From e93ea11fe65e6df39b65553541e68340bb55f316 Mon Sep 17 00:00:00 2001 From: Raziel Cohen Date: Mon, 1 May 2023 15:03:30 +0300 Subject: [PATCH 1/3] timer correction Signed-off-by: Raziel Cohen --- pkg/conthandler/container_main_handler.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/conthandler/container_main_handler.go b/pkg/conthandler/container_main_handler.go index 6a58daea..32bcbc55 100644 --- a/pkg/conthandler/container_main_handler.go +++ b/pkg/conthandler/container_main_handler.go @@ -164,7 +164,7 @@ func (ch *ContainerHandler) startRelevancyProcess(contEvent v1.ContainerEventDat now := time.Now() configStopTime := config.GetConfigurationConfigContext().GetSniffingMaxTimes() stopSniffingTime := now.Add(configStopTime) - for start := time.Now(); start.Before(stopSniffingTime); { + for ;time.Now().Before(stopSniffingTime); { go ch.getSBOM(contEvent) ctx, span := otel.Tracer("").Start(context.GetBackgroundContext(), "container monitoring", trace.WithAttributes(attribute.String("containerID", contEvent.GetContainerID()), attribute.String("container workload", contEvent.GetK8SWorkloadID()))) err = ch.startTimer(watchedContainer, contEvent.GetContainerID()) From c9a7d26abfee6fdfc42bde394c29134106c8cd7a Mon Sep 17 00:00:00 2001 From: Raziel Cohen Date: Mon, 1 May 2023 17:08:48 +0300 Subject: [PATCH 2/3] add unitest Signed-off-by: Raziel Cohen --- pkg/config/v1/config_data_mock_times.go | 78 +++++++++++++++++++ .../container_main_handler_test.go | 60 ++++++++++++++ 2 files changed, 138 insertions(+) create mode 100644 pkg/config/v1/config_data_mock_times.go diff --git a/pkg/config/v1/config_data_mock_times.go b/pkg/config/v1/config_data_mock_times.go new file mode 100644 index 00000000..260c57e3 --- /dev/null +++ b/pkg/config/v1/config_data_mock_times.go @@ -0,0 +1,78 @@ +package config + +import ( + "path" + "sniffer/pkg/utils" + "time" +) + +type ConfigDataTimesMock struct { +} + +func CreateTimesMockConfigData() *ConfigDataTimesMock { + return &ConfigDataTimesMock{} +} + +func (c *ConfigDataTimesMock) IsFalcoEbpfEngine() bool { + return true +} + +func (c *ConfigDataTimesMock) GetFalcoSyscallFilter() []string { + return []string{"open", "openat", "execve", "execveat"} +} + +func (c *ConfigDataTimesMock) GetFalcoKernelObjPath() string { + return path.Join(utils.CurrentDir(), "..", "testdata", "mock_falco_ebpf_engine", "kernel_obj_mock.o") +} + +func (c *ConfigDataTimesMock) GetEbpfEngineLoaderPath() string { + return path.Join(utils.CurrentDir(), "..", "testdata", "mock_falco_ebpf_engine", "userspace_app_mock") +} + +func (c *ConfigDataTimesMock) GetUpdateDataPeriod() time.Duration { + return time.Duration(5) * time.Second +} + +func (c *ConfigDataTimesMock) GetSniffingMaxTimes() time.Duration { + return time.Duration(10) * time.Second +} + +func (c *ConfigDataTimesMock) IsRelevantCVEServiceEnabled() bool { + return true +} + +func (c *ConfigDataTimesMock) GetNodeName() string { + return "minikube" +} + +func (c *ConfigDataTimesMock) GetClusterName() string { + return "test" +} + +func (c *ConfigDataTimesMock) SetNodeName() { +} + +func (c *ConfigDataTimesMock) SetNamespace() { +} + +func (c *ConfigDataTimesMock) SetContainerName() { +} + +func (c *ConfigDataTimesMock) GetNamespace() string { + return "Namespace" +} + +func (c *ConfigDataTimesMock) GetContainerName() string { + return "ContName" +} + +func (c *ConfigDataTimesMock) SetBackgroundContextURL() { +} + +func (c *ConfigDataTimesMock) GetBackgroundContextURL() string { + return "URLcontext" +} + +func (c *ConfigDataTimesMock) GetAccountID() string { + return "AccountID" +} diff --git a/pkg/conthandler/container_main_handler_test.go b/pkg/conthandler/container_main_handler_test.go index 83bf4785..e9ce164c 100644 --- a/pkg/conthandler/container_main_handler_test.go +++ b/pkg/conthandler/container_main_handler_test.go @@ -5,7 +5,9 @@ import ( "sniffer/pkg/config" configV1 "sniffer/pkg/config/v1" conthadlerV1 "sniffer/pkg/conthandler/v1" + conthandlerV1 "sniffer/pkg/conthandler/v1" accumulator "sniffer/pkg/event_data_storage" + "sniffer/pkg/sbom" "sniffer/pkg/storageclient" "sniffer/pkg/utils" "testing" @@ -69,3 +71,61 @@ func TestContMainHandler(t *testing.T) { t.Fatalf("handleNewContainerEvent failed with error %v", err) } } + + + +func TestContMainHandlerStopMonitorAfterXMinutes(t *testing.T) { + configPath := path.Join(utils.CurrentDir(), "..", "..", "configuration", "ConfigurationFile.json") + t.Setenv(config.ConfigEnvVar, configPath) + + cfg := config.GetConfigurationConfigContext() + configData, err := cfg.GetConfigurationReader() + if err != nil { + t.Fatalf("GetConfigurationReader failed with err %v", err) + } + err = cfg.ParseConfiguration(configV1.CreateTimesMockConfigData(), configData) + if err != nil { + t.Fatalf("ParseConfiguration failed with err %v", err) + } + + cacheAccumulatorErrorChan := make(chan error) + acc := accumulator.GetAccumulator() + err = acc.StartAccumulator(cacheAccumulatorErrorChan) + if err != nil { + t.Fatalf("StartAccumulator failed with err %v", err) + } + + contHandler, err := CreateContainerHandler(nil, storageclient.CreateSBOMStorageHttpClientMock()) + if err != nil { + t.Fatalf("CreateContainerHandler failed with err %v", err) + } + RedisInstanceID := instanceidhandler.InstanceID{} + RedisInstanceID.SetAPIVersion("apps/v1") + RedisInstanceID.SetNamespace("any") + RedisInstanceID.SetKind("deployment") + RedisInstanceID.SetName("redis") + RedisInstanceID.SetContainerName("redis") + contEvent := conthandlerV1.CreateNewContainerEvent(RedisImageID, RedisContainerIDContHandler, RedisWLID, RedisPodName, &RedisInstanceID, conthadlerV1.ContainerRunning) + + newWatchedContainer := watchedContainerData{ + containerAggregator: CreateAggregator(getShortContainerID(contEvent.GetContainerID())), + snifferTicker: createTicker(), + event: *contEvent, + sbomClient: sbom.CreateSBOMStorageClient(contHandler.storageClient, contEvent.GetK8SWorkloadID(), contEvent.GetImageID(), contEvent.GetInstanceID()), + syncChannel: map[string]chan error{ + StepGetSBOM: make(chan error, 10), + StepEventAggregator: make(chan error, 10), + }, + } + contHandler.watchedContainers.Store(contEvent.GetContainerID(), newWatchedContainer) + now := time.Now() + contHandler.startRelevancyProcess(*contEvent) + stopTime := time.Now() + elapsedTime := stopTime.Sub(now) + if elapsedTime.Minutes() < config.GetConfigurationConfigContext().GetSniffingMaxTimes().Minutes() { + t.Fatalf("elapsedTime is too little, should be %f < %f", elapsedTime.Minutes(), config.GetConfigurationConfigContext().GetSniffingMaxTimes().Minutes()) + } + if elapsedTime.Minutes() > (config.GetConfigurationConfigContext().GetSniffingMaxTimes().Minutes() + float64(time.Minute)) { + t.Fatalf("elapsedTime is too High, should be %f > %f", elapsedTime.Minutes(), config.GetConfigurationConfigContext().GetSniffingMaxTimes().Minutes()) + } +} \ No newline at end of file From 7a0d5ff1c3b1569dc8f7483954fa5a5a0e0835b8 Mon Sep 17 00:00:00 2001 From: Raziel Cohen Date: Mon, 1 May 2023 17:11:08 +0300 Subject: [PATCH 3/3] add unitest - add to former commit Signed-off-by: Raziel Cohen --- pkg/conthandler/container_main_handler_test.go | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/pkg/conthandler/container_main_handler_test.go b/pkg/conthandler/container_main_handler_test.go index e9ce164c..f1573830 100644 --- a/pkg/conthandler/container_main_handler_test.go +++ b/pkg/conthandler/container_main_handler_test.go @@ -4,7 +4,6 @@ import ( "path" "sniffer/pkg/config" configV1 "sniffer/pkg/config/v1" - conthadlerV1 "sniffer/pkg/conthandler/v1" conthandlerV1 "sniffer/pkg/conthandler/v1" accumulator "sniffer/pkg/event_data_storage" "sniffer/pkg/sbom" @@ -55,12 +54,12 @@ func TestContMainHandler(t *testing.T) { RedisInstanceID.SetKind("deployment") RedisInstanceID.SetName("redis") RedisInstanceID.SetContainerName("redis") - contHandler.containersEventChan <- *conthadlerV1.CreateNewContainerEvent(RedisImageID, RedisContainerIDContHandler, RedisPodName, RedisWLID, &RedisInstanceID, conthadlerV1.ContainerRunning) + contHandler.containersEventChan <- *conthandlerV1.CreateNewContainerEvent(RedisImageID, RedisContainerIDContHandler, RedisPodName, RedisWLID, &RedisInstanceID, conthandlerV1.ContainerRunning) }() event := <-contHandler.containersEventChan - if event.GetContainerEventType() != conthadlerV1.ContainerRunning { - t.Fatalf("event container type is wrong, get: %s expected: %s", event.GetContainerEventType(), conthadlerV1.ContainerRunning) + if event.GetContainerEventType() != conthandlerV1.ContainerRunning { + t.Fatalf("event container type is wrong, get: %s expected: %s", event.GetContainerEventType(), conthandlerV1.ContainerRunning) } if event.GetContainerID() != RedisContainerIDContHandler { t.Fatalf("container ID is wrong, get: %s expected: %s", event.GetContainerID(), RedisContainerIDContHandler) @@ -105,7 +104,7 @@ func TestContMainHandlerStopMonitorAfterXMinutes(t *testing.T) { RedisInstanceID.SetKind("deployment") RedisInstanceID.SetName("redis") RedisInstanceID.SetContainerName("redis") - contEvent := conthandlerV1.CreateNewContainerEvent(RedisImageID, RedisContainerIDContHandler, RedisWLID, RedisPodName, &RedisInstanceID, conthadlerV1.ContainerRunning) + contEvent := conthandlerV1.CreateNewContainerEvent(RedisImageID, RedisContainerIDContHandler, RedisWLID, RedisPodName, &RedisInstanceID, conthandlerV1.ContainerRunning) newWatchedContainer := watchedContainerData{ containerAggregator: CreateAggregator(getShortContainerID(contEvent.GetContainerID())),