Vulnerability detector test module refactor: `test_archlinux_inventory_archlinux_feed`

[jmv74211]

It is asked to refactor the test module named test_archlinux_inventory_archlinux_feed.py.

It is disabled for now, as it was failing or unstable, causing false positives.

Tasks

• [x] Make a study of the objectives of the test, and what is being tested.
• [x] Refactor the test. Clean and modularizable code.
• [x] Check that the test always starts from the same state and restores it completely at the end of the test (independent of the tests previously executed in that environment).
• [x] Review test documentation, and modify if necessary.
• [x] Proven that tests pass when they have to pass.
• [x] Proven that tests fail when they have to fail.
• [x] Test in 5-10 rounds of execution that the test always shows the same result.
• [x] Run all Vulnerability detector integration tests and check the "full green".

Checks

• [x] The code complies with the standard PEP-8 format.
• [x] Python codebase is documented following the Google Style for Python docstrings.
• [x] The test is processed by qa-docs tool without errors.

Additional tasks

• [x] Generalize and parameterize a new test with the same behavior where each Tcase is a provider
• [x] Add NVD custom feed
• [x] Add Arch custom feed
• [x] Add ALAS custom feed
• [x] Add RedHat custom feed
• [x] Add Canonical custom feed
• [x] Add Debian custom feed

[roronoasins]

Test design

Name

test_archlinux_inventory_archlinux_feed.py

---

Objective

Check that the Vulnerability Detector module generates an alert when a vulnerability is detected and inserted.

---

Test checks

• Verify that the vulnerabilities are logged correctly.
• Verify that the vulnerabilities are inserted correctly.
• Verify that the related databases have the expected values.

---

Initial stage (setup)

• All modules except vulnerability detector must be disabled
• sys_programs, vuln_cves, cve.db tables must be empty.
• Clean ossec.log, alerts.json and alerts.log files
• Mock Tcase system
• Insert vulnerable packages into the agent vuln_cves table.
• Insert offline feeds

---

Test phases

Test cases

• Update ossec.conf configuration.
• Restart wazuh-modulesd daemon.
• Monitor ossec.log and wait for the package vulnerabilities logs.
• Monitor alerts.json file and wait for the vulnerability affecting entry.
• Check that the vulnerable packages are valid in the vuln_cve table.

---

Final stage (teardown)

• cve.db tables must be empty.
• 000.db tables must be empty.
• Initial ossec.conf file must be restored.
• Clean the ossec.log file.
• Clean the alerts.json file.
• Initial system info must be restored.

Test cases

The new test replaces the current inventory feed tests. Now each provider is a Tcase.

These are the providers that will have a new custom feed and will be tested:

• Arch
• RedHat
• Debian
• Canonical
• macOS
• MSU