From c3ba8eedf5d64817f8f77599dc4bf8469dde011f Mon Sep 17 00:00:00 2001 From: Mateo Cervilla Date: Thu, 6 Jul 2023 15:50:21 -0300 Subject: [PATCH] feat(#4327) deprecate NVD update_from_year option and related --- .../vulnerability_detector/event_monitor.py | 24 ++----------------- .../cases_validate_json_feed_content.yaml | 11 +++++++++ .../test_import_invalid_feed_type.py | 3 --- .../test_feeds/test_validate_feed_content.py | 9 ------- .../test_providers/test_enabled.py | 14 ----------- .../test_providers/test_missing_os.py | 8 ------- .../test_providers/test_os.py | 8 ------- .../test_providers/test_update_from_year.py | 11 +++------ 8 files changed, 16 insertions(+), 72 deletions(-) diff --git a/deps/wazuh_testing/wazuh_testing/modules/vulnerability_detector/event_monitor.py b/deps/wazuh_testing/wazuh_testing/modules/vulnerability_detector/event_monitor.py index 2737e06201..b73f059614 100644 --- a/deps/wazuh_testing/wazuh_testing/modules/vulnerability_detector/event_monitor.py +++ b/deps/wazuh_testing/wazuh_testing/modules/vulnerability_detector/event_monitor.py @@ -240,26 +240,6 @@ def check_obtaining_software_failure_log(agent_id='000', num_attemps=5): f"{num_attemps} attempts. Skipping agent until the next scan.") -def check_nvd_download_log(): - """Check that the NVD download has started. - - Args: - update_year (int): Year specified in . - """ - - """ - leandro - - #define NVD_CVE_REPO_META "https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-%d.meta" - - #define NVD_CVE_REPO "https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-%d.json.gz" - + #define NVD_CVE_REPO_META "https://feed.wazuh.com/vulnerability-detector/nvd/generated-feeds/nvd_cve_single.meta" - + #define NVD_CVE_REPO "https://feed.wazuh.com/vulnerability-detector/nvd/generated-feeds/nvd_cve_single.json.gz - """ - - check_vuln_detector_event(timeout=vd.T_40, callback=fr".*Downloading .*nvd_cve_single.meta*", - error_message='NVD feed download did not started', - prefix=r'.*wazuh-modulesd:download.*') - - def check_invalid_provider_update_from_year_log(provider): """Check that the warning message is logged correctly. @@ -268,8 +248,8 @@ def check_invalid_provider_update_from_year_log(provider): """ if provider == 'redhat': callback = "INFO: 'update_from_year' option at module 'vulnerability-detector' is deprecated" - elif provider == 'msu': - callback = "WARNING: 'update_from_year' option cannot be used for 'msu' provider." + elif provider == 'msu' or provider == 'nvd': + callback = f"WARNING: 'update_from_year' option cannot be used for '{provider}' provider." else: callback = f"WARNING: Invalid option 'update_from_year' for '{provider}' provider at 'vulnerability-detector'" diff --git a/tests/integration/test_vulnerability_detector/test_feeds/data/test_cases/cases_validate_json_feed_content.yaml b/tests/integration/test_vulnerability_detector/test_feeds/data/test_cases/cases_validate_json_feed_content.yaml index 932e64a37f..7b327e7005 100644 --- a/tests/integration/test_vulnerability_detector/test_feeds/data/test_cases/cases_validate_json_feed_content.yaml +++ b/tests/integration/test_vulnerability_detector/test_feeds/data/test_cases/cases_validate_json_feed_content.yaml @@ -49,3 +49,14 @@ extension: 'gz' decompressed_file: '/tmp/msu-updates.json' url: 'https://feed.wazuh.com/vulnerability-detector/windows/msu-updates.json.gz' + +- name: 'NVD' + description: 'National Vulnerability Database provider' + configuration_parameters: + metadata: + provider_name: 'National Vulnerability Database' + expected_format: 'application/gzip' + path: '/tmp/complete_nvd_feed.json.gz' + extension: 'gz' + decompressed_file: '/tmp/complete_nvd_feed.json' + url: 'https://feed.wazuh.com/vulnerability-detector/NVD/generated-feeds/complete_nvd_feed.json.gz' diff --git a/tests/integration/test_vulnerability_detector/test_feeds/test_import_invalid_feed_type.py b/tests/integration/test_vulnerability_detector/test_feeds/test_import_invalid_feed_type.py index 7ab19524f4..9f5a618640 100644 --- a/tests/integration/test_vulnerability_detector/test_feeds/test_import_invalid_feed_type.py +++ b/tests/integration/test_vulnerability_detector/test_feeds/test_import_invalid_feed_type.py @@ -139,9 +139,6 @@ def test_import_invalid_feed_type(configuration, metadata, set_wazuh_configurati - r"Failed when updating '{provider_feed_name}' database" - r"ERROR: .* CVE database could not be updated." ''' - if metadata['target'] == 'nvd': - pytest.xfail(reason='no error reported when importing invalid NVD feed. ' - 'https://github.com/wazuh/wazuh/issues/5210') # Check in log that the provider database could not be updated for provider_feed_name in metadata['provider_feed_names']: diff --git a/tests/integration/test_vulnerability_detector/test_feeds/test_validate_feed_content.py b/tests/integration/test_vulnerability_detector/test_feeds/test_validate_feed_content.py index fa3e036749..c5c510eaa0 100644 --- a/tests/integration/test_vulnerability_detector/test_feeds/test_validate_feed_content.py +++ b/tests/integration/test_vulnerability_detector/test_feeds/test_validate_feed_content.py @@ -75,15 +75,6 @@ # Validate JSON feed content test configurations (t1) _, t1_configuration_metadata, t1_case_ids = get_test_cases_data(t1_cases_path) -# Add NVD from 2002 to current year configuration and metadata -current_year = datetime.now().year -for year in range(2002, current_year + 1): - t1_configuration_metadata.append({'provider_name': 'nvd', 'expected_format': 'application/gzip', - 'path': f"/tmp/nvdcve-1.1-{year}.json.gz", 'extension': 'gz', - 'url': f"https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-{year}.json.gz", - 'decompressed_file': f"/tmp/nvd-{year}.json"}) - t1_case_ids.append(f"NVD-{year}") - # Validate XML feed content test configurations (t2) _, t2_configuration_metadata, t2_case_ids = get_test_cases_data(t2_cases_path) diff --git a/tests/integration/test_vulnerability_detector/test_providers/test_enabled.py b/tests/integration/test_vulnerability_detector/test_providers/test_enabled.py index 8a9868462c..4e11459b46 100644 --- a/tests/integration/test_vulnerability_detector/test_providers/test_enabled.py +++ b/tests/integration/test_vulnerability_detector/test_providers/test_enabled.py @@ -84,20 +84,6 @@ t2_configurations = load_configuration_template(configurations_path, t2_configuration_parameters, t2_configuration_metadata) -# Add tag for NVD to download only the last year feed and speed up the testing process -# Set it for enabled configurations -for index, configuration in enumerate(t1_configurations): - if configuration['sections'][0]['elements'][1]['provider']['attributes'][0]['name'] == 'nvd': - configuration['sections'][0]['elements'][1]['provider']['elements'].append( - {'update_from_year': {'value': date.today().year}}) - -# Set it for disabled configurations -for index, configuration in enumerate(t2_configurations): - if configuration['sections'][0]['elements'][1]['provider']['attributes'][0]['name'] == 'nvd': - configuration['sections'][0]['elements'][1]['provider']['elements'].append( - {'update_from_year': {'value': date.today().year}}) - - @pytest.mark.tier(level=0) @pytest.mark.parametrize('configuration, metadata', zip(t1_configurations, t1_configuration_metadata), ids=t1_case_ids) def test_enabled(configuration, metadata, set_wazuh_configuration_vdt, truncate_monitored_files, diff --git a/tests/integration/test_vulnerability_detector/test_providers/test_missing_os.py b/tests/integration/test_vulnerability_detector/test_providers/test_missing_os.py index 5364c0d464..9f89395340 100644 --- a/tests/integration/test_vulnerability_detector/test_providers/test_missing_os.py +++ b/tests/integration/test_vulnerability_detector/test_providers/test_missing_os.py @@ -84,14 +84,6 @@ test_enabled_cases_path) configurations = configuration.load_configuration_template(configurations_path, configuration_parameters, configuration_metadata) - -# Add tag for NVD to download only the last year feed and speed up the testing process -for index in range(len(configurations)): - if configurations[index]['sections'][0]['elements'][1]['provider']['attributes'][0]['name'] == 'nvd': - configurations[index]['sections'][0]['elements'][1]['provider']['elements'].append( - {'update_from_year': {'value': date.today().year}}) - - @pytest.mark.tier(level=0) @pytest.mark.parametrize('configuration, metadata', zip(configurations, configuration_metadata), ids=test_case_ids) def test_providers_missing_os(configuration, metadata, set_wazuh_configuration_vdt, truncate_monitored_files, diff --git a/tests/integration/test_vulnerability_detector/test_providers/test_os.py b/tests/integration/test_vulnerability_detector/test_providers/test_os.py index 219faa5998..696b5ff806 100644 --- a/tests/integration/test_vulnerability_detector/test_providers/test_os.py +++ b/tests/integration/test_vulnerability_detector/test_providers/test_os.py @@ -81,14 +81,6 @@ test_enabled_cases_path) configurations = configuration.load_configuration_template(configurations_path, configuration_parameters, configuration_metadata) - -# Add tag for NVD to download only the last year feed and speed up the testing process -for index in range(len(configurations)): - if configurations[index]['sections'][0]['elements'][1]['provider']['attributes'][0]['name'] == 'nvd': - configurations[index]['sections'][0]['elements'][1]['provider']['elements'].append( - {'update_from_year': {'value': date.today().year}}) - - @pytest.mark.tier(level=0) @pytest.mark.parametrize('configuration, metadata', zip(configurations, configuration_metadata), ids=test_case_ids) def test_providers_os(configuration, metadata, set_wazuh_configuration_vdt, truncate_monitored_files, diff --git a/tests/integration/test_vulnerability_detector/test_providers/test_update_from_year.py b/tests/integration/test_vulnerability_detector/test_providers/test_update_from_year.py index 5dbe266ea3..5864a45322 100644 --- a/tests/integration/test_vulnerability_detector/test_providers/test_update_from_year.py +++ b/tests/integration/test_vulnerability_detector/test_providers/test_update_from_year.py @@ -120,21 +120,16 @@ def test_update_from_year(configuration, metadata, set_wazuh_configuration_vdt, brief: Restart the `modulesd` daemon and catch the ossec configuration errors. assertions: - - Verify that the feeds download is performed for the actual year when NVD is set as provider. - - Verity that when the provider is not NVD the warning message is catched. + - Verity that the warning message is catched. input_description: - The `test_providers_update_from_year.yaml` file provides the module configuration for this test. expected_output: - - rf".*Downloading .*nvdcve-d.d-{update_year}.meta.*" - "INFO: 'update_from_year' option at module 'vulnerability-detector' is deprecated" - - "'update_from_year' option cannot be used for 'msu' provider." + - "'update_from_year' option cannot be used for '{provider}' provider." - f"Invalid option 'update_from_year' for '{provider}' provider at 'vulnerability-detector'" ''' provider = metadata['provider'] - if provider == 'nvd': - evm.check_nvd_download_log() - else: - evm.check_invalid_provider_update_from_year_log(provider) + evm.check_invalid_provider_update_from_year_log(provider)