diff --git a/agent/tests/agenttest/src/lib.rs b/agent/tests/agenttest/src/lib.rs index e2223a7..86995a2 100644 --- a/agent/tests/agenttest/src/lib.rs +++ b/agent/tests/agenttest/src/lib.rs @@ -3,8 +3,7 @@ use anyhow::{bail, Result}; use libbpf_rs::{Link, Map, Object, RingBufferBuilder}; -use std::env; -use std::path::{Path, PathBuf}; +use std::path::Path; use std::process::Child; use std::time::Duration; @@ -13,23 +12,6 @@ mod skel { } use skel::*; -pub fn target_dir() -> PathBuf { - env::current_exe() - .ok() - .map(|mut path| { - path.pop(); - if path.ends_with("deps") { - path.pop(); - } - path - }) - .unwrap() -} - -pub fn agent_path() -> PathBuf { - target_dir().join("crypto-auditing-agent") -} - pub fn bump_memlock_rlimit() -> Result<()> { let rlimit = libc::rlimit { rlim_cur: 128 << 20, diff --git a/agent/tests/coalesce.rs b/agent/tests/coalesce.rs index 7637fd2..dec9240 100644 --- a/agent/tests/coalesce.rs +++ b/agent/tests/coalesce.rs @@ -8,27 +8,50 @@ use crypto_auditing::types::EventGroup; use probe::probe; use serde_cbor::de::Deserializer; use std::env; -use std::panic; use std::path::PathBuf; -use std::process::Command; +use std::process::{Child, Command}; use std::thread; use std::time::Duration; use tempfile::tempdir; +fn target_dir() -> PathBuf { + env::current_exe() + .ok() + .map(|mut path| { + path.pop(); + if path.ends_with("deps") { + path.pop(); + } + path + }) + .unwrap() +} + fn fixture_dir() -> PathBuf { - PathBuf::from(env!("CARGO_MANIFEST_DIR")).join("fixtures") + PathBuf::from(env!("CARGO_MANIFEST_DIR")) + .parent() + .unwrap() + .join("fixtures") +} + +struct AgentProcess(Child); + +impl Drop for AgentProcess { + fn drop(&mut self) { + self.0.kill().expect("unable to kill event-broker"); + } } #[test] fn test_probe_coalesce() { bump_memlock_rlimit().expect("unable to bump memlock rlimit"); - let agent_path = agent_path(); + let agent_path = target_dir().join("crypto-auditing-agent"); let log_dir = tempdir().expect("unable to create temporary directory"); let log_path = log_dir.path().join("agent.log"); - let mut process = Command::new(&agent_path) + let process = Command::new(&agent_path) .arg("-c") - .arg(fixture_dir().join("agent.conf")) + .arg(fixture_dir().join("conf").join("agent.conf")) .arg("--log-file") .arg(&log_path) .arg("--library") @@ -38,6 +61,9 @@ fn test_probe_coalesce() { .spawn() .expect("unable to spawn agent"); + // Make sure the agent process will be killed at exit + let process = AgentProcess(process); + // Wait until the agent process starts up for _ in 0..5 { if log_path.exists() { @@ -47,59 +73,53 @@ fn test_probe_coalesce() { } assert!(log_path.exists()); - let result = panic::catch_unwind(|| { - let foo = String::from("foo\0"); - let bar = String::from("bar\0"); - let baz = String::from("baz\0"); - - let (_link, object) = - attach_bpf(&process, &agent_path).expect("unable to attach agent.bpf.o"); - let map = object.map("ringbuf").expect("unable to get ringbuf map"); - - let timeout = Duration::from_secs(10); - - let result = with_ringbuffer( - map, - || { - probe!(crypto_auditing, new_context, 1, 2); - probe!(crypto_auditing, word_data, 1, foo.as_ptr(), 3); - probe!(crypto_auditing, string_data, 1, bar.as_ptr(), bar.as_ptr()); - probe!( - crypto_auditing, - blob_data, - 1, - baz.as_ptr(), - baz.as_ptr(), - baz.len() - ); - }, - timeout, - ) - .expect("unable to exercise probe points"); - assert_eq!(result, 4); - let result = with_ringbuffer( - map, - || { - probe!(crypto_auditing, new_context, 4, 5); - }, - timeout, - ) - .expect("unable to exercise probe points"); - assert_eq!(result, 1); - - let log_file = std::fs::File::open(&log_path) - .expect(&format!("unable to read file `{}`", log_path.display())); - - let groups: Result, _> = Deserializer::from_reader(&log_file) - .into_iter::() - .collect(); - let groups = groups.expect("error deserializing"); - assert_eq!(groups.len(), 2); - assert_eq!(groups[0].events().len(), 4); - assert_eq!(groups[1].events().len(), 1); - }); - - process.kill().expect("unable to kill agent"); - - assert!(result.is_ok()); + let foo = String::from("foo\0"); + let bar = String::from("bar\0"); + let baz = String::from("baz\0"); + + let (_link, object) = + attach_bpf(&process.0, &agent_path).expect("unable to attach agent.bpf.o"); + let map = object.map("ringbuf").expect("unable to get ringbuf map"); + + let timeout = Duration::from_secs(10); + + let result = with_ringbuffer( + map, + || { + probe!(crypto_auditing, new_context, 1, 2); + probe!(crypto_auditing, word_data, 1, foo.as_ptr(), 3); + probe!(crypto_auditing, string_data, 1, bar.as_ptr(), bar.as_ptr()); + probe!( + crypto_auditing, + blob_data, + 1, + baz.as_ptr(), + baz.as_ptr(), + baz.len() + ); + }, + timeout, + ) + .expect("unable to exercise probe points"); + assert_eq!(result, 4); + let result = with_ringbuffer( + map, + || { + probe!(crypto_auditing, new_context, 4, 5); + }, + timeout, + ) + .expect("unable to exercise probe points"); + assert_eq!(result, 1); + + let log_file = std::fs::File::open(&log_path) + .expect(&format!("unable to read file `{}`", log_path.display())); + + let groups: Result, _> = Deserializer::from_reader(&log_file) + .into_iter::() + .collect(); + let groups = groups.expect("error deserializing"); + assert_eq!(groups.len(), 2); + assert_eq!(groups[0].events().len(), 4); + assert_eq!(groups[1].events().len(), 1); } diff --git a/agent/tests/no_coalesce.rs b/agent/tests/no_coalesce.rs index 7f8f62e..515d730 100644 --- a/agent/tests/no_coalesce.rs +++ b/agent/tests/no_coalesce.rs @@ -8,27 +8,50 @@ use crypto_auditing::types::EventGroup; use probe::probe; use serde_cbor::de::Deserializer; use std::env; -use std::panic; use std::path::PathBuf; -use std::process::Command; +use std::process::{Child, Command}; use std::thread; use std::time::Duration; use tempfile::tempdir; +fn target_dir() -> PathBuf { + env::current_exe() + .ok() + .map(|mut path| { + path.pop(); + if path.ends_with("deps") { + path.pop(); + } + path + }) + .unwrap() +} + fn fixture_dir() -> PathBuf { - PathBuf::from(env!("CARGO_MANIFEST_DIR")).join("fixtures") + PathBuf::from(env!("CARGO_MANIFEST_DIR")) + .parent() + .unwrap() + .join("fixtures") +} + +struct AgentProcess(Child); + +impl Drop for AgentProcess { + fn drop(&mut self) { + self.0.kill().expect("unable to kill event-broker"); + } } #[test] fn test_probe_no_coalesce() { bump_memlock_rlimit().expect("unable to bump memlock rlimit"); - let agent_path = agent_path(); + let agent_path = target_dir().join("crypto-auditing-agent"); let log_dir = tempdir().expect("unable to create temporary directory"); let log_path = log_dir.path().join("agent.log"); - let mut process = Command::new(&agent_path) + let process = Command::new(&agent_path) .arg("-c") - .arg(fixture_dir().join("agent.conf")) + .arg(fixture_dir().join("conf").join("agent.conf")) .arg("--log-file") .arg(&log_path) .arg("--library") @@ -36,6 +59,9 @@ fn test_probe_no_coalesce() { .spawn() .expect("unable to spawn agent"); + // Make sure the agent process will be killed at exit + let process = AgentProcess(process); + // Wait until the agent starts up for _ in 0..5 { if log_path.exists() { @@ -45,86 +71,80 @@ fn test_probe_no_coalesce() { } assert!(log_path.exists()); - let result = panic::catch_unwind(|| { - let foo = String::from("foo\0"); - let bar = String::from("bar\0"); - let baz = String::from("baz\0"); - - let (_link, object) = - attach_bpf(&process, &agent_path).expect("unable to attach agent.bpf.o"); - let map = object.map("ringbuf").expect("unable to get ringbuf map"); - - let timeout = Duration::from_secs(10); - - let result = with_ringbuffer( - map, - || { - probe!(crypto_auditing, new_context, 1, 2); - }, - timeout, - ) - .expect("unable to exercise probe points"); - assert_eq!(result, 1); - let result = with_ringbuffer( - map, - || { - probe!(crypto_auditing, word_data, 1, foo.as_ptr(), 3); - }, - timeout, - ) - .expect("unable to exercise probe points"); - assert_eq!(result, 1); - let result = with_ringbuffer( - map, - || { - probe!(crypto_auditing, string_data, 1, bar.as_ptr(), bar.as_ptr()); - }, - timeout, - ) - .expect("unable to exercise probe points"); - assert_eq!(result, 1); - let result = with_ringbuffer( - map, - || { - probe!( - crypto_auditing, - blob_data, - 1, - baz.as_ptr(), - baz.as_ptr(), - baz.len() - ); - }, - timeout, - ) - .expect("unable to exercise probe points"); - assert_eq!(result, 1); - let result = with_ringbuffer( - map, - || { - probe!(crypto_auditing, new_context, 4, 5); - }, - timeout, - ) - .expect("unable to exercise probe points"); - assert_eq!(result, 1); - - let log_file = std::fs::File::open(&log_path) - .expect(&format!("unable to read file `{}`", log_path.display())); - - let groups: Result, _> = Deserializer::from_reader(&log_file) - .into_iter::() - .collect(); - let groups = groups.expect("error deserializing"); - assert_eq!(groups.len(), 5); - assert_eq!(groups[0].events().len(), 1); - assert_eq!(groups[1].events().len(), 1); - assert_eq!(groups[2].events().len(), 1); - assert_eq!(groups[3].events().len(), 1); - assert_eq!(groups[4].events().len(), 1); - }); - - process.kill().expect("unable to kill agent"); - - assert!(result.is_ok()); + let foo = String::from("foo\0"); + let bar = String::from("bar\0"); + let baz = String::from("baz\0"); + + let (_link, object) = + attach_bpf(&process.0, &agent_path).expect("unable to attach agent.bpf.o"); + let map = object.map("ringbuf").expect("unable to get ringbuf map"); + + let timeout = Duration::from_secs(10); + + let result = with_ringbuffer( + map, + || { + probe!(crypto_auditing, new_context, 1, 2); + }, + timeout, + ) + .expect("unable to exercise probe points"); + assert_eq!(result, 1); + let result = with_ringbuffer( + map, + || { + probe!(crypto_auditing, word_data, 1, foo.as_ptr(), 3); + }, + timeout, + ) + .expect("unable to exercise probe points"); + assert_eq!(result, 1); + let result = with_ringbuffer( + map, + || { + probe!(crypto_auditing, string_data, 1, bar.as_ptr(), bar.as_ptr()); + }, + timeout, + ) + .expect("unable to exercise probe points"); + assert_eq!(result, 1); + let result = with_ringbuffer( + map, + || { + probe!( + crypto_auditing, + blob_data, + 1, + baz.as_ptr(), + baz.as_ptr(), + baz.len() + ); + }, + timeout, + ) + .expect("unable to exercise probe points"); + assert_eq!(result, 1); + let result = with_ringbuffer( + map, + || { + probe!(crypto_auditing, new_context, 4, 5); + }, + timeout, + ) + .expect("unable to exercise probe points"); + assert_eq!(result, 1); + + let log_file = std::fs::File::open(&log_path) + .expect(&format!("unable to read file `{}`", log_path.display())); + + let groups: Result, _> = Deserializer::from_reader(&log_file) + .into_iter::() + .collect(); + let groups = groups.expect("error deserializing"); + assert_eq!(groups.len(), 5); + assert_eq!(groups[0].events().len(), 1); + assert_eq!(groups[1].events().len(), 1); + assert_eq!(groups[2].events().len(), 1); + assert_eq!(groups[3].events().len(), 1); + assert_eq!(groups[4].events().len(), 1); } diff --git a/agent/fixtures/agent.conf b/fixtures/conf/agent.conf similarity index 81% rename from agent/fixtures/agent.conf rename to fixtures/conf/agent.conf index 44ae95c..46747ef 100644 --- a/agent/fixtures/agent.conf +++ b/fixtures/conf/agent.conf @@ -2,6 +2,4 @@ # log_file = "/var/log/crypto-auditing/audit.cborseq" # user = "crypto-auditing:crypto-auditing" # coalesce_window = 100 -# max_events = 1000000 - -coalesce_window = 0 +# max_events = 1000000 \ No newline at end of file