: https://github.com/wazuh/wazuh/issues/5275' ) if test_data['expected_fail']: vd.check_failure_when_importing_feed( wazuh_log_monitor=wazuh_log_monitor) else: vd.check_feed_imported_successfully( wazuh_log_monitor=wazuh_log_monitor, log_system_name=vd.BIONIC_LOG, expected_vulnerabilities_number=vd. CANONICAL_NUM_CUSTOM_VULNERABILITIES) vd.check_if_modulesd_is_running()