diff --git a/CHANGELOG.md b/CHANGELOG.md index 80c2f68aa8..e098c7c824 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -27,6 +27,7 @@ All notable changes to this project will be documented in this file. ### Changed - Include "Agent key already in use" in the E2E Vulnerability Detection expected error list. ([#5409](https://github.com/wazuh/wazuh-qa/pull/5409)) \- (Tests) +- Update vulnerability state index name ([#5402](https://github.com/wazuh/wazuh-qa/pull/5402)) \- (Framework) - Include new package information from wdb ([#5350](https://github.com/wazuh/wazuh-qa/pull/5350)) \- (Tests) - Disable debug evidences for Vulnerability Detector E2E tests by default ([#5331](https://github.com/wazuh/wazuh-qa/pull/5331)) \- (Tests) - Include CVE-2023-4822 vulnerability to grafana packages ([#5332](https://github.com/wazuh/wazuh-qa/pull/5332)) \- (Framework) @@ -63,6 +64,7 @@ All notable changes to this project will be documented in this file. ### Fixed +- Remove false positive from E2E Vulnerability Detection tests ([#5369](https://github.com/wazuh/wazuh-qa/pull/5369)) \- (Framework) - Fix multigroups guess system test ([#5396](https://github.com/wazuh/wazuh-qa/pull/5396)) \- (Tests) - Fix hotfixes syscollector agent simulator messages ([#5379](https://github.com/wazuh/wazuh-qa/pull/5379)) \- (Framework) - Fix restart agent in change manager Vulnerability Detector E2E test case ([#5355](https://github.com/wazuh/wazuh-qa/pull/5355)) \- (Tests) @@ -108,6 +110,7 @@ All notable changes to this project will be documented in this file. - Fix test cluster performance. ([#4780](https://github.com/wazuh/wazuh-qa/pull/4780)) \- (Framework) - Fixed the graphic generation for the logcollectord statistics files. ([#5021](https://github.com/wazuh/wazuh-qa/pull/5021)) \- (Framework) +## [4.7.5] - TBD ## [4.7.4] - 29/04/2024 diff --git a/deps/wazuh_testing/wazuh_testing/end_to_end/indexer_api.py b/deps/wazuh_testing/wazuh_testing/end_to_end/indexer_api.py index 5bdf3c153a..1ca658f186 100644 --- a/deps/wazuh_testing/wazuh_testing/end_to_end/indexer_api.py +++ b/deps/wazuh_testing/wazuh_testing/end_to_end/indexer_api.py @@ -5,7 +5,19 @@ This module provides functions to interact with the Wazuh Indexer API. Functions: - - get_indexer_values: Retrieves values from the Indexer API. + - get_wazuh_states_vulnerabilities_indexname(cluster_name: str) -> str: + Generate the Wazuh states vulnerabilities index name for a given cluster. + - create_vulnerability_states_indexer_filter(target_agent: str = None, + greater_than_timestamp: str = None) -> dict + Create a filter for the Indexer API for the vulnerability state index. + - create_alerts_filter(target_agent: str = None, greater_than_timestamp: str = None) -> dict + Create a filter for the Indexer API for the alerts index. + - get_indexer_values(host_manager: HostManager, credentials: dict = {'user': 'admin', 'password': 'changeme'}, + index: str = 'wazuh-alerts*', filter: dict = None, size: int = 10000) -> Dict + Get values from the Wazuh Indexer API. + - delete_index(host_manager: HostManager, credentials: dict = {'user': 'admin', 'password': 'changeme'}, + index: str = 'wazuh-alerts*') + Delete index from the Wazuh Indexer API. Copyright (C) 2015, Wazuh Inc. Created by Wazuh, Inc. . @@ -18,7 +30,28 @@ from wazuh_testing.tools.system import HostManager -WAZUH_STATES_VULNERABILITIES_INDEXNAME = 'wazuh-states-vulnerabilities' +WAZUH_STATES_VULNERABILITIES_INDEXNAME_TEMPLATE = 'wazuh-states-vulnerabilities-{cluster_name}' + + +def get_wazuh_states_vulnerabilities_indexname(cluster_name: str = 'wazuh') -> str: + """ + Generate the Wazuh states vulnerabilities index name for a given cluster. + + This function takes a cluster name as input and returns the corresponding + Wazuh states vulnerabilities index name by inserting the cluster name into + a predefined template. + + Args: + cluster_name (str): The name of the cluster to be included in the index name. + + Returns: + str: The formatted Wazuh states vulnerabilities index name. + + Example: + >>> get_wazuh_states_vulnerabilities_indexname('cluster1') + 'wazuh-states-vulnerabilities-cluster1' + """ + return WAZUH_STATES_VULNERABILITIES_INDEXNAME_TEMPLATE.format(cluster_name=cluster_name) def create_vulnerability_states_indexer_filter(target_agent: str = None, diff --git a/deps/wazuh_testing/wazuh_testing/end_to_end/vulnerability_detector.py b/deps/wazuh_testing/wazuh_testing/end_to_end/vulnerability_detector.py index c1f94fba45..871b07ffeb 100644 --- a/deps/wazuh_testing/wazuh_testing/end_to_end/vulnerability_detector.py +++ b/deps/wazuh_testing/wazuh_testing/end_to_end/vulnerability_detector.py @@ -23,7 +23,7 @@ from wazuh_testing.tools.system import HostManager from wazuh_testing.end_to_end.indexer_api import get_indexer_values, create_vulnerability_states_indexer_filter, \ - create_alerts_filter, WAZUH_STATES_VULNERABILITIES_INDEXNAME + create_alerts_filter, get_wazuh_states_vulnerabilities_indexname from wazuh_testing.end_to_end.regex import REGEX_PATTERNS from collections import namedtuple @@ -275,7 +275,7 @@ def parse_vulnerability_from_state(state): def get_vulnerabilities_from_states_by_agent(host_manager: HostManager, agents: List[str], - greater_than_timestamp: str = None) -> dict: + greater_than_timestamp: str = None, cluster_name='wazuh') -> dict: """Get vulnerabilities from the vulnerability state index by agent. Args: @@ -302,11 +302,12 @@ def get_vulnerabilities_from_states_by_agent(host_manager: HostManager, agents: for agent in agents: agent_all_vulnerabilities = [] try: + index = get_wazuh_states_vulnerabilities_indexname(cluster_name) states_filter = create_vulnerability_states_indexer_filter(target_agent=agent, greater_than_timestamp=greater_than_timestamp) agent_all_vulnerabilities = get_indexer_values(host_manager, filter=states_filter, - index=WAZUH_STATES_VULNERABILITIES_INDEXNAME, + index=index, credentials={'user': indexer_user, 'password': indexer_password} )['hits']['hits'] diff --git a/deps/wazuh_testing/wazuh_testing/end_to_end/vulnerability_detector_packages/vuln_packages.json b/deps/wazuh_testing/wazuh_testing/end_to_end/vulnerability_detector_packages/vuln_packages.json index 3aa8cc9777..ba155f72f7 100644 --- a/deps/wazuh_testing/wazuh_testing/end_to_end/vulnerability_detector_packages/vuln_packages.json +++ b/deps/wazuh_testing/wazuh_testing/end_to_end/vulnerability_detector_packages/vuln_packages.json @@ -31,8 +31,7 @@ "CVE-2022-31097", "CVE-2022-23552", "CVE-2022-23498", - "CVE-2023-3128", - "CVE-2023-4822" + "CVE-2023-3128" ], "urls": { "ubuntu": { @@ -63,8 +62,7 @@ "CVE-2022-31097", "CVE-2022-23552", "CVE-2022-23498", - "CVE-2023-3128", - "CVE-2023-4822" + "CVE-2023-3128" ], "urls": { "centos": { @@ -95,7 +93,7 @@ "CVE-2022-31097", "CVE-2022-23552", "CVE-2022-23498", - "CVE-2023-4822" + "CVE-2023-3128" ], "urls": { "ubuntu": { @@ -126,7 +124,7 @@ "CVE-2022-31097", "CVE-2022-23552", "CVE-2022-23498", - "CVE-2023-4822" + "CVE-2023-3128" ], "urls": { "centos": { @@ -136,6 +134,30 @@ }, "uninstall_name": "grafana*" }, + "grafana-8.5.27": { + "package_name": "grafana", + "package_version": "8.5.27", + "CVE": [], + "urls": { + "ubuntu": { + "amd64": "https://dl.grafana.com/oss/release/grafana_8.5.27_amd64.deb", + "arm64v8": "https://dl.grafana.com/oss/release/grafana_8.5.27_arm64.deb" + } + }, + "uninstall_name": "grafana*" + }, + "grafana-8.5.27-1": { + "package_name": "grafana", + "package_version": "8.5.27-1", + "CVE": [], + "urls": { + "centos": { + "amd64": "https://dl.grafana.com/oss/release/grafana-8.5.27-1.x86_64.rpm", + "arm64v8": "https://dl.grafana.com/oss/release/grafana-8.5.27-1.aarch64.rpm" + } + }, + "uninstall_name": "grafana*" + }, "grafana-9.1.1": { "package_name": "grafana", "package_version": "9.1.1", @@ -152,8 +174,7 @@ "CVE-2022-31130", "CVE-2022-31123", "CVE-2022-23552", - "CVE-2022-23498", - "CVE-2023-4822" + "CVE-2022-23498" ], "urls": { "ubuntu": { @@ -179,8 +200,7 @@ "CVE-2022-31130", "CVE-2022-31123", "CVE-2022-23552", - "CVE-2022-23498", - "CVE-2023-4822" + "CVE-2022-23498" ], "urls": { "centos": { @@ -206,8 +226,7 @@ "CVE-2022-39307", "CVE-2022-39306", "CVE-2022-23552", - "CVE-2022-23498", - "CVE-2023-4822" + "CVE-2022-23498" ], "urls": { "ubuntu": { @@ -233,8 +252,7 @@ "CVE-2022-39307", "CVE-2022-39306", "CVE-2022-23552", - "CVE-2022-23498", - "CVE-2023-4822" + "CVE-2022-23498" ], "urls": { "centos": { @@ -292,26 +310,26 @@ }, "uninstall_name": "grafana*" }, - "grafana-10.0.0": { + "grafana-9.5.17": { "package_name": "grafana", - "package_version": "10.0.0", - "CVE": ["CVE-2023-4822", "CVE-2023-4399", "CVE-2023-4822"], + "package_version": "9.5.17", + "CVE": [], "urls": { "ubuntu": { - "amd64": "https://dl.grafana.com/oss/release/grafana_10.0.0_amd64.deb", - "arm64v8": "https://dl.grafana.com/oss/release/grafana_10.0.0_arm64.deb" + "amd64": "https://dl.grafana.com/oss/release/grafana_9.5.17_amd64.deb", + "arm64v8": "https://dl.grafana.com/oss/release/grafana_9.5.17_arm64.deb" } }, "uninstall_name": "grafana*" }, - "grafana-10.0.0-1": { + "grafana-9.5.17-1": { "package_name": "grafana", - "package_version": "10.0.0-1", - "CVE": ["CVE-2023-4822", "CVE-2023-4399", "CVE-2023-4822"], + "package_version": "9.5.17-1", + "CVE": [], "urls": { "centos": { - "amd64": "https://dl.grafana.com/oss/release/grafana-10.0.0-1.x86_64.rpm", - "arm64v8": "https://dl.grafana.com/oss/release/grafana-10.0.0-1.aarch64.rpm" + "amd64": "https://dl.grafana.com/oss/release/grafana-9.5.17-1.x86_64.rpm", + "arm64v8": "https://dl.grafana.com/oss/release/grafana-9.5.17-1.aarch64.rpm" } }, "uninstall_name": "grafana*" diff --git a/deps/wazuh_testing/wazuh_testing/qa_docs/schema.yaml b/deps/wazuh_testing/wazuh_testing/qa_docs/schema.yaml index ecf984ea88..65e75d702f 100644 --- a/deps/wazuh_testing/wazuh_testing/qa_docs/schema.yaml +++ b/deps/wazuh_testing/wazuh_testing/qa_docs/schema.yaml @@ -200,8 +200,8 @@ predefined_values: - 4.7.2 - 4.7.3 - 4.7.4 + - 4.7.5 - 4.8.0 - tags: - active_response - agentd diff --git a/deps/wazuh_testing/wazuh_testing/tools/performance/statistic.py b/deps/wazuh_testing/wazuh_testing/tools/performance/statistic.py index 79376a5edc..8cb2a416d2 100644 --- a/deps/wazuh_testing/wazuh_testing/tools/performance/statistic.py +++ b/deps/wazuh_testing/wazuh_testing/tools/performance/statistic.py @@ -154,8 +154,9 @@ def _parse_api_data(self): """Read the data generated by Wazuh API.""" API_URL = f"https://{self.ip}:{self.port}" + CLUSTER_NAME = 'wazuh' DAEMONS_ENDPOINT= f"/manager/daemons/stats?daemons_list={self.daemon}&wait_for_complete=true" - VULNS_ENDOPOINT= f"/wazuh-states-vulnerabilities/_count" + VULNS_ENDOPOINT= f"/wazuh-states-vulnerabilities-{CLUSTER_NAME}/_count" ALERTS_ENDPOINT= f"/wazuh-alerts-4.x-*/_count" TOKEN_ENDPOINT="/security/user/authenticate" @@ -164,7 +165,7 @@ def _parse_api_data(self): max_retries = 3 token_response = None daemon_response = None - data = None + data = None if(self.target == "vulnerabilities"): for _ in range(max_retries): @@ -244,14 +245,14 @@ def _write_csv(self, data, target, csv_file): csv_header = headers.agentd_header header = not isfile(csv_file) - + with open(csv_file, 'a+') as log: if header: log.write(f'{",".join(csv_header)}\n') timestamp = datetime.fromtimestamp(time()).strftime('%Y-%m-%d %H:%M:%S') - + if self.use_state_file == False: if target not in ["vulnerabilities", "alerts"]: format = r"%Y-%m-%dT%H:%M:%S+%f:00" @@ -259,7 +260,7 @@ def _write_csv(self, data, target, csv_file): datetime_uptime = datetime.strptime(data['uptime'], format) interval = (datetime_timestamp - datetime_uptime).total_seconds() - if target == "analysis": + if target == "analysis": metrics = data['metrics'] decoded = metrics['events']['received_breakdown']['decoded_breakdown'] decoded_modules = decoded['modules_breakdown'] @@ -425,11 +426,11 @@ def _write_csv(self, data, target, csv_file): ag_bd['tables']['syscheck']['fim_file'], # 17 ag_bd['tables']['syscheck']['fim_registry'], # 18 ag_bd['tables']['syscheck']['fim_registry_key'], # 19 - ag_bd['tables']['syscheck']['fim_registry_value'], # 20 + ag_bd['tables']['syscheck']['fim_registry_value'], # 20 ag_bd['tables']['syscollector']['syscollector_hotfixes'], # 21 - ag_bd['tables']['syscollector']['syscollector_hwinfo'], # 22 + ag_bd['tables']['syscollector']['syscollector_hwinfo'], # 22 ag_bd['tables']['syscollector']['syscollector_network_address'], # 23 - ag_bd['tables']['syscollector']['syscollector_network_iface'], # 24 + ag_bd['tables']['syscollector']['syscollector_network_iface'], # 24 ag_bd['tables']['syscollector']['syscollector_network_protocol'], # 25 ag_bd['tables']['syscollector']['syscollector_osinfo'], # 26 ag_bd['tables']['syscollector']['syscollector_packages'], # 27 @@ -438,7 +439,7 @@ def _write_csv(self, data, target, csv_file): vulnerability_data, # 30 received_breakdown['global'], # 31 glob_bd['db']['backup'], # 32 - glob_bd['db']['sql'], # 33 + glob_bd['db']['sql'], # 33 glob_bd['db']['vacuum'], # 34 glob_bd['db']['get_fragmentation'], # 35 glob_bd['tables']['agent']['delete-agent'], # 36 diff --git a/deps/wazuh_testing/wazuh_testing/tools/system.py b/deps/wazuh_testing/wazuh_testing/tools/system.py index 8066c04a91..d935c801b0 100644 --- a/deps/wazuh_testing/wazuh_testing/tools/system.py +++ b/deps/wazuh_testing/wazuh_testing/tools/system.py @@ -884,6 +884,16 @@ def get_api_credentials(self): return user, password + def get_cluster_name(self): + manager_list = self.get_group_hosts('manager') + if not manager_list: + raise ValueError("No manager is defined in the environment") + + first_manager_vars = self.inventory_manager.get_host(manager_list[0]) + cluster_name = first_manager_vars.vars.get('cluster_name', 'wazuh') + + return cluster_name + def get_indexer_credentials(self): default_user = 'admin' default_password = 'changeme' diff --git a/tests/end_to_end/test_vulnerability_detector/cases/test_vulnerability.yaml b/tests/end_to_end/test_vulnerability_detector/cases/test_vulnerability.yaml index d41fa851ff..2a636b4ce5 100644 --- a/tests/end_to_end/test_vulnerability_detector/cases/test_vulnerability.yaml +++ b/tests/end_to_end/test_vulnerability_detector/cases/test_vulnerability.yaml @@ -44,6 +44,7 @@ Upgrade of a vulnerable package which maintain vulnerability preconditions: operation: install_package + target_os: ['centos', 'ubuntu', 'windows', 'macos'] package: centos: amd64: grafana-8.5.5-1 @@ -89,6 +90,7 @@ description: | Upgrade of a vulnerable package which include a new vulnerability preconditions: + target_os: ['macos'] operation: install_package package: macos: @@ -128,6 +130,7 @@ Upgrade of a vulnerable package which maintain vulnerabilities and include new ones preconditions: + target_os: ["macos"] operation: install_package package: macos: @@ -224,27 +227,44 @@ macos: amd64: http-proxy-0.7.2 arm64v8: http-proxy-0.7.2 + teardown: + target_os: ['centos', 'ubuntu'] + operation: remove_package + package: + centos: + amd64: grafana-9.5.13-1 + arm64v8: grafana-9.5.13-1 + ubuntu: + amd64: grafana-9.5.13 + arm64v8: grafana-9.5.13 - case: 'Upgrade: Non vulnerable to vulnerable package' id: upgrade_package_nonvulnerable_to_vulnerable description: | Upgrade to non vulnerable package to vulnerable preconditions: + target_os: ['centos', 'ubuntu', 'macos'] operation: install_package package: macos: amd64: luxon-2.5.2 arm64v8: luxon-2.5.2 + centos: + amd64: grafana-8.5.27-1 + arm64v8: grafana-8.5.27-1 + ubuntu: + amd64: grafana-8.5.27 + arm64v8: grafana-8.5.27 body: operation: update_package package: from: centos: - amd64: grafana-9.5.13-1 - arm64v8: grafana-9.5.13-1 + amd64: grafana-8.5.27-1 + arm64v8: grafana-8.5.27-1 ubuntu: - amd64: grafana-9.5.13 - arm64v8: grafana-9.5.13 + amd64: grafana-8.5.27 + arm64v8: grafana-8.5.27 windows: amd64: node-v18.20.2 macos: @@ -252,11 +272,11 @@ arm64v8: luxon-2.5.2 to: centos: - amd64: grafana-10.0.0-1 - arm64v8: grafana-10.0.0-1 + amd64: grafana-9.1.1-1 + arm64v8: grafana-9.1.1-1 ubuntu: - amd64: grafana-10.0.0 - arm64v8: grafana-10.0.0 + amd64: grafana-9.1.1 + arm64v8: grafana-9.1.1 windows: amd64: node-v20.5.1 macos: @@ -264,13 +284,14 @@ arm64v8: luxon-3.0.0 teardown: operation: remove_package + target_os: ['centos', 'ubuntu', 'macos', 'windows'] package: centos: - amd64: grafana-10.0.0-1 - arm64v8: grafana-10.0.0-1 + amd64: grafana-9.1.1-1 + arm64v8: grafana-9.1.1-1 ubuntu: - amd64: grafana-10.0.0 - arm64v8: grafana-10.0.0 + amd64: grafana-9.1.1 + arm64v8: grafana-9.1.1 windows: amd64: node-v20.5.1 macos: @@ -285,11 +306,11 @@ operation: install_package package: centos: - amd64: grafana-9.5.13-1 - arm64v8: grafana-9.5.13-1 + amd64: grafana-9.5.17-1 + arm64v8: grafana-9.5.17-1 ubuntu: - amd64: grafana-9.5.13 - arm64v8: grafana-9.5.13 + amd64: grafana-9.5.17 + arm64v8: grafana-9.5.17 windows: amd64: node-v18.20.0 macos: @@ -304,11 +325,11 @@ operation: remove_package package: centos: - amd64: grafana-9.5.13-1 - arm64v8: grafana-9.5.13-1 + amd64: grafana-9.5.17-1 + arm64v8: grafana-9.5.17-1 ubuntu: - amd64: grafana-9.5.13 - arm64v8: grafana-9.5.13 + amd64: grafana-9.5.17 + arm64v8: grafana-9.5.17 windows: amd64: node-v18.20.0 macos: diff --git a/tests/end_to_end/test_vulnerability_detector/conftest.py b/tests/end_to_end/test_vulnerability_detector/conftest.py index a242eaef7c..181e641ec6 100644 --- a/tests/end_to_end/test_vulnerability_detector/conftest.py +++ b/tests/end_to_end/test_vulnerability_detector/conftest.py @@ -52,7 +52,7 @@ def test_example(host_manager): restore_configuration, save_indexer_credentials_into_keystore) from wazuh_testing.end_to_end.indexer_api import ( - WAZUH_STATES_VULNERABILITIES_INDEXNAME, delete_index) + get_wazuh_states_vulnerabilities_indexname, delete_index) from wazuh_testing.end_to_end.logs import (get_hosts_alerts, get_hosts_logs, truncate_remote_host_group_files) from wazuh_testing.end_to_end.remote_operations_handler import ( @@ -162,7 +162,9 @@ def delete_states_vulnerability_index(host_manager: HostManager): """ yield logging.error("Delete vulnerability index") - delete_index(host_manager, index=WAZUH_STATES_VULNERABILITIES_INDEXNAME) + + cluster_name = host_manager.get_cluster_name() + delete_index(host_manager, index=get_wazuh_states_vulnerabilities_indexname(cluster_name)) def collect_e2e_environment_data(logs_path, host_manager) -> None: @@ -307,9 +309,7 @@ def setup(preconditions, teardown, host_manager) -> Generator[Dict, None, None]: target_to_ignore = list(set(host_manager.get_group_hosts('agent')) - set(agents_to_check)) result = launch_parallel_operations(preconditions, host_manager, target_to_ignore) - logging.info(f"Preconditions finished. Results: {result}") - - logging.info(f"Result of preconditions: {result}") + logging.critical(f"Preconditions finished. Results: {result}") test_timestamp = datetime.datetime.now(datetime.timezone.utc) test_timestamp = test_timestamp.strftime("%Y-%m-%dT%H:%M:%S") @@ -343,7 +343,21 @@ def setup(preconditions, teardown, host_manager) -> Generator[Dict, None, None]: logging.info("Running teardown") if teardown: - result = launch_parallel_operations(teardown, host_manager) + target_to_ignore = [] + agents_to_check = host_manager.get_group_hosts("agent") + + if 'target_os' in teardown: + agents_to_check = filter_hosts_by_os(host_manager, teardown['target_os']) + target_to_ignore = list(set(host_manager.get_group_hosts('agent')) - set(agents_to_check)) + + logging.critical(f"Running teardown for agent: {agents_to_check}") + + result = launch_parallel_operations(teardown, host_manager, target_to_ignore) + logging.critical(f"Teardown Results: {result}") + + timeout_syscollector_scan = VD_E2E_TIMEOUT_SYSCOLLECTOR_SCAN + timeout_vulnerabilities_detected = len(agents_to_check) * PACKAGE_VULNERABILITY_SCAN_TIME + time.sleep(timeout_syscollector_scan + timeout_vulnerabilities_detected) @pytest.fixture(scope='session', autouse=True)