summaryrefslogtreecommitdiff
path: root/internal/eventloop_security_test.go
diff options
context:
space:
mode:
Diffstat (limited to 'internal/eventloop_security_test.go')
-rw-r--r--internal/eventloop_security_test.go86
1 files changed, 86 insertions, 0 deletions
diff --git a/internal/eventloop_security_test.go b/internal/eventloop_security_test.go
new file mode 100644
index 0000000..0dd9ae7
--- /dev/null
+++ b/internal/eventloop_security_test.go
@@ -0,0 +1,86 @@
+package internal
+
+import (
+ "testing"
+
+ "ior/internal/event"
+ "ior/internal/globalfilter"
+ "ior/internal/types"
+)
+
+func TestHandlePerfOpenExitTracksReturnedFd(t *testing.T) {
+ el := mustNewEventLoop(t, eventLoopConfig{})
+
+ enter := &types.PerfOpenEvent{
+ EventType: types.ENTER_PERF_OPEN_EVENT,
+ TraceId: types.SYS_ENTER_PERF_EVENT_OPEN,
+ Time: 100,
+ Pid: 200,
+ Tid: 201,
+ AttrType: 1,
+ AttrSize: 64,
+ Config: 2,
+ TargetPid: 0,
+ Cpu: -1,
+ GroupFd: -1,
+ Flags: 0,
+ }
+ exit := &types.RetEvent{
+ EventType: types.EXIT_RET_EVENT,
+ TraceId: types.SYS_EXIT_PERF_EVENT_OPEN,
+ Time: 200,
+ Ret: 77,
+ Pid: 200,
+ Tid: 201,
+ }
+ ep := &event.Pair{EnterEv: enter, ExitEv: exit}
+
+ if ok := el.handlePerfOpenExit(ep, enter); !ok {
+ t.Fatal("handlePerfOpenExit returned false")
+ }
+ if ep.File == nil || ep.File.FD() != 77 {
+ t.Fatalf("expected resolved perf fd 77, got file=%v", ep.File)
+ }
+}
+
+func TestHandlePerfOpenExitAppliesPairFilter(t *testing.T) {
+ el := mustNewEventLoop(t, eventLoopConfig{
+ filter: globalfilter.Filter{
+ Syscall: &globalfilter.StringFilter{Pattern: "openat"},
+ },
+ })
+
+ enter := &types.PerfOpenEvent{
+ EventType: types.ENTER_PERF_OPEN_EVENT,
+ TraceId: types.SYS_ENTER_PERF_EVENT_OPEN,
+ Time: 100,
+ Pid: 202,
+ Tid: 203,
+ }
+ exit := &types.RetEvent{
+ EventType: types.EXIT_RET_EVENT,
+ TraceId: types.SYS_EXIT_PERF_EVENT_OPEN,
+ Time: 200,
+ Ret: 1,
+ Pid: 202,
+ Tid: 203,
+ }
+ ep := &event.Pair{EnterEv: enter, ExitEv: exit}
+
+ if ok := el.handlePerfOpenExit(ep, enter); ok {
+ t.Fatal("handlePerfOpenExit should reject pair due to filter mismatch")
+ }
+}
+
+func TestInitRawHandlersRegistersSecurityEvents(t *testing.T) {
+ el := mustNewEventLoop(t, eventLoopConfig{})
+ if _, ok := el.rawHandlers[types.ENTER_KEYCTL_EVENT]; !ok {
+ t.Fatal("ENTER_KEYCTL_EVENT handler is not registered")
+ }
+ if _, ok := el.rawHandlers[types.ENTER_PTRACE_EVENT]; !ok {
+ t.Fatal("ENTER_PTRACE_EVENT handler is not registered")
+ }
+ if _, ok := el.rawHandlers[types.ENTER_PERF_OPEN_EVENT]; !ok {
+ t.Fatal("ENTER_PERF_OPEN_EVENT handler is not registered")
+ }
+}
generated by cgit v1.2.3 (git 2.25.1) at 2026-06-16 06:45:16 +0000