mirrors/opensnitch
1
0
Fork 0
mirror of https://github.com/evilsocket/opensnitch.git synced 2025-03-04 16:44:46 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
opensnitch/daemon/procmon/process_test.go
Gustavo Iñiguez Goia 4ce8b0e57c ebpf: improved process detection/new events module 
Improved process detections by monitoring new processes execution.
It allow us to know the path of a process before a socket is opened.

Closes #617

Other improvements:
 - If we fail to retrieve the path of a process, then we'll use the comm
   name of the connection/process.
 - Better kernel connections detection.
 - If debugfs is not loaded, we'll try to mount it, to allow to use
   eBPF monitor method.

Future work (help wanted):
 - Extract command line arguments from the kernel (sys_execve, or mm
   struct).
 - Monitor other functions (execveat, clone*, fork, etc).
 - Send these events to the server (GUI), and display all the commands
   an application has executed.
2022-06-24 01:09:45 +02:00

130 lines
2.9 KiB
Go
Raw Blame History

package procmon
import (
"os"
"testing"
)
var (
myPid = os.Getpid()
proc = NewProcess(myPid, "fakeComm")
)
func TestNewProcess(t *testing.T) {
if proc.ID != myPid {
t.Error("NewProcess PID not equal to ", myPid)
}
if proc.Comm != "fakeComm" {
t.Error("NewProcess Comm not equal to fakeComm")
}
}
func TestProcPath(t *testing.T) {
if err := proc.ReadPath(); err != nil {
t.Error("Proc path error:", err)
}
if proc.Path == "/fake/path" {
t.Error("Proc path equal to /fake/path, should be different:", proc.Path)
}
}
func TestProcCwd(t *testing.T) {
err := proc.ReadCwd()
if proc.CWD == "" {
t.Error("Proc readCwd() not read:", err)
}
}
func TestProcCmdline(t *testing.T) {
proc.ReadCmdline()
if len(proc.Args) == 0 {
t.Error("Proc Args should not be empty:", proc.Args)
}
}
func TestProcDescriptors(t *testing.T) {
proc.readDescriptors()
if len(proc.Descriptors) == 0 {
t.Error("Proc Descriptors should not be empty:", proc.Descriptors)
}
}
func TestProcEnv(t *testing.T) {
proc.ReadEnv()
if len(proc.Env) == 0 {
t.Error("Proc Env should not be empty:", proc.Env)
}
}
func TestProcIOStats(t *testing.T) {
proc.readIOStats()
if proc.IOStats.RChar == 0 {
t.Error("Proc.IOStats.RChar should not be 0:", proc.IOStats)
}
if proc.IOStats.WChar == 0 {
t.Error("Proc.IOStats.WChar should not be 0:", proc.IOStats)
}
if proc.IOStats.SyscallRead == 0 {
t.Error("Proc.IOStats.SyscallRead should not be 0:", proc.IOStats)
}
if proc.IOStats.SyscallWrite == 0 {
t.Error("Proc.IOStats.SyscallWrite should not be 0:", proc.IOStats)
}
/*if proc.IOStats.ReadBytes == 0 {
t.Error("Proc.IOStats.ReadBytes should not be 0:", proc.IOStats)
}
if proc.IOStats.WriteBytes == 0 {
t.Error("Proc.IOStats.WriteBytes should not be 0:", proc.IOStats)
}*/
}
func TestProcStatus(t *testing.T) {
proc.readStatus()
if proc.Status == "" {
t.Error("Proc Status should not be empty:", proc)
}
if proc.Stat == "" {
t.Error("Proc Stat should not be empty:", proc)
}
/*if proc.Stack == "" {
t.Error("Proc Stack should not be empty:", proc)
}*/
if proc.Maps == "" {
t.Error("Proc Maps should not be empty:", proc)
}
if proc.Statm.Size == 0 {
t.Error("Proc Statm Size should not be 0:", proc.Statm)
}
if proc.Statm.Resident == 0 {
t.Error("Proc Statm Resident should not be 0:", proc.Statm)
}
if proc.Statm.Shared == 0 {
t.Error("Proc Statm Shared should not be 0:", proc.Statm)
}
if proc.Statm.Text == 0 {
t.Error("Proc Statm Text should not be 0:", proc.Statm)
}
if proc.Statm.Lib != 0 {
t.Error("Proc Statm Lib should not be 0:", proc.Statm)
}
if proc.Statm.Data == 0 {
t.Error("Proc Statm Data should not be 0:", proc.Statm)
}
if proc.Statm.Dt != 0 {
t.Error("Proc Statm Dt should not be 0:", proc.Statm)
}
}
func TestProcCleanPath(t *testing.T) {
proc.Path = "/fake/path/binary (deleted)"
proc.CleanPath()
if proc.Path != "/fake/path/binary" {
t.Error("Proc cleanPath() not cleaned:", proc.Path)
}
}
Reference in a new issue View git blame Copy permalink