chore: add dns cache e2e test

aquasecurity · Nov 15, 2023 · 0be7012 · 0be7012
1 parent a2e80f2
commit 0be7012
Show file tree

Hide file tree

Showing 5 changed files with 101 additions and 1 deletion.
diff --git a/.github/workflows/pr.yaml b/.github/workflows/pr.yaml
@@ -68,6 +68,7 @@ env:
     BPF_ATTACH
     CONTAINERS_DATA_SOURCE
     PROCTREE_DATA_SOURCE
+    DNS_DATA_SOURCE
 jobs:
   #
   # DOC VERIFICATION

diff --git a/tests/e2e-inst-signatures/e2e-dns_data_source.go b/tests/e2e-inst-signatures/e2e-dns_data_source.go
@@ -0,0 +1,88 @@
+package main
+
+import (
+	"fmt"
+
+	"github.com/aquasecurity/tracee/types/detect"
+	"github.com/aquasecurity/tracee/types/protocol"
+	"github.com/aquasecurity/tracee/types/trace"
+)
+
+type e2eDnsDataSource struct {
+	cb      detect.SignatureHandler
+	dnsData detect.DataSource
+}
+
+func (sig *e2eDnsDataSource) Init(ctx detect.SignatureContext) error {
+	sig.cb = ctx.Callback
+	dnsData, ok := ctx.GetDataSource("tracee", "dns")
+	if !ok {
+		return fmt.Errorf("dns data source not registered")
+	}
+	if dnsData.Version() > 1 {
+		return fmt.Errorf("dns data source version not supported, please update this signature")
+	}
+	sig.dnsData = dnsData
+	return nil
+}
+
+func (sig *e2eDnsDataSource) GetMetadata() (detect.SignatureMetadata, error) {
+	return detect.SignatureMetadata{
+		ID:          "DNS_DATA_SOURCE",
+		EventName:   "DNS_DATA_SOURCE",
+		Version:     "0.1.0",
+		Name:        "DNS Data Source Test",
+		Description: "Instrumentation events E2E Tests: DNS Data Source Test",
+		Tags:        []string{"e2e", "instrumentation"},
+	}, nil
+}
+
+func (sig *e2eDnsDataSource) GetSelectedEvents() ([]detect.SignatureEventSelector, error) {
+	return []detect.SignatureEventSelector{
+		{Source: "tracee", Name: "sched_process_exit"},
+	}, nil
+}
+
+func (sig *e2eDnsDataSource) OnEvent(event protocol.Event) error {
+	eventObj, ok := event.Payload.(trace.Event)
+	if !ok {
+		return fmt.Errorf("failed to cast event's payload")
+	}
+
+	switch eventObj.EventName {
+	case "sched_process_exit":
+		if eventObj.Executable.Path != "/usr/bin/ping" {
+			return nil // irrelevant code path
+		}
+
+		container, err := sig.dnsData.Get("google.com")
+		if err != nil {
+			return fmt.Errorf("failed to find container in data source: %v", err)
+		}
+
+		ipResults, ok := container["ip_results"].([]string)
+		if !ok {
+			return fmt.Errorf("failed to extract ip results")
+		}
+
+		if len(ipResults) < 1 {
+			return fmt.Errorf("ip results were empty")
+		}
+
+		m, _ := sig.GetMetadata()
+
+		sig.cb(detect.Finding{
+			SigMetadata: m,
+			Event:       event,
+			Data:        map[string]interface{}{},
+		})
+	}
+
+	return nil
+}
+
+func (sig *e2eDnsDataSource) OnSignal(s detect.Signal) error {
+	return nil
+}
+
+func (sig *e2eDnsDataSource) Close() {}
diff --git a/tests/e2e-inst-signatures/export.go b/tests/e2e-inst-signatures/export.go
@@ -11,4 +11,5 @@ var ExportedSignatures = []detect.Signature{
 	&e2eBpfAttach{},
 	&e2eProcessTreeDataSource{},
 	&e2eHookedSyscall{},
+	&e2eDnsDataSource{},
 }
diff --git a/tests/e2e-inst-signatures/scripts/dns_data_source.sh b/tests/e2e-inst-signatures/scripts/dns_data_source.sh
@@ -0,0 +1,9 @@
+#!/bin/bash
+
+exit_err() {
+    echo -n "ERROR: "
+    echo $@
+    exit 1
+}
+
+ping -c 1 google.com > /dev/null
diff --git a/tests/e2e-inst-test.sh b/tests/e2e-inst-test.sh
@@ -137,7 +137,8 @@ for TEST in $TESTS; do
         --output option:parse-arguments \
         --log file:$SCRIPT_TMP_DIR/tracee-log-$$ \
         --signatures-dir "$SIG_DIR" \
-        --scope comm=echo,mv,ls,tracee,proctreetester \
+        --scope comm=echo,mv,ls,tracee,proctreetester,ping \
+        --dnscache \
         --events "$TEST" &
 
     # Wait tracee to start