Refactor E2E Vulnerability Detection tests cases to remove false positive CVE-2023-4822 #5369

Rebits · 2024-05-13T16:13:46Z

Description

It has been detected that vulnerability CVE-2023-4822 was not expected for test defined grafana packages. This PR removes this vulnerability for grafana packages metadata along with including new grafana-enterprise packages that match with non-vulnerable-to-vulnerable test case

Warning

The proposed new Grafana nonvulnerable package has some vulnerabilities. However, this package has been selected due to these vulnerabilities has not been validated by NVD. When this occur, Grafana packages should be updated by the proposed in #5368 (comment)

Testing performed

Build: https://ci.wazuh.info/job/Test_e2e_system/287/console

Validation	Jenkins	Local	OS	Commit	Notes
	⚫⚫	🟢			Nothing to highlight

Result analysis

Tests fail due to the known issues, reported in Failures in Vulnerability Detection E2E Tests RC 2 #5397
Teardown fixture changes work as expected as we can see in the report logs:

root:conftest.py:353 Running teardown for agent: ['agent1', 'agent3', 'agent4', 'agent5', 'agent6', 'agent2']
root:conftest.py:356 Teardown Results: {'agent6': True, 'agent4': True, 'agent1': True, 'agent5': True, 'agent3': True, 'agent2': True}

False positive now is correctly detected as unexpected vulnerability

Rebits added 3 commits May 13, 2024 17:08

fix: remove CVE-2023-4822 and include enterprise packages

8775c2c

fix: change vulntononvuln test case packages

f0a3e96

fix: give support for teardown for certain OS

1495118

Rebits self-assigned this May 13, 2024

Rebits linked an issue May 13, 2024 that may be closed by this pull request

False positive CVE-2023-4822 was included in E2E Vulnerability detection tests #5368

Closed

1 task

Rebits added 5 commits May 13, 2024 17:28

fix: wrong grafana enterprise version for E2E test case

335a9c9

docs: include 5369 changelog

43dbac5

fix: replace grafana enterprise with grafana for E2E tests

c1db0f4

fix: teardown fixture

f743c5c

fix: wrong debian packages for grafana

c708a8d

Rebits marked this pull request as ready for review May 14, 2024 18:11

Rebits added 4 commits May 14, 2024 20:18

feat: comment macos agent for testing

11dc48f

feat: uncomment macos agent e2e env

fd26cf0

fix: undefined target_to_ignore in teardown

d91cafb

fix: teardown target_os refference

3e65c41

Rebits mentioned this pull request May 20, 2024

Failures in Vulnerability Detection E2E Tests RC 2 #5397

Closed

2 tasks

Rebits added 4 commits May 20, 2024 10:33

fix: agents_to_check initialization

cb57457

fix: include CVE-2023-3128 in grafana 8.5.6

b9d6f2b

fix: include timeout to teardown

ae4509c

Merge branch '4.8.0' into fix/5368-remove-false-positive-CVE-2023-4822

fca26be

santipadilla approved these changes May 22, 2024

View reviewed changes

MARCOSD4 mentioned this pull request May 22, 2024

Migrate packages to S3 repository for E2E vulnerability detection testing #5365

Closed

3 tasks

juliamagan approved these changes May 22, 2024

View reviewed changes

juliamagan merged commit ec9be1a into 4.8.0 May 22, 2024
0 of 2 checks passed

juliamagan deleted the fix/5368-remove-false-positive-CVE-2023-4822 branch May 22, 2024 17:12

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Refactor E2E Vulnerability Detection tests cases to remove false positive CVE-2023-4822 #5369

Refactor E2E Vulnerability Detection tests cases to remove false positive CVE-2023-4822 #5369

Rebits commented May 13, 2024 •

edited

Refactor E2E Vulnerability Detection tests cases to remove false positive CVE-2023-4822 #5369

Refactor E2E Vulnerability Detection tests cases to remove false positive CVE-2023-4822 #5369

Conversation

Rebits commented May 13, 2024 • edited

Description

Testing performed

Rebits commented May 13, 2024 •

edited