fixup! fixup! feat(tests): add io_uring tests

aquasecurity · Nov 8, 2023 · 5aa8d36 · 5aa8d36
1 parent f00283e
commit 5aa8d36
Show file tree

Hide file tree

Showing 6 changed files with 76 additions and 65 deletions.
diff --git a/.github/workflows/pr.yaml b/.github/workflows/pr.yaml
@@ -66,7 +66,7 @@ env:
     BPF_ATTACH
     CONTAINERS_DATA_SOURCE
     PROCTREE_DATA_SOURCE
-    IO_URING_SUBMIT_REQ
+    IO_ISSUE_SQE
     IO_WRITE
 jobs:
   #

diff --git a/tests/e2e-inst-signatures/e2e-io_issue_sqe.go b/tests/e2e-inst-signatures/e2e-io_issue_sqe.go
@@ -0,0 +1,73 @@
+package main
+
+import (
+	"fmt"
+
+	"github.com/docker/docker/pkg/parsers/kernel"
+
+	"github.com/aquasecurity/tracee/types/detect"
+	"github.com/aquasecurity/tracee/types/protocol"
+	"github.com/aquasecurity/tracee/types/trace"
+)
+
+type e2eIoIssueSqe struct {
+	cb detect.SignatureHandler
+}
+
+func (sig *e2eIoIssueSqe) Init(ctx detect.SignatureContext) error {
+	sig.cb = ctx.Callback
+	return nil
+}
+
+func (sig *e2eIoIssueSqe) GetMetadata() (detect.SignatureMetadata, error) {
+	return detect.SignatureMetadata{
+		ID:          "IO_ISSUE_SQE",
+		EventName:   "IO_ISSUE_SQE",
+		Version:     "0.1.0",
+		Name:        "io_uring issue request Test",
+		Description: "Instrumentation events E2E Tests: io_uring issue request",
+		Tags:        []string{"e2e", "instrumentation"},
+	}, nil
+}
+
+func (sig *e2eIoIssueSqe) GetSelectedEvents() ([]detect.SignatureEventSelector, error) {
+	return []detect.SignatureEventSelector{
+		{Source: "tracee", Name: "io_issue_sqe"},
+	}, nil
+}
+
+func (sig *e2eIoIssueSqe) OnEvent(event protocol.Event) error {
+	eventObj, ok := event.Payload.(trace.Event)
+	if !ok {
+		return fmt.Errorf("failed to cast event's payload")
+	}
+
+	m, _ := sig.GetMetadata()
+
+	// currently only supported for kernels >= v5.5
+	if !kernel.CheckKernelVersion(5, 5, 0) {
+		sig.cb(detect.Finding{
+			SigMetadata: m,
+			Event:       event,
+			Data:        map[string]interface{}{},
+		})
+		return nil
+	}
+
+	switch eventObj.EventName {
+	case "io_issue_sqe":
+		sig.cb(detect.Finding{
+			SigMetadata: m,
+			Event:       event,
+			Data:        map[string]interface{}{},
+		})
+	}
+
+	return nil
+}
+
+func (sig *e2eIoIssueSqe) OnSignal(s detect.Signal) error {
+	return nil
+}
+
+func (sig *e2eIoIssueSqe) Close() {}
diff --git a/tests/e2e-inst-signatures/e2e-io_uring_submit_req.go b/tests/e2e-inst-signatures/e2e-io_uring_submit_req.go
diff --git a/tests/e2e-inst-signatures/export.go b/tests/e2e-inst-signatures/export.go
@@ -11,6 +11,6 @@ var ExportedSignatures = []detect.Signature{
 	&e2eBpfAttach{},
 	&e2eProcessTreeDataSource{},
 	&e2eHookedSyscall{},
-	&e2eIoUringSumitReq{},
+	&e2eIoIssueSqe{},
 	&e2eIoWrite{},
 }
diff --git a/...signatures/scripts/io_uring_submit_req.sh → ...e-inst-signatures/scripts/io_issue_sqe.sh b/...signatures/scripts/io_uring_submit_req.sh → ...e-inst-signatures/scripts/io_issue_sqe.sh
diff --git a/tests/e2e-inst-signatures/scripts/io_write.sh b/tests/e2e-inst-signatures/scripts/io_write.sh
@@ -10,6 +10,6 @@ exit_err() {
 prog=io_uring_writev
 dir=tests/e2e-inst-signatures/scripts
 # compile prog
-# no compilation needed as it was done in io_uring_submit_req.sh
+# no compilation needed as it was done in io_issue_sqe.sh
 # run test
 ./$dir/$prog || exit_err "could not run $prog"