From c68803fe317ae500bf3c64d635ac24b50d7b21e8 Mon Sep 17 00:00:00 2001 From: 06kellyjac Date: Sat, 21 May 2022 13:41:10 +0100 Subject: [PATCH] tracee: add manual nixosTest for integration testing --- .../security/tracee/skip-init-test.patch | 12 ++++++ .../tracee/skip-magic_write-test.patch | 12 ++++++ pkgs/tools/security/tracee/test.nix | 41 +++++++++++++++++++ 3 files changed, 65 insertions(+) create mode 100644 pkgs/tools/security/tracee/skip-init-test.patch create mode 100644 pkgs/tools/security/tracee/skip-magic_write-test.patch create mode 100644 pkgs/tools/security/tracee/test.nix diff --git a/pkgs/tools/security/tracee/skip-init-test.patch b/pkgs/tools/security/tracee/skip-init-test.patch new file mode 100644 index 000000000000..612e56e4446f --- /dev/null +++ b/pkgs/tools/security/tracee/skip-init-test.patch @@ -0,0 +1,12 @@ +diff --git a/tests/integration/integration_test.go b/tests/integration/integration_test.go +index 8601eb9..57088d2 100644 +--- a/tests/integration/integration_test.go ++++ b/tests/integration/integration_test.go +@@ -149,6 +149,7 @@ func checkUidzero(t *testing.T, gotOutput *bytes.Buffer) { + + // only capture pids of 1 + func checkPidOne(t *testing.T, gotOutput *bytes.Buffer) { ++ t.Skip("Not compatible with systemd init") + _, _ = exec.Command("init", "q").CombinedOutput() + + waitForTraceeOutput(gotOutput, time.Now()) diff --git a/pkgs/tools/security/tracee/skip-magic_write-test.patch b/pkgs/tools/security/tracee/skip-magic_write-test.patch new file mode 100644 index 000000000000..99869a18f0e8 --- /dev/null +++ b/pkgs/tools/security/tracee/skip-magic_write-test.patch @@ -0,0 +1,12 @@ +diff --git a/tests/integration/integration_test.go b/tests/integration/integration_test.go +index 8601eb9..a8a3eed 100644 +--- a/tests/integration/integration_test.go ++++ b/tests/integration/integration_test.go +@@ -75,6 +75,7 @@ func waitForTraceeOutput(gotOutput *bytes.Buffer, now time.Time) { + + // small set of actions to trigger a magic write event + func checkMagicwrite(t *testing.T, gotOutput *bytes.Buffer) { ++ t.Skip() + // create a temp dir for testing + d, err := ioutil.TempDir("", "Test_MagicWrite-dir-*") + require.NoError(t, err) diff --git a/pkgs/tools/security/tracee/test.nix b/pkgs/tools/security/tracee/test.nix new file mode 100644 index 000000000000..cb639ed03173 --- /dev/null +++ b/pkgs/tools/security/tracee/test.nix @@ -0,0 +1,41 @@ +{ pkgs ? import ../../../../. { } }: + +# manually run `nix-build ./pkgs/tools/security/tracee/test.nix` to test +pkgs.nixosTest ({ + name = "tracee-test"; + nodes = { + machine = { config, pkgs, ... }: { + environment.systemPackages = [ + pkgs.tracee + # build the go integration tests as a binary + (pkgs.tracee.overrideAttrs (oa: { + pname = oa.pname + "-integration"; + patches = oa.patches or [] ++ [ + # skip test that runs `init -q` which is incompatible with systemd init + ./skip-init-test.patch + # skip magic_write test that currently fails + ./skip-magic_write-test.patch + ]; + # just build the static lib we need for the go test binary + makeFlags = oa.makeFlags ++ [ "./dist/libbpf/libbpf.a" ]; + postBuild = '' + # by default the tests are disabled and this is intended to be commented out + sed -i '/t.Skip("This test requires root privileges")/d' ./tests/integration/integration_test.go + CGO_CFLAGS="-I$PWD/dist/libbpf" CGO_LDFLAGS="-lelf -lz $PWD/dist/libbpf/libbpf.a" go test -tags ebpf,integration -c -o $GOPATH/tracee-integration ./tests/integration + ''; + doCheck = false; + installPhase = '' + mkdir -p $out/bin + cp $GOPATH/tracee-integration $out/bin + ''; + doInstallCheck = false; + })) + ]; + }; + }; + + testScript = '' + with subtest("run integration tests"): + print(machine.succeed('TRC_BIN="$(which tracee-ebpf)" tracee-integration -test.v -test.run "Test_Events"')) + ''; +})