Skip to content

Commit

Permalink
feat(tests): add io_uring tests
Browse files Browse the repository at this point in the history
  • Loading branch information
roikol committed Oct 23, 2023
1 parent 07e168e commit e8af658
Show file tree
Hide file tree
Showing 7 changed files with 516 additions and 1 deletion.
2 changes: 2 additions & 0 deletions .github/workflows/pr.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -65,6 +65,8 @@ env:
BPF_ATTACH
CONTAINERS_DATA_SOURCE
PROCTREE_DATA_SOURCE
IO_URING_SUBMIT_REQ
IO_WRITE
jobs:
#
# CODE VERIFICATION
Expand Down
78 changes: 78 additions & 0 deletions tests/e2e-inst-signatures/e2e-io_uring_submit_req.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,78 @@
package main

import (
"fmt"

"github.com/aquasecurity/tracee/signatures/helpers"
"github.com/aquasecurity/tracee/types/detect"
"github.com/aquasecurity/tracee/types/protocol"
"github.com/aquasecurity/tracee/types/trace"
)

type e2eIoUringSumitReq struct {
cb detect.SignatureHandler
}

func (sig *e2eIoUringSumitReq) Init(ctx detect.SignatureContext) error {
sig.cb = ctx.Callback
return nil
}

func (sig *e2eIoUringSumitReq) GetMetadata() (detect.SignatureMetadata, error) {
return detect.SignatureMetadata{
ID: "IO_URING_SUBMIT_REQ",
EventName: "IO_URING_SUBMIT_REQ",
Version: "0.1.0",
Name: "io_uring submit request Test",
Description: "Instrumentation events E2E Tests: io_uring submit request",
Tags: []string{"e2e", "instrumentation"},
}, nil
}

func (sig *e2eIoUringSumitReq) GetSelectedEvents() ([]detect.SignatureEventSelector, error) {
return []detect.SignatureEventSelector{
{Source: "tracee", Name: "io_uring_submit_req"},
}, nil
}

func (sig *e2eIoUringSumitReq) OnEvent(event protocol.Event) error {
eventObj, ok := event.Payload.(trace.Event)
if !ok {
return fmt.Errorf("failed to cast event's payload")
}

switch eventObj.EventName {
case "io_uring_submit_req":
path, err := helpers.GetTraceeStringArgumentByName(eventObj, "path")
if err != nil {
return err
}

opcode, err := helpers.GetTraceeStringArgumentByName(eventObj, "opcode")
if err != nil {
return err
}

// check expected values from test for detection

if eventObj.ProcessName != "io_uring_writev" || opcode != "IORING_OP_WRITEV" || path != "/tmp/io_uring_writev.txt" {
return nil
}

m, _ := sig.GetMetadata()

sig.cb(detect.Finding{
SigMetadata: m,
Event: event,
Data: map[string]interface{}{},
})
}

return nil
}

func (sig *e2eIoUringSumitReq) OnSignal(s detect.Signal) error {
return nil
}

func (sig *e2eIoUringSumitReq) Close() {}
82 changes: 82 additions & 0 deletions tests/e2e-inst-signatures/e2e-io_write.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,82 @@
package main

import (
"fmt"

"github.com/aquasecurity/tracee/signatures/helpers"
"github.com/aquasecurity/tracee/types/detect"
"github.com/aquasecurity/tracee/types/protocol"
"github.com/aquasecurity/tracee/types/trace"
)

type e2eIoWrite struct {
cb detect.SignatureHandler
}

func (sig *e2eIoWrite) Init(ctx detect.SignatureContext) error {
sig.cb = ctx.Callback
return nil
}

func (sig *e2eIoWrite) GetMetadata() (detect.SignatureMetadata, error) {
return detect.SignatureMetadata{
ID: "IO_WRITE",
EventName: "IO_WRITE",
Version: "0.1.0",
Name: "io_write Test",
Description: "Instrumentation events E2E Tests: io_write",
Tags: []string{"e2e", "instrumentation"},
}, nil
}

func (sig *e2eIoWrite) GetSelectedEvents() ([]detect.SignatureEventSelector, error) {
return []detect.SignatureEventSelector{
{Source: "tracee", Name: "io_write"},
}, nil
}

func (sig *e2eIoWrite) OnEvent(event protocol.Event) error {
eventObj, ok := event.Payload.(trace.Event)
if !ok {
return fmt.Errorf("failed to cast event's payload")
}

switch eventObj.EventName {
case "io_write":
path, err := helpers.GetTraceeStringArgumentByName(eventObj, "path")
if err != nil {
return err
}

lenArg, err := helpers.GetTraceeArgumentByName(eventObj, "len", helpers.GetArgOps{DefaultArgs: false})
if err != nil {
return err
}
writeLen, ok := lenArg.Value.(uint32)
if !ok {
return nil
}

// check expected values from test for detection

if eventObj.ProcessName != "io_uring_writev" || writeLen != 2 || path != "/tmp/io_uring_writev.txt" {
return nil
}

m, _ := sig.GetMetadata()

sig.cb(detect.Finding{
SigMetadata: m,
Event: event,
Data: map[string]interface{}{},
})
}

return nil
}

func (sig *e2eIoWrite) OnSignal(s detect.Signal) error {
return nil
}

func (sig *e2eIoWrite) Close() {}
2 changes: 2 additions & 0 deletions tests/e2e-inst-signatures/export.go
Original file line number Diff line number Diff line change
Expand Up @@ -10,4 +10,6 @@ var ExportedSignatures = []detect.Signature{
&e2eContainersDataSource{},
&e2eBpfAttach{},
&e2eProcessTreeDataSource{},
&e2eIoUringSumitReq{},
&e2eIoWrite{},
}
Loading

0 comments on commit e8af658

Please sign in to comment.