tracee-rules: Remove duplicated code for testing Rego signatures (#1020)

Signed-off-by: Daniel Pacak <pacak.daniel@gmail.com>
aquasecurity · Sep 22, 2021 · 07969fa · 07969fa
1 parent 91dc323
commit 07969fa
Show file tree

Hide file tree

Showing 8 changed files with 120 additions and 223 deletions.
diff --git a/tracee-rules/main.go b/tracee-rules/main.go
@@ -11,27 +11,13 @@ import (
 	"os/signal"
 	"strings"
 	"syscall"
-	"time"
-
-	"github.com/open-policy-agent/opa/compile"
-	_ "github.com/open-policy-agent/opa/features/wasm"
 
 	"github.com/aquasecurity/tracee/tracee-rules/engine"
 	"github.com/aquasecurity/tracee/tracee-rules/types"
+	"github.com/open-policy-agent/opa/compile"
 	"github.com/urfave/cli/v2"
 )
 
-type Clock interface {
-	Now() time.Time
-}
-
-type realClock struct {
-}
-
-func (realClock) Now() time.Time {
-	return time.Now()
-}
-
 func main() {
 	app := &cli.App{
 		Name:  "tracee-rules",

diff --git a/tracee-rules/signatures/rego/examples/example1.rego b/tracee-rules/signatures/rego/examples/example1.rego
diff --git a/tracee-rules/signatures/rego/examples/example1_test.rego b/tracee-rules/signatures/rego/examples/example1_test.rego
diff --git a/tracee-rules/signatures/rego/examples/example2.rego b/tracee-rules/signatures/rego/examples/example2.rego
diff --git a/tracee-rules/signatures/rego/examples/example2_test.rego b/tracee-rules/signatures/rego/examples/example2_test.rego
diff --git a/tracee-rules/signatures/rego/regosig/aio_test.go b/tracee-rules/signatures/rego/regosig/aio_test.go
@@ -14,24 +14,6 @@ import (
 	"github.com/stretchr/testify/require"
 )
 
-// findingsHolder is a utility struct that defines types.SignatureHandler callback method
-// and holds the types.Finding value received as the callback's argument.
-type findingsHolder struct {
-	values []types.Finding
-}
-
-func (h *findingsHolder) OnFinding(f types.Finding) {
-	h.values = append(h.values, f)
-}
-
-func (h *findingsHolder) GroupBySigID() map[string]types.Finding {
-	r := make(map[string]types.Finding)
-	for _, v := range h.values {
-		r[v.SigMetadata.ID] = v
-	}
-	return r
-}
-
 func TestAio_GetMetadata(t *testing.T) {
 	sig, err := regosig.NewAIO(map[string]string{
 		"test_boolean.rego": testRegoCodeBoolean,

diff --git a/tracee-rules/signatures/rego/regosig/common_test.go b/tracee-rules/signatures/rego/regosig/common_test.go
@@ -0,0 +1,117 @@
+package regosig_test
+
+import (
+	"github.com/aquasecurity/tracee/tracee-rules/types"
+)
+
+const (
+	testRegoCodeBoolean = `package tracee.TRC_BOOL
+
+__rego_metadoc__ := {
+	"id": "TRC-BOOL",
+	"version": "0.1.0",
+	"name": "test name",
+	"description": "test description",
+	"tags": [ "tag1", "tag2" ],
+	"properties": {
+		"p1": "test",
+		"p2": 1,
+		"p3": true
+	}
+}
+
+tracee_selected_events[eventSelector] {
+	eventSelector := {
+		"source": "tracee",
+		"name": "execve"
+	}
+}
+
+tracee_match {
+	endswith(input.args[0].value, "yo")
+}
+`
+	testRegoCodeObject = `package tracee.TRC_OBJECT
+
+__rego_metadoc__ := {
+	"id": "TRC-OBJECT",
+	"version": "0.3.0",
+	"name": "test name",
+	"description": "test description",
+	"tags": [ "tag1", "tag2" ],
+	"properties": {
+		"p1": "test",
+		"p2": 1,
+		"p3": true
+	}
+}
+
+tracee_selected_events[eventSelector] {
+	eventSelector := {
+		"source": "tracee",
+		"name": "ptrace"
+	}
+}
+
+tracee_match = res {
+	endswith(input.args[0].value, "yo")
+	input.args[1].value == 1337
+	res := {
+		"p1": "test",
+		"p2": 1,
+		"p3": true
+	}
+}
+`
+	testRegoCodeInvalidObject = `package tracee.TRC_INVALID
+__rego_metadoc__ := {
+	"id": "TRC-INVALID",
+	"version": "0.3.0",
+	"name": "test name",
+	"description": "test description",
+	"tags": [ "tag1", "tag2" ],
+	"properties": {
+		"p1": "test",
+		"p2": 1,
+		"p3": true
+	}
+}
+
+tracee_selected_events[eventSelector] {
+	eventSelector := {
+		"source": "tracee",
+		"name": "ptrace"
+	}
+}
+
+tracee_match = res {
+	endswith(input.args[0].value, "invalid")
+	res := "foo bar string"
+}
+`
+)
+
+// findingsHolder is a utility struct that defines types.SignatureHandler callback method
+// and holds types.Finding values received as the callback's argument.
+type findingsHolder struct {
+	values []types.Finding
+}
+
+func (h *findingsHolder) OnFinding(f types.Finding) {
+	h.values = append(h.values, f)
+}
+
+func (h *findingsHolder) GroupBySigID() map[string]types.Finding {
+	r := make(map[string]types.Finding)
+	for _, v := range h.values {
+		r[v.SigMetadata.ID] = v
+	}
+	return r
+}
+
+func (h *findingsHolder) FirstValue() *types.Finding {
+	if len(h.values) == 0 {
+		return nil
+	}
+	return &h.values[0]
+}
diff --git a/tracee-rules/signatures/rego/regosig/traceerego_test.go b/tracee-rules/signatures/rego/regosig/traceerego_test.go
@@ -15,105 +15,6 @@ import (
 	"github.com/stretchr/testify/require"
 )
 
-const (
-	testRegoCodeBoolean = `package tracee.TRC_BOOL
-
-__rego_metadoc__ := {
-	"id": "TRC-BOOL",
-	"version": "0.1.0",
-	"name": "test name",
-	"description": "test description",
-	"tags": [ "tag1", "tag2" ],
-	"properties": {
-		"p1": "test",
-		"p2": 1,
-		"p3": true
-	}
-}
-
-tracee_selected_events[eventSelector] {
-	eventSelector := {
-		"source": "tracee",
-		"name": "execve"
-	}
-}
-
-tracee_match {
-	endswith(input.args[0].value, "yo")
-}
-`
-	testRegoCodeObject = `package tracee.TRC_OBJECT
-
-__rego_metadoc__ := {
-	"id": "TRC-OBJECT",
-	"version": "0.3.0",
-	"name": "test name",
-	"description": "test description",
-	"tags": [ "tag1", "tag2" ],
-	"properties": {
-		"p1": "test",
-		"p2": 1,
-		"p3": true
-	}
-}
-
-tracee_selected_events[eventSelector] {
-	eventSelector := {
-		"source": "tracee",
-		"name": "ptrace"
-	}
-}
-
-tracee_match = res {
-	endswith(input.args[0].value, "yo")
-	input.args[1].value == 1337
-	res := {
-		"p1": "test",
-		"p2": 1,
-		"p3": true
-	}
-}
-`
-	testRegoCodeInvalidObject = `package tracee.TRC_INVALID
-__rego_metadoc__ := {
-	"id": "TRC-INVALID",
-	"version": "0.3.0",
-	"name": "test name",
-	"description": "test description",
-	"tags": [ "tag1", "tag2" ],
-	"properties": {
-		"p1": "test",
-		"p2": 1,
-		"p3": true
-	}
-}
-
-tracee_selected_events[eventSelector] {
-	eventSelector := {
-		"source": "tracee",
-		"name": "ptrace"
-	}
-}
-
-tracee_match = res {
-	endswith(input.args[0].value, "invalid")
-	res := "foo bar string"
-}
-`
-)
-
-// findingHolder is a utility struct that defines types.SignatureHandler callback method
-// and holds the types.Finding value received as the callback's argument.
-//
-// Deprecated use findingsHolder instead.
-type findingHolder struct {
-	value *types.Finding
-}
-
-func (h *findingHolder) OnFinding(f types.Finding) {
-	h.value = &f
-}
-
 func TestRegoSignature_GetMetadata(t *testing.T) {
 	sig, err := regosig.NewRegoSignature(compile.TargetRego, false, testRegoCodeBoolean)
 	require.NoError(t, err)
@@ -431,7 +332,7 @@ func OnEventSpec(t *testing.T, target string, partial bool) {
 			sig, err := regosig.NewRegoSignature(target, partial, tc.regoCode)
 			require.NoError(t, err)
 
-			holder := &findingHolder{}
+			holder := &findingsHolder{}
 			err = sig.Init(holder.OnFinding)
 			require.NoError(t, err)
 
@@ -449,7 +350,7 @@ func OnEventSpec(t *testing.T, target string, partial bool) {
 				assert.EqualError(t, err, tc.error)
 			} else {
 				require.NoError(t, err)
-				assert.Equal(t, tc.finding, holder.value)
+				assert.Equal(t, tc.finding, holder.FirstValue())
 			}
 		})
 	}