fleet/cmd/fleetctl/vulnerability_data_stream_test.go

package main

import (
	"fmt"
	"os"
	"path"
	"testing"

	"github.com/fleetdm/fleet/v4/pkg/nettest"
	"github.com/stretchr/testify/assert"
	"github.com/stretchr/testify/require"
)

func TestVulnerabilityDataStream(t *testing.T) {
	nettest.Run(t)

	runAppCheckErr(t, []string{"vulnerability-data-stream"}, "No directory provided")

	vulnPath := t.TempDir()
	expectedOutput := `[-] Downloading CPE database... Done
[-] Downloading CPE translations... Done
[-] Downloading NVD CVE feed... Done
[-] Downloading EPSS feed... Done
[-] Downloading CISA known exploits feed... Done
[-] Downloading Oval definitions... Done
[-] Downloading MSRC artifacts... Done
[-] Downloading MacOffice release notes... Done
[+] Data streams successfully downloaded!
`

	// Set start and end indexes otherwise a full sync using the NVD API 2.0 takes a long time (>15m).
	os.Setenv("NETWORK_TEST_NVD_CVE_START_IDX", "220000")
	os.Setenv("NETWORK_TEST_NVD_CVE_END_IDX", "226000")

	var actualOutput string
	err := nettest.RunWithNetRetry(t, func() error {
		w, err := runAppNoChecks([]string{"vulnerability-data-stream", "--dir", vulnPath})
		actualOutput = w.String()
		return err
	})
	require.NoError(t, err)
	assert.Equal(t, expectedOutput, actualOutput)

	assert.FileExists(t, path.Join(vulnPath, "cpe.sqlite"))

	files := []string{
		"cpe.sqlite",
		"epss_scores-current.csv",
		"known_exploited_vulnerabilities.json",
	}
	for y := 2008; y <= 2023; y++ {
		files = append(
			files,
			fmt.Sprintf("nvdcve-1.1-%d.json", y),
		)
	}
	for _, file := range files {
		assert.FileExists(t, path.Join(vulnPath, file))
	}
}
Issue 1963 vulnerabilities no sync (#1976) * wip * Add tests for skip sync * Add changes file * Fix lint 2021-09-14 13:58:35 +00:00			`package main`

			`import (`
Sync CVE scores periodically (#5838) 2022-06-01 16:06:57 +00:00			`"fmt"`
Use NVD API 2.0 to download CVE information (#15102) #14888 @getvictor This is ready for review, but keeping as draft as there are probably many tests that need amending. I used the new version of the `./tools/nvd/nvdvuln/nvdvuln.go` to compare the current vulnerabilities found in our dogfood environment with the vulnerabilities found by the code in this PR and both results match: ``` go run -race -tags fts5 ./tools/nvd/nvdvuln/nvdvuln.go --debug --db_dir ./local --software_from_url <dogfood URL> --software_from_api_token <API_TOKEN> --sync 2>&1 \| tee out.txt [...] CVEs found and expected matched! ``` - [X] Changes file added for user-visible changes in `changes/` or `orbit/changes/`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - [ ] Added/updated tests - [X] Manual QA for all new/changed functionality --------- Co-authored-by: Victor Lyuboslavsky <victor@fleetdm.com> Co-authored-by: Victor Lyuboslavsky <victor.lyuboslavsky@gmail.com> 2023-11-21 18:30:07 +00:00			`"os"`
Issue 1963 vulnerabilities no sync (#1976) * wip * Add tests for skip sync * Add changes file * Fix lint 2021-09-14 13:58:35 +00:00			`"path"`
			`"testing"`

Run network test serially to prevent timeouts on Github CI (#5557) * Run network test serially to prevent timeouts on Github CI * Revert lint changes * Add simple file lock * Revert test change * Clarify error check 2022-05-10 14:52:33 +00:00			`"github.com/fleetdm/fleet/v4/pkg/nettest"`
Issue 1963 vulnerabilities no sync (#1976) * wip * Add tests for skip sync * Add changes file * Fix lint 2021-09-14 13:58:35 +00:00			`"github.com/stretchr/testify/assert"`
Fix flaky test TestVulnerabilityDataStream (#6162) 2022-06-09 13:36:37 +00:00			`"github.com/stretchr/testify/require"`
Issue 1963 vulnerabilities no sync (#1976) * wip * Add tests for skip sync * Add changes file * Fix lint 2021-09-14 13:58:35 +00:00			`)`

			`func TestVulnerabilityDataStream(t *testing.T) {`
Run network test serially to prevent timeouts on Github CI (#5557) * Run network test serially to prevent timeouts on Github CI * Revert lint changes * Add simple file lock * Revert test change * Clarify error check 2022-05-10 14:52:33 +00:00			`nettest.Run(t)`
Improve performance of the Go test suite (#2060) Closes #1805 2021-09-20 18:09:38 +00:00
Issue 1963 vulnerabilities no sync (#1976) * wip * Add tests for skip sync * Add changes file * Fix lint 2021-09-14 13:58:35 +00:00			`runAppCheckErr(t, []string{"vulnerability-data-stream"}, "No directory provided")`

			`vulnPath := t.TempDir()`
Fix flaky test TestVulnerabilityDataStream (#6162) 2022-06-09 13:36:37 +00:00			expectedOutput := `[-] Downloading CPE database... Done
improve vuln cpe matching on macos (#6985) * add cpe translations * fix matching on target_sw 2022-09-01 16:02:07 +00:00			`[-] Downloading CPE translations... Done`
Sync CVE scores periodically (#5838) 2022-06-01 16:06:57 +00:00			`[-] Downloading NVD CVE feed... Done`
			`[-] Downloading EPSS feed... Done`
			`[-] Downloading CISA known exploits feed... Done`
Improve vulnerability detection for Ubuntu (#6102) Feature: Improve our capability to detect vulnerable software on Ubuntu hosts To improve the capability of detecting vulnerable software on Ubuntu, we are now using OVAL definitions to detect vulnerable software on Ubuntu hosts. If data sync is enabled (disable_data_sync=false) OVAL definitions are automatically kept up to date (they are 'refreshed' once per day) - there's also the option to manually download the OVAL definitions using the 'fleetctl vulnerability-data-stream' command. Downloaded definitions are then parsed into an intermediary format and then used to identify vulnerable software on Ubuntu hosts. Finally, any 'recent' detected vulnerabilities are sent to any third-party integrations. 2022-06-08 01:09:47 +00:00			`[-] Downloading Oval definitions... Done`
Feature 7494: Use the MSRC security bulletin artifacts for detecting Win OS vulnerabilities (#7889) Use the MSRC security bulletin artifacts for detecting Win OS vulnerabilities 2022-10-28 15:12:21 +00:00			`[-] Downloading MSRC artifacts... Done`
Feature 9386: Parse the Mac Office release notes for vulnerability processing (#9993) This PR adds the capability of parsing the release notes posted in https://learn.microsoft.com/en-us/officeupdates/release-notes-office-for-mac into a JSON metadata file (to be released in the NVD repo) and use it for detecting vulnerabilities on Mac Office apps. 2023-02-24 18:18:25 +00:00			`[-] Downloading MacOffice release notes... Done`
Issue 1963 vulnerabilities no sync (#1976) * wip * Add tests for skip sync * Add changes file * Fix lint 2021-09-14 13:58:35 +00:00			`[+] Data streams successfully downloaded!`
			`
Fix flaky test TestVulnerabilityDataStream (#6162) 2022-06-09 13:36:37 +00:00
Use NVD API 2.0 to download CVE information (#15102) #14888 @getvictor This is ready for review, but keeping as draft as there are probably many tests that need amending. I used the new version of the `./tools/nvd/nvdvuln/nvdvuln.go` to compare the current vulnerabilities found in our dogfood environment with the vulnerabilities found by the code in this PR and both results match: ``` go run -race -tags fts5 ./tools/nvd/nvdvuln/nvdvuln.go --debug --db_dir ./local --software_from_url <dogfood URL> --software_from_api_token <API_TOKEN> --sync 2>&1 \| tee out.txt [...] CVEs found and expected matched! ``` - [X] Changes file added for user-visible changes in `changes/` or `orbit/changes/`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - [ ] Added/updated tests - [X] Manual QA for all new/changed functionality --------- Co-authored-by: Victor Lyuboslavsky <victor@fleetdm.com> Co-authored-by: Victor Lyuboslavsky <victor.lyuboslavsky@gmail.com> 2023-11-21 18:30:07 +00:00			`// Set start and end indexes otherwise a full sync using the NVD API 2.0 takes a long time (>15m).`
			`os.Setenv("NETWORK_TEST_NVD_CVE_START_IDX", "220000")`
			`os.Setenv("NETWORK_TEST_NVD_CVE_END_IDX", "226000")`

Fix flaky test TestVulnerabilityDataStream (#6162) 2022-06-09 13:36:37 +00:00			`var actualOutput string`
			`err := nettest.RunWithNetRetry(t, func() error {`
			`w, err := runAppNoChecks([]string{"vulnerability-data-stream", "--dir", vulnPath})`
			`actualOutput = w.String()`
			`return err`
			`})`
			`require.NoError(t, err)`
			`assert.Equal(t, expectedOutput, actualOutput)`

Issue 1963 vulnerabilities no sync (#1976) * wip * Add tests for skip sync * Add changes file * Fix lint 2021-09-14 13:58:35 +00:00			`assert.FileExists(t, path.Join(vulnPath, "cpe.sqlite"))`

Sync CVE scores periodically (#5838) 2022-06-01 16:06:57 +00:00			`files := []string{`
			`"cpe.sqlite",`
			`"epss_scores-current.csv",`
			`"known_exploited_vulnerabilities.json",`
			`}`
Use NVD API 2.0 to download CVE information (#15102) #14888 @getvictor This is ready for review, but keeping as draft as there are probably many tests that need amending. I used the new version of the `./tools/nvd/nvdvuln/nvdvuln.go` to compare the current vulnerabilities found in our dogfood environment with the vulnerabilities found by the code in this PR and both results match: ``` go run -race -tags fts5 ./tools/nvd/nvdvuln/nvdvuln.go --debug --db_dir ./local --software_from_url <dogfood URL> --software_from_api_token <API_TOKEN> --sync 2>&1 \| tee out.txt [...] CVEs found and expected matched! ``` - [X] Changes file added for user-visible changes in `changes/` or `orbit/changes/`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - [ ] Added/updated tests - [X] Manual QA for all new/changed functionality --------- Co-authored-by: Victor Lyuboslavsky <victor@fleetdm.com> Co-authored-by: Victor Lyuboslavsky <victor.lyuboslavsky@gmail.com> 2023-11-21 18:30:07 +00:00			`for y := 2008; y <= 2023; y++ {`
Sync CVE scores periodically (#5838) 2022-06-01 16:06:57 +00:00			`files = append(`
			`files,`
Use NVD API 2.0 to download CVE information (#15102) #14888 @getvictor This is ready for review, but keeping as draft as there are probably many tests that need amending. I used the new version of the `./tools/nvd/nvdvuln/nvdvuln.go` to compare the current vulnerabilities found in our dogfood environment with the vulnerabilities found by the code in this PR and both results match: ``` go run -race -tags fts5 ./tools/nvd/nvdvuln/nvdvuln.go --debug --db_dir ./local --software_from_url <dogfood URL> --software_from_api_token <API_TOKEN> --sync 2>&1 \| tee out.txt [...] CVEs found and expected matched! ``` - [X] Changes file added for user-visible changes in `changes/` or `orbit/changes/`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - [ ] Added/updated tests - [X] Manual QA for all new/changed functionality --------- Co-authored-by: Victor Lyuboslavsky <victor@fleetdm.com> Co-authored-by: Victor Lyuboslavsky <victor.lyuboslavsky@gmail.com> 2023-11-21 18:30:07 +00:00			`fmt.Sprintf("nvdcve-1.1-%d.json", y),`
Sync CVE scores periodically (#5838) 2022-06-01 16:06:57 +00:00			`)`
			`}`
			`for _, file := range files {`
			`assert.FileExists(t, path.Join(vulnPath, file))`
			`}`
Issue 1963 vulnerabilities no sync (#1976) * wip * Add tests for skip sync * Add changes file * Fix lint 2021-09-14 13:58:35 +00:00			`}`