search

wazuh / wazuh-qa

Wazuh - Quality Assurance
GNU General Public License v2.0
64 stars 32 forks source link

Test failed because CVE-2024-27983 found in Vulnerability Detection E2E tests #5804

Open fcaffieri opened 1 week ago

fcaffieri commented 1 week ago
Version Revision Production/Development Component Install type
v4.9.1-rc3 1 Development VD Assistant

Description

During the tests performed at https://github.com/wazuh/wazuh/issues/26165, the test test_vulnerability_detector_scans_cases[upgrade_package_maintain_add_vulnerability] failed. In this test it could be seen:

Test error:

[2024-10-07T18:48:23.975Z] E       AssertionError: 
[2024-10-07T18:48:23.975Z] E         Test test_vulnerability_detector_scans_cases[upgrade_package_maintain_add_vulnerability] failed
[2024-10-07T18:48:23.975Z] E         
[2024-10-07T18:48:23.975Z] E         Check no_errors succeeded
[2024-10-07T18:48:23.975Z] E         Check operation_successfull_for_all_agents succeeded
[2024-10-07T18:48:23.975Z] E         Check expected_vulnerabilities_found_in_index succeeded
[2024-10-07T18:48:23.975Z] E         Check no_unexpected_vulnerabilities_found_in_index failed. Evidences (['unexpected_vulnerabilities']) can be found in the report.
[2024-10-07T18:48:23.975Z] E         Check expected_vulnerability_affected_alert succeeded
[2024-10-07T18:48:23.975Z] E         Check expected_vulnerability_mitigated_alert failed. Evidences (['missing_mitigated_alerts']) can be found in the report.
[2024-10-07T18:48:23.975Z] E         Check setup_operation_results succeeded
[2024-10-07T18:48:23.975Z] E         Check no_duplicated_vulnerabilities succeeded
[2024-10-07T18:48:23.975Z] E         -----
[2024-10-07T18:48:23.975Z] E         
[2024-10-07T18:48:23.975Z] E       assert False
[2024-10-07T18:48:23.975Z] E        +  where False = <bound method TestResult.get_test_result of <wazuh_testing.end_to_end.TestResult object at 0x7ff2e4e5b9a0>>()
[2024-10-07T18:48:23.975Z] E        +    where <bound method TestResult.get_test_result of <wazuh_testing.end_to_end.TestResult object at 0x7ff2e4e5b9a0>> = <wazuh_testing.end_to_end.TestResult object at 0x7ff2e4e5b9a0>.get_test_result

In missing_mitigated_alerts:

[2024-10-07T18:48:23.975Z] CRITICAL root:test_vulnerability_detector.py:939 Remote operation results: {'agent6': True, 'agent5': True, 'agent3': True, 'agent4': True, 'agent1': True, 'agent2': True}
[2024-10-07T18:48:23.975Z] ERROR    root:__init__.py:237 Marked check operation_successfull_for_all_agents result to True with evidences ['operation_results']
[2024-10-07T18:48:23.975Z] CRITICAL root:check_validators.py:41 Vulnerability unexpected found for agent2: Vulnerability(cve='CVE-2024-27983', package_name='Node.js', package_version='18.1.0', architecture='x86_64')
[2024-10-07T18:48:23.975Z] CRITICAL root:check_validators.py:51 Vulnerabilities not found: {}
[2024-10-07T18:48:23.975Z] CRITICAL root:check_validators.py:52 Vulnerabilities unexpected: {'agent2': [Vulnerability(cve='CVE-2024-27983', package_name='Node.js', package_version='18.1.0', architecture='x86_64')]}

It must be analyzed and differentiated if this is really a product failure or a test failure.

Environment

Vulnerability detector E2E tests the environment

Steps to reproduce

Example:

  1. Execute the pipeline https://ci.wazuh.info/job/Test_e2e_system/ by using the following parameters image
  2. Download and check the report created. This report is called Test_e2e_system_xxx_test_vulnerability_detector.zip and will be in the artifacts of the build
  3. The report will have the previously informed results.

Current result

"CVE-2024-27983" in agent2 is present as unprocessed data (missing alerts, missing vulnerabilities, missing mitigated alerts)

Expected result

No errors are expected

rauldpm commented 1 week ago

CVE added in https://github.com/wazuh/intelligence-data/issues/1103

davidjiglesias commented 1 week ago

Once more, we need to use a fixed feed or something that makes our tests agnostic of changes in the intelligence-data

juliamagan commented 1 week ago

We changed the feed update to use the one in the package itself, and avoid these problems a bit more. However, until we have a nightly to be able to control the changes in intelligence data faster, it is better to use a dummy feed that we have controlled, to avoid this kind of issues every time there is a change.