-
Notifications
You must be signed in to change notification settings - Fork 1.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Handle Generic CPEs for "Running On" Configurations #23549
Handle Generic CPEs for "Running On" Configurations #23549
Conversation
src/wazuh_modules/vulnerability_scanner/src/scanOrchestrator/osDataCache.hpp
Outdated
Show resolved
Hide resolved
src/wazuh_modules/vulnerability_scanner/src/scanOrchestrator/scanContext.hpp
Outdated
Show resolved
Hide resolved
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I will take from here @GabrielEValenzuela
src/wazuh_modules/vulnerability_scanner/src/scanOrchestrator/scanContext.hpp
Outdated
Show resolved
Hide resolved
Update
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Good work @GabrielEValenzuela!
Please add an efficacy test for this scenario
UpdateWith local changes, test 🟢 ❯ python -m pytest -xvv -k "run_process_and_monitor_log14" wazuh_modules/vulnerability_scanner/qa
==================================================================================== test session starts =====================================================================================
platform linux -- Python 3.11.9, pytest-7.2.2, pluggy-1.5.0 -- /home/gvalenzuela/Documents/Work/wazuh/src/virtual_env/bin/python
cachedir: .pytest_cache
rootdir: /home/gvalenzuela/Documents/Work/wazuh/src
collected 19 items / 18 deselected / 1 selected
wazuh_modules/vulnerability_scanner/qa/test_efficacy_log.py::test_false_negatives[run_process_and_monitor_log14] PASSED [100%]
============================================================================== 1 passed, 18 deselected in 2.14s ============================================================================== |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Simple, yet effective!
Just one thing, add the documentation for the test 20 (here is a template)
Test case II
❯ python -m pytest --log-cli-level=DEBUG --capture=tee-sys -xvv wazuh_modules/vulnerability_scanner/qa/
==================================================================================== test session starts =====================================================================================
platform linux -- Python 3.11.9, pytest-7.2.2, pluggy-1.5.0 -- /home/gvalenzuela/Documents/Work/wazuh/src/virtual_env/bin/python
cachedir: .pytest_cache
rootdir: /home/gvalenzuela/Documents/Work/wazuh/src
collected 23 items
[...]
=============================================================================== 23 passed in 240.81s (0:04:00) =============================================================================== |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Good work @GabrielEValenzuela!
- Tests 🟢
- Code 🟢
This reverts commit e97180a.
ffdb715
to
1fc163e
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Missing efficacy test for the case proposed on the issues:
Objetive
This PR aims to enhance the vulnerability scanner by incorporating logic to accurately handle generic Windows CPEs, especially in "running on" configurations as specified by the NVD. The objective is to improve the scanner's ability to assess vulnerabilities more precisely in environments where specific version details are not available but a generic classification is.
Changes Implemented
Enhanced Logic in
oscpe-global
:oscpe-global.json
to facilitate reverse mapping from platform to vendor usingfeed-global.json
.Updates to
osDataCache.hpp
:New Functionality in
scanContext.hpp
:buildCPENameForGenericOrRunning
to construct CPE names based on information received from syscollector messages.Improvements in
packageScanner.hpp
:Implementation Details
oscpe-global.json
to align with the enhanced functionality.Testing
osDataCache.hpp
,scanContext.hpp
, andpackageScanner.hpp
).Additional Information