-
Notifications
You must be signed in to change notification settings - Fork 394
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
tests(inst): add writable data source test
- Loading branch information
1 parent
9e7e9c4
commit e1d023b
Showing
7 changed files
with
220 additions
and
4 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,80 @@ | ||
package datasourcetest | ||
|
||
import ( | ||
"encoding/json" | ||
|
||
lru "github.com/hashicorp/golang-lru/v2" | ||
|
||
"github.com/aquasecurity/tracee/types/detect" | ||
) | ||
|
||
type e2eWritable struct { | ||
cache *lru.Cache[string, string] | ||
} | ||
|
||
func New() detect.DataSource { | ||
cache, _ := lru.New[string, string](8) | ||
return &e2eWritable{ | ||
cache, | ||
} | ||
} | ||
|
||
func (ctx *e2eWritable) Get(key interface{}) (map[string]interface{}, error) { | ||
val, ok := key.(string) | ||
if !ok { | ||
return nil, detect.ErrKeyNotSupported | ||
} | ||
|
||
res, ok := ctx.cache.Get(val) | ||
if !ok { | ||
return nil, detect.ErrDataNotFound | ||
} | ||
|
||
return map[string]interface{}{ | ||
"value": res, | ||
}, nil | ||
} | ||
|
||
func (ctx *e2eWritable) Version() uint { | ||
return 1 | ||
} | ||
|
||
func (ctx *e2eWritable) Keys() []string { | ||
return []string{"string"} | ||
} | ||
|
||
func (ctx *e2eWritable) Schema() string { | ||
schema := map[string]interface{}{ | ||
"value": "string", | ||
} | ||
|
||
s, _ := json.Marshal(schema) | ||
return string(s) | ||
} | ||
|
||
func (ctx *e2eWritable) Namespace() string { | ||
return "e2e_inst" | ||
} | ||
|
||
func (ctx *e2eWritable) ID() string { | ||
return "demo" | ||
} | ||
|
||
func (ctx *e2eWritable) Write(key interface{}, value interface{}) error { | ||
keyStr, ok := key.(string) | ||
if !ok { | ||
return detect.ErrFailedToUnmarshal | ||
} | ||
|
||
valueStr, ok := value.(string) | ||
if !ok { | ||
return detect.ErrFailedToUnmarshal | ||
} | ||
|
||
ctx.cache.Add(keyStr, valueStr) | ||
return nil | ||
} | ||
|
||
func (ctx *e2eWritable) Values() []string { | ||
return []string{"string"} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,88 @@ | ||
package main | ||
|
||
import ( | ||
"fmt" | ||
|
||
"github.com/aquasecurity/tracee/types/detect" | ||
"github.com/aquasecurity/tracee/types/protocol" | ||
"github.com/aquasecurity/tracee/types/trace" | ||
) | ||
|
||
type e2eWritableDatasourceSig struct { | ||
cb detect.SignatureHandler | ||
writable detect.DataSource | ||
} | ||
|
||
func (sig *e2eWritableDatasourceSig) Init(ctx detect.SignatureContext) error { | ||
sig.cb = ctx.Callback | ||
writable, ok := ctx.GetDataSource("e2e_inst", "demo") | ||
if !ok { | ||
return fmt.Errorf("containers data source not registered") | ||
} | ||
if writable.Version() > 1 { | ||
return fmt.Errorf("containers data source version not supported, please update this signature") | ||
} | ||
sig.writable = writable | ||
return nil | ||
} | ||
|
||
func (sig *e2eWritableDatasourceSig) GetMetadata() (detect.SignatureMetadata, error) { | ||
return detect.SignatureMetadata{ | ||
ID: "WRITABLE_DATA_SOURCE", | ||
EventName: "WRITABLE_DATA_SOURCE", | ||
Version: "0.1.0", | ||
Name: "Writable Data Source Test", | ||
Description: "Instrumentation events E2E Tests: Writable Data Source Test", | ||
Tags: []string{"e2e", "instrumentation"}, | ||
}, nil | ||
} | ||
|
||
func (sig *e2eWritableDatasourceSig) GetSelectedEvents() ([]detect.SignatureEventSelector, error) { | ||
return []detect.SignatureEventSelector{ | ||
{Source: "tracee", Name: "sched_process_exit"}, | ||
}, nil | ||
} | ||
|
||
func (sig *e2eWritableDatasourceSig) OnEvent(event protocol.Event) error { | ||
eventObj, ok := event.Payload.(trace.Event) | ||
if !ok { | ||
return fmt.Errorf("failed to cast event's payload") | ||
} | ||
|
||
switch eventObj.EventName { | ||
case "sched_process_exit": | ||
if eventObj.ProcessName != "ds_writer" { | ||
return nil | ||
} | ||
|
||
container, err := sig.writable.Get("bruh") | ||
if err != nil { | ||
return fmt.Errorf("failed to query key \"bruh\" in data source: %v", err) | ||
} | ||
|
||
data, ok := container["value"].(string) | ||
if !ok { | ||
return fmt.Errorf("failed to unwrap value from writable data") | ||
} | ||
|
||
if data != "moment" { | ||
return fmt.Errorf("value written in data source not expected (%s)", data) | ||
} | ||
|
||
m, _ := sig.GetMetadata() | ||
|
||
sig.cb(detect.Finding{ | ||
SigMetadata: m, | ||
Event: event, | ||
Data: map[string]interface{}{}, | ||
}) | ||
} | ||
|
||
return nil | ||
} | ||
|
||
func (sig *e2eWritableDatasourceSig) OnSignal(s detect.Signal) error { | ||
return nil | ||
} | ||
|
||
func (sig *e2eWritableDatasourceSig) Close() {} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,32 @@ | ||
package main | ||
|
||
import ( | ||
"context" | ||
"fmt" | ||
|
||
"google.golang.org/grpc" | ||
"google.golang.org/grpc/credentials/insecure" | ||
"google.golang.org/protobuf/types/known/structpb" | ||
|
||
"github.com/aquasecurity/tracee/api/v1beta1" | ||
) | ||
|
||
func main() { | ||
conn, err := grpc.Dial( | ||
"unix:///tmp/tracee.sock", | ||
grpc.WithTransportCredentials(insecure.NewCredentials()), | ||
) | ||
if err != nil { | ||
panic(fmt.Errorf("failed to dial tracee grpc server: %v", err)) | ||
} | ||
client := v1beta1.NewDataSourceServiceClient(conn) | ||
_, err = client.WriteDataSource(context.Background(), &v1beta1.WriteDataSourceRequest{ | ||
Id: "demo", | ||
Namespace: "e2e_inst", | ||
Key: structpb.NewStringValue("bruh"), | ||
Value: structpb.NewStringValue("moment"), | ||
}) | ||
if err != nil { | ||
panic(fmt.Errorf("failed to write to data source: %v", err)) | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,9 @@ | ||
#!/bin/bash | ||
|
||
exit_err() { | ||
echo -n "ERROR: " | ||
echo $@ | ||
exit 1 | ||
} | ||
|
||
go run ./tests/e2e-inst-signatures/scripts/ds_writer/ds_writer.go |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters