Skip to content

Commit 94e99bb

Browse files
kobrinelikobrineli
committed
test: matchParentBinaries test
This commit adds test for new matchParentBinaries selector. In the test we verify that all operations (In, NotIn, Prefix, NotPrefix, Postfix, NotPostfix) work correctly. Signed-off-by: Kobrin Ilay <[email protected]>
1 parent 0d236cd commit 94e99bb

File tree

1 file changed

+103
-0
lines changed

1 file changed

+103
-0
lines changed

pkg/sensors/tracing/kprobe_test.go

Lines changed: 103 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -3829,6 +3829,109 @@ spec:
38293829
require.Error(t, err)
38303830
}
38313831

3832+
func getMatchParentBinariesCrd(opStr string, vals []string) string {
3833+
var configHook strings.Builder
3834+
configHook.WriteString(`apiVersion: cilium.io/v1alpha1
3835+
kind: TracingPolicy
3836+
metadata:
3837+
name: "testing-file-match-binaries"
3838+
spec:
3839+
kprobes:
3840+
- call: "fd_install"
3841+
syscall: false
3842+
return: false
3843+
args:
3844+
- index: 0
3845+
type: int
3846+
- index: 1
3847+
type: "file"
3848+
selectors:
3849+
- matchParentBinaries:
3850+
- operator: "` + opStr + `"
3851+
values: `)
3852+
for i := range vals {
3853+
configHook.WriteString(fmt.Sprintf("\n - \"%s\"", vals[i]))
3854+
}
3855+
return configHook.String()
3856+
}
3857+
3858+
func createParentsChecker(parent, binary, filename string) *ec.ProcessKprobeChecker {
3859+
kpChecker := ec.NewProcessKprobeChecker("").
3860+
WithParent(ec.NewProcessChecker().WithBinary(sm.Full(parent))).
3861+
WithProcess(ec.NewProcessChecker().WithBinary(sm.Full(binary))).
3862+
WithFunctionName(sm.Full("fd_install")).
3863+
WithArgs(ec.NewKprobeArgumentListMatcher().
3864+
WithOperator(lc.Subset).
3865+
WithValues(
3866+
ec.NewKprobeArgumentChecker().WithFileArg(ec.NewKprobeFileChecker().WithPath(sm.Full(filename))),
3867+
))
3868+
return kpChecker
3869+
}
3870+
3871+
func matchParentBinariesTest(t *testing.T, operator string, values []string, kpChecker *ec.ProcessKprobeChecker) {
3872+
var doneWG, readyWG sync.WaitGroup
3873+
defer doneWG.Wait()
3874+
3875+
ctx, cancel := context.WithTimeout(context.Background(), tus.Conf().CmdWaitTime)
3876+
defer cancel()
3877+
3878+
createCrdFile(t, getMatchParentBinariesCrd(operator, values))
3879+
3880+
obs, err := observertesthelper.GetDefaultObserverWithFile(t, ctx, testConfigFile, tus.Conf().TetragonLib, observertesthelper.WithMyPid())
3881+
if err != nil {
3882+
t.Fatalf("GetDefaultObserverWithFile error: %s", err)
3883+
}
3884+
observertesthelper.LoopEvents(ctx, t, &doneWG, &readyWG, obs)
3885+
readyWG.Wait()
3886+
3887+
if err := exec.Command("/usr/bin/bash", "-c", "echo '/usr/bin/tail /etc/passwd' | /usr/bin/bash").Run(); err != nil {
3888+
t.Fatalf("failed to run tail /etc/passwd with /bin/bash: %s", err)
3889+
}
3890+
3891+
if err := exec.Command("/usr/bin/sh", "-c", "echo '/usr/bin/tail /etc/passwd' | /usr/bin/sh").Run(); err != nil {
3892+
t.Fatalf("failed to run tail /etc/passwd with /bin/sh: %s", err)
3893+
}
3894+
3895+
checker := ec.NewUnorderedEventChecker(kpChecker)
3896+
err = jsonchecker.JsonTestCheck(t, checker)
3897+
require.NoError(t, err)
3898+
}
3899+
3900+
const skipMatchParentBinaries = "kernels without large progs do not support matchParentBinaries Prefix/NotPrefix/Postfix/NotPostfix"
3901+
3902+
func TestKprobeMatchParentBinaries(t *testing.T) {
3903+
t.Run("In", func(t *testing.T) {
3904+
matchParentBinariesTest(t, "In", []string{"/usr/bin/bash"}, createParentsChecker("/usr/bin/bash", "/usr/bin/tail", "/etc/passwd"))
3905+
})
3906+
t.Run("NotIn", func(t *testing.T) {
3907+
matchParentBinariesTest(t, "NotIn", []string{"/usr/bin/bash"}, createParentsChecker("/usr/bin/sh", "/usr/bin/tail", "/etc/passwd"))
3908+
})
3909+
t.Run("Prefix", func(t *testing.T) {
3910+
if !config.EnableLargeProgs() {
3911+
t.Skip(skipMatchParentBinaries)
3912+
}
3913+
matchParentBinariesTest(t, "Prefix", []string{"/usr/bin/ba"}, createParentsChecker("/usr/bin/bash", "/usr/bin/tail", "/etc/passwd"))
3914+
})
3915+
t.Run("NotPrefix", func(t *testing.T) {
3916+
if !config.EnableLargeProgs() {
3917+
t.Skip(skipMatchParentBinaries)
3918+
}
3919+
matchParentBinariesTest(t, "NotPrefix", []string{"/usr/bin/bas"}, createParentsChecker("/usr/bin/sh", "/usr/bin/tail", "/etc/passwd"))
3920+
})
3921+
t.Run("Postfix", func(t *testing.T) {
3922+
if !config.EnableLargeProgs() {
3923+
t.Skip(skipMatchParentBinaries)
3924+
}
3925+
matchParentBinariesTest(t, "Postfix", []string{"in/bash"}, createParentsChecker("/usr/bin/bash", "/usr/bin/tail", "/etc/passwd"))
3926+
})
3927+
t.Run("NotPostfix", func(t *testing.T) {
3928+
if !config.EnableLargeProgs() {
3929+
t.Skip(skipMatchParentBinaries)
3930+
}
3931+
matchParentBinariesTest(t, "NotPostfix", []string{"n/bash"}, createParentsChecker("/usr/bin/sh", "/usr/bin/tail", "/etc/passwd"))
3932+
})
3933+
}
3934+
38323935
func getMatchBinariesCrd(opStr string, vals []string) string {
38333936
var configHook strings.Builder
38343937
configHook.WriteString(`apiVersion: cilium.io/v1alpha1

0 commit comments

Comments
 (0)