Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix filter vulnerabilities function in case of multiple packages are used #5419

Merged
merged 5 commits into from
May 23, 2024
Merged

Fix filter vulnerabilities function in case of multiple packages are used #5419

merged 5 commits into from
May 23, 2024

Conversation

Rebits
Copy link
Member

@Rebits Rebits commented May 22, 2024
edited
Loading

Description

This PR addresses an issue in the filter_vulnerabilities method to prevent duplicate entries in the vulnerability collection during the E2E vulnerability detection tests.

Testing performed

To test this change in the framework, a straightforward test has been developed and executed in a deployed environment.

Packages filter Test 🟢
  • Test definition
from wazuh_testing.end_to_end.remote_operations_handler import get_vulnerabilities_index, \
                                                               filter_vulnerabilities_by_packages, \
                                                               filter_vulnerabilities_by_packages_new, \
                                                               get_vulnerabilities_from_states_by_agent
from wazuh_testing.tools.system import HostManager
from wazuh_testing.end_to_end.check_validators import (
    compare_expected_found_vulnerabilities,
    compare_expected_found_vulnerabilities_alerts, empty, empty_dict, equals,
    equals_but_not_empty, no_errors, validate_operation_results, get_duplicated_vulnerabilities)
from wazuh_testing.end_to_end.vulnerability_detector import Vulnerability



hm = HostManager("inv.yaml")
agent_list = ["agent1"]

packages = {
    "from": {
        "centos": {
            "amd64": "grafana-8.5.5-1",
            "arm64v8": "grafana-8.5.5-1"
        },
        "ubuntu": {
            "arm64v8": "grafana-8.5.5",
            "amd64": "grafana-8.5.5"
        },
        "windows": {
            "amd64": "node-v18.20.0"
        },
        "macos": {
            "amd64": "http-proxy-0.7.0",
            "arm64v8": "http-proxy-0.7.0"
        }
    },
    "to": {
        "centos": {
            "amd64": "grafana-9.5.13-1",
            "arm64v8": "grafana-9.5.13-1"
        },
        "ubuntu": {
            "amd64": "grafana-9.5.13",
            "arm64v8": "grafana-9.5.13"
        },
        "windows": {
            "amd64": "node-v18.20.2"
        },
        "macos": {
            "amd64": "http-proxy-0.7.2",
            "arm64v8": "http-proxy-0.7.2"
        }
    }
}


package_data = [packages['from'], packages['to'] ]

vulnerabilities = get_vulnerabilities_from_states_by_agent(hm, agent_list)
package_vulnerabilities_old_function = filter_vulnerabilities_by_packages(hm, vulnerabilities, package_data)
package_vulnerabilities_new_function = filter_vulnerabilities_by_packa
  • Result
Old Filter
[{'agent1': [Vulnerability(cve='CVE-2022-31107', package_name='grafana', package_version='8.5.6-1', architecture='x86_64'), Vulnerability(cve='CVE-2022-39201', package_name='grafana', package_version='8.5.6-1', architecture='x86_64'), Vulnerability(cve='CVE-2022-39229', package_name='grafana', package_version='8.5.6-1', architecture='x86_64'), Vulnerability(cve='CVE-2022-36062', package_name='grafana', package_version='8.5.6-1', architecture='x86_64'), Vulnerability(cve='CVE-2023-0507', package_name='grafana', package_version='8.5.6-1', architecture='x86_64'), Vulnerability(cve='CVE-2022-39307', package_name='grafana', package_version='8.5.6-1', architecture='x86_64'), Vulnerability(cve='CVE-2022-23552', package_name='grafana', package_version='8.5.6-1', architecture='x86_64'), Vulnerability(cve='CVE-2022-31097', package_name='grafana', package_version='8.5.6-1', architecture='x86_64'), Vulnerability(cve='CVE-2023-0594', package_name='grafana', package_version='8.5.6-1', architecture='x86_64'), Vulnerability(cve='CVE-2022-31123', package_name='grafana', package_version='8.5.6-1', architecture='x86_64'), Vulnerability(cve='CVE-2022-39324', package_name='grafana', package_version='8.5.6-1', architecture='x86_64'), Vulnerability(cve='CVE-2023-3128', package_name='grafana', package_version='8.5.6-1', architecture='x86_64'), Vulnerability(cve='CVE-2022-39306', package_name='grafana', package_version='8.5.6-1', architecture='x86_64'), Vulnerability(cve='CVE-2023-4822', package_name='grafana', package_version='8.5.6-1', architecture='x86_64'), Vulnerability(cve='CVE-2022-35957', package_name='grafana', package_version='8.5.6-1', architecture='x86_64'), Vulnerability(cve='CVE-2023-2183', package_name='grafana', package_version='8.5.6-1', architecture='x86_64'), Vulnerability(cve='CVE-2022-31130', package_name='grafana', package_version='8.5.6-1', architecture='x86_64'), Vulnerability(cve='CVE-2022-23498', package_name='grafana', package_version='8.5.6-1', architecture='x86_64'), Vulnerability(cve='CVE-2023-1410', package_name='grafana', package_version='8.5.6-1', architecture='x86_64')]}]
New filter
[]
New filter Duplicated vulns
[{'agent1': [Vulnerability(cve='CVE-2022-23498', package_name='grafana', package_version='8.5.6-1', architecture='x86_64')]}]

@Rebits Rebits self-assigned this May 22, 2024
@Rebits Rebits changed the title Fix filter vulnerabilities method in case of multiple packages are used Fix filter vulnerabilities function in case of multiple packages are used May 22, 2024
@Rebits Rebits marked this pull request as ready for review May 22, 2024 14:40
@Rebits Rebits linked an issue May 22, 2024 that may be closed by this pull request
E2E Vulnerability tests duplicate vulnerabilities for upgrade tests #5410
Closed
2 tasks
MARCOSD4
MARCOSD4 previously approved these changes May 22, 2024
View reviewed changes
Copy link
Member

@MARCOSD4 MARCOSD4 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@juliamagan juliamagan merged commit eec7132 into 4.8.0 May 23, 2024
1 of 2 checks passed
@juliamagan juliamagan deleted the fix/5410-duplicated-vulnerabilities branch May 23, 2024 08:22
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@juliamagan juliamagan juliamagan approved these changes

@MARCOSD4 MARCOSD4 MARCOSD4 left review comments

Assignees

@Rebits Rebits

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

E2E Vulnerability tests duplicate vulnerabilities for upgrade tests
3 participants
@Rebits @juliamagan @MARCOSD4