merge(#wazuh-jenkins3487-Unexpected-Windows-agent-result): merge wazu…

…h-jenkins3487-Unexpected-Windows-agent-result 4.5.3

CHANGELOG.md

@@ -2,13 +2,48 @@
 
 All notable changes to this project will be documented in this file.
 
-## [4.5.0] - TBD
+## [4.5.3] - TBD
 
 Wazuh commit: TBD \
 Release report: TBD
 
+## [4.5.2] - TBD
+
+Wazuh commit: TBD \
+Release report: TBD
+
+### Changed
+
+- Update enrollment logs in system test ([#4442](https://github.com/wazuh/wazuh-qa/pull/4442)) \- (Tests)
+- Fix one_manager_agent environment provisioning by packages for system tests ([#4438](https://github.com/wazuh/wazuh-qa/pull/4438)) \- (Framework)
+- Update framework known flaws files ([#4379](https://github.com/wazuh/wazuh-qa/pull/4379)) \- (Tests)
+
+### Fixed
+
+- Minor fixes in the `tests_python_flaws.py` scan ([#4439](https://github.com/wazuh/wazuh-qa/pull/4439)) \- (Tests)
+
+## [4.5.1] - 24-08-2023
+
+Wazuh commit: https://github.com/wazuh/wazuh/commit/731cdf39a430d2fb6fa02f3721624e07f887b02f
+Release report: https://github.com/wazuh/wazuh/issues/18475
+
+### Added
+
+- Add an integration test to check the wazuh-analysisd's decoder parser ([#4286](https://github.com/wazuh/wazuh-qa/pull/4286)) \- (Tests)
+
+### Changed
+
+- Update python integration test dependencies in the README ([#4427](https://github.com/wazuh/wazuh-qa/pull/4427)) \- (Documentation)
+- Update vulnerability detector IT outdated URLs ([#4428](https://github.com/wazuh/wazuh-qa/pull/4428)) \- (Tests)
+
+## [4.5.0] - 11-08-2023
+
+Wazuh commit: https://github.com/wazuh/wazuh/commit/f6aba151d08ef065dfc1bdc9b8885c3d4f618fca
+Release report: https://github.com/wazuh/wazuh/issues/18235
+
 ### Changed
 
+- Delete `update_from_year` from system and E2E tests configuration ([#4372](https://github.com/wazuh/wazuh-qa/pull/4372)) \- (Tests)
 - Upgrade PyYAML to 6.0.1. ([#4326](https://github.com/wazuh/wazuh-qa/pull/4326)) \- (Framework)
 - Change Vulnerability Detector ITs to support the development of the NVD 2.0 refactor. ([#4327](https://github.com/wazuh/wazuh-qa/pull/4327)) \- (Tests)
 

deps/wazuh_testing/wazuh_testing/qa_docs/schema.yaml

@@ -189,6 +189,9 @@ predefined_values:
     - 4.4.4
     - 4.4.5
     - 4.5.0
+    - 4.5.1
+    - 4.5.2
+    - 4.5.3
   tags:
     - active_response
     - agentd

tests/end_to_end/test_basic_cases/test_vulnerability_detector/test_vulnerability_detector_linux/data/playbooks/configuration.yaml

@@ -53,7 +53,6 @@
           <!-- Aggregate vulnerabilities -->
           <provider name="nvd">
           <enabled>yes</enabled>
-          <update_from_year>2021</update_from_year>
           <update_interval>1h</update_interval>
           </provider>
           </vulnerability-detector>

tests/end_to_end/test_basic_cases/test_vulnerability_detector/test_vulnerability_detector_windows/data/playbooks/configuration.yaml

@@ -66,7 +66,6 @@
           <!-- Aggregate vulnerabilities -->
           <provider name="nvd">
           <enabled>yes</enabled>
-          <update_from_year>2021</update_from_year>
           <update_interval>1h</update_interval>
           </provider>
           </vulnerability-detector>

tests/integration/README.md

@@ -117,7 +117,7 @@ brew install python3
 brew install autoconf automake libtool
 
 # Install Python libraries
-pip3 install pytest freezegun jq jsonschema pyyaml==5.4 psutil paramiko distro pandas==0.25.3 pytest-html==2.0.1 numpydoc==0.9.2
+pip3 install filetype freezegun jq jsonschema lockfile numpydoc psutil pytest-html pytest-testinfra pyyaml
 ```
 
 - Add some internal options and restart

tests/integration/test_logtest/test_invalid_rule_decoders_syntax/data/custom_decoder_11.xml

@@ -0,0 +1,6 @@
+<!-- Test: invalid regex offset-->
+<decoder name="sudo-fields">
+  <parent>sudo</parent>
+  <regex offset="after_regex">(\S+)</regex>
+  <order>boom</order>
+</decoder>

tests/integration/test_logtest/test_invalid_rule_decoders_syntax/data/invalid_decoder_syntax.yaml

@@ -2,77 +2,111 @@
 -
   name: "Invalid decoder syntax: garbage file"
   decoder: "custom_decoder_0.xml"
-  input: '{"version":1,"origin":{"name":"Integration Test","module":"api"},"command":"log_processing","parameters":{"event": "dummy log","log_format": "syslog","location": "master->/var/log/syslog"}}'
+  input: >-
+    {"version":1,"origin":{"name":"Integration Test","module":"api"},"command":"log_processing","parameters":{"event":
+    "dummy log","log_format": "syslog","location": "master->/var/log/syslog"}}
   output_error: 0
-  output_data_msg: "(1226): Error reading XML file 'etc/decoders/custom_decoder_0.xml': XMLERR: Attribute 'is' has no value. (line 2)."
+  output_data_msg: >-
+    (1226): Error reading XML file 'etc/decoders/custom_decoder_0.xml': XMLERR: Attribute 'is' has no value. (line 2).
   output_data_codemsg: -1
 -
   name: "Invalid decoder syntax: no closing XML tag"
   decoder: "custom_decoder_1.xml"
-  input: '{"version":1,"origin":{"name":"Integration Test","module":"api"},"command":"log_processing","parameters":{"event": "dummy log","log_format": "syslog","location": "master->/var/log/syslog"}}'
+  input: >-
+    {"version":1,"origin":{"name":"Integration Test","module":"api"},"command":"log_processing","parameters":{"event":
+    "dummy log","log_format": "syslog","location": "master->/var/log/syslog"}}
   output_error: 0
-  output_data_msg: "(1226): Error reading XML file 'etc/decoders/custom_decoder_1.xml': XMLERR: End of file and some elements were not closed. (line 3)."
+  output: >-
+    ata_msg: "(1226): Error reading XML file 'etc/decoders/custom_decoder_1.xml': XMLERR: End of file and some elements
+    were not closed. (line 3).
   output_data_codemsg: -1
 -
   name: "Invalid decoder syntax: no existing parent"
   decoder: "custom_decoder_2.xml"
-  input: '{"version":1,"origin":{"name":"Integration Test","module":"api"},"command":"log_processing","parameters":{"event": "dummy log","log_format": "syslog","location": "master->/var/log/syslog"}}'
+  input: >-
+    {"version":1,"origin":{"name":"Integration Test","module":"api"},"command":"log_processing","parameters":{"event":
+    "dummy log","log_format": "syslog","location": "master->/var/log/syslog"}}
   output_error: 0
   output_data_msg: "(2101): Parent decoder name invalid: 'test-parent'."
   output_data_codemsg: -1
 -
   name: "Invalid decoder syntax: no existing attribute"
   decoder: "custom_decoder_3.xml"
-  input: '{"version":1,"origin":{"name":"Integration Test","module":"api"},"command":"log_processing","parameters":{"event": "dummy log","log_format": "syslog","location": "master->/var/log/syslog"}}'
+  input: >-
+    {"version":1,"origin":{"name":"Integration Test","module":"api"},"command":"log_processing","parameters":{"event":
+    "dummy log","log_format": "syslog","location": "master->/var/log/syslog"}}
   output_error: 0
   output_data_msg: "Invalid element 'invalid_field' for decoder 'decoder'"
   output_data_codemsg: -1
 -
   name: "Invalid decoder syntax: decoder with no name"
   decoder: "custom_decoder_4.xml"
-  input: '{"version":1,"origin":{"name":"Integration Test","module":"api"},"command":"log_processing","parameters":{"event": "dummy log","log_format": "syslog","location": "master->/var/log/syslog"}}'
+  input: >-
+    {"version":1,"origin":{"name":"Integration Test","module":"api"},"command":"log_processing","parameters":{"event":
+    "dummy log","log_format": "syslog","location": "master->/var/log/syslog"}}
   output_error: 0
   output_data_msg: "(1230): Invalid element in the configuration: 'decoder'."
   output_data_codemsg: -1
 -
   name: "Invalid decoder syntax: regex attribute without order attribute"
   decoder: "custom_decoder_5.xml"
-  input: '{"version":1,"origin":{"name":"Integration Test","module":"api"},"command":"log_processing","parameters":{"event": "dummy log","log_format": "syslog","location": "master->/var/log/syslog"}}'
+  input: >-
+    {"version":1,"origin":{"name":"Integration Test","module":"api"},"command":"log_processing","parameters":{"event":
+    "dummy log","log_format": "syslog","location": "master->/var/log/syslog"}}
   output_error: 0
   output_data_msg: "(2107): Decoder configuration error: 'test'."
   output_data_codemsg: -1
 -
   name: "Invalid decoder syntax: regex attribute without prematch/program_name/parent attribute"
   decoder: "custom_decoder_6.xml"
-  input: '{"version":1,"origin":{"name":"Integration Test","module":"api"},"command":"log_processing","parameters":{"event": "dummy log","log_format": "syslog","location": "master->/var/log/syslog"}}'
+  input: >-
+    {"version":1,"origin":{"name":"Integration Test","module":"api"},"command":"log_processing","parameters":{"event":
+    "dummy log","log_format": "syslog","location": "master->/var/log/syslog"}}
   output_error: 0
   output_data_msg: "(2108): No 'prematch' found in decoder: 'test'."
   output_data_codemsg: -1
 -
   name: "Invalid decoder syntax: order attribute without regex attribute"
   decoder: "custom_decoder_7.xml"
-  input: '{"version":1,"origin":{"name":"Integration Test","module":"api"},"command":"log_processing","parameters":{"event": "dummy log","log_format": "syslog","location": "master->/var/log/syslog"}}'
+  input: >-
+    {"version":1,"origin":{"name":"Integration Test","module":"api"},"command":"log_processing","parameters":{"event":
+    "dummy log","log_format": "syslog","location": "master->/var/log/syslog"}}
   output_error: 0
   output_data_msg: "(2107): Decoder configuration error: 'test'."
   output_data_codemsg: -1
 -
   name: "Invalid decoder syntax: two-level order parenting"
   decoder: "custom_decoder_8.xml"
-  input: '{"version":1,"origin":{"name":"Integration Test","module":"api"},"command":"log_processing","parameters":{"event": "dummy log","log_format": "syslog","location": "master->/var/log/syslog"}}'
+  input: >-
+    {"version":1,"origin":{"name":"Integration Test","module":"api"},"command":"log_processing","parameters":{"event":
+    "dummy log","log_format": "syslog","location": "master->/var/log/syslog"}}
   output_error: 0
   output_data_msg: "(2101): Parent decoder name invalid: 'name1'."
   output_data_codemsg: -1
 -
   name: "Invalid decoder syntax: invalid plugin_decoder"
   decoder: "custom_decoder_9.xml"
-  input: '{"version":1,"origin":{"name":"Integration Test","module":"api"},"command":"log_processing","parameters":{"event": "dummy log","log_format": "syslog","location": "master->/var/log/syslog"}}'
+  input: >-
+    {"version":1,"origin":{"name":"Integration Test","module":"api"},"command":"log_processing","parameters":{"event":
+    "dummy log","log_format": "syslog","location": "master->/var/log/syslog"}}
   output_error: 0
   output_data_msg: "(2110): Invalid decoder argument for plugin_decoder: 'INVALID_Decoder'."
   output_data_codemsg: -1
 -
   name: "Invalid decoder syntax: invalid offset"
   decoder: "custom_decoder_10.xml"
-  input: '{"version":1,"origin":{"name":"Integration Test","module":"api"},"command":"log_processing","parameters":{"event": "dummy log","log_format": "syslog","location": "master->/var/log/syslog"}}'
+  input: >-
+    {"version":1,"origin":{"name":"Integration Test","module":"api"},"command":"log_processing","parameters":{"event":
+    "dummy log","log_format": "syslog","location": "master->/var/log/syslog"}}
   output_error: 0
   output_data_msg: "(2107): Decoder configuration error: 'name'."
   output_data_codemsg: -1
+-
+  name: "Invalid decoder syntax: invalid offset"
+  decoder: "custom_decoder_11.xml"
+  input: >-
+    {"version":1,"origin":{"name":"Integration Test","module":"api"},"command":"log_processing","parameters":{"event":
+    "dummy log","log_format": "syslog","location": "master->/var/log/syslog"}}
+  output_error: 0
+  output_data_msg: "ERROR: (2120): Invalid offset value: 'sudo-fields'"
+  output_data_codemsg: -1

tests/integration/test_vulnerability_detector/test_feeds/data/test_cases/cases_validate_xml_feed_content.yaml

@@ -7,7 +7,7 @@
     path: /tmp/com.redhat.rhsa-RHEL5.xml.bz2
     extension: bz2
     decompressed_file: /tmp/rhel5.xml
-    url: https://www.redhat.com/security/data/oval/com.redhat.rhsa-RHEL5.xml.bz2
+    url: https://feed.wazuh.com/vulnerability-detector/RHEL/5/com.redhat.rhsa-RHEL5_v1.xml.bz2
 
 - name: Red Hat Enterprise Linux
   description: Red Hat Enterprise Linux provider
@@ -62,7 +62,7 @@
     path: /tmp/com.ubuntu.focal.cve.oval.xml.bz2
     extension: bz2
     decompressed_file: /tmp/focal.xml
-    url: https://people.canonical.com/~ubuntu-security/oval/com.ubuntu.focal.cve.oval.xml.bz2
+    url: https://security-metadata.canonical.com/oval/com.ubuntu.focal.cve.oval.xml.bz2
 
 - name: Canonical Bionic
   description: Canonical provider
@@ -73,7 +73,7 @@
     path: /tmp/com.ubuntu.bionic.cve.oval.xml.bz2
     extension: bz2
     decompressed_file: /tmp/bionic.xml
-    url: https://people.canonical.com/~ubuntu-security/oval/com.ubuntu.bionic.cve.oval.xml.bz2
+    url: https://security-metadata.canonical.com/oval/com.ubuntu.focal.cve.oval.xml.bz2
 
 - name: Canonical Xenial
   description: Canonical provider
@@ -84,7 +84,7 @@
     path: /tmp/com.ubuntu.xenial.cve.oval.xml.bz2
     extension: bz2
     decompressed_file: /tmp/xenial.xml
-    url: https://people.canonical.com/~ubuntu-security/oval/com.ubuntu.xenial.cve.oval.xml.bz2
+    url: https://security-metadata.canonical.com/oval/com.ubuntu.focal.cve.oval.xml.bz2
 
 - name: Canonical Trusty
   description: Canonical provider
@@ -95,7 +95,7 @@
     path: /tmp/com.ubuntu.trusty.cve.oval.xml.bz2
     extension: bz2
     decompressed_file: /tmp/trusty.xml
-    url: https://people.canonical.com/~ubuntu-security/oval/com.ubuntu.trusty.cve.oval.xml.bz2
+    url: https://security-metadata.canonical.com/oval/com.ubuntu.focal.cve.oval.xml.bz2
 
 - name: Debian
   description: Debian provider

tests/integration/test_wazuh_db/data/agent/syscollector_deltas_messages.yaml

@@ -220,7 +220,7 @@
     -
       input: >-
         agent 001 dbsync packages INSERTED {"checksum":"1c1bf8bbc20caef77010f960461cc20fb9c67568",
-        "architecture":"amd64","description":"Qt 5 OpenGL module","format":"deb","groups":"libs",
+        "architecture":"amd64","description":"Qt 5 OpenGL module","format":"deb","groups":"libs","location":" ",
         "item_id":"caa4868d177fbebc5b145a2a92497ebcf566838a","multiarch":"same","name":"libqt5opengl5",
         "priority":"optional","scan_time":"2021/10/13 15:10:49","size":572,"source":"qtbase-opensource-src",
         "vendor":"Ubuntu Developers <[email protected]>","version":"5.12.8+dfsg-0ubuntu1"}
@@ -238,7 +238,7 @@
     -
       input: >-
         agent 001 dbsync packages INSERTED {"checksum":"1c1bf8bbc20caef77010f960461cc20fb9c67568",
-        "architecture":"amd64","description":"Qt 5 OpenGL module","format":"deb","groups":"libs",
+        "architecture":"amd64","description":"Qt 5 OpenGL module","format":"deb","groups":"libs","location":" ",
         "item_id":"caa4868d177fbebc5b145a2a92497ebcf566838a","multiarch":"same","name":"libqt5opengl5",
         "priority":"optional","scan_time":"2021/10/13 15:10:49","size":572,"source":"qtbase-opensource-src",
         "vendor":"Ubuntu Developers <[email protected]>","version":"5.12.8+dfsg-0ubuntu1"}
@@ -256,7 +256,7 @@
     -
       input: >-
         agent 001 dbsync packages MODIFIED {"checksum":"1c1bf8bbc20caef77010f960461cc20fb9c67568",
-        "architecture":"amd64","description":"Qt 5 OpenGL module","format":"deb","groups":"extra",
+        "architecture":"amd64","description":"Qt 5 OpenGL module","format":"deb","groups":"extra","location":" ",
         "item_id":"caa4868d177fbebc5b145a2a92497ebcf566838a","multiarch":"same","name":"libqt5opengl5",
         "priority":"optional","scan_time":"2021/10/13 15:10:49","size":572,"source":"qtbase-opensource-src",
         "vendor":"Ubuntu Developers <[email protected]>","version":"5.12.8+dfsg-0ubuntu1"}
@@ -274,7 +274,7 @@
     -
       input: >-
         agent 001 dbsync packages MODIFIED {"checksum":"1c1bf8bbc20caef77010f960461cc20fb9c67568",
-        "architecture":"amd64","description":"Qt 5 OpenGL module","format":"deb","groups":"libs",
+        "architecture":"amd64","description":"Qt 5 OpenGL module","format":"deb","groups":"libs","location":" ",
         "item_id":"caa4868d177fbebc5b145a2a92497ebcf566838a","multiarch":"same","name":"libqt5opengl5",
         "priority":"optional","scan_time":"2021/10/13 15:10:49","size":572,"source":"qtbase-opensource-src",
         "vendor":"Ubuntu Developers <[email protected]>","version":"5.12.8+dfsg-0ubuntu2"}

tests/integration/test_wazuh_db/test_agent_database_version.py

@@ -9,7 +9,7 @@
 pytestmark = [TIER0, LINUX, SERVER]
 
 # Variables
-expected_database_version = '10'
+expected_database_version = '11'
 
 
 # Fixtures
@@ -34,7 +34,7 @@ def test_agent_database_version(restart_wazuh_daemon, remove_agents):
             - Check that the manager database version is the expected one.
             - Check that the agent database version is the expected one.
 
-    wazuh_min_version: 4.4.0
+    wazuh_min_version: 4.5.2
 
     parameters:
         - restart_wazuh_daemon:
@@ -45,7 +45,7 @@ def test_agent_database_version(restart_wazuh_daemon, remove_agents):
         - Verify that database version is the expected one.
 
     expected_output:
-        - Database version: 10
+        - Database version: 11
 
     tags:
         - wazuh_db