feat(events): create e2e for dependencies failure

Create an end-to-end test for the dependencies failure mechanism. This should check that the new dependencies mechanism is integrating well with Tracee. This PR introduce test events for the first time.
aquasecurity · Apr 14, 2024 · 5542f04 · 5542f04
1 parent e0e589f
commit 5542f04
Show file tree

Hide file tree

Showing 7 changed files with 442 additions and 0 deletions.
diff --git a/pkg/ebpf/c/tracee.bpf.c b/pkg/ebpf/c/tracee.bpf.c
@@ -6824,3 +6824,45 @@ int sched_process_exit_signal(struct bpf_raw_tracepoint_args *ctx)
 }
 
 // END OF Control Plane Programs
+
+// Tests
+
+SEC("kprobe/empty_kprobe")
+int BPF_KPROBE(empty_probe)
+{
+    return 0;
+}
+
+bool did_submit = false;
+
+SEC("raw_tracepoint/submit_once")
+int tracepoint__submit_once(struct bpf_raw_tracepoint_args *ctx)
+{
+    program_data_t p = {};
+    if (!init_program_data(&p, ctx))
+        return 0;
+
+    if (!should_trace(&p))
+        return 0;
+
+    if (likely(did_submit)) {
+        return 0;
+    }
+
+    int ret = 0;
+    if (should_submit(TEST_SUBMIT_ONCE, p.event))
+        ret |= events_perf_submit(&p, TEST_SUBMIT_ONCE, 0);
+
+    if (should_submit(TEST_MISSING_KSYMBOLS, p.event))
+        ret |= events_perf_submit(&p, TEST_MISSING_KSYMBOLS, 0);
+
+    if (should_submit(TEST_FAILED_ATTACH, p.event))
+        ret |= events_perf_submit(&p, TEST_FAILED_ATTACH, 0);
+
+    if (ret == 0)
+        // This is not a guarantee that the event will be submitted once, but it is good enough for
+        // tests as the purpose is to not create too much of a load.
+        did_submit = true;
+
+    return 0;
+}
diff --git a/pkg/ebpf/c/types.h b/pkg/ebpf/c/types.h
@@ -126,6 +126,11 @@ enum event_id_e
     MODULE_LOAD,
     MODULE_FREE,
     MAX_EVENT_ID,
+
+    // Test events IDs
+    TEST_SUBMIT_ONCE = 10000,
+    TEST_MISSING_KSYMBOLS,
+    TEST_FAILED_ATTACH,
 };
 
 enum signal_event_id_e

diff --git a/pkg/ebpf/probes/probe_group.go b/pkg/ebpf/probes/probe_group.go
@@ -229,6 +229,9 @@ func NewDefaultProbeGroup(module *bpf.Module, netEnabled bool, kSyms *helpers.Ke
 		SignalSchedProcessFork:     NewTraceProbe(RawTracepoint, "sched:sched_process_fork", "sched_process_fork_signal"),
 		SignalSchedProcessExec:     NewTraceProbe(RawTracepoint, "sched:sched_process_exec", "sched_process_exec_signal"),
 		SignalSchedProcessExit:     NewTraceProbe(RawTracepoint, "sched:sched_process_exit", "sched_process_exit_signal"),
+
+		TestUnavailableHook: NewTraceProbe(KProbe, "non_existing_func", "empty_kprobe"),
+		TestSubmitOnce:      NewTraceProbe(RawTracepoint, "raw_syscalls:sys_enter", "tracepoint__submit_once"),
 	}
 
 	if !netEnabled {

diff --git a/pkg/ebpf/probes/probes.go b/pkg/ebpf/probes/probes.go
@@ -139,3 +139,9 @@ const (
 	SignalSchedProcessExec
 	SignalSchedProcessExit
 )
+
+// Test probe handles
+const (
+	TestUnavailableHook = 1000 + iota
+	TestSubmitOnce
+)
diff --git a/pkg/events/core.go b/pkg/events/core.go
@@ -169,6 +169,13 @@ const (
 	MaxSignatureID   ID = 6999
 )
 
+// Test events
+const (
+	SubmitOnce ID = 10000 + iota
+	MissingKsymbol
+	FailedAttach
+)
+
 //
 // All Events
 //
@@ -13531,4 +13538,52 @@ var CoreEvents = map[ID]Definition{
 			{Type: "const char **", Name: "dst_dns"},
 		},
 	},
+
+	// Test Events
+	SubmitOnce: {
+		id:      SubmitOnce,
+		id32Bit: Sys32Undefined,
+		name:    "submit_once",
+		version: NewVersion(1, 0, 0),
+		syscall: false,
+		sets:    []string{"tests", "dependencies"},
+		params:  []trace.ArgMeta{},
+		dependencies: Dependencies{
+			probes: []Probe{
+				{handle: probes.TestSubmitOnce, required: true},
+			},
+		},
+	},
+	MissingKsymbol: {
+		id:      MissingKsymbol,
+		id32Bit: Sys32Undefined,
+		name:    "missing_ksymbol",
+		version: NewVersion(1, 0, 0),
+		syscall: false,
+		sets:    []string{"tests", "dependencies"},
+		params:  []trace.ArgMeta{},
+		dependencies: Dependencies{
+			kSymbols: []KSymbol{
+				{symbol: "non_existing_symbol", required: true},
+			},
+			probes: []Probe{
+				{handle: probes.TestSubmitOnce, required: true},
+			},
+		},
+	},
+	FailedAttach: {
+		id:      FailedAttach,
+		id32Bit: Sys32Undefined,
+		name:    "failed_attach",
+		version: NewVersion(1, 0, 0),
+		syscall: false,
+		sets:    []string{"tests", "dependencies"},
+		params:  []trace.ArgMeta{},
+		dependencies: Dependencies{
+			probes: []Probe{
+				{handle: probes.TestUnavailableHook, required: true},
+				{handle: probes.TestUnavailableHook, required: true},
+			},
+		},
+	},
 }