Test failed because CVE-2024-27983 found in Vulnerability Detection E2E tests

[fcaffieri]

Version	Revision	Production/Development	Component	Install type
v4.9.1-rc3	1	Development	VD	Assistant

Description

During the tests performed at wazuh/wazuh#26165, the test test_vulnerability_detector_scans_cases[upgrade_package_maintain_add_vulnerability] failed. In this test it could be seen:

Test error:

[2024-10-07T18:48:23.975Z] �[0;31mE       AssertionError: �[0m
[2024-10-07T18:48:23.975Z] �[0;31mE         Test test_vulnerability_detector_scans_cases[upgrade_package_maintain_add_vulnerability] failed�[0m
[2024-10-07T18:48:23.975Z] �[0;31mE         �[0m
[2024-10-07T18:48:23.975Z] �[0;31mE         Check no_errors succeeded�[0m
[2024-10-07T18:48:23.975Z] �[0;31mE         Check operation_successfull_for_all_agents succeeded�[0m
[2024-10-07T18:48:23.975Z] �[0;31mE         Check expected_vulnerabilities_found_in_index succeeded�[0m
[2024-10-07T18:48:23.975Z] �[0;31mE         Check no_unexpected_vulnerabilities_found_in_index failed. Evidences (['unexpected_vulnerabilities']) can be found in the report.�[0m
[2024-10-07T18:48:23.975Z] �[0;31mE         Check expected_vulnerability_affected_alert succeeded�[0m
[2024-10-07T18:48:23.975Z] �[0;31mE         Check expected_vulnerability_mitigated_alert failed. Evidences (['missing_mitigated_alerts']) can be found in the report.�[0m
[2024-10-07T18:48:23.975Z] �[0;31mE         Check setup_operation_results succeeded�[0m
[2024-10-07T18:48:23.975Z] �[0;31mE         Check no_duplicated_vulnerabilities succeeded�[0m
[2024-10-07T18:48:23.975Z] �[0;31mE         -----�[0m
[2024-10-07T18:48:23.975Z] �[0;31mE         �[0m
[2024-10-07T18:48:23.975Z] �[0;31mE       assert False�[0m
[2024-10-07T18:48:23.975Z] �[0;31mE        +  where False = <bound method TestResult.get_test_result of <wazuh_testing.end_to_end.TestResult object at 0x7ff2e4e5b9a0>>()�[0m
[2024-10-07T18:48:23.975Z] �[0;31mE        +    where <bound method TestResult.get_test_result of <wazuh_testing.end_to_end.TestResult object at 0x7ff2e4e5b9a0>> = <wazuh_testing.end_to_end.TestResult object at 0x7ff2e4e5b9a0>.get_test_result�[0m

In missing_mitigated_alerts:

[2024-10-07T18:48:23.975Z] �[0;31mCRITICAL root:test_vulnerability_detector.py:939 Remote operation results: {'agent6': True, 'agent5': True, 'agent3': True, 'agent4': True, 'agent1': True, 'agent2': True}�[0m
[2024-10-07T18:48:23.975Z] �[0;31mERROR    root:__init__.py:237 Marked check operation_successfull_for_all_agents result to True with evidences ['operation_results']�[0m
[2024-10-07T18:48:23.975Z] �[0;31mCRITICAL root:check_validators.py:41 Vulnerability unexpected found for agent2: Vulnerability(cve='CVE-2024-27983', package_name='Node.js', package_version='18.1.0', architecture='x86_64')�[0m
[2024-10-07T18:48:23.975Z] �[0;31mCRITICAL root:check_validators.py:51 Vulnerabilities not found: {}�[0m
[2024-10-07T18:48:23.975Z] �[0;31mCRITICAL root:check_validators.py:52 Vulnerabilities unexpected: {'agent2': [Vulnerability(cve='CVE-2024-27983', package_name='Node.js', package_version='18.1.0', architecture='x86_64')]}�[0m

It must be analyzed and differentiated if this is really a product failure or a test failure.

Environment

Vulnerability detector E2E tests the environment

Steps to reproduce

Example:

1. Execute the pipeline https://ci.wazuh.info/job/Test_e2e_system/ by using the following parameters
   
2. Download and check the report created. This report is called Test_e2e_system_xxx_test_vulnerability_detector.zip and will be in the artifacts of the build
3. The report will have the previously informed results.

Current result

"CVE-2024-27983" in agent2 is present as unprocessed data (missing alerts, missing vulnerabilities, missing mitigated alerts)

Expected result

No errors are expected

• Build link: https://ci.wazuh.info/job/Test_e2e_system/393/
• Build parameters: Check in Steps to reproduce
• Artifacts: Test_e2e_system_393_test_vulnerability_detector.zip

[rauldpm]

CVE added in https://github.com/wazuh/intelligence-data/issues/1103

[davidjiglesias]

Once more, we need to use a fixed feed or something that makes our tests agnostic of changes in the intelligence-data

[juliamagan]

We changed the feed update to use the one in the package itself, and avoid these problems a bit more. However, until we have a nightly to be able to control the changes in intelligence data faster, it is better to use a dummy feed that we have controlled, to avoid this kind of issues every time there is a change.