sebasfalcone commented 5 days ago

Description

To facilitate the use of the Vulnerability Scanner test tools, we need to generate them with the latest changes and upload them as an artifact. This will ensure we can retrieve them for later use in any environment.

Plan of action

RocksDB test-tool

Currently, it is not being compiled. We need to align it with the latest changes in the master branch and improve its usability.

Add the rocksDB test-tool executable to our targets (example, scanner test-tool)
Improve the interface of the test tool for CI integrations (example, convert this to proper json)

Delivery mechanism

The binaries should be uploaded as artifacts.

The following triggers should generate a re-compilation and upload of the tooling a. Changes over the scanner or test tools b. ~Nigthly update~ c. Manual dispatch

DoD

[x] Tooling migrated
[x] Workflow created

MiguelazoDS commented 4 days ago

Analysis

I would exclude the following trigger ( b. Nigthly update). This should be discussed with the team.

Also, doing a manual testing with the rocksdbtesttool, we need to execute the vdscannertesttool after inserting the new information, because the second one will lock the database

We need to improve the test tool to return a json format

MiguelazoDS commented 3 days ago

Update

Compressing the tools may speed up the downloading task

considering that decompressing only takes less than 2s

Improve test tool response format

Feed (translation, vendor_map, oscpe_rules, cna_mapping)

Expand

- Before cna_mapping ```console CNA-MAPPING-GLOBAL ==> {"cnaMapping":{"alas":"alas_$(MAJOR_VERSION)","alma":"alma_$(MAJOR_VERSION)","opensuse":"suse_server_15","redhat":"redhat_$(MAJOR_VERSION)","suse":"$(PLATFORM)_$(MAJOR_VERSION)"},"majorVersionEquivalence":{"amzn":{"2018":"1"}},"platformEquivalence":{"sled":"suse_desktop","sles":"suse_server"}} ``` Translation ```console TID-0075 ==> { "action": [ "replace_vendor", "replace_product" ], "source": { "vendor": "^Docker Inc\\.$", "product": "^Docker Desktop$" }, "target": [ "windows" ], "translation": [ { "vendor": "docker", "product": "desktop" }, { "vendor": "docker", "product": "docker_desktop" } ] } ``` - After cna_mapping ![image](https://github.com/user-attachments/assets/455182ea-e8f4-4e9b-a262-752ec391d1e2) vendor_map ![image](https://github.com/user-attachments/assets/444556f8-3bce-462c-aea2-f01ef93d4097) oscpe_rules ![image](https://github.com/user-attachments/assets/15c7b6e2-5580-4385-aa36-4c762e15c13d) translations ![image](https://github.com/user-attachments/assets/4d08e696-eb3b-4c88-981f-139909b0569b)

Delivery workflow

According to the documentation https://github.com/actions/runner-images?tab=readme-ov-file#available-images xz-utils is available for Ubuntu-22 and Ubuntu-latest (24)
Respecting to the download step (to be addressed in another issue) it seems pretty straightforward with the repository option. https://github.com/actions/download-artifact. If that does not work we need to research about github-cli options https://cli.github.com/
There's no way to NOT zip the artifacts for upload-artifact action version 4

wazuh / wazuh

Vulnerability Scanner - Test-tools delivery #26217