WIP: Fixed event types in tests

Signed-off-by: Afek Berger <[email protected]>

pkg/ruleengine/v1/r0001_unexpected_process_launched_test.go

@@ -3,6 +3,8 @@ package ruleengine
 import (
 	"testing"
 
+	events "github.com/kubescape/node-agent/pkg/ebpf/events"
+
 	"github.com/kubescape/node-agent/pkg/objectcache"
 	"github.com/kubescape/node-agent/pkg/utils"
 
@@ -20,18 +22,20 @@ func TestR0001UnexpectedProcessLaunched(t *testing.T) {
 		t.Errorf("Expected r to not be nil")
 	}
 
-	e := &tracerexectype.Event{
-		Event: eventtypes.Event{
-			CommonData: eventtypes.CommonData{
-				K8s: eventtypes.K8sMetadata{
-					BasicK8sMetadata: eventtypes.BasicK8sMetadata{
-						ContainerName: "test",
+	e := &events.ExecEvent{
+		Event: tracerexectype.Event{
+			Event: eventtypes.Event{
+				CommonData: eventtypes.CommonData{
+					K8s: eventtypes.K8sMetadata{
+						BasicK8sMetadata: eventtypes.BasicK8sMetadata{
+							ContainerName: "test",
+						},
 					},
 				},
 			},
+			Comm: "/test",
+			Args: []string{"test"},
 		},
-		Comm: "/test",
-		Args: []string{"test"},
 	}
 
 	// Test with nil appProfileAccess
@@ -64,18 +68,20 @@ func TestR0001UnexpectedProcessLaunched(t *testing.T) {
 	}
 
 	// Test with non-whitelisted exec
-	e = &tracerexectype.Event{
-		Event: eventtypes.Event{
-			CommonData: eventtypes.CommonData{
-				K8s: eventtypes.K8sMetadata{
-					BasicK8sMetadata: eventtypes.BasicK8sMetadata{
-						ContainerName: "test",
+	e = &events.ExecEvent{
+		Event: tracerexectype.Event{
+			Event: eventtypes.Event{
+				CommonData: eventtypes.CommonData{
+					K8s: eventtypes.K8sMetadata{
+						BasicK8sMetadata: eventtypes.BasicK8sMetadata{
+							ContainerName: "test",
+						},
 					},
 				},
 			},
+			Comm: "/asdasd",
+			Args: []string{"asdasd"},
 		},
-		Comm: "/asdasd",
-		Args: []string{"asdasd"},
 	}
 	ruleResult = r.ProcessEvent(utils.ExecveEventType, e, &objCache)
 	if ruleResult == nil {
@@ -111,18 +117,20 @@ func TestR0001UnexpectedProcessLaunchedArgCompare(t *testing.T) {
 		objCache.SetApplicationProfile(profile)
 	}
 
-	e := &tracerexectype.Event{
-		Event: eventtypes.Event{
-			CommonData: eventtypes.CommonData{
-				K8s: eventtypes.K8sMetadata{
-					BasicK8sMetadata: eventtypes.BasicK8sMetadata{
-						ContainerName: "test",
+	e := &events.ExecEvent{
+		Event: tracerexectype.Event{
+			Event: eventtypes.Event{
+				CommonData: eventtypes.CommonData{
+					K8s: eventtypes.K8sMetadata{
+						BasicK8sMetadata: eventtypes.BasicK8sMetadata{
+							ContainerName: "test",
+						},
 					},
 				},
 			},
+			ExePath: "/test",
+			Args:    []string{"/test", "something"},
 		},
-		ExePath: "/test",
-		Args:    []string{"/test", "something"},
 	}
 
 	// Test with whitelisted exec

pkg/ruleengine/v1/r0002_unexpected_file_access_test.go

@@ -5,6 +5,7 @@ import (
 
 	corev1 "k8s.io/api/core/v1"
 
+	"github.com/kubescape/node-agent/pkg/ebpf/events"
 	"github.com/kubescape/node-agent/pkg/objectcache"
 	"github.com/kubescape/node-agent/pkg/utils"
 
@@ -23,21 +24,22 @@ func TestR0002UnexpectedFileAccess(t *testing.T) {
 	}
 
 	// Create a file access event
-	e := &traceropentype.Event{
-		Event: eventtypes.Event{
-			CommonData: eventtypes.CommonData{
-				K8s: eventtypes.K8sMetadata{
-					BasicK8sMetadata: eventtypes.BasicK8sMetadata{
-						ContainerName: "test",
+	e := &events.OpenEvent{
+		Event: traceropentype.Event{
+			Event: eventtypes.Event{
+				CommonData: eventtypes.CommonData{
+					K8s: eventtypes.K8sMetadata{
+						BasicK8sMetadata: eventtypes.BasicK8sMetadata{
+							ContainerName: "test",
+						},
 					},
 				},
 			},
+			Path:     "/test",
+			FullPath: "/test",
+			Flags:    []string{"O_RDONLY"},
 		},
-		Path:     "/test",
-		FullPath: "/test",
-		Flags:    []string{"O_RDONLY"},
 	}
-
 	// Test with nil appProfileAccess
 	ruleResult := r.ProcessEvent(utils.OpenEventType, e, &objectcache.ObjectCacheMock{})
 	if ruleResult != nil {

pkg/ruleengine/v1/r0007_kubernetes_client_executed_test.go

@@ -3,6 +3,7 @@ package ruleengine
 import (
 	"testing"
 
+	"github.com/kubescape/node-agent/pkg/ebpf/events"
 	"github.com/kubescape/node-agent/pkg/utils"
 
 	"github.com/kubescape/storage/pkg/apis/softwarecomposition/v1beta1"
@@ -20,18 +21,20 @@ func TestR0007KubernetesClientExecuted(t *testing.T) {
 	}
 
 	// Create an exec event
-	e := &tracerexectype.Event{
-		Event: eventtypes.Event{
-			CommonData: eventtypes.CommonData{
-				K8s: eventtypes.K8sMetadata{
-					BasicK8sMetadata: eventtypes.BasicK8sMetadata{
-						ContainerName: "test",
+	e := &events.ExecEvent{
+		Event: tracerexectype.Event{
+			Event: eventtypes.Event{
+				CommonData: eventtypes.CommonData{
+					K8s: eventtypes.K8sMetadata{
+						BasicK8sMetadata: eventtypes.BasicK8sMetadata{
+							ContainerName: "test",
+						},
 					},
 				},
 			},
+			Comm: "/test",
+			Args: []string{},
 		},
-		Comm: "/test",
-		Args: []string{},
 	}
 
 	objCache := RuleObjectCacheMock{}

pkg/ruleengine/v1/r0010_unexpected_sensitive_file_access_test.go

@@ -5,24 +5,27 @@ import (
 
 	traceropentype "github.com/inspektor-gadget/inspektor-gadget/pkg/gadgets/trace/open/types"
 	eventtypes "github.com/inspektor-gadget/inspektor-gadget/pkg/types"
+	events "github.com/kubescape/node-agent/pkg/ebpf/events"
 	"github.com/kubescape/node-agent/pkg/utils"
 	"github.com/kubescape/storage/pkg/apis/softwarecomposition/v1beta1"
 )
 
-func createTestEvent(path string, flags []string) *traceropentype.Event {
-	return &traceropentype.Event{
-		Event: eventtypes.Event{
-			CommonData: eventtypes.CommonData{
-				K8s: eventtypes.K8sMetadata{
-					BasicK8sMetadata: eventtypes.BasicK8sMetadata{
-						ContainerName: "test",
+func createTestEvent(path string, flags []string) *events.OpenEvent {
+	return &events.OpenEvent{
+		Event: traceropentype.Event{
+			Event: eventtypes.Event{
+				CommonData: eventtypes.CommonData{
+					K8s: eventtypes.K8sMetadata{
+						BasicK8sMetadata: eventtypes.BasicK8sMetadata{
+							ContainerName: "test",
+						},
 					},
 				},
 			},
+			Path:     path,
+			FullPath: path,
+			Flags:    flags,
 		},
-		Path:     path,
-		FullPath: path,
-		Flags:    flags,
 	}
 }
 
@@ -50,7 +53,7 @@ func createTestProfile(containerName string, paths []string, flags []string) *v1
 func TestR0010UnexpectedSensitiveFileAccess(t *testing.T) {
 	tests := []struct {
 		name            string
-		event           *traceropentype.Event
+		event           *events.OpenEvent
 		profile         *v1beta1.ApplicationProfile
 		additionalPaths []interface{}
 		expectAlert     bool

pkg/ruleengine/v1/r1000_exec_from_malicious_source_test.go

@@ -3,6 +3,7 @@ package ruleengine
 import (
 	"testing"
 
+	events "github.com/kubescape/node-agent/pkg/ebpf/events"
 	"github.com/kubescape/node-agent/pkg/utils"
 
 	tracerexectype "github.com/inspektor-gadget/inspektor-gadget/pkg/gadgets/trace/exec/types"
@@ -17,18 +18,20 @@ func TestR1000ExecFromMaliciousSource(t *testing.T) {
 		t.Errorf("Expected r to not be nil")
 	}
 	// Create an exec event
-	e := &tracerexectype.Event{
-		Event: eventtypes.Event{
-			CommonData: eventtypes.CommonData{
-				K8s: eventtypes.K8sMetadata{
-					BasicK8sMetadata: eventtypes.BasicK8sMetadata{
-						ContainerName: "test",
+	e := &events.ExecEvent{
+		Event: tracerexectype.Event{
+			Event: eventtypes.Event{
+				CommonData: eventtypes.CommonData{
+					K8s: eventtypes.K8sMetadata{
+						BasicK8sMetadata: eventtypes.BasicK8sMetadata{
+							ContainerName: "test",
+						},
 					},
 				},
 			},
+			Comm: "/test",
+			Args: []string{},
 		},
-		Comm: "/test",
-		Args: []string{},
 	}
 
 	ruleResult := r.ProcessEvent(utils.ExecveEventType, e, &RuleObjectCacheMock{})

pkg/ruleengine/v1/r1004_exec_from_mount_test.go

@@ -7,6 +7,7 @@ import (
 
 	tracerexectype "github.com/inspektor-gadget/inspektor-gadget/pkg/gadgets/trace/exec/types"
 	eventtypes "github.com/inspektor-gadget/inspektor-gadget/pkg/types"
+	events "github.com/kubescape/node-agent/pkg/ebpf/events"
 	"github.com/kubescape/storage/pkg/apis/softwarecomposition/v1beta1"
 	corev1 "k8s.io/api/core/v1"
 )
@@ -18,19 +19,21 @@ func TestR1004ExecFromMount(t *testing.T) {
 	if r == nil {
 		t.Errorf("Expected r to not be nil")
 	}
-	e := &tracerexectype.Event{
-		Event: eventtypes.Event{
-			CommonData: eventtypes.CommonData{
-				K8s: eventtypes.K8sMetadata{
-					BasicK8sMetadata: eventtypes.BasicK8sMetadata{
-						ContainerName: "test",
+	e := &events.ExecEvent{
+		Event: tracerexectype.Event{
+			Event: eventtypes.Event{
+				CommonData: eventtypes.CommonData{
+					K8s: eventtypes.K8sMetadata{
+						BasicK8sMetadata: eventtypes.BasicK8sMetadata{
+							ContainerName: "test",
+						},
 					},
+					Runtime: eventtypes.BasicRuntimeMetadata{ContainerID: "test"},
 				},
-				Runtime: eventtypes.BasicRuntimeMetadata{ContainerID: "test"},
 			},
+			Comm: "/test",
+			Args: []string{},
 		},
-		Comm: "/test",
-		Args: []string{},
 	}
 
 	// Test case where path is not mounted

pkg/ruleengine/v1/r1011_ld_preload_hook_test.go

@@ -3,10 +3,10 @@ package ruleengine
 import (
 	"testing"
 
+	"github.com/kubescape/node-agent/pkg/ebpf/events"
 	"github.com/kubescape/node-agent/pkg/utils"
 	"github.com/kubescape/storage/pkg/apis/softwarecomposition/v1beta1"
 
-	tracerexectype "github.com/inspektor-gadget/inspektor-gadget/pkg/gadgets/trace/exec/types"
 	traceropentype "github.com/inspektor-gadget/inspektor-gadget/pkg/gadgets/trace/open/types"
 	eventtypes "github.com/inspektor-gadget/inspektor-gadget/pkg/types"
 	corev1 "k8s.io/api/core/v1"
@@ -35,19 +35,21 @@ func TestR1011LdPreloadHook(t *testing.T) {
 	}
 
 	// Create open event
-	e := &traceropentype.Event{
-		Event: eventtypes.Event{
-			CommonData: eventtypes.CommonData{
-				K8s: eventtypes.K8sMetadata{
-					BasicK8sMetadata: eventtypes.BasicK8sMetadata{
-						ContainerName: "test",
+	e := &events.OpenEvent{
+		Event: traceropentype.Event{
+			Event: eventtypes.Event{
+				CommonData: eventtypes.CommonData{
+					K8s: eventtypes.K8sMetadata{
+						BasicK8sMetadata: eventtypes.BasicK8sMetadata{
+							ContainerName: "test",
+						},
 					},
 				},
 			},
+			Comm:     "test",
+			FullPath: "/etc/ld.so.preload",
+			FlagsRaw: 1,
 		},
-		Comm:     "test",
-		FullPath: "/etc/ld.so.preload",
-		FlagsRaw: 1,
 	}
 
 	// Test with existing ld_preload file
@@ -100,37 +102,41 @@ func TestR1011LdPreloadHook(t *testing.T) {
 	}
 
 	// Create open event
-	e2 := &tracerexectype.Event{
-		Event: eventtypes.Event{
-			CommonData: eventtypes.CommonData{
-				K8s: eventtypes.K8sMetadata{
-					BasicK8sMetadata: eventtypes.BasicK8sMetadata{
-						ContainerName: "test",
+	e2 := &events.OpenEvent{
+		Event: traceropentype.Event{
+			Event: eventtypes.Event{
+				CommonData: eventtypes.CommonData{
+					K8s: eventtypes.K8sMetadata{
+						BasicK8sMetadata: eventtypes.BasicK8sMetadata{
+							ContainerName: "test",
+						},
 					},
 				},
 			},
+			Comm: "java",
 		},
-		Comm: "java",
 	}
 	// Test with exec event
 	ruleResult = r.ProcessEvent(utils.ExecveEventType, e2, &objCache)
 	if ruleResult != nil {
 		t.Errorf("Expected ruleResult to be nil since exec event is on java")
 	}
 
-	e3 := &traceropentype.Event{
-		Event: eventtypes.Event{
-			CommonData: eventtypes.CommonData{
-				K8s: eventtypes.K8sMetadata{
-					BasicK8sMetadata: eventtypes.BasicK8sMetadata{
-						ContainerName: "test",
+	e3 := &events.OpenEvent{
+		Event: traceropentype.Event{
+			Event: eventtypes.Event{
+				CommonData: eventtypes.CommonData{
+					K8s: eventtypes.K8sMetadata{
+						BasicK8sMetadata: eventtypes.BasicK8sMetadata{
+							ContainerName: "test",
+						},
 					},
 				},
 			},
+			Comm:     "test",
+			FullPath: "/etc/ld.so.preload",
+			FlagsRaw: 1,
 		},
-		Comm:     "test",
-		FullPath: "/etc/ld.so.preload",
-		FlagsRaw: 1,
 	}
 
 	objCache = RuleObjectCacheMock{}