feat(test): e2e integration test for new helpers

aquasecurity · Oct 18, 2024 · 69f0bce · 69f0bce
1 parent f5498d0
commit 69f0bce
Show file tree

Hide file tree

Showing 6 changed files with 200 additions and 0 deletions.
diff --git a/.github/workflows/pr.yaml b/.github/workflows/pr.yaml
@@ -61,6 +61,8 @@ env:
     ICMPv6
     DNS
     HTTP
+    HTTPRequest
+    HTTPResponse
   INSTTESTS: >
     PROCESS_EXECUTE_FAILED
     VFS_WRITE

diff --git a/tests/e2e-net-signatures/e2e-httprequest.go b/tests/e2e-net-signatures/e2e-httprequest.go
@@ -0,0 +1,87 @@
+package main
+
+import (
+	"fmt"
+	"strings"
+
+	"github.com/aquasecurity/tracee/signatures/helpers"
+	"github.com/aquasecurity/tracee/types/detect"
+	"github.com/aquasecurity/tracee/types/protocol"
+	"github.com/aquasecurity/tracee/types/trace"
+)
+
+//
+// HOWTO: The way to trigger this test signature is to execute:
+//
+//        curl google.com
+//
+//        This will cause it trigger once and reset it status.
+
+type e2eHTTPRequest struct {
+	cb detect.SignatureHandler
+}
+
+func (sig *e2eHTTPRequest) Init(ctx detect.SignatureContext) error {
+	sig.cb = ctx.Callback
+	return nil
+}
+
+func (sig *e2eHTTPRequest) GetMetadata() (detect.SignatureMetadata, error) {
+	return detect.SignatureMetadata{
+		ID:          "HTTPRequest",
+		EventName:   "HTTPRequest",
+		Version:     "0.1.0",
+		Name:        "Network HTTP Request Test",
+		Description: "Network E2E Tests: HTTP Request",
+		Tags:        []string{"e2e", "network"},
+	}, nil
+}
+
+func (sig *e2eHTTPRequest) GetSelectedEvents() ([]detect.SignatureEventSelector, error) {
+	return []detect.SignatureEventSelector{
+		{Source: "tracee", Name: "net_packet_http_request"},
+	}, nil
+}
+
+func (sig *e2eHTTPRequest) OnEvent(event protocol.Event) error {
+	eventObj, ok := event.Payload.(trace.Event)
+	if !ok {
+		return fmt.Errorf("failed to cast event's payload")
+	}
+
+	if eventObj.ProcessName != "curl" {
+		return nil
+	}
+
+	if eventObj.EventName == "net_packet_http_request" {
+		// validate tast context
+		if eventObj.HostName == "" {
+			return nil
+		}
+
+		// method 2 (with helper)
+		httpRequest, err := helpers.GetProtoHTTPRequestByName(eventObj, "http_request")
+		if err != nil {
+			return err
+		}
+
+		if !strings.HasPrefix(httpRequest.Protocol, "HTTP/") {
+			return nil
+		}
+
+		m, _ := sig.GetMetadata()
+		sig.cb(&detect.Finding{
+			SigMetadata: m,
+			Event:       event,
+			Data:        map[string]interface{}{},
+		})
+	}
+
+	return nil
+}
+
+func (sig *e2eHTTPRequest) OnSignal(s detect.Signal) error {
+	return nil
+}
+
+func (sig *e2eHTTPRequest) Close() {}
diff --git a/tests/e2e-net-signatures/e2e-httpresponse.go b/tests/e2e-net-signatures/e2e-httpresponse.go
@@ -0,0 +1,83 @@
+package main
+
+import (
+	"fmt"
+	"strings"
+
+	"github.com/aquasecurity/tracee/signatures/helpers"
+	"github.com/aquasecurity/tracee/types/detect"
+	"github.com/aquasecurity/tracee/types/protocol"
+	"github.com/aquasecurity/tracee/types/trace"
+)
+
+//
+// HOWTO: The way to trigger this test signature is to execute:
+//
+//        curl google.com
+//
+//        This will cause it trigger once and reset it status.
+
+type e2eHTTPResponse struct {
+	cb detect.SignatureHandler
+}
+
+func (sig *e2eHTTPResponse) Init(ctx detect.SignatureContext) error {
+	sig.cb = ctx.Callback
+	return nil
+}
+
+func (sig *e2eHTTPResponse) GetMetadata() (detect.SignatureMetadata, error) {
+	return detect.SignatureMetadata{
+		ID:          "HTTPResponse",
+		EventName:   "HTTPResponse",
+		Version:     "0.1.0",
+		Name:        "Network HTTP Response Test",
+		Description: "Network E2E Tests: HTTP Response",
+		Tags:        []string{"e2e", "network"},
+	}, nil
+}
+
+func (sig *e2eHTTPResponse) GetSelectedEvents() ([]detect.SignatureEventSelector, error) {
+	return []detect.SignatureEventSelector{
+		{Source: "tracee", Name: "net_packet_http_response"},
+	}, nil
+}
+
+func (sig *e2eHTTPResponse) OnEvent(event protocol.Event) error {
+	eventObj, ok := event.Payload.(trace.Event)
+	if !ok {
+		return fmt.Errorf("failed to cast event's payload")
+	}
+
+	if eventObj.EventName == "net_packet_http_response" {
+		// validate tast context
+		if eventObj.HostName == "" {
+			return nil
+		}
+
+		// method 2 (with helper)
+		httpResponse, err := helpers.GetProtoHTTPResponseByName(eventObj, "http_response")
+		if err != nil {
+			return err
+		}
+
+		if !strings.HasPrefix(httpResponse.Protocol, "HTTP/") {
+			return nil
+		}
+
+		m, _ := sig.GetMetadata()
+		sig.cb(&detect.Finding{
+			SigMetadata: m,
+			Event:       event,
+			Data:        map[string]interface{}{},
+		})
+	}
+
+	return nil
+}
+
+func (sig *e2eHTTPResponse) OnSignal(s detect.Signal) error {
+	return nil
+}
+
+func (sig *e2eHTTPResponse) Close() {}
diff --git a/tests/e2e-net-signatures/export.go b/tests/e2e-net-signatures/export.go
@@ -12,6 +12,8 @@ var ExportedSignatures = []detect.Signature{
 	&e2eICMPv6{},
 	&e2eDNS{},
 	&e2eHTTP{},
+	&e2eHTTPRequest{},
+	&e2eHTTPResponse{},
 }
 
 var ExportedDataSources = []detect.DataSource{

diff --git a/tests/e2e-net-signatures/scripts/httprequest.sh b/tests/e2e-net-signatures/scripts/httprequest.sh
@@ -0,0 +1,13 @@
+#!/bin/bash
+
+HOST="google.com"
+
+exit_err() {
+    echo -n "ERROR: "
+    echo $@
+    exit 1
+}
+
+command -v curl > /dev/null || exit_err "missing curl tool"
+
+curl $HOST
diff --git a/tests/e2e-net-signatures/scripts/httpresponse.sh b/tests/e2e-net-signatures/scripts/httpresponse.sh
@@ -0,0 +1,13 @@
+#!/bin/bash
+
+HOST="google.com"
+
+exit_err() {
+    echo -n "ERROR: "
+    echo $@
+    exit 1
+}
+
+command -v curl > /dev/null || exit_err "missing curl tool"
+
+curl $HOST