Skip to content

Commit

Permalink
Merge branch '4.9.1' into fix/5715-fix-upgrade-case-from-nonvulnerabl…
Browse files Browse the repository at this point in the history
…e-to-vulnerable
  • Loading branch information
rafabailon authored Sep 18, 2024
2 parents 0611866 + 2d48d99 commit 15fc2ca
Show file tree
Hide file tree
Showing 17 changed files with 159 additions and 106 deletions.
14 changes: 14 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -8,14 +8,26 @@ All notable changes to this project will be documented in this file.

- Added support for macOS 14.6 to the Allocation module (Vagrant) ([#5671](https://github.com/wazuh/wazuh-qa/pull/5671)) \- (Framework)

### Changed

- Update team labels and add 'agent' option ([#5725](https://github.com/wazuh/wazuh-qa/pull/5725)) \- (Framework)
- Change in VD E2E tests to use package feed instead of CTI feed ([#5739](https://github.com/wazuh/wazuh-qa/pull/5739)) \- (Tests)
- Improve VD plots title ([#5740](https://github.com/wazuh/wazuh-qa/pull/5740)) \- (Framework)

### Fixed

- Grafana package used for `upgrade_package_nonvulnerable_to_vulnerable` case is vulnerable ([#5719](https://github.com/wazuh/wazuh-qa/pull/5719)) \- (Tests)
- Increase results windows in E2E Vulnerability detection ([#5712](https://github.com/wazuh/wazuh-qa/pull/5712/)) \- (Framework + Tests)

### Deleted

- Reverted an xfail behaviour change in the API performance test ([#5734](https://github.com/wazuh/wazuh-qa/pull/5734)) \- (Tests)

## [4.9.0] - TBD

### Added

- Adding jobflow templates ([#5680](https://github.com/wazuh/wazuh-qa/pull/5680/)) \- (Framework)
- Add RockyLinux 8.10 to Allocator module ([#5524](https://github.com/wazuh/wazuh-qa/pull/5524)) \- (Framework)
- Add Deployability testing tier 1 ([#5190](https://github.com/wazuh/wazuh-qa/pull/5190)) \- (Framework + Documentation + Tests)
- Add Workflow module to Wazuh-qa repository ([#4990](https://github.com/wazuh/wazuh-qa/pull/4990)) \- (Tests)
Expand All @@ -24,6 +36,7 @@ All notable changes to this project will be documented in this file.

### Changed

- Updated Debian 12 AMIs and Box to 12.7 version ([#5735](https://github.com/wazuh/wazuh-qa/pull/5735)) \- (Framework)
- Increase Feed update timeout in waiters.py ([#5668](https://github.com/wazuh/wazuh-qa/pull/5668)) \- (Framework)
- Set `/active-response` as xfail ([#5660](https://github.com/wazuh/wazuh-qa/pull/5660)) \- (Tests)
- Modify the directory name for machines deployed in AWS ([#5635](https://github.com/wazuh/wazuh-qa/pull/5635)) \- (Framework)
Expand All @@ -42,6 +55,7 @@ All notable changes to this project will be documented in this file.

### Fixed

- Fix playbook cleanup.yaml ([#5672](https://github.com/wazuh/wazuh-qa/pull/5672)) \- (Tests)
- Fixed unnecesary reference to debian file in dashboard provisioning task ([#5643](https://github.com/wazuh/wazuh-qa/pull/5643)) \- (Framework)
- Changed 'Ensure that the manager version is' expected warning to an agnostic version of regex ([#5630](https://github.com/wazuh/wazuh-qa/pull/5630)) \- (Tests)
- Adding fixed and dynamic waits to port status checks ([#5627](https://github.com/wazuh/wazuh-qa/pull/5627)) (Framework)
Expand Down
2 changes: 1 addition & 1 deletion deployability/modules/allocation/aws/provider.py
Original file line number Diff line number Diff line change
Expand Up @@ -48,7 +48,7 @@ def _create_instance(cls, base_dir: Path, params: CreationPayload, config: AWSCo
temp_id = cls._generate_instance_id(cls.provider_name)
temp_dir = base_dir / temp_id
credentials = AWSCredentials()
teams = ['qa', 'core', 'framework', 'devops', 'frontend', 'operations', 'cloud', 'threat-intel', 'marketing', 'documentation']
teams = ['qa', 'cppserver', 'pyserver', 'devops', 'dashboard', 'operations', 'cloud', 'threat-intel', 'marketing', 'documentation', 'agent', 'indexer']
platform = str(params.composite_name.split("-")[0])
arch = str(params.composite_name.split("-")[3])
if not config:
Expand Down
8 changes: 4 additions & 4 deletions deployability/modules/allocation/static/specs/os.yml
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,7 @@ vagrant:
virtualizer: virtualbox
linux-debian-12-amd64:
box: debian/bookworm64
box_version: 12.20231211.1
box_version: 12.20240905.1
virtualizer: virtualbox
# Oracle Linux
linux-oracle-7-amd64:
Expand Down Expand Up @@ -268,11 +268,11 @@ aws:
zone: us-east-1
user: admin
linux-debian-12-amd64:
ami: ami-055c8118725fe3a84
ami: ami-014124f30c18be425
zone: us-east-1
user: admin
linux-debian-12-arm64:
ami: ami-06703877c23c4ddf1
ami: ami-027a194fc587a2e82
zone: us-east-1
user: admin
# Oracle Linux
Expand Down Expand Up @@ -422,7 +422,7 @@ aws:
zone: us-east-1
user: ec2-user
macos-ventura-13-arm64:
ami: ami-01aa3973cdaf40134
ami: ami-01aa3973cdaf40134
zone: us-east-1
user: ec2-user
macos-sonoma-14-amd64:
Expand Down
1 change: 0 additions & 1 deletion deployability/modules/testing/main.py
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,6 @@ def parse_arguments():
parser.add_argument("--tests", required=True)
parser.add_argument("--component", choices=['manager', 'agent', 'central_components'], required=True)
parser.add_argument("--dependencies", action='append', default=[], required=False)
parser.add_argument("--cleanup", required=False, default=True)
parser.add_argument("--wazuh-version", required=True)
parser.add_argument("--wazuh-revision", required=True)
parser.add_argument("--wazuh-branch", required=False)
Expand Down
1 change: 0 additions & 1 deletion deployability/modules/testing/models.py
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,6 @@ class InputPayload(ExtraVars):
tests: list[str]
targets: list[str]
dependencies: list[str] | None = None
cleanup: bool = True
live: bool = False


Expand Down
11 changes: 0 additions & 11 deletions deployability/modules/testing/playbooks/cleanup.yml

This file was deleted.

32 changes: 5 additions & 27 deletions deployability/modules/testing/testing.py
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,6 @@
class Tester:
_playbooks_dir = Path(__file__).parent / 'playbooks'
_setup_playbook = _playbooks_dir / 'setup.yml'
_cleanup_playbook = _playbooks_dir / 'cleanup.yml'
_test_template = _playbooks_dir / 'test.yml'

@classmethod
Expand Down Expand Up @@ -60,14 +59,6 @@ def run(cls, payload: InputPayload) -> None:
cls._setup(ansible, extra_vars)
cls._run_tests(payload.tests, ansible, extra_vars)

# Clean up if required
if payload.cleanup:
for target_path in payload.targets:
target_value = eval(target_path).values()
target_inventory = Inventory(**Utils.load_from_yaml(str(list(target_value)[0])))
logger.info("Cleaning up")
cls._cleanup(ansible, extra_vars['working_dir'])

@classmethod
def _get_extra_vars(cls, payload: InputPayload) -> ExtraVars:
"""
Expand Down Expand Up @@ -96,13 +87,13 @@ def _run_tests(cls, test_list: list[str], ansible: Ansible, extra_vars: ExtraVar
rendering_var = {**extra_vars, 'test': test}
template = str(cls._test_template)
result = ansible.run_playbook(template, rendering_var)

for event in result.events:
logger.info(f"{event['stdout']}")
if result.stats["failures"]:
for event in result.events:
if result.stats["failures"]:
if "fatal" in event['stdout']:
raise Exception(f"Test {test} failed with error")

raise Exception(f"Test {test} failed with error: {event['stdout']}")
else:
logger.info(f"Test {test} Finished with: {event['stdout']}")

@classmethod
def _setup(cls, ansible: Ansible, extra_vars: ExtraVars) -> None:
Expand All @@ -120,16 +111,3 @@ def _setup(cls, ansible: Ansible, extra_vars: ExtraVars) -> None:
if "fatal" in event['stdout']:
raise Exception(f"Setup {template} failed with error: {event['stdout']}")


@classmethod
def _cleanup(cls, ansible: Ansible, remote_working_dir: str = '/tmp') -> None:
"""
Cleanup the environment after the tests.
Args:
ansible (Ansible): The Ansible object to run the cleanup.
remote_working_dir (str): The remote working directory.
"""
extra_vars = {'working_dir': remote_working_dir}
playbook = str(cls._cleanup_playbook)
ansible.run_playbook(playbook, extra_vars)
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,7 @@ def compare_expected_found_vulnerabilities(vulnerabilities, expected_vulnerabili
for vulnerability in expected_vulns:
if vulnerability not in vulnerabilities.get(agent, []):
logging.critical(f"Vulnerability not found for {agent}: {vulnerability}")
if agent not in vulnerabilities_not_found:
if agent not in vulnerabilities_not_found.keys():
vulnerabilities_not_found[agent] = []
failed_agents.append(agent)

Expand All @@ -39,9 +39,10 @@ def compare_expected_found_vulnerabilities(vulnerabilities, expected_vulnerabili
for vulnerability in agent_vulnerabilities:
if vulnerability not in expected_vulnerabilities.get(agent, []):
logging.critical(f"Vulnerability unexpected found for {agent}: {vulnerability}")
if agent not in vulnerabilities_unexpected:
if agent not in vulnerabilities_unexpected.keys():
vulnerabilities_unexpected[agent] = []
failed_agents.append(agent)
if agent not in failed_agents:
failed_agents.append(agent)

result = False
vulnerabilities_unexpected[agent].append(vulnerability)
Expand Down Expand Up @@ -161,4 +162,3 @@ def equals_but_not_empty(x, y):
not any(x[host][level] for level in ["ERROR", "CRITICAL", "WARNING"])
for host in x
)

34 changes: 34 additions & 0 deletions deps/wazuh_testing/wazuh_testing/end_to_end/indexer_api.py
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,7 @@


WAZUH_STATES_VULNERABILITIES_INDEXNAME_TEMPLATE = 'wazuh-states-vulnerabilities-{cluster_name}'
INDEXER_RESULT_WINDOWS_VULN_E2E = 50000


def get_wazuh_states_vulnerabilities_indexname(cluster_name: str = 'wazuh') -> str:
Expand Down Expand Up @@ -176,3 +177,36 @@ def delete_index(host_manager: HostManager, credentials: dict = {'user': 'admin'

requests.delete(url=url, verify=False,
auth=requests.auth.HTTPBasicAuth(credentials['user'], credentials['password']), headers=headers)


def extend_result_window(host_manager: HostManager, credentials: dict = {'user': 'admin', 'password': 'changeme'},
index: str = 'wazuh-alerts*', new_max_result_window: int = 100000):
"""Extend the max_result_window setting for a Wazuh Indexer index.
Args:
host_manager: An instance of the HostManager class containing information about hosts.
credentials (Optional): A dictionary containing the Indexer credentials. Defaults to
{'user': 'admin', 'password': 'changeme'}.
index (Optional): The Indexer index name. Defaults to 'wazuh-alerts*'.
new_max_result_window (Optional): The new maximum result window size. Defaults to 100,000.
"""
logging.info(f"Extending max_result_window for {index} index to {new_max_result_window}")

url = f"https://{host_manager.get_master_ip()}:9200/{index}/_settings"
headers = {
'Content-Type': 'application/json',
}
data = {
"index": {
"max_result_window": new_max_result_window
}
}

response = requests.put(url=url, json=data, verify=False,
auth=requests.auth.HTTPBasicAuth(credentials['user'], credentials['password']),
headers=headers)

if response.status_code == 200:
logging.info(f"Successfully updated max_result_window for {index} index.")
else:
logging.error(f"Failed to update max_result_window for {index} index. Response: {response.text}")
Original file line number Diff line number Diff line change
Expand Up @@ -243,9 +243,9 @@ def get_vulnerability_alerts(host_manager: HostManager, agent_list, packages_dat


def get_vulnerabilities_index(host_manager: HostManager, agent_list, packages_data: List[Dict],
greater_than_timestamp: str = "") -> Dict:
greater_than_timestamp: str = "", size=10000) -> Dict:
vulnerabilities = get_vulnerabilities_from_states_by_agent(host_manager, agent_list,
greater_than_timestamp=greater_than_timestamp)
greater_than_timestamp=greater_than_timestamp, size=size)
package_vulnerabilities = filter_vulnerabilities_by_packages(host_manager, vulnerabilities, packages_data)

return package_vulnerabilities
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -275,13 +275,16 @@ def parse_vulnerability_from_state(state):


def get_vulnerabilities_from_states_by_agent(host_manager: HostManager, agents: List[str],
greater_than_timestamp: str = None, cluster_name='wazuh') -> dict:
greater_than_timestamp: str = None, cluster_name='wazuh',
size=10000) -> dict:
"""Get vulnerabilities from the vulnerability state index by agent.
Args:
host_manager (HostManager): Host manager object.
agents (list): List of agents.
greater_than_timestamp (str, optional): Greater than timestamp. Defaults to None.
size (int, optional): Maximun number of vulnerabilities to collect.
More information in https://opensearch.org/docs/latest/search-plugins/searching-data/paginate
Returns:
dict: Dictionary of vulnerabilities by agent.
Expand Down Expand Up @@ -309,8 +312,8 @@ def get_vulnerabilities_from_states_by_agent(host_manager: HostManager, agents:
filter=states_filter,
index=index,
credentials={'user': indexer_user,
'password': indexer_password}
)['hits']['hits']
'password': indexer_password},
size=size)['hits']['hits']
except KeyError as e:
logging.error(f"No vulnerabilities were obtained for {agent}. Exception {str(e)}")

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -52,6 +52,7 @@ def get_script_arguments():
help=f'Path to Json with Columns to Plot. Default {None}.')
parser.add_argument('-u', '--unify', dest='unify', action='store_true',
help='Unify data of the binary processes with their subprocesses to plot.')
parser.add_argument('-x', help="Title of the generated chart, add extra info here.", type=str, dest='plot_title')

return parser.parse_args()

Expand All @@ -66,7 +67,8 @@ def main():
visualization_options = {
'dataframes_paths': options.csv_list,
'store_path': options.destination,
'base_name': options.name
'base_name': options.name,
'plot_title': options.plot_title
}

strategy = target
Expand Down
Loading

0 comments on commit 15fc2ca

Please sign in to comment.