-
Notifications
You must be signed in to change notification settings - Fork 1.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Vulnerability Detector does not detect vulnerabilities in certain agents in E2E tests #23328
Comments
This issue was replicated in #23322 (comment) It seems that it is directly related to the mechanism of the re-scan when the vulnerability detection module is disabled once this was enabled previously. Further research is required |
After some testing around this behavior, we discover a race condition in the timeout algorithm in the wazuh-db query. All queue scans are still waiting for this condition that never ends. But if you restart the wazuh manager, the scanning continues and reports the agent vulnerabilities. This will be solved at #23301
|
Description
In Release 4.8.0 - RC 1 - Vulnerability Detection E2E tests It was noted that the vulnerability detector does detect expected vulnerabilities or alerts in case of installation/removal/upgrade of vulnerable packages during the E2E tests.
It can be seen that no vulnerabilities are detected for Ubuntu22 ARM, Windows 2016, and Ubuntu 22 AMD. Further research is required
Evidences
Report: https://github.com/wazuh/wazuh/files/15234960/Test_e2e_system_284_test_vulnerability_detector.zip
Note
Currently tests are being launched enabling modulesd debug. Further evidence will be provided on this issue as soon as possible
The text was updated successfully, but these errors were encountered: