feat(tests): add io_uring tests

.github/workflows/pr.yaml

@@ -66,6 +66,8 @@ env:
     BPF_ATTACH
     CONTAINERS_DATA_SOURCE
     PROCTREE_DATA_SOURCE
+    IO_ISSUE_SQE
+    IO_WRITE
 jobs:
   #
   # CODE VERIFICATION

tests/e2e-inst-signatures/e2e-io_issue_sqe.go

@@ -0,0 +1,60 @@
+package main
+
+import (
+	"fmt"
+
+	"github.com/aquasecurity/tracee/types/detect"
+	"github.com/aquasecurity/tracee/types/protocol"
+	"github.com/aquasecurity/tracee/types/trace"
+)
+
+type e2eIoIssueSqe struct {
+	cb detect.SignatureHandler
+}
+
+func (sig *e2eIoIssueSqe) Init(ctx detect.SignatureContext) error {
+	sig.cb = ctx.Callback
+	return nil
+}
+
+func (sig *e2eIoIssueSqe) GetMetadata() (detect.SignatureMetadata, error) {
+	return detect.SignatureMetadata{
+		ID:          "IO_ISSUE_SQE",
+		EventName:   "IO_ISSUE_SQE",
+		Version:     "0.1.0",
+		Name:        "io_uring issue request Test",
+		Description: "Instrumentation events E2E Tests: io_uring issue request",
+		Tags:        []string{"e2e", "instrumentation"},
+	}, nil
+}
+
+func (sig *e2eIoIssueSqe) GetSelectedEvents() ([]detect.SignatureEventSelector, error) {
+	return []detect.SignatureEventSelector{
+		{Source: "tracee", Name: "io_issue_sqe"},
+	}, nil
+}
+
+func (sig *e2eIoIssueSqe) OnEvent(event protocol.Event) error {
+	eventObj, ok := event.Payload.(trace.Event)
+	if !ok {
+		return fmt.Errorf("failed to cast event's payload")
+	}
+
+	switch eventObj.EventName {
+	case "io_issue_sqe":
+		m, _ := sig.GetMetadata()
+		sig.cb(detect.Finding{
+			SigMetadata: m,
+			Event:       event,
+			Data:        map[string]interface{}{},
+		})
+	}
+
+	return nil
+}
+
+func (sig *e2eIoIssueSqe) OnSignal(s detect.Signal) error {
+	return nil
+}
+
+func (sig *e2eIoIssueSqe) Close() {}

tests/e2e-inst-signatures/e2e-io_write.go

@@ -0,0 +1,62 @@
+package main
+
+import (
+	"fmt"
+
+	"github.com/aquasecurity/tracee/types/detect"
+	"github.com/aquasecurity/tracee/types/protocol"
+	"github.com/aquasecurity/tracee/types/trace"
+)
+
+type e2eIoWrite struct {
+	cb detect.SignatureHandler
+}
+
+func (sig *e2eIoWrite) Init(ctx detect.SignatureContext) error {
+	sig.cb = ctx.Callback
+	return nil
+}
+
+func (sig *e2eIoWrite) GetMetadata() (detect.SignatureMetadata, error) {
+	return detect.SignatureMetadata{
+		ID:          "IO_WRITE",
+		EventName:   "IO_WRITE",
+		Version:     "0.1.0",
+		Name:        "io_write Test",
+		Description: "Instrumentation events E2E Tests: io_write",
+		Tags:        []string{"e2e", "instrumentation"},
+	}, nil
+}
+
+func (sig *e2eIoWrite) GetSelectedEvents() ([]detect.SignatureEventSelector, error) {
+	return []detect.SignatureEventSelector{
+		{Source: "tracee", Name: "io_write"},
+	}, nil
+}
+
+func (sig *e2eIoWrite) OnEvent(event protocol.Event) error {
+	eventObj, ok := event.Payload.(trace.Event)
+	if !ok {
+		return fmt.Errorf("failed to cast event's payload")
+	}
+
+	switch eventObj.EventName {
+	case "io_write":
+
+		m, _ := sig.GetMetadata()
+
+		sig.cb(detect.Finding{
+			SigMetadata: m,
+			Event:       event,
+			Data:        map[string]interface{}{},
+		})
+	}
+
+	return nil
+}
+
+func (sig *e2eIoWrite) OnSignal(s detect.Signal) error {
+	return nil
+}
+
+func (sig *e2eIoWrite) Close() {}

tests/e2e-inst-signatures/export.go

@@ -11,4 +11,6 @@ var ExportedSignatures = []detect.Signature{
 	&e2eBpfAttach{},
 	&e2eProcessTreeDataSource{},
 	&e2eHookedSyscall{},
+	&e2eIoIssueSqe{},
+	&e2eIoWrite{},
 }

tests/e2e-inst-signatures/scripts/io_issue_sqe.sh

@@ -0,0 +1,16 @@
+#!/usr/bin/bash
+
+exit_err() {
+    echo -n "ERROR: "
+    echo "$@"
+    exit 1
+}
+
+# set vars
+prog=io_uring_writev
+dir=tests/e2e-inst-signatures/scripts
+# compile prog
+gcc $dir/$prog.c -o $dir/$prog || exit_err "could not compile $prog.c"
+chmod +x $dir/$prog
+# run test
+./$dir/$prog || exit_err "could not run $prog"