Skip to content

Commit

Permalink
refac: remote operations in install/remote/update package functions
Browse files Browse the repository at this point in the history
  • Loading branch information
@Rebits
Rebits committed Jan 23, 2024
1 parent f5c96e2 commit 940fb60
Show file tree
Hide file tree
Showing 7 changed files with 633 additions and 212 deletions.
359 changes: 302 additions & 57 deletions deps/wazuh_testing/wazuh_testing/end_to_end/remote_operations_handler.py
View file

Large diffs are not rendered by default.

145 changes: 61 additions & 84 deletions deps/wazuh_testing/wazuh_testing/end_to_end/vulnerability_detector.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,8 @@
import re


def check_vuln_state_index(host_manager: HostManager, vulnerability_data: Dict[str, Dict], current_datetime: str = None):
def check_vuln_state_index(host_manager: HostManager, host: str, package: Dict[str, Dict],
current_datetime: str = "", return_found: bool = False):
"""
Check vulnerability state index for a host.
Expand All @@ -20,49 +21,35 @@ def check_vuln_state_index(host_manager: HostManager, vulnerability_data: Dict[s
index_vuln_state_content = get_indexer_values(host_manager, index='wazuh-states-vulnerabilities',
greater_than_timestamp=current_datetime)['hits']['hits']
expected_alerts_not_found = []
expected_alerts_found = []

logging.critical(f"Checking vulnerability state index {vulnerability_data}")
logging.critical(f"Checking vulnerability state index {package}")
vulnerabilities = package['CVE']

for agent in host_manager.get_group_hosts('agent'):
logging.critical(f"Checking vulnerability state index for {agent}")
for vulnerability in vulnerabilities:
found = False
for indice_vuln in index_vuln_state_content:
state_agent = indice_vuln['_source']['agent']['name']
state_cve = indice_vuln["_source"]['vulnerability']['id']
state_package_name = indice_vuln['_source']['package']['name']
state_package_version = indice_vuln['_source']['package']['version']

host_os_name = host_manager.get_host_variables(agent)['os'].split('_')[0]
host_os_arch = host_manager.get_host_variables(agent)['architecture']
if state_agent == host and state_cve == vulnerability \
and state_package_name == package['package_name'] and \
state_package_version == package['package_version']:
found = True
expected_alerts_found.append(vulnerability)

logging.critical(f"Host OS name: {host_os_name}")
logging.critical(f"Host OS arch: {host_os_arch}")

if host_os_name in vulnerability_data:
if host_os_arch in vulnerability_data[host_os_name]:
logging.critical(f"Inside Host OS arch: {host_os_arch}")

vulnerabilities = vulnerability_data[host_os_name][host_os_arch]

logging.critical(f"Vulnerabilities: {vulnerabilities}")

for vulnerability in vulnerabilities:
found = False
for indice_vuln in index_vuln_state_content:
logging.critical(f"Indice vuln: {indice_vuln}")

state_agent = indice_vuln['_source']['agent']['name']
state_cve = indice_vuln["_source"]['vulnerability']['id']
state_package_name = indice_vuln['_source']['package']['name']
state_package_version = indice_vuln['_source']['package']['version']

if state_agent == agent and state_cve == vulnerability['CVE'] \
and state_package_name == vulnerability['PACKAGE_NAME'] and \
state_package_version == vulnerability['PACKAGE_VERSION']:
found = True

if not found:
expected_alerts_not_found.append(vulnerability)
if not found:
expected_alerts_not_found.append(vulnerability)

logging.critical(f"Expected alerts not found: {expected_alerts_not_found}")
logging.critical(f"Triggered alerts: {index_vuln_state_content}")

return expected_alerts_not_found

if return_found:
return expected_alerts_found
else:
return expected_alerts_not_found


def get_alerts_by_agent(alerts, regex):
Expand All @@ -84,9 +71,9 @@ def get_alerts_by_agent(alerts, regex):
agent = alert['_source']['agent']['name']
if agent not in alerts_vuln_by_agent:
alerts_vuln_by_agent[agent] = []
else:
alerts_vuln_by_agent[agent].append(alert)
alerts_vuln_by_agent[agent].append(alert)

logging.critical(f"Alerts by agent: {alerts_vuln_by_agent}")
return alerts_vuln_by_agent


Expand All @@ -103,8 +90,8 @@ def get_indexed_vulnerabilities_by_agent(indexed_vulnerabilities):
return vulnerabilities_by_agent


def check_vuln_alert_indexer(host_manager: HostManager, vulnerability_data: Dict[str, Dict],
current_datetime: str = ''):
def check_vuln_alert_indexer(host_manager: HostManager, host: str, package: Dict[str, Dict],
current_datetime: str = '', vuln_mitigated: bool = False):
"""
Check vulnerability alerts in the indexer for a host.
Expand All @@ -115,57 +102,47 @@ def check_vuln_alert_indexer(host_manager: HostManager, vulnerability_data: Dict
Returns:
list: List of vulnerability alerts.
"""
regex_cve_affects = "CVE.* affects .*"
regex_solved_vuln = "The .* that affected .* was solved due to a package removal"
logging.critical(f"Checking vulnerability alerts in the indexer {package}")

logging.critical(f"Checking vulnerability alerts in the indexer {vulnerability_data}")
regex_to_match = "CVE.* affects .*"
if vuln_mitigated:
regex_to_match = "The .* that affected .* was solved due to a package removal"

indexer_alerts = get_indexer_values(host_manager, greater_than_timestamp=current_datetime)['hits']['hits']

# Get CVE affects alerts for all agents
detected_vuln_alerts_by_agent = get_alerts_by_agent(indexer_alerts, regex_cve_affects)
solved_alerts_by_agent = get_alerts_by_agent(indexer_alerts, regex_solved_vuln)
alerts_global = get_alerts_by_agent(indexer_alerts, regex_to_match)

if host in alerts_global:
triggered_alerts = alerts_global[host]
else:
triggered_alerts = []

logging.critical(f"Triggered alerts: {triggered_alerts}")

triggered_alerts = detected_vuln_alerts_by_agent
expected_alerts_not_found = []

if 'state' in vulnerability_data and not vulnerability_data['state']:
triggered_alerts = solved_alerts_by_agent

for agent in host_manager.get_group_hosts('agent'):
logging.critical(f"Checking vulnerability alerts for {agent}")
host_os_name = host_manager.get_host_variables(agent)['os'].split('_')[0]
host_os_arch = host_manager.get_host_variables(agent)['architecture']
logging.critical(f"Host OS name: {host_os_name}")
logging.critical(f"Host OS arch: {host_os_arch}")
logging.critical(f"Check1: {host_os_arch in vulnerability_data}")
logging.critical(f"Check2: {host_os_name in vulnerability_data}")

if host_os_name in vulnerability_data:
if host_os_arch in vulnerability_data[host_os_name]:
logging.critical(f"Inside Host OS arch: {host_os_arch}")
vulnerabilities = vulnerability_data[host_os_name][host_os_arch]
for vulnerability in vulnerabilities:

logging.critical(f"Checking vulnerability: {vulnerability}")

cve = vulnerability['CVE']
package = vulnerability['PACKAGE_NAME']
version = vulnerability['PACKAGE_VERSION']
found = False
for triggered_alert in triggered_alerts[agent]:
alert_package_name = triggered_alert['_source']['data']['vulnerability']['package']["name"]
alert_package_version = \
triggered_alert['_source']['data']['vulnerability']['package']['version']
alert_cve = triggered_alert['_source']['data']['vulnerability']['cve']

if alert_cve == cve and alert_package_name == package and \
alert_package_version == version:
found = True

if not found:
print(f"Vulnerability not found: {vulnerability}")
expected_alerts_not_found.append(vulnerability)
for cve in package['CVE']:
logging.critical(f"Checking vulnerability: {cve}")

package_name = package['package_name']
package_version = package['package_version']

found = False

for triggered_alert in triggered_alerts:
alert_package_name = triggered_alert['_source']['data']['vulnerability']['package']["name"]
alert_package_version = \
triggered_alert['_source']['data']['vulnerability']['package']['version']
alert_cve = triggered_alert['_source']['data']['vulnerability']['cve']

if alert_cve == cve and alert_package_name == package_name and \
alert_package_version == package_version:
found = True

if not found:
print(f"Vulnerability not found: {cve} for package {package} {package_version}")
expected_alerts_not_found.append({'CVE': cve, 'PACKAGE_NAME': package_name,
'PACKAGE_VERSION': package_version})

logging.critical(f"Expected alerts not found: {expected_alerts_not_found}")
logging.critical(f"Triggered alerts: {triggered_alerts}")
Expand Down
108 changes: 108 additions & 0 deletions ...wazuh_testing/wazuh_testing/end_to_end/vulnerability_detector_packages/vuln_packages.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,108 @@
{
"nmap-6.46": {
"package_name": "nmap",
"package_version": "6.46-1",
"CVE": ["CVE-2018-15173"],
"urls": {
"centos": {
"amd64": "https://nmap.org/dist/nmap-6.46-1.x86_64.rpm"
}
},
"uninstall_name": "nmap*"
},
"grafana-8.5.5": {
"package_name": "grafana",
"package_version": "8.5.5",
"CVE": ["CVE-2023-2183"],
"urls": {
"centos": {
"amd64": "https://dl.grafana.com/enterprise/release/grafana-enterprise-8.5.5-1.x86_64.rpm",
"arm64v8": "https://dl.grafana.com/enterprise/release/grafana-enterprise-8.5.5-1.aarch64.rpm"
}
},
"uninstall_name": "grafana*"
},


https://dl.grafana.com/enterprise/release/grafana-enterprise_8.5.5_arm64.deb
https://dl.grafana.com/enterprise/release/grafana-enterprise_8.5.6_arm64.deb
https://dl.grafana.com/enterprise/release/grafana-enterprise_9.1.1_arm64.deb
https://dl.grafana.com/enterprise/release/grafana-enterprise_9.2.0_arm64.deb
https://dl.grafana.com/enterprise/release/grafana-enterprise_9.4.17_arm64.deb
https://dl.grafana.com/enterprise/release/grafana-enterprise_9.5.13_arm64.deb
https://dl.grafana.com/enterprise/release/grafana-enterprise_10.0.0_arm64.deb


















"vlc-3.0.6": {
"package_name": "C:\\Program Files\\VideoLAN\\VLC\\uninstall.exe",
"package_version": "3.0.6",
"CVE": ["CVE-2019-12874"],
"urls": {
"windows": {
"amd64": "https://get.videolan.org/vlc/3.0.6/win64/vlc-3.0.6-win64.exe"
}
},
"uninstall_name": "C:\\Program Files\\VideoLAN\\VLC\\uninstall.exe"
},
"node-17.0.1": {
"package_name": "node",
"package_version": "17.0.1",
"CVE": ["CVE-2022-21824"],
"urls": {
"macos": {
"amd64": "https://nodejs.org/dist/v17.0.1/node-v17.0.1.pkg",
"arm64v8": "https://nodejs.org/dist/v17.0.1/node-v17.0.1.pkg"
}
},
"uninstall_name": "node*"
},
"lynx-2.8.8":{
"package_name": "lynx",
"package_version": "2.8.8-0.3.dev15.el7",
"CVE": ["CVE-2021-38165"],
"urls": {
"centos": {
"amd64": "https://download.cf.centos.org/centos/7/os/x86_64/Packages/lynx-2.8.8-0.3.dev15.el7.x86_64.rpm"
}
},
"uninstall_name": "lynx*"
},
"firefox-78.9.0":{
"package_name": "firefox",
"package_version": "78.9.0-1.el7.centos",
"CVE": ["CVE-2023-6873", "CVE-2023-6872", "CVE-2022-38478"],
"urls": {
"centos": {
"amd64": "https://download.cf.centos.org/centos/7/updates/x86_64/Packages/firefox-78.9.0-1.el7.centos.x86_64.rpm"
}
},
"uninstall_name": "firefox*"
},
"firefox-91.13.0":{
"package_name": "firefox",
"package_version": "91.13.0-1.el7.centos",
"CVE": ["CVE-2023-6873", "CVE-2023-6872"],
"urls": {
"centos": {
"amd64": "https://download.cf.centos.org/centos/7/updates/x86_64/Packages/firefox-91.13.0-1.el7.centos.x86_64.rpm"
}
},
"uninstall_name": "firefox*"
}
}
7 changes: 7 additions & 0 deletions deps/wazuh_testing/wazuh_testing/tools/system.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -553,14 +553,21 @@ def remove_package(self, host, package_name, system):
Example:
host_manager.remove_package('my_host', 'my_package', system='ubuntu')
"""
logging.critical(f"Removing package {package_name} from {host}")
logging.critical(f"System: {system}")
logging.critical(f"Host variables: {self.get_host_variables(host)}")

result = False

os_name = self.get_host_variables(host)['os_name']
if os_name == 'windows':
result = self.get_host(host).ansible("win_command", f"& '{package_name}' /S", check=False)
elif os_name == 'linux':
os = self.get_host_variables(host)['os'].split('_')[0]
if os == 'centos':
logging.critical(f"Centos!")
result = self.get_host(host).ansible("yum", f"name={package_name} state=absent", check=False)
logging.critical(f"Result: {result}")
elif os == 'ubuntu':
result = self.get_host(host).ansible("apt", f"name={package_name} state=absent", check=False)

Expand Down
Loading

0 comments on commit 940fb60

Please sign in to comment.