Skip to content

Commit

Permalink
[CWS] make sure .gitkeep is included in the go:embed of the syscall…
Browse files Browse the repository at this point in the history
… tester (DataDog#31406)
  • Loading branch information
paulcacheux authored Nov 25, 2024
1 parent a1caa2b commit a9cf926
Show file tree
Hide file tree
Showing 49 changed files with 312 additions and 310 deletions.
24 changes: 12 additions & 12 deletions pkg/security/tests/action_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -109,7 +109,7 @@ func TestActionKill(t *testing.T) {
t.Error("signal timeout")
}
return nil
}, func(rule *rules.Rule, event *model.Event) bool {
}, func(_ *rules.Rule, _ *model.Event) bool {
return true
}, time.Second*3, "kill_action_usr2")
if err != nil {
Expand All @@ -123,7 +123,7 @@ func TestActionKill(t *testing.T) {
}
validateMessageSchema(t, string(msg.Data))

jsonPathValidation(test, msg.Data, func(testMod *testModule, obj interface{}) {
jsonPathValidation(test, msg.Data, func(_ *testModule, obj interface{}) {
if el, err := jsonpath.JsonPathLookup(obj, `$.agent.rule_actions[?(@.signal == 'SIGUSR2')]`); err != nil || el == nil || len(el.([]interface{})) == 0 {
t.Errorf("element not found %s => %v", string(msg.Data), err)
}
Expand Down Expand Up @@ -163,7 +163,7 @@ func TestActionKill(t *testing.T) {
t.Error("signal timeout")
}
return nil
}, func(rule *rules.Rule, event *model.Event) bool {
}, func(_ *rules.Rule, _ *model.Event) bool {
return true
}, time.Second*5, "kill_action_kill")

Expand All @@ -178,7 +178,7 @@ func TestActionKill(t *testing.T) {
}
validateMessageSchema(t, string(msg.Data))

jsonPathValidation(test, msg.Data, func(testMod *testModule, obj interface{}) {
jsonPathValidation(test, msg.Data, func(_ *testModule, obj interface{}) {
if el, err := jsonpath.JsonPathLookup(obj, `$.agent.rule_actions[?(@.signal == 'SIGKILL')]`); err != nil || el == nil || len(el.([]interface{})) == 0 {
t.Errorf("element not found %s => %v", string(msg.Data), err)
}
Expand Down Expand Up @@ -239,7 +239,7 @@ func TestActionKillExcludeBinary(t *testing.T) {
}()

return nil
}, func(rule *rules.Rule, event *model.Event) bool {
}, func(_ *rules.Rule, _ *model.Event) bool {
return true
}, time.Second*5, "kill_action_kill_exclude")

Expand Down Expand Up @@ -315,7 +315,7 @@ func TestActionKillRuleSpecific(t *testing.T) {
t.Error("signal timeout")
}
return nil
}, func(rule *rules.Rule, event *model.Event) bool {
}, func(_ *rules.Rule, _ *model.Event) bool {
return true
}, time.Second*5, "kill_action_kill")

Expand All @@ -330,7 +330,7 @@ func TestActionKillRuleSpecific(t *testing.T) {
}
validateMessageSchema(t, string(msg.Data))

jsonPathValidation(test, msg.Data, func(testMod *testModule, obj interface{}) {
jsonPathValidation(test, msg.Data, func(_ *testModule, obj interface{}) {
if el, err := jsonpath.JsonPathLookup(obj, `$.agent.rule_actions[?(@.signal == 'SIGKILL')]`); err != nil || el == nil || len(el.([]interface{})) == 0 {
t.Errorf("element not found %s => %v", string(msg.Data), err)
}
Expand All @@ -353,7 +353,7 @@ func TestActionKillRuleSpecific(t *testing.T) {
}
validateMessageSchema(t, string(msg.Data))

jsonPathValidation(test, msg.Data, func(testMod *testModule, obj interface{}) {
jsonPathValidation(test, msg.Data, func(_ *testModule, obj interface{}) {
if _, err := jsonpath.JsonPathLookup(obj, `$.agent.rule_actions`); err == nil {
t.Errorf("unexpected rule action %s", string(msg.Data))
}
Expand Down Expand Up @@ -728,7 +728,7 @@ func TestActionHash(t *testing.T) {
done <- true
}()
return nil
}, func(event *model.Event, rule *rules.Rule) {
}, func(_ *model.Event, rule *rules.Rule) {
assertTriggeredRule(t, rule, "hash_action")
})

Expand All @@ -739,7 +739,7 @@ func TestActionHash(t *testing.T) {
}
validateMessageSchema(t, string(msg.Data))

jsonPathValidation(test, msg.Data, func(testMod *testModule, obj interface{}) {
jsonPathValidation(test, msg.Data, func(_ *testModule, obj interface{}) {
if el, err := jsonpath.JsonPathLookup(obj, `$.agent.rule_actions[?(@.state == 'Done')]`); err != nil || el == nil || len(el.([]interface{})) == 0 {
t.Errorf("element not found %s => %v", string(msg.Data), err)
}
Expand Down Expand Up @@ -776,7 +776,7 @@ func TestActionHash(t *testing.T) {
done <- true
}()
return nil
}, func(event *model.Event, rule *rules.Rule) {
}, func(_ *model.Event, rule *rules.Rule) {
assertTriggeredRule(t, rule, "hash_action")
})

Expand All @@ -787,7 +787,7 @@ func TestActionHash(t *testing.T) {
}
validateMessageSchema(t, string(msg.Data))

jsonPathValidation(test, msg.Data, func(testMod *testModule, obj interface{}) {
jsonPathValidation(test, msg.Data, func(_ *testModule, obj interface{}) {
if el, err := jsonpath.JsonPathLookup(obj, `$.agent.rule_actions[?(@.state == 'Done')]`); err != nil || el == nil || len(el.([]interface{})) == 0 {
t.Errorf("element not found %s => %v", string(msg.Data), err)
}
Expand Down
8 changes: 4 additions & 4 deletions pkg/security/tests/activity_dumps_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -568,7 +568,7 @@ func TestActivityDumpsAutoSuppression(t *testing.T) {
cmd := dockerInstance.Command("getconf", []string{"-a"}, []string{})
_, err = cmd.CombinedOutput()
return err
}, func(rule *rules.Rule, event *model.Event) bool {
}, func(_ *rules.Rule, event *model.Event) bool {
if event.ProcessContext.ContainerID == containerutils.ContainerID(dump.ContainerID) {
t.Fatal("Got a signal that should have been suppressed")
}
Expand All @@ -587,7 +587,7 @@ func TestActivityDumpsAutoSuppression(t *testing.T) {
cmd := dockerInstance.Command("nslookup", []string{"foo.bar"}, []string{})
_, err = cmd.CombinedOutput()
return err
}, func(rule *rules.Rule, event *model.Event) bool {
}, func(_ *rules.Rule, event *model.Event) bool {
if event.ProcessContext.ContainerID == containerutils.ContainerID(dump.ContainerID) {
t.Fatal("Got a signal that should have been suppressed")
}
Expand Down Expand Up @@ -677,7 +677,7 @@ func TestActivityDumpsAutoSuppressionDriftOnly(t *testing.T) {
cmd := dockerInstance2.Command("getconf", []string{"-a"}, []string{})
_, err := cmd.CombinedOutput()
return err
}, func(rule *rules.Rule, event *model.Event) bool {
}, func(_ *rules.Rule, event *model.Event) bool {
if event.ProcessContext.ContainerID == containerutils.ContainerID(dockerInstance2.containerID) {
t.Fatal("Got a signal that should have been suppressed")
}
Expand All @@ -696,7 +696,7 @@ func TestActivityDumpsAutoSuppressionDriftOnly(t *testing.T) {
cmd := dockerInstance2.Command("nslookup", []string{"foo.bar"}, []string{})
_, err = cmd.CombinedOutput()
return err
}, func(rule *rules.Rule, event *model.Event) bool {
}, func(_ *rules.Rule, event *model.Event) bool {
if event.ProcessContext.ContainerID == containerutils.ContainerID(dockerInstance2.containerID) {
t.Fatal("Got a signal that should have been suppressed")
}
Expand Down
16 changes: 8 additions & 8 deletions pkg/security/tests/bind_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -50,7 +50,7 @@ func TestBindEvent(t *testing.T) {
t.Fatal(err)
}

test.Run(t, "bind-af-inet-any-success-tcp", func(t *testing.T, kind wrapperType, cmdFunc func(cmd string, args []string, envs []string) *exec.Cmd) {
test.Run(t, "bind-af-inet-any-success-tcp", func(t *testing.T, _ wrapperType, cmdFunc func(cmd string, args []string, envs []string) *exec.Cmd) {
args := []string{"bind", "AF_INET", "any", "tcp"}
envs := []string{}

Expand All @@ -61,7 +61,7 @@ func TestBindEvent(t *testing.T) {
}

return nil
}, func(event *model.Event, r *rules.Rule) {
}, func(event *model.Event, _ *rules.Rule) {
assert.Equal(t, "bind", event.GetType(), "wrong event type")
assert.Equal(t, uint16(unix.AF_INET), event.Bind.AddrFamily, "wrong address family")
assert.Equal(t, uint16(4242), event.Bind.Addr.Port, "wrong address port")
Expand All @@ -73,7 +73,7 @@ func TestBindEvent(t *testing.T) {
})
})

test.Run(t, "bind-af-inet-any-success-udp", func(t *testing.T, kind wrapperType, cmdFunc func(cmd string, args []string, envs []string) *exec.Cmd) {
test.Run(t, "bind-af-inet-any-success-udp", func(t *testing.T, _ wrapperType, cmdFunc func(cmd string, args []string, envs []string) *exec.Cmd) {
args := []string{"bind", "AF_INET", "any", "udp"}
envs := []string{}

Expand All @@ -84,7 +84,7 @@ func TestBindEvent(t *testing.T) {
}

return nil
}, func(event *model.Event, r *rules.Rule) {
}, func(event *model.Event, _ *rules.Rule) {
assert.Equal(t, "bind", event.GetType(), "wrong event type")
assert.Equal(t, uint16(unix.AF_INET), event.Bind.AddrFamily, "wrong address family")
assert.Equal(t, uint16(4242), event.Bind.Addr.Port, "wrong address port")
Expand All @@ -96,7 +96,7 @@ func TestBindEvent(t *testing.T) {
})
})

test.Run(t, "bind-af-inet6-any-success", func(t *testing.T, kind wrapperType, cmdFunc func(cmd string, args []string, envs []string) *exec.Cmd) {
test.Run(t, "bind-af-inet6-any-success", func(t *testing.T, _ wrapperType, cmdFunc func(cmd string, args []string, envs []string) *exec.Cmd) {
args := []string{"bind", "AF_INET6", "any"}
envs := []string{}

Expand All @@ -107,7 +107,7 @@ func TestBindEvent(t *testing.T) {
}

return nil
}, func(event *model.Event, r *rules.Rule) {
}, func(event *model.Event, _ *rules.Rule) {
assert.Equal(t, "bind", event.GetType(), "wrong event type")
assert.Equal(t, uint16(unix.AF_INET6), event.Bind.AddrFamily, "wrong address family")
assert.Equal(t, uint16(4242), event.Bind.Addr.Port, "wrong address port")
Expand All @@ -118,7 +118,7 @@ func TestBindEvent(t *testing.T) {
})
})

test.Run(t, "bind-af-unknown-unix", func(t *testing.T, kind wrapperType, cmdFunc func(cmd string, args []string, envs []string) *exec.Cmd) {
test.Run(t, "bind-af-unknown-unix", func(t *testing.T, _ wrapperType, cmdFunc func(cmd string, args []string, envs []string) *exec.Cmd) {
args := []string{"bind", "AF_UNIX"}
envs := []string{}

Expand All @@ -129,7 +129,7 @@ func TestBindEvent(t *testing.T) {
}

return nil
}, func(event *model.Event, r *rules.Rule) {
}, func(event *model.Event, _ *rules.Rule) {
assert.Equal(t, "bind", event.GetType(), "wrong event type")
assert.Equal(t, uint16(unix.AF_UNIX), event.Bind.AddrFamily, "wrong address family")
assert.Equal(t, uint16(0), event.Bind.Addr.Port, "wrong address port")
Expand Down
6 changes: 3 additions & 3 deletions pkg/security/tests/bpf_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -47,7 +47,7 @@ func TestBPFEventLoad(t *testing.T) {
t.Run("prog_load", func(t *testing.T) {
test.WaitSignal(t, func() error {
return runSyscallTesterFunc(context.Background(), t, syscallTester, "-load-bpf")
}, func(event *model.Event, r *rules.Rule) {
}, func(event *model.Event, _ *rules.Rule) {
assert.Equal(t, "bpf", event.GetType(), "wrong event type")
assert.Equal(t, uint32(model.BpfProgTypeKprobe), event.BPF.Program.Type, "wrong program type")

Expand Down Expand Up @@ -84,7 +84,7 @@ func TestBPFEventMap(t *testing.T) {
t.Run("map_lookup", func(t *testing.T) {
test.WaitSignal(t, func() error {
return runSyscallTesterFunc(context.Background(), t, syscallTester, "-load-bpf", "-clone-bpf")
}, func(event *model.Event, r *rules.Rule) {
}, func(event *model.Event, _ *rules.Rule) {
assert.Equal(t, "bpf", event.GetType(), "wrong event type")
assert.Equal(t, uint32(model.BpfMapTypeHash), event.BPF.Map.Type, "wrong map type")

Expand Down Expand Up @@ -121,7 +121,7 @@ func TestBPFCwsMapConstant(t *testing.T) {
t.Run("map_lookup", func(t *testing.T) {
test.WaitSignal(t, func() error {
return runSyscallTesterFunc(context.Background(), t, syscallTester, "-load-bpf")
}, func(event *model.Event, r *rules.Rule) {
}, func(event *model.Event, _ *rules.Rule) {
assert.Equal(t, "bpf", event.GetType(), "wrong event type")
assert.Equal(t, uint32(model.BpfMapTypeArray), event.BPF.Map.Type, "wrong map type")

Expand Down
2 changes: 2 additions & 0 deletions pkg/security/tests/cgroup_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -120,6 +120,7 @@ ExecStart=/usr/bin/touch %s`, testFile2)
return err
}
if err := os.Remove("/etc/systemd/system/cws-test.service"); err != nil {
return err
}
if err := exec.Command("systemctl", "daemon-reload").Run(); err != nil {
return err
Expand Down Expand Up @@ -158,6 +159,7 @@ ExecStart=/usr/bin/touch %s`, testFile2)
return err
}
if err := os.Remove("/etc/systemd/system/cws-test.service"); err != nil {
return err
}
if err := exec.Command("systemctl", "daemon-reload").Run(); err != nil {
return err
Expand Down
2 changes: 1 addition & 1 deletion pkg/security/tests/chdir_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -69,7 +69,7 @@ func TestChdir(t *testing.T) {
defer f.Close()

return f.Chdir()
}, func(event *model.Event, rule *rules.Rule) {
}, func(_ *model.Event, rule *rules.Rule) {
assertTriggeredRule(t, rule, "test_chdir_rule")
})
})
Expand Down
8 changes: 4 additions & 4 deletions pkg/security/tests/chmod_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -57,7 +57,7 @@ func TestChmod(t *testing.T) {
return error(errno)
}
return nil
}, func(event *model.Event, r *rules.Rule) {
}, func(event *model.Event, _ *rules.Rule) {
assert.Equal(t, "chmod", event.GetType(), "wrong event type")
assertRights(t, uint16(event.Chmod.Mode), 0o707)
assertInode(t, getInode(t, testFile), event.Chmod.File.Inode)
Expand All @@ -80,7 +80,7 @@ func TestChmod(t *testing.T) {
return error(errno)
}
return nil
}, func(event *model.Event, r *rules.Rule) {
}, func(event *model.Event, _ *rules.Rule) {
assert.Equal(t, "chmod", event.GetType(), "wrong event type")
assertRights(t, uint16(event.Chmod.Mode), 0o757)
assertInode(t, getInode(t, testFile), event.Chmod.File.Inode)
Expand All @@ -106,7 +106,7 @@ func TestChmod(t *testing.T) {
return error(errno)
}
return nil
}, func(event *model.Event, r *rules.Rule) {
}, func(event *model.Event, _ *rules.Rule) {
assert.Equal(t, "chmod", event.GetType(), "wrong event type")
assertRights(t, uint16(event.Chmod.Mode), 0o757)
assertInode(t, getInode(t, testFile), event.Chmod.File.Inode)
Expand All @@ -127,7 +127,7 @@ func TestChmod(t *testing.T) {
return error(errno)
}
return nil
}, func(event *model.Event, r *rules.Rule) {
}, func(event *model.Event, _ *rules.Rule) {
assert.Equal(t, "chmod", event.GetType(), "wrong event type")
assertRights(t, uint16(event.Chmod.Mode), 0o717, "wrong mode")
assertInode(t, getInode(t, testFile), event.Chmod.File.Inode)
Expand Down
14 changes: 7 additions & 7 deletions pkg/security/tests/chown32_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -67,7 +67,7 @@ func TestChown32(t *testing.T) {
test.WaitSignal(t, func() error {
// fchown syscall
return runSyscallTesterFunc(context.Background(), t, syscallTester, "chown", testFile, "100", "200")
}, func(event *model.Event, r *rules.Rule) {
}, func(event *model.Event, _ *rules.Rule) {
assert.Equal(t, "chown", event.GetType(), "wrong event type")
assert.Equal(t, int64(100), event.Chown.UID, "wrong user")
assert.Equal(t, int64(200), event.Chown.GID, "wrong user")
Expand All @@ -94,7 +94,7 @@ func TestChown32(t *testing.T) {
test.WaitSignal(t, func() error {
// fchown syscall
return runSyscallTesterFunc(context.Background(), t, syscallTester, "fchown", testFile, "101", "201")
}, func(event *model.Event, r *rules.Rule) {
}, func(event *model.Event, _ *rules.Rule) {
assert.Equal(t, "chown", event.GetType(), "wrong event type")
assert.Equal(t, int64(101), event.Chown.UID, "wrong user")
assert.Equal(t, int64(201), event.Chown.GID, "wrong user")
Expand All @@ -121,7 +121,7 @@ func TestChown32(t *testing.T) {
test.WaitSignal(t, func() error {
// fchown syscall
return runSyscallTesterFunc(context.Background(), t, syscallTester, "fchownat", testFile, "102", "202")
}, func(event *model.Event, r *rules.Rule) {
}, func(event *model.Event, _ *rules.Rule) {
assert.Equal(t, "chown", event.GetType(), "wrong event type")
assert.Equal(t, int64(102), event.Chown.UID, "wrong user")
assert.Equal(t, int64(202), event.Chown.GID, "wrong user")
Expand Down Expand Up @@ -153,7 +153,7 @@ func TestChown32(t *testing.T) {
test.WaitSignal(t, func() error {
// fchown syscall
return runSyscallTesterFunc(context.Background(), t, syscallTester, "lchown", testSymlink, "103", "203")
}, func(event *model.Event, r *rules.Rule) {
}, func(event *model.Event, _ *rules.Rule) {
assert.Equal(t, "chown", event.GetType(), "wrong event type")
assert.Equal(t, int64(103), event.Chown.UID, "wrong user")
assert.Equal(t, int64(203), event.Chown.GID, "wrong user")
Expand Down Expand Up @@ -185,7 +185,7 @@ func TestChown32(t *testing.T) {
test.WaitSignal(t, func() error {
// fchown syscall
return runSyscallTesterFunc(context.Background(), t, syscallTester, "lchown32", testSymlink, "104", "204")
}, func(event *model.Event, r *rules.Rule) {
}, func(event *model.Event, _ *rules.Rule) {
assert.Equal(t, "chown", event.GetType(), "wrong event type")
assert.Equal(t, int64(104), event.Chown.UID, "wrong user")
assert.Equal(t, int64(204), event.Chown.GID, "wrong user")
Expand Down Expand Up @@ -213,7 +213,7 @@ func TestChown32(t *testing.T) {
test.WaitSignal(t, func() error {
// fchown syscall
return runSyscallTesterFunc(context.Background(), t, syscallTester, "fchown32", testFile, "105", "205")
}, func(event *model.Event, r *rules.Rule) {
}, func(event *model.Event, _ *rules.Rule) {
assert.Equal(t, "chown", event.GetType(), "wrong event type")
assert.Equal(t, int64(105), event.Chown.UID, "wrong user")
assert.Equal(t, int64(205), event.Chown.GID, "wrong user")
Expand All @@ -240,7 +240,7 @@ func TestChown32(t *testing.T) {
test.WaitSignal(t, func() error {
// fchown syscall
return runSyscallTesterFunc(context.Background(), t, syscallTester, "chown32", testFile, "106", "206")
}, func(event *model.Event, r *rules.Rule) {
}, func(event *model.Event, _ *rules.Rule) {
assert.Equal(t, "chown", event.GetType(), "wrong event type")
assert.Equal(t, int64(106), event.Chown.UID, "wrong user")
assert.Equal(t, int64(206), event.Chown.GID, "wrong user")
Expand Down
Loading

0 comments on commit a9cf926

Please sign in to comment.