github.com/castai/kvisor@v1.7.1-0.20240516114728-b3572a2607b5/pkg/ebpftracer/signature/tty_detected_test.go (about) 1 package signature 2 3 import ( 4 "net/netip" 5 "testing" 6 7 v1 "github.com/castai/kvisor/api/v1/runtime" 8 "github.com/castai/kvisor/pkg/containers" 9 "github.com/castai/kvisor/pkg/ebpftracer/events" 10 "github.com/castai/kvisor/pkg/ebpftracer/types" 11 "github.com/stretchr/testify/require" 12 ) 13 14 func TestTtyDetectedSignature(t *testing.T) { 15 type testCase struct { 16 title string 17 event types.Event 18 expectedFinding *v1.SignatureFinding 19 } 20 21 testCases := []testCase{ 22 { 23 title: "should fire for tty open event", 24 event: types.Event{ 25 Context: &types.EventContext{ 26 EventID: events.TtyOpen, 27 Ts: 11, 28 CgroupID: 10, 29 Pid: 99, 30 }, 31 Container: &containers.Container{ 32 ID: "123", 33 Name: "name-123", 34 CgroupID: 10, 35 }, 36 Args: types.TtyOpenArgs{ 37 Path: "/dev/ptyt0", 38 Inode: 10, 39 InodeMode: 0, 40 Dev: 2, 41 }, 42 }, 43 expectedFinding: &v1.SignatureFinding{ 44 Data: &v1.SignatureFinding_TtyDetected{ 45 TtyDetected: &v1.TtyDetectedFinding{ 46 Path: "/dev/ptyt0", 47 }, 48 }, 49 }, 50 }, 51 { 52 title: "should not fire for random event", 53 event: types.Event{ 54 Context: &types.EventContext{ 55 EventID: events.SecuritySocketConnect, 56 Ts: 11, 57 CgroupID: 10, 58 Pid: 99, 59 }, 60 Container: &containers.Container{ 61 ID: "123", 62 Name: "name-123", 63 CgroupID: 10, 64 }, 65 Args: types.SecuritySocketConnectArgs{ 66 Sockfd: 10, 67 Type: 0, 68 RemoteAddr: types.Ip4SockAddr{ 69 Addr: netip.MustParseAddrPort("1.2.3.4:1190"), 70 }, 71 }, 72 }, 73 }, 74 } 75 76 for _, test := range testCases { 77 t.Run(test.title, func(t *testing.T) { 78 r := require.New(t) 79 80 signature := NewTTYDetectedSignature() 81 82 result := signature.OnEvent(&test.event) 83 84 if test.expectedFinding == nil { 85 r.Nil(result) 86 return 87 } 88 89 r.Equal(test.expectedFinding, result) 90 }) 91 } 92 }