Merge pull request #23586 from wazuh/enhancement/23548-high-impact-vu…

…lnerabilities

Test cases for High impact vulnerabilities

src/wazuh_modules/vulnerability_scanner/qa/test_data/016/Readme.md

@@ -0,0 +1,23 @@
+# Description
+
+Vulnerability detection validation for **_openssl_** package.
+
+## CVE
+
+- CVE-2014-0160
+
+# Platforms
+
+## Ubuntu Jammy
+
+- Input events
+  - [001](input_001.json)
+  - [002](input_002.json)
+  - [003](input_003.json)
+  - [004](input_004.json)
+
+| Name      | Version           | Feed      | Expected       |
+|-----------|-------------------|-----------|----------------|
+| openssl   | 3.0.2-0ubuntu1.15 | Canonical | Not vulnerable |
+| openssl   | 1.0.1             | NVD       | Vulnerable     |
+| openssl   | 1.0.1g            | NVD       | Not vulnerable |

src/wazuh_modules/vulnerability_scanner/qa/test_data/016/expected_001.out

@@ -0,0 +1 @@
+[]

src/wazuh_modules/vulnerability_scanner/qa/test_data/016/expected_002.out

@@ -0,0 +1 @@
+[]

src/wazuh_modules/vulnerability_scanner/qa/test_data/016/expected_003.out

@@ -0,0 +1,3 @@
+[
+    "Match found, the package 'openssl', is vulnerable to 'CVE-2014-0160'. Current version: '1.0.1' (less than '1.0.1g' or equal to ''). - Agent '' (ID: '001', Version: '')."
+]

src/wazuh_modules/vulnerability_scanner/qa/test_data/016/expected_004.out

@@ -0,0 +1,3 @@
+[
+    "No match due to default status for Package: openssl, Version: 1.0.1g while scanning for Vulnerability: CVE-2014-0160"
+]

src/wazuh_modules/vulnerability_scanner/qa/test_data/016/input_001.json

@@ -0,0 +1,23 @@
+{
+    "agent_info": {
+        "agent_id": "001"
+    },
+    "data_type": "state",
+    "data": {
+        "attributes_type": "syscollector_osinfo",
+        "attributes": {
+            "architecture": "x86_64",
+            "hostname": "jammy",
+            "os_codename": "jammy",
+            "os_major": "22",
+            "os_minor": "04",
+            "os_name": "Ubuntu",
+            "os_patch": "1",
+            "os_platform": "ubuntu",
+            "os_version": "22.04.1 LTS (Jammy Jellyfish)",
+            "release": "5.15.0-107-generic",
+            "sysname": "Linux",
+            "version": "#117-Ubuntu SMP Fri Apr 26 12:26:49 UTC 2024"
+        }
+    }
+}

src/wazuh_modules/vulnerability_scanner/qa/test_data/016/input_002.json

@@ -0,0 +1,21 @@
+{
+    "agent_info": {
+        "agent_id": "001"
+    },
+    "data_type": "dbsync_packages",
+    "data": {
+        "architecture": "amd64",
+        "description": "Secure Sockets Layer toolkit - cryptographic utility",
+        "format": "deb",
+        "groups": "utils",
+        "install_time": " ",
+        "location": " ",
+        "multiarch": "foreign",
+        "name": "openssl",
+        "priority": "important",
+        "size": 2053,
+        "vendor": "Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>",
+        "version": "3.0.2-0ubuntu1.15"
+    },
+    "operation": "INSERTED"
+}

src/wazuh_modules/vulnerability_scanner/qa/test_data/016/input_003.json

@@ -0,0 +1,21 @@
+{
+    "agent_info": {
+        "agent_id": "001"
+    },
+    "data_type": "dbsync_packages",
+    "data": {
+        "architecture": "amd64",
+        "description": "Secure Sockets Layer toolkit - cryptographic utility",
+        "format": "deb",
+        "groups": "utils",
+        "install_time": " ",
+        "location": " ",
+        "multiarch": "foreign",
+        "name": "openssl",
+        "priority": "important",
+        "size": 2053,
+        "vendor": "openssl",
+        "version": "1.0.1"
+    },
+    "operation": "INSERTED"
+}

src/wazuh_modules/vulnerability_scanner/qa/test_data/016/input_004.json

@@ -0,0 +1,21 @@
+{
+    "agent_info": {
+        "agent_id": "001"
+    },
+    "data_type": "dbsync_packages",
+    "data": {
+        "architecture": "amd64",
+        "description": "Secure Sockets Layer toolkit - cryptographic utility",
+        "format": "deb",
+        "groups": "utils",
+        "install_time": " ",
+        "location": " ",
+        "multiarch": "foreign",
+        "name": "openssl",
+        "priority": "important",
+        "size": 2053,
+        "vendor": "openssl",
+        "version": "1.0.1g"
+    },
+    "operation": "INSERTED"
+}

src/wazuh_modules/vulnerability_scanner/qa/test_data/017/Readme.md

@@ -0,0 +1,34 @@
+# Description
+
+Vulnerability detection validation for **_XZ_** package.
+
+## CVE
+
+- CVE-2024-3094
+
+# Platforms
+
+## Ubuntu Jammy
+
+- Input events
+  - ![001](input_001.json)
+  - ![002](input_002.json)
+  - ![003](input_003.json)
+
+| Name       | Version       | Feed      | Expected       |
+|------------|---------------|-----------|----------------|
+| xz-utils   | 5.2.5-2ubuntu1| Canonical | Not vulnerable |
+| xz-utils   | 5.6.0         | NVD       | Vulnerable     |
+
+
+## Arch Linux
+
+- Input files
+  - [004](input_004.json)
+  - [005](input_005.json)
+  - [006](input_006.json)
+
+| Name       | Version | Feed | Expected       |
+|------------|---------|------|----------------|
+| xz         | 5.4.6-1 | Arch | Not vulnerable |
+| xz         | 5.6.0-1 | Arch | Vulnerable     |

src/wazuh_modules/vulnerability_scanner/qa/test_data/017/expected_001.out

@@ -0,0 +1 @@
+[]

src/wazuh_modules/vulnerability_scanner/qa/test_data/017/expected_002.out

@@ -0,0 +1,3 @@
+[
+    "No match due to default status for Package: xz-utils, Version: 5.2.5-2ubuntu1 while scanning for Vulnerability: CVE-2024-3094"
+]

src/wazuh_modules/vulnerability_scanner/qa/test_data/017/expected_003.out

@@ -0,0 +1,3 @@
+[
+    "Match found, the package 'xz', is vulnerable to 'CVE-2024-3094'. Current version: '5.6.0' is equal to '5.6.0'. - Agent '' (ID: '001', Version: '')."
+]

src/wazuh_modules/vulnerability_scanner/qa/test_data/017/expected_004.out

@@ -0,0 +1 @@
+[]

src/wazuh_modules/vulnerability_scanner/qa/test_data/017/expected_005.out

@@ -0,0 +1,3 @@
+[
+    "No match due to default status for Package: xz, Version: 5.4.6-1 while scanning for Vulnerability: CVE-2024-3094"
+]

src/wazuh_modules/vulnerability_scanner/qa/test_data/017/expected_006.out

@@ -0,0 +1,3 @@
+[
+    "Match found, the package 'xz', is vulnerable to 'CVE-2024-3094'. Current version: '5.6.0-1' (less than '5.6.1-2' or equal to ''). - Agent '' (ID: '001', Version: '')."
+]

src/wazuh_modules/vulnerability_scanner/qa/test_data/017/input_001.json

@@ -0,0 +1,23 @@
+{
+  "agent_info": {
+    "agent_id": "001"
+  },
+  "data_type": "state",
+  "data": {
+    "attributes_type": "syscollector_osinfo",
+    "attributes": {
+      "architecture": "x86_64",
+      "hostname": "jammy",
+      "os_codename": "jammy",
+      "os_major": "22",
+      "os_minor": "04",
+      "os_name": "Ubuntu",
+      "os_patch": "1",
+      "os_platform": "ubuntu",
+      "os_version": "22.04.1 LTS (Jammy Jellyfish)",
+      "release": "5.15.0-107-generic",
+      "sysname": "Linux",
+      "version": "#117-Ubuntu SMP Fri Apr 26 12:26:49 UTC 2024"
+    }
+  }
+}

src/wazuh_modules/vulnerability_scanner/qa/test_data/017/input_002.json

@@ -0,0 +1,22 @@
+{
+    "agent_info": {
+        "agent_id": "001"
+    },
+    "data_type": "dbsync_packages",
+    "data": {
+        "architecture": "amd64",
+        "description": "XZ-format compression utilities",
+        "format": "deb",
+        "groups": "utils",
+        "install_time": " ",
+        "location": " ",
+        "multiarch": "foreign",
+        "name": "xz-utils",
+        "priority": "standard",
+        "size": 372,
+        "source": " ",
+        "vendor": "Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>",
+        "version": "5.2.5-2ubuntu1"
+    },
+    "operation": "INSERTED"
+}

src/wazuh_modules/vulnerability_scanner/qa/test_data/017/input_003.json

@@ -0,0 +1,22 @@
+{
+    "agent_info": {
+        "agent_id": "001"
+    },
+    "data_type": "dbsync_packages",
+    "data": {
+        "architecture": "amd64",
+        "description": "XZ-format compression utilities",
+        "format": "deb",
+        "groups": "utils",
+        "install_time": " ",
+        "location": " ",
+        "multiarch": "foreign",
+        "name": "xz",
+        "priority": "standard",
+        "size": 372,
+        "source": " ",
+        "vendor": "tukaani",
+        "version": "5.6.0"
+    },
+    "operation": "INSERTED"
+}

src/wazuh_modules/vulnerability_scanner/qa/test_data/017/input_004.json

@@ -0,0 +1,19 @@
+{
+  "agent_info": {
+    "agent_id": "001"
+  },
+  "data_type": "state",
+  "data": {
+    "attributes_type": "syscollector_osinfo",
+    "attributes": {
+      "architecture": "x86_64",
+      "hostname": "archlinux",
+      "os_build": "rolling",
+      "os_name": "Arch Linux",
+      "os_platform": "arch",
+      "release": "6.8.9-arch1-2",
+      "sysname": "Linux",
+      "version": "#1 SMP PREEMPT_DYNAMIC Tue, 07 May 2024 21:35:54 +0000"
+    }
+  }
+}

src/wazuh_modules/vulnerability_scanner/qa/test_data/017/input_005.json

@@ -0,0 +1,21 @@
+{
+    "agent_info": {
+        "agent_id": "001"
+    },
+    "data_type": "dbsync_packages",
+    "data": {
+        "architecture": "x86_64",
+        "description": "Library and command line tools for XZ and LZMA compressed files",
+        "format": "pacman",
+        "groups": " ",
+        "install_time": "2024/05/22 20:31:52",
+        "location": " ",
+        "name": "xz",
+        "priority": " ",
+        "size": 2457747,
+        "source": " ",
+        "vendor": "Arch Linux",
+        "version": "5.4.6-1"
+    },
+    "operation": "INSERTED"
+}

src/wazuh_modules/vulnerability_scanner/qa/test_data/017/input_006.json

@@ -0,0 +1,21 @@
+{
+    "agent_info": {
+        "agent_id": "001"
+    },
+    "data_type": "dbsync_packages",
+    "data": {
+        "architecture": "x86_64",
+        "description": "Library and command line tools for XZ and LZMA compressed files",
+        "format": "pacman",
+        "groups": " ",
+        "install_time": "2024/05/22 20:31:52",
+        "location": " ",
+        "name": "xz",
+        "priority": " ",
+        "size": 2457747,
+        "source": " ",
+        "vendor": "Arch Linux",
+        "version": "5.6.0-1"
+    },
+    "operation": "INSERTED"
+}