Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CVEs alerts inventory for Vulnerability Detector: partial scan type #1428

Merged
merged 4 commits into from
Jun 9, 2021
Merged

CVEs alerts inventory for Vulnerability Detector: partial scan type #1428

merged 4 commits into from
Jun 9, 2021

Conversation

mdengra
Copy link
Contributor

@mdengra mdengra commented Jun 8, 2021

Related issue
Closes #1425

Description

This PR adds a test to verify if the PARTIAL_SCAN type of vulnerability detector works correctly as part of #1261.

Test results

Manager

Tested on CentOS 8 (local)

manager

Tested on CentOS 7 (Jenkins)

jenkins_centos7

Documentation

docu

Tests

  • Proven that tests pass when they have to pass.
  • Proven that tests fail when they have to fail.
  • Python codebase satisfies PEP-8 style style guide. pycodestyle --max-line-length=120 --show-source --show-pep8 file.py.
  • Python codebase is documented following the Google Style for Python docstrings.
  • The test is documented in wazuh-qa/docs.
  • provision_documentation.sh generate the docs without errors.

@mdengra mdengra requested review from BraulioV and spothound June 8, 2021 15:57
@mdengra mdengra self-assigned this Jun 8, 2021
mdengra added 2 commits June 8, 2021 18:09
@mdengra
Add test_partial_scan_type to vulnerability detector tests
7df26f3 
Add retry decorator to create_simulated_agent of vulnerability_detector
module to allow two attempts when the simulated agent is added to the system
Add ALERT_LOGS_PATH to the initialization module of the wazuh_testing.tools package #1425
@mdengra
Add documentation for test_partial_scan_type #1425
1639efa
@mdengra mdengra force-pushed the 1425-cve-alerts-inventory-partial_scan branch from 30fd32f to 1639efa Compare June 8, 2021 16:10
BraulioV
BraulioV suggested changes Jun 9, 2021
View reviewed changes
deps/wazuh_testing/wazuh_testing/vulnerability_detector.py Outdated
Comment on lines 824 to 830
for _ in range(VULN_DETECTOR_GLOBAL_TIMEOUT):
try:
make_query(CVE_DB_PATH, [query_string])
return
except sqlite3.OperationalError:
sleep(1)
raise sqlite3.OperationalError
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
for _ in range(VULN_DETECTOR_GLOBAL_TIMEOUT):
try:
make_query(CVE_DB_PATH, [query_string])
return
except sqlite3.OperationalError:
sleep(1)
raise sqlite3.OperationalError
for _ in range(VULN_DETECTOR_GLOBAL_TIMEOUT):
try:
make_query(CVE_DB_PATH, [query_string])
break
except sqlite3.OperationalError:
sleep(1)
else:
raise sqlite3.OperationalError

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done in: 1d7710d

deps/wazuh_testing/wazuh_testing/vulnerability_detector.py Outdated
Comment on lines 820 to 822
Args:
timestamp (int): The new timestamp value to set.
"""
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Raises field is missing

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done in: 1d7710d

deps/wazuh_testing/wazuh_testing/vulnerability_detector.py Show resolved Hide resolved
tests/integration/test_vulnerability_detector/test_scan_types/test_partial_scan_type.py Outdated
Comment on lines 39 to 48
parameters = [{
'BUSTER_FEED_PATH': buster_oval_feed_path,
'DEBIAN_JSON_FEED_PATH': debian_json_feed_path,
'NVD_JSON_FEED_PATH': nvd_json_feed_path
}]
metadata = [{
'BUSTER_FEED_PATH': buster_oval_feed_path,
'DEBIAN_JSON_FEED_PATH': debian_json_feed_path,
'NVD_JSON_FEED_PATH': nvd_json_feed_path
}]
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
parameters = [{
'BUSTER_FEED_PATH': buster_oval_feed_path,
'DEBIAN_JSON_FEED_PATH': debian_json_feed_path,
'NVD_JSON_FEED_PATH': nvd_json_feed_path
}]
metadata = [{
'BUSTER_FEED_PATH': buster_oval_feed_path,
'DEBIAN_JSON_FEED_PATH': debian_json_feed_path,
'NVD_JSON_FEED_PATH': nvd_json_feed_path
}]
parameters = [{
'BUSTER_FEED_PATH': buster_oval_feed_path,
'DEBIAN_JSON_FEED_PATH': debian_json_feed_path,
'NVD_JSON_FEED_PATH': nvd_json_feed_path
}]
metadata = parameters

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done in: d0b7c1d

tests/integration/test_vulnerability_detector/test_scan_types/test_partial_scan_type.py Outdated
Comment on lines 69 to 70
"""Add a dummy agent, inserts in its database (sys_programs table) a test package,
and configures its database to appear to be up to date (sync_info table)."""
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Change this docstring to look like the one in test_partial_scan_type. A single line explaining what it does, another one if you need further details and the args.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done in: d0b7c1d

tests/integration/test_vulnerability_detector/test_scan_types/test_partial_scan_type.py Outdated
test_feed_path = os.path.join(os.path.dirname(os.path.realpath(__file__)), '..', 'data', 'feeds')
configurations_path = os.path.join(test_data_path, 'wazuh_partial_scan_type.yaml')
wazuh_log_monitor = FileMonitor(LOG_FILE_PATH)
wazuh_alert_monitor = FileMonitor(ALERT_LOGS_PATH)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I prefer to monitor the alerts.json file rather than the plain log. The reason for this change is based on the fact that we can extract the alert using the FileMonitor and check the fields in it by import it with the json module.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done in: d0b7c1d

@BraulioV BraulioV merged commit e2c00b2 into 1261-cve-alerts-inventory Jun 9, 2021
@BraulioV BraulioV deleted the 1425-cve-alerts-inventory-partial_scan branch June 9, 2021 12:48
@BraulioV BraulioV mentioned this pull request Jun 11, 2021
Closed
1 task
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@BraulioV BraulioV BraulioV approved these changes

@spothound spothound Awaiting requested review from spothound

Assignees

@mdengra mdengra

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@mdengra @BraulioV