From 5aa8d36eb992e57abf856e71b215efac1cc57092 Mon Sep 17 00:00:00 2001 From: RoiKol Date: Tue, 7 Nov 2023 13:56:52 +0200 Subject: [PATCH] fixup! fixup! feat(tests): add io_uring tests --- .github/workflows/pr.yaml | 2 +- tests/e2e-inst-signatures/e2e-io_issue_sqe.go | 73 +++++++++++++++++++ .../e2e-io_uring_submit_req.go | 62 ---------------- tests/e2e-inst-signatures/export.go | 2 +- ...io_uring_submit_req.sh => io_issue_sqe.sh} | 0 tests/e2e-inst-signatures/scripts/io_write.sh | 2 +- 6 files changed, 76 insertions(+), 65 deletions(-) create mode 100644 tests/e2e-inst-signatures/e2e-io_issue_sqe.go delete mode 100644 tests/e2e-inst-signatures/e2e-io_uring_submit_req.go rename tests/e2e-inst-signatures/scripts/{io_uring_submit_req.sh => io_issue_sqe.sh} (100%) diff --git a/.github/workflows/pr.yaml b/.github/workflows/pr.yaml index 830d0566f9a3..8ca6ff8a3921 100644 --- a/.github/workflows/pr.yaml +++ b/.github/workflows/pr.yaml @@ -66,7 +66,7 @@ env: BPF_ATTACH CONTAINERS_DATA_SOURCE PROCTREE_DATA_SOURCE - IO_URING_SUBMIT_REQ + IO_ISSUE_SQE IO_WRITE jobs: # diff --git a/tests/e2e-inst-signatures/e2e-io_issue_sqe.go b/tests/e2e-inst-signatures/e2e-io_issue_sqe.go new file mode 100644 index 000000000000..40baf5ed78ea --- /dev/null +++ b/tests/e2e-inst-signatures/e2e-io_issue_sqe.go @@ -0,0 +1,73 @@ +package main + +import ( + "fmt" + + "github.com/docker/docker/pkg/parsers/kernel" + + "github.com/aquasecurity/tracee/types/detect" + "github.com/aquasecurity/tracee/types/protocol" + "github.com/aquasecurity/tracee/types/trace" +) + +type e2eIoIssueSqe struct { + cb detect.SignatureHandler +} + +func (sig *e2eIoIssueSqe) Init(ctx detect.SignatureContext) error { + sig.cb = ctx.Callback + return nil +} + +func (sig *e2eIoIssueSqe) GetMetadata() (detect.SignatureMetadata, error) { + return detect.SignatureMetadata{ + ID: "IO_ISSUE_SQE", + EventName: "IO_ISSUE_SQE", + Version: "0.1.0", + Name: "io_uring issue request Test", + Description: "Instrumentation events E2E Tests: io_uring issue request", + Tags: []string{"e2e", "instrumentation"}, + }, nil +} + +func (sig *e2eIoIssueSqe) GetSelectedEvents() ([]detect.SignatureEventSelector, error) { + return []detect.SignatureEventSelector{ + {Source: "tracee", Name: "io_issue_sqe"}, + }, nil +} + +func (sig *e2eIoIssueSqe) OnEvent(event protocol.Event) error { + eventObj, ok := event.Payload.(trace.Event) + if !ok { + return fmt.Errorf("failed to cast event's payload") + } + + m, _ := sig.GetMetadata() + + // currently only supported for kernels >= v5.5 + if !kernel.CheckKernelVersion(5, 5, 0) { + sig.cb(detect.Finding{ + SigMetadata: m, + Event: event, + Data: map[string]interface{}{}, + }) + return nil + } + + switch eventObj.EventName { + case "io_issue_sqe": + sig.cb(detect.Finding{ + SigMetadata: m, + Event: event, + Data: map[string]interface{}{}, + }) + } + + return nil +} + +func (sig *e2eIoIssueSqe) OnSignal(s detect.Signal) error { + return nil +} + +func (sig *e2eIoIssueSqe) Close() {} diff --git a/tests/e2e-inst-signatures/e2e-io_uring_submit_req.go b/tests/e2e-inst-signatures/e2e-io_uring_submit_req.go deleted file mode 100644 index 4808093dd518..000000000000 --- a/tests/e2e-inst-signatures/e2e-io_uring_submit_req.go +++ /dev/null @@ -1,62 +0,0 @@ -package main - -import ( - "fmt" - - "github.com/aquasecurity/tracee/types/detect" - "github.com/aquasecurity/tracee/types/protocol" - "github.com/aquasecurity/tracee/types/trace" -) - -type e2eIoUringSumitReq struct { - cb detect.SignatureHandler -} - -func (sig *e2eIoUringSumitReq) Init(ctx detect.SignatureContext) error { - sig.cb = ctx.Callback - return nil -} - -func (sig *e2eIoUringSumitReq) GetMetadata() (detect.SignatureMetadata, error) { - return detect.SignatureMetadata{ - ID: "IO_URING_SUBMIT_REQ", - EventName: "IO_URING_SUBMIT_REQ", - Version: "0.1.0", - Name: "io_uring submit request Test", - Description: "Instrumentation events E2E Tests: io_uring submit request", - Tags: []string{"e2e", "instrumentation"}, - }, nil -} - -func (sig *e2eIoUringSumitReq) GetSelectedEvents() ([]detect.SignatureEventSelector, error) { - return []detect.SignatureEventSelector{ - {Source: "tracee", Name: "io_uring_submit_req"}, - }, nil -} - -func (sig *e2eIoUringSumitReq) OnEvent(event protocol.Event) error { - eventObj, ok := event.Payload.(trace.Event) - if !ok { - return fmt.Errorf("failed to cast event's payload") - } - - switch eventObj.EventName { - case "io_uring_submit_req": - - m, _ := sig.GetMetadata() - - sig.cb(detect.Finding{ - SigMetadata: m, - Event: event, - Data: map[string]interface{}{}, - }) - } - - return nil -} - -func (sig *e2eIoUringSumitReq) OnSignal(s detect.Signal) error { - return nil -} - -func (sig *e2eIoUringSumitReq) Close() {} diff --git a/tests/e2e-inst-signatures/export.go b/tests/e2e-inst-signatures/export.go index bdaebfe53bc9..c26398986d13 100644 --- a/tests/e2e-inst-signatures/export.go +++ b/tests/e2e-inst-signatures/export.go @@ -11,6 +11,6 @@ var ExportedSignatures = []detect.Signature{ &e2eBpfAttach{}, &e2eProcessTreeDataSource{}, &e2eHookedSyscall{}, - &e2eIoUringSumitReq{}, + &e2eIoIssueSqe{}, &e2eIoWrite{}, } diff --git a/tests/e2e-inst-signatures/scripts/io_uring_submit_req.sh b/tests/e2e-inst-signatures/scripts/io_issue_sqe.sh similarity index 100% rename from tests/e2e-inst-signatures/scripts/io_uring_submit_req.sh rename to tests/e2e-inst-signatures/scripts/io_issue_sqe.sh diff --git a/tests/e2e-inst-signatures/scripts/io_write.sh b/tests/e2e-inst-signatures/scripts/io_write.sh index e60ae1f48d01..1cd4f3b14558 100755 --- a/tests/e2e-inst-signatures/scripts/io_write.sh +++ b/tests/e2e-inst-signatures/scripts/io_write.sh @@ -10,6 +10,6 @@ exit_err() { prog=io_uring_writev dir=tests/e2e-inst-signatures/scripts # compile prog -# no compilation needed as it was done in io_uring_submit_req.sh +# no compilation needed as it was done in io_issue_sqe.sh # run test ./$dir/$prog || exit_err "could not run $prog"