def test_no_feed_changes(clean_vuln_tables, get_configuration,
configure_environment, restart_modulesd):
"""Check if the feed is imported successfully by default."""
vd.check_feed_imported_successfully(
wazuh_log_monitor=wazuh_log_monitor,
log_system_name=vd.ARCH_LOG,
expected_vulnerabilities_number=vd.ARCH_NUM_CUSTOM_VULNERABILITIES)
def test_invalid_msu_feed(clean_vuln_tables, get_configuration, configure_environment, remove_field_feed):
"""
Check if vulnerability detector behaves as expected when importing MSU feed with missing fields
"""
vd.check_feed_imported_successfully(wazuh_log_monitor=wazuh_log_monitor, log_system_name=vd.MSU_LOG,
expected_vulnerabilities_number=0)
vd.check_if_modulesd_is_running()
def test_extra_tags_debian_feed(test_values, clean_vuln_tables, get_configuration, configure_environment, modify_feed):
"""
Check if vulnerability detector behaves as expected when importing Debian OVAL feed with extra tags
"""
vd.check_feed_imported_successfully(wazuh_log_monitor=wazuh_log_monitor, log_system_name=vd.BUSTER_LOG,
expected_vulnerabilities_number=vd.DEBIAN_NUM_CUSTOM_VULNERABILITIES,
timeout=vd.DEBIAN_IMPORT_FEED_TIMEOUT,
check_vuln_number=False)
vd.check_if_modulesd_is_running()
def test_invalid_values_msu_feed(test_data, custom_input, clean_vuln_tables,
get_configuration, configure_environment,
modify_feed):
"""
Check if vulnerability detector behaves as expected when importing MSU feed with wrong field values
"""
# If the field is "key" and the input type is not the field type, then look for error messages
vd.check_feed_imported_successfully(wazuh_log_monitor=wazuh_log_monitor,
log_system_name=vd.MSU_LOG,
expected_vulnerabilities_number=0)
vd.check_if_modulesd_is_running()
def test_missing_canonical_feed(clean_vuln_tables, get_configuration, configure_environment, remove_tag_feed):
"""Test to check vulnerability detector behavior when importing Debian feed with missing tags"""
if remove_tag_feed['name'] in xfail_list:
pytest.xfail('Xfailing due to issue: https://github.com/wazuh/wazuh/issues/5322')
if remove_tag_feed['name'] in key_tags:
# It is necessary increase timeout due to the download of a JSON aux file for Debian
vd.check_failure_when_importing_feed(wazuh_log_monitor=wazuh_log_monitor, timeout=vd.DEBIAN_IMPORT_FEED_TIMEOUT)
else:
# It is necessary increase timeout due to the download of a JSON aux file for Debian
vd.check_feed_imported_successfully(wazuh_log_monitor=wazuh_log_monitor, log_system_name=vd.BUSTER_LOG,
expected_vulnerabilities_number=vd.DEBIAN_NUM_CUSTOM_VULNERABILITIES,
timeout=vd.DEBIAN_IMPORT_FEED_TIMEOUT,
check_vuln_number=False)
vd.check_if_modulesd_is_running()
def test_extra_tags_arch_linux_feed(test_values, clean_vuln_tables,
get_configuration, configure_environment,
modify_feed):
"""Check if Vulnerability Detector behaves as expected while importing Arch Linux JSON feed with extra tags."""
inserted_tag = test_values[0]
if type(inserted_tag) in [str]:
vd.check_feed_imported_successfully(
wazuh_log_monitor=wazuh_log_monitor,
log_system_name=vd.ARCH_LOG,
expected_vulnerabilities_number=vd.ARCH_NUM_CUSTOM_VULNERABILITIES)
else:
vd.check_failure_when_importing_feed(
wazuh_log_monitor=wazuh_log_monitor)
vd.check_if_modulesd_is_running()
def test_missing_canonical_feed(clean_vuln_tables, get_configuration,
configure_environment, remove_tag_feed):
"""Test to check vulnerability detector behavior when importing canonical feed with missing tags"""
if remove_tag_feed['name'] in xfail_tags:
pytest.xfail("Xfailing due https://github.com/wazuh/wazuh/issues/5275")
if remove_tag_feed['name'] in key_tags:
vd.check_failure_when_importing_feed(
wazuh_log_monitor=wazuh_log_monitor)
else:
vd.check_feed_imported_successfully(
wazuh_log_monitor=wazuh_log_monitor,
log_system_name=vd.BIONIC_LOG,
expected_vulnerabilities_number=vd.
CANONICAL_NUM_CUSTOM_VULNERABILITIES)
vd.check_if_modulesd_is_running()
def test_invalid_syntax_canonical_feed(test_data, clean_vuln_tables,
get_configuration,
configure_environment, modify_feed):
"""
Check if vulnerability detector behaves as expected when importing Canonical OVAL feeds with syntax errors
"""
if test_data['expected_fail']:
vd.check_failure_when_importing_feed(
wazuh_log_monitor=wazuh_log_monitor)
else:
vd.check_feed_imported_successfully(
wazuh_log_monitor=wazuh_log_monitor,
log_system_name=vd.BIONIC_LOG,
expected_vulnerabilities_number=vd.
CANONICAL_NUM_CUSTOM_VULNERABILITIES)
vd.check_if_modulesd_is_running()
def test_extra_fields_redhat_feed(test_data, clean_vuln_tables,
get_configuration, configure_environment,
modify_feed):
"""
Check if vulnerability detector behaves as expected when importing redhat OVAL feed with syntax errors
"""
if test_data['expected_fail']:
vd.check_failure_when_importing_feed(
wazuh_log_monitor=wazuh_log_monitor)
else:
vd.check_feed_imported_successfully(
wazuh_log_monitor=wazuh_log_monitor,
log_system_name='Red Hat Enterprise Linux 8',
expected_vulnerabilities_number=vd.
REDHAT_NUM_CUSTOM_VULNERABILITIES,
check_vuln_number=False)
vd.check_if_modulesd_is_running()
def test_invalid_type_custom_feeds(manage_files, clean_vuln_tables,
get_configuration, configure_environment,
restart_modulesd):
"""
Check that when importing bad feed files, vulnerability report a log parse error otherwise they are imported
correctly
"""
custom_feed = get_configuration['metadata']['custom_feed']
log_system_name = get_configuration['metadata']['log_system_name']
if get_configuration['metadata']['feed'] == 'nvd':
pytest.xfail(
"Add error messages to this case use. Issue: https://github.com/wazuh/wazuh/issues/5210"
)
if custom_feed in correctly_imported_feeds:
if '.gz' in custom_feed or '.bz2' in custom_feed:
vd.check_feed_uncompressed_successfully(
wazuh_log_monitor=wazuh_log_monitor, feed=custom_feed)
vd.check_feed_imported_successfully(
wazuh_log_monitor=wazuh_log_monitor,
log_system_name=log_system_name,
expected_vulnerabilities_number=get_configuration['metadata']
['expected_num_vulnerabilities'])
vd.clean_vuln_and_sys_programs_tables()
else:
expected_vulnerabilities_number = 1 if log_system_name == 'JSON Red Hat Enterprise Linux' else 0
test_skipped = 1 if get_configuration['metadata'][
'feed'] == 'msu' and custom_feed == '/tmp/dummy.json' else 0
if get_configuration['metadata'][
'feed'] != 'json debian' and not test_skipped:
vd.check_failure_when_importing_feed(
wazuh_log_monitor=wazuh_log_monitor,
expected_vulnerabilities_number=expected_vulnerabilities_number
)
else:
if custom_feed != '/tmp/dummy.json':
vd.check_log_event(
wazuh_log_monitor=wazuh_log_monitor,
log_event=f"Couldn't get the Debian feed .*")
if expected_vulnerabilities_number > 0:
vd.clean_vuln_and_sys_programs_tables()
def test_extra_fields_redhat_feed(clean_vuln_tables, test_values, get_configuration, configure_environment,
modify_feed):
"""
Check if vulnerability detector behaves as expected when importing Red Hat OVAL feed with extra fields
"""
inserted_tag = test_values[0]
if inserted_tag != ' ' and type(inserted_tag) in [str, int]:
vd.check_feed_imported_successfully(wazuh_log_monitor=wazuh_log_monitor,
log_system_name='Red Hat Enterprise Linux 8',
expected_vulnerabilities_number=vd.REDHAT_NUM_CUSTOM_VULNERABILITIES,
timeout=vd.VULN_DETECTOR_GLOBAL_TIMEOUT,
check_vuln_number=False)
else:
vd.check_failure_when_importing_feed(wazuh_log_monitor=wazuh_log_monitor,
timeout=vd.VULN_DETECTOR_GLOBAL_TIMEOUT)
vd.check_if_modulesd_is_running()
def test_extra_fields_msu_feed(clean_vuln_tables, test_values,
get_configuration, configure_environment,
modify_feed):
"""
Check if vulnerability detector behaves as expected when importing MSU feed with extra fields
"""
field = test_values[0]
if type(field) in [str]:
vd.check_feed_imported_successfully(
wazuh_log_monitor=wazuh_log_monitor,
log_system_name=vd.MSU_LOG,
expected_vulnerabilities_number=0)
else:
vd.check_failure_when_importing_feed(
wazuh_log_monitor=wazuh_log_monitor, parser_error=True)
vd.check_if_modulesd_is_running()
def test_invalid_archlinux_feed(clean_vuln_tables, get_configuration,
configure_environment, remove_field_feed):
"""Check if the feed is imported successfully by default."""
if remove_field_feed not in key_tags:
expected_vulnerabilities = vd.ARCH_NUM_CUSTOM_VULNERABILITIES
if remove_field_feed == 'issues':
expected_vulnerabilities -= 4
vd.check_feed_imported_successfully(
wazuh_log_monitor=wazuh_log_monitor,
log_system_name=vd.ARCH_LOG,
expected_vulnerabilities_number=expected_vulnerabilities,
timeout=vd.VULN_DETECTOR_SCAN_TIMEOUT)
vd.check_if_modulesd_is_running()
else:
vd.check_failure_when_importing_feed(
wazuh_log_monitor=wazuh_log_monitor)
def test_extra_tags_canonical_feed(test_values, clean_vuln_tables,
get_configuration, configure_environment,
modify_feed):
"""
Check if vulnerability detector behaves as expected when importing Canonical OVAL feed with extra tags
"""
inserted_tag = test_values[0]
if inserted_tag != ' ' and type(inserted_tag) in [str, int]:
vd.check_feed_imported_successfully(
wazuh_log_monitor=wazuh_log_monitor,
log_system_name=vd.BIONIC_LOG,
expected_vulnerabilities_number=vd.
CANONICAL_NUM_CUSTOM_VULNERABILITIES)
else:
vd.check_failure_when_importing_feed(
wazuh_log_monitor=wazuh_log_monitor)
vd.check_if_modulesd_is_running()
def test_invalid_values_debian_feed(test_data, custom_input, clean_vuln_tables,
get_configuration, configure_environment,
restart_modulesd, modify_feed):
"""
Check if vulnerability detector behaves as expected when importing Debian OVAL feed with wrong tag values
"""
if test_data['expected_fail']:
vd.check_failure_when_importing_feed(
wazuh_log_monitor=wazuh_log_monitor,
timeout=vd.DEBIAN_IMPORT_FEED_TIMEOUT)
else:
vd.check_feed_imported_successfully(
wazuh_log_monitor=wazuh_log_monitor,
log_system_name=vd.BUSTER_LOG,
expected_vulnerabilities_number=vd.
DEBIAN_NUM_CUSTOM_VULNERABILITIES,
timeout=vd.DEBIAN_IMPORT_FEED_TIMEOUT,
check_vuln_number=False)
vd.check_if_modulesd_is_running()
def test_invalid_values_arch_linux_feed(test_data, custom_input,
clean_vuln_tables, get_configuration,
configure_environment, modify_feed):
"""Check if Vulnerability Detector behaves as expected while importing Arch Linux feed with syntax errors."""
if any(isinstance(custom_input, x) for x in test_data['type']):
expected_vulnerabilities = vd.ARCH_NUM_CUSTOM_VULNERABILITIES
if test_data['field'] == 'packages' and isinstance(custom_input, list):
# In this case, wazuh have to think that there are multiples packages with the 5 example vulnerabilities,
# instead of only one package. For this reason we have to increase the number of expected vulnerabilities.
expected_vulnerabilities = expected_vulnerabilities + 5 * (
len(custom_input) - 1)
vd.check_feed_imported_successfully(
wazuh_log_monitor=wazuh_log_monitor,
log_system_name=vd.ARCH_LOG,
expected_vulnerabilities_number=expected_vulnerabilities)
else:
vd.check_failure_when_importing_feed(
wazuh_log_monitor=wazuh_log_monitor, timeout=10)
vd.check_if_modulesd_is_running()
def test_invalid_values_canonical_feed(test_data, custom_input,
clean_vuln_tables, get_configuration,
configure_environment, modify_feed):
"""
Check if vulnerability detector behaves as expected when importing Canonical OVAL feed with wrong tag values
"""
if test_data['name'] == 'dpkginfo_test':
pytest.xfail(
'Xfailing due to issue: https://github.com/wazuh/wazuh/issues/5275'
)
if test_data['expected_fail']:
vd.check_failure_when_importing_feed(
wazuh_log_monitor=wazuh_log_monitor)
else:
vd.check_feed_imported_successfully(
wazuh_log_monitor=wazuh_log_monitor,
log_system_name=vd.BIONIC_LOG,
expected_vulnerabilities_number=vd.
CANONICAL_NUM_CUSTOM_VULNERABILITIES)
vd.check_if_modulesd_is_running()
