gvisor.dev/gvisor@v0.0.0-20240520182842-f9d4d51c7e0f/pkg/sentry/seccheck/config_test.go (about) 1 // Copyright 2022 The gVisor Authors. 2 // 3 // Licensed under the Apache License, Version 2.0 (the "License"); 4 // you may not use this file except in compliance with the License. 5 // You may obtain a copy of the License at 6 // 7 // http://www.apache.org/licenses/LICENSE-2.0 8 // 9 // Unless required by applicable law or agreed to in writing, software 10 // distributed under the License is distributed on an "AS IS" BASIS, 11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 // See the License for the specific language governing permissions and 13 // limitations under the License. 14 15 package seccheck 16 17 import ( 18 "strings" 19 "testing" 20 ) 21 22 func TestLifecycle(t *testing.T) { 23 for _, tc := range []struct { 24 name string 25 conf SessionConfig 26 }{ 27 { 28 name: "all-fields", 29 conf: SessionConfig{ 30 Name: "Default", 31 Points: []PointConfig{ 32 { 33 Name: "syscall/sysno/0/enter", 34 }, 35 { 36 Name: "syscall/openat/enter", 37 OptionalFields: []string{"fd_path"}, 38 }, 39 { 40 Name: "syscall/sysno/1/enter", 41 ContextFields: []string{"time"}, 42 }, 43 { 44 Name: "syscall/openat/enter", 45 OptionalFields: []string{"fd_path"}, 46 ContextFields: []string{"time"}, 47 }, 48 }, 49 Sinks: []SinkConfig{ 50 {Name: "test-sink"}, 51 }, 52 }, 53 }, 54 { 55 name: "no-sink", 56 conf: SessionConfig{ 57 Name: "Default", 58 Points: []PointConfig{ 59 {Name: "syscall/sysno/0/enter"}, 60 }, 61 }, 62 }, 63 { 64 name: "no-points", 65 conf: SessionConfig{ 66 Name: "Default", 67 Sinks: []SinkConfig{ 68 {Name: "test-sink"}, 69 }, 70 }, 71 }, 72 { 73 name: "ignore-errors", 74 conf: SessionConfig{ 75 Name: "Default", 76 IgnoreMissing: true, 77 Points: []PointConfig{ 78 { 79 Name: "foobar", 80 }, 81 { 82 Name: "syscall/sysno/1/enter", 83 ContextFields: []string{"foobar"}, 84 }, 85 { 86 Name: "syscall/openat/enter", 87 ContextFields: []string{"foobar"}, 88 }, 89 }, 90 }, 91 }, 92 } { 93 t.Run(tc.name, func(t *testing.T) { 94 if err := Create(&tc.conf, false); err != nil { 95 t.Errorf("Create(): %v", err) 96 } 97 98 var got []SessionConfig 99 List(&got) 100 if len(got) != 1 { 101 t.Errorf("only one session should exist, got: %d", len(got)) 102 } else { 103 if got[0].Name != tc.conf.Name { 104 t.Errorf("wrong name, want: %q, got: %q", tc.conf.Name, got[0].Name) 105 } 106 } 107 108 if err := Delete(tc.conf.Name); err != nil { 109 t.Errorf("Delete(%q): %v", tc.conf.Name, err) 110 } 111 }) 112 } 113 } 114 115 func TestFailure(t *testing.T) { 116 for _, tc := range []struct { 117 name string 118 conf SessionConfig 119 err string 120 }{ 121 { 122 name: "point", 123 err: `point "foobar" not found`, 124 conf: SessionConfig{ 125 Name: "Default", 126 Points: []PointConfig{ 127 {Name: "foobar"}, 128 }, 129 }, 130 }, 131 { 132 name: "optional-field", 133 err: `field "foobar" not found`, 134 conf: SessionConfig{ 135 Name: "Default", 136 Points: []PointConfig{ 137 { 138 Name: "syscall/openat/enter", 139 OptionalFields: []string{"foobar"}, 140 }, 141 }, 142 }, 143 }, 144 { 145 name: "context-field", 146 err: `field "foobar" not found`, 147 conf: SessionConfig{ 148 Name: "Default", 149 Points: []PointConfig{ 150 { 151 Name: "syscall/sysno/1/enter", 152 ContextFields: []string{"foobar"}, 153 }, 154 }, 155 }, 156 }, 157 { 158 name: "sink", 159 err: `sink "foobar" not found`, 160 conf: SessionConfig{ 161 Name: "Default", 162 Sinks: []SinkConfig{ 163 {Name: "foobar"}, 164 }, 165 }, 166 }, 167 { 168 name: "sink-ignore-missing", 169 err: `sink "foobar" not found`, 170 conf: SessionConfig{ 171 Name: "Default", 172 IgnoreMissing: true, 173 Sinks: []SinkConfig{ 174 {Name: "foobar"}, 175 }, 176 }, 177 }, 178 } { 179 t.Run(tc.name, func(t *testing.T) { 180 err := Create(&tc.conf, false) 181 if err == nil { 182 _ = Delete(tc.conf.Name) 183 t.Fatal("Create() should have failed") 184 } 185 if !strings.Contains(err.Error(), tc.err) { 186 t.Errorf("invalid error, want: %q, got: %q", tc.err, err) 187 } 188 }) 189 } 190 }