fleet/cmd/fleetctl/vulnerability_data_stream_test.go
Juan Fernandez ef73039559
Improve vulnerability detection for Ubuntu (#6102)
Feature: Improve our capability to detect vulnerable software on Ubuntu hosts

To improve the capability of detecting vulnerable software on Ubuntu, we are now using OVAL definitions to detect vulnerable software on Ubuntu hosts. If data sync is enabled (disable_data_sync=false) OVAL definitions are automatically kept up to date (they are 'refreshed' once per day) - there's also the option to manually download the OVAL definitions using the 'fleetctl vulnerability-data-stream' command. Downloaded definitions are then parsed into an intermediary format and then used to identify vulnerable software on Ubuntu hosts. Finally, any 'recent' detected vulnerabilities are sent to any third-party integrations.
2022-06-07 21:09:47 -04:00

51 lines
1.2 KiB
Go

package main
import (
"fmt"
"path"
"testing"
"time"
"github.com/fleetdm/fleet/v4/pkg/nettest"
"github.com/stretchr/testify/assert"
)
func TestVulnerabilityDataStream(t *testing.T) {
nettest.Run(t)
runAppCheckErr(t, []string{"vulnerability-data-stream"}, "No directory provided")
vulnPath := t.TempDir()
expected := `[-] Downloading CPE database... Done
[-] Downloading NVD CVE feed... Done
[-] Downloading EPSS feed... Done
[-] Downloading CISA known exploits feed... Done
[-] Downloading Oval definitions... Done
[+] Data streams successfully downloaded!
`
assert.Equal(t,
expected,
runAppForTest(t, []string{"vulnerability-data-stream", "--dir", vulnPath}),
)
assert.FileExists(t, path.Join(vulnPath, "cpe.sqlite"))
files := []string{
"cpe.sqlite",
"nvdcve-1.1-modified.json.gz",
"nvdcve-1.1-recent.json.gz",
"epss_scores-current.csv",
"known_exploited_vulnerabilities.json",
}
currentYear := time.Now().Year()
for y := 2002; y <= currentYear; y++ {
files = append(
files,
fmt.Sprintf("nvdcve-1.1-%d.json.gz", y),
fmt.Sprintf("nvdcve-1.1-%d.meta", y),
)
}
for _, file := range files {
assert.FileExists(t, path.Join(vulnPath, file))
}
}