From e9dc324e3dbf43b130f800e4dbf1e229a75b4e0f Mon Sep 17 00:00:00 2001
From: Afek Berger <afekb@armosec.io>
Date: Thu, 21 Nov 2024 09:39:42 +0200
Subject: [PATCH] WIP: Fixed event types in tests

Signed-off-by: Afek Berger <afekb@armosec.io>
---
 .../r0001_unexpected_process_launched_test.go | 56 ++++++++++--------
 .../v1/r0002_unexpected_file_access_test.go   | 22 +++----
 .../r0007_kubernetes_client_executed_test.go  | 19 +++---
 ...0_unexpected_sensitive_file_access_test.go | 25 ++++----
 .../r1000_exec_from_malicious_source_test.go  | 19 +++---
 .../v1/r1004_exec_from_mount_test.go          | 21 ++++---
 .../v1/r1011_ld_preload_hook_test.go          | 58 ++++++++++---------
 7 files changed, 124 insertions(+), 96 deletions(-)

diff --git a/pkg/ruleengine/v1/r0001_unexpected_process_launched_test.go b/pkg/ruleengine/v1/r0001_unexpected_process_launched_test.go
index 7eff76af..f0261f1b 100644
--- a/pkg/ruleengine/v1/r0001_unexpected_process_launched_test.go
+++ b/pkg/ruleengine/v1/r0001_unexpected_process_launched_test.go
@@ -3,6 +3,8 @@ package ruleengine
 import (
 	"testing"
 
+	events "github.com/kubescape/node-agent/pkg/ebpf/events"
+
 	"github.com/kubescape/node-agent/pkg/objectcache"
 	"github.com/kubescape/node-agent/pkg/utils"
 
@@ -20,18 +22,20 @@ func TestR0001UnexpectedProcessLaunched(t *testing.T) {
 		t.Errorf("Expected r to not be nil")
 	}
 
-	e := &tracerexectype.Event{
-		Event: eventtypes.Event{
-			CommonData: eventtypes.CommonData{
-				K8s: eventtypes.K8sMetadata{
-					BasicK8sMetadata: eventtypes.BasicK8sMetadata{
-						ContainerName: "test",
+	e := &events.ExecEvent{
+		Event: tracerexectype.Event{
+			Event: eventtypes.Event{
+				CommonData: eventtypes.CommonData{
+					K8s: eventtypes.K8sMetadata{
+						BasicK8sMetadata: eventtypes.BasicK8sMetadata{
+							ContainerName: "test",
+						},
 					},
 				},
 			},
+			Comm: "/test",
+			Args: []string{"test"},
 		},
-		Comm: "/test",
-		Args: []string{"test"},
 	}
 
 	// Test with nil appProfileAccess
@@ -64,18 +68,20 @@ func TestR0001UnexpectedProcessLaunched(t *testing.T) {
 	}
 
 	// Test with non-whitelisted exec
-	e = &tracerexectype.Event{
-		Event: eventtypes.Event{
-			CommonData: eventtypes.CommonData{
-				K8s: eventtypes.K8sMetadata{
-					BasicK8sMetadata: eventtypes.BasicK8sMetadata{
-						ContainerName: "test",
+	e = &events.ExecEvent{
+		Event: tracerexectype.Event{
+			Event: eventtypes.Event{
+				CommonData: eventtypes.CommonData{
+					K8s: eventtypes.K8sMetadata{
+						BasicK8sMetadata: eventtypes.BasicK8sMetadata{
+							ContainerName: "test",
+						},
 					},
 				},
 			},
+			Comm: "/asdasd",
+			Args: []string{"asdasd"},
 		},
-		Comm: "/asdasd",
-		Args: []string{"asdasd"},
 	}
 	ruleResult = r.ProcessEvent(utils.ExecveEventType, e, &objCache)
 	if ruleResult == nil {
@@ -111,18 +117,20 @@ func TestR0001UnexpectedProcessLaunchedArgCompare(t *testing.T) {
 		objCache.SetApplicationProfile(profile)
 	}
 
-	e := &tracerexectype.Event{
-		Event: eventtypes.Event{
-			CommonData: eventtypes.CommonData{
-				K8s: eventtypes.K8sMetadata{
-					BasicK8sMetadata: eventtypes.BasicK8sMetadata{
-						ContainerName: "test",
+	e := &events.ExecEvent{
+		Event: tracerexectype.Event{
+			Event: eventtypes.Event{
+				CommonData: eventtypes.CommonData{
+					K8s: eventtypes.K8sMetadata{
+						BasicK8sMetadata: eventtypes.BasicK8sMetadata{
+							ContainerName: "test",
+						},
 					},
 				},
 			},
+			ExePath: "/test",
+			Args:    []string{"/test", "something"},
 		},
-		ExePath: "/test",
-		Args:    []string{"/test", "something"},
 	}
 
 	// Test with whitelisted exec
diff --git a/pkg/ruleengine/v1/r0002_unexpected_file_access_test.go b/pkg/ruleengine/v1/r0002_unexpected_file_access_test.go
index 8ecfac38..bc97eb72 100644
--- a/pkg/ruleengine/v1/r0002_unexpected_file_access_test.go
+++ b/pkg/ruleengine/v1/r0002_unexpected_file_access_test.go
@@ -5,6 +5,7 @@ import (
 
 	corev1 "k8s.io/api/core/v1"
 
+	"github.com/kubescape/node-agent/pkg/ebpf/events"
 	"github.com/kubescape/node-agent/pkg/objectcache"
 	"github.com/kubescape/node-agent/pkg/utils"
 
@@ -23,21 +24,22 @@ func TestR0002UnexpectedFileAccess(t *testing.T) {
 	}
 
 	// Create a file access event
-	e := &traceropentype.Event{
-		Event: eventtypes.Event{
-			CommonData: eventtypes.CommonData{
-				K8s: eventtypes.K8sMetadata{
-					BasicK8sMetadata: eventtypes.BasicK8sMetadata{
-						ContainerName: "test",
+	e := &events.OpenEvent{
+		Event: traceropentype.Event{
+			Event: eventtypes.Event{
+				CommonData: eventtypes.CommonData{
+					K8s: eventtypes.K8sMetadata{
+						BasicK8sMetadata: eventtypes.BasicK8sMetadata{
+							ContainerName: "test",
+						},
 					},
 				},
 			},
+			Path:     "/test",
+			FullPath: "/test",
+			Flags:    []string{"O_RDONLY"},
 		},
-		Path:     "/test",
-		FullPath: "/test",
-		Flags:    []string{"O_RDONLY"},
 	}
-
 	// Test with nil appProfileAccess
 	ruleResult := r.ProcessEvent(utils.OpenEventType, e, &objectcache.ObjectCacheMock{})
 	if ruleResult != nil {
diff --git a/pkg/ruleengine/v1/r0007_kubernetes_client_executed_test.go b/pkg/ruleengine/v1/r0007_kubernetes_client_executed_test.go
index 25379326..b55ab6d2 100644
--- a/pkg/ruleengine/v1/r0007_kubernetes_client_executed_test.go
+++ b/pkg/ruleengine/v1/r0007_kubernetes_client_executed_test.go
@@ -3,6 +3,7 @@ package ruleengine
 import (
 	"testing"
 
+	"github.com/kubescape/node-agent/pkg/ebpf/events"
 	"github.com/kubescape/node-agent/pkg/utils"
 
 	"github.com/kubescape/storage/pkg/apis/softwarecomposition/v1beta1"
@@ -20,18 +21,20 @@ func TestR0007KubernetesClientExecuted(t *testing.T) {
 	}
 
 	// Create an exec event
-	e := &tracerexectype.Event{
-		Event: eventtypes.Event{
-			CommonData: eventtypes.CommonData{
-				K8s: eventtypes.K8sMetadata{
-					BasicK8sMetadata: eventtypes.BasicK8sMetadata{
-						ContainerName: "test",
+	e := &events.ExecEvent{
+		Event: tracerexectype.Event{
+			Event: eventtypes.Event{
+				CommonData: eventtypes.CommonData{
+					K8s: eventtypes.K8sMetadata{
+						BasicK8sMetadata: eventtypes.BasicK8sMetadata{
+							ContainerName: "test",
+						},
 					},
 				},
 			},
+			Comm: "/test",
+			Args: []string{},
 		},
-		Comm: "/test",
-		Args: []string{},
 	}
 
 	objCache := RuleObjectCacheMock{}
diff --git a/pkg/ruleengine/v1/r0010_unexpected_sensitive_file_access_test.go b/pkg/ruleengine/v1/r0010_unexpected_sensitive_file_access_test.go
index e45d7f2b..b530c093 100644
--- a/pkg/ruleengine/v1/r0010_unexpected_sensitive_file_access_test.go
+++ b/pkg/ruleengine/v1/r0010_unexpected_sensitive_file_access_test.go
@@ -5,24 +5,27 @@ import (
 
 	traceropentype "github.com/inspektor-gadget/inspektor-gadget/pkg/gadgets/trace/open/types"
 	eventtypes "github.com/inspektor-gadget/inspektor-gadget/pkg/types"
+	events "github.com/kubescape/node-agent/pkg/ebpf/events"
 	"github.com/kubescape/node-agent/pkg/utils"
 	"github.com/kubescape/storage/pkg/apis/softwarecomposition/v1beta1"
 )
 
-func createTestEvent(path string, flags []string) *traceropentype.Event {
-	return &traceropentype.Event{
-		Event: eventtypes.Event{
-			CommonData: eventtypes.CommonData{
-				K8s: eventtypes.K8sMetadata{
-					BasicK8sMetadata: eventtypes.BasicK8sMetadata{
-						ContainerName: "test",
+func createTestEvent(path string, flags []string) *events.OpenEvent {
+	return &events.OpenEvent{
+		Event: traceropentype.Event{
+			Event: eventtypes.Event{
+				CommonData: eventtypes.CommonData{
+					K8s: eventtypes.K8sMetadata{
+						BasicK8sMetadata: eventtypes.BasicK8sMetadata{
+							ContainerName: "test",
+						},
 					},
 				},
 			},
+			Path:     path,
+			FullPath: path,
+			Flags:    flags,
 		},
-		Path:     path,
-		FullPath: path,
-		Flags:    flags,
 	}
 }
 
@@ -50,7 +53,7 @@ func createTestProfile(containerName string, paths []string, flags []string) *v1
 func TestR0010UnexpectedSensitiveFileAccess(t *testing.T) {
 	tests := []struct {
 		name            string
-		event           *traceropentype.Event
+		event           *events.OpenEvent
 		profile         *v1beta1.ApplicationProfile
 		additionalPaths []interface{}
 		expectAlert     bool
diff --git a/pkg/ruleengine/v1/r1000_exec_from_malicious_source_test.go b/pkg/ruleengine/v1/r1000_exec_from_malicious_source_test.go
index 5345fb2f..86340f5c 100644
--- a/pkg/ruleengine/v1/r1000_exec_from_malicious_source_test.go
+++ b/pkg/ruleengine/v1/r1000_exec_from_malicious_source_test.go
@@ -3,6 +3,7 @@ package ruleengine
 import (
 	"testing"
 
+	events "github.com/kubescape/node-agent/pkg/ebpf/events"
 	"github.com/kubescape/node-agent/pkg/utils"
 
 	tracerexectype "github.com/inspektor-gadget/inspektor-gadget/pkg/gadgets/trace/exec/types"
@@ -17,18 +18,20 @@ func TestR1000ExecFromMaliciousSource(t *testing.T) {
 		t.Errorf("Expected r to not be nil")
 	}
 	// Create an exec event
-	e := &tracerexectype.Event{
-		Event: eventtypes.Event{
-			CommonData: eventtypes.CommonData{
-				K8s: eventtypes.K8sMetadata{
-					BasicK8sMetadata: eventtypes.BasicK8sMetadata{
-						ContainerName: "test",
+	e := &events.ExecEvent{
+		Event: tracerexectype.Event{
+			Event: eventtypes.Event{
+				CommonData: eventtypes.CommonData{
+					K8s: eventtypes.K8sMetadata{
+						BasicK8sMetadata: eventtypes.BasicK8sMetadata{
+							ContainerName: "test",
+						},
 					},
 				},
 			},
+			Comm: "/test",
+			Args: []string{},
 		},
-		Comm: "/test",
-		Args: []string{},
 	}
 
 	ruleResult := r.ProcessEvent(utils.ExecveEventType, e, &RuleObjectCacheMock{})
diff --git a/pkg/ruleengine/v1/r1004_exec_from_mount_test.go b/pkg/ruleengine/v1/r1004_exec_from_mount_test.go
index 2d52b73c..afe06715 100644
--- a/pkg/ruleengine/v1/r1004_exec_from_mount_test.go
+++ b/pkg/ruleengine/v1/r1004_exec_from_mount_test.go
@@ -7,6 +7,7 @@ import (
 
 	tracerexectype "github.com/inspektor-gadget/inspektor-gadget/pkg/gadgets/trace/exec/types"
 	eventtypes "github.com/inspektor-gadget/inspektor-gadget/pkg/types"
+	events "github.com/kubescape/node-agent/pkg/ebpf/events"
 	"github.com/kubescape/storage/pkg/apis/softwarecomposition/v1beta1"
 	corev1 "k8s.io/api/core/v1"
 )
@@ -18,19 +19,21 @@ func TestR1004ExecFromMount(t *testing.T) {
 	if r == nil {
 		t.Errorf("Expected r to not be nil")
 	}
-	e := &tracerexectype.Event{
-		Event: eventtypes.Event{
-			CommonData: eventtypes.CommonData{
-				K8s: eventtypes.K8sMetadata{
-					BasicK8sMetadata: eventtypes.BasicK8sMetadata{
-						ContainerName: "test",
+	e := &events.ExecEvent{
+		Event: tracerexectype.Event{
+			Event: eventtypes.Event{
+				CommonData: eventtypes.CommonData{
+					K8s: eventtypes.K8sMetadata{
+						BasicK8sMetadata: eventtypes.BasicK8sMetadata{
+							ContainerName: "test",
+						},
 					},
+					Runtime: eventtypes.BasicRuntimeMetadata{ContainerID: "test"},
 				},
-				Runtime: eventtypes.BasicRuntimeMetadata{ContainerID: "test"},
 			},
+			Comm: "/test",
+			Args: []string{},
 		},
-		Comm: "/test",
-		Args: []string{},
 	}
 
 	// Test case where path is not mounted
diff --git a/pkg/ruleengine/v1/r1011_ld_preload_hook_test.go b/pkg/ruleengine/v1/r1011_ld_preload_hook_test.go
index 1807b379..e44e6c64 100644
--- a/pkg/ruleengine/v1/r1011_ld_preload_hook_test.go
+++ b/pkg/ruleengine/v1/r1011_ld_preload_hook_test.go
@@ -3,10 +3,10 @@ package ruleengine
 import (
 	"testing"
 
+	"github.com/kubescape/node-agent/pkg/ebpf/events"
 	"github.com/kubescape/node-agent/pkg/utils"
 	"github.com/kubescape/storage/pkg/apis/softwarecomposition/v1beta1"
 
-	tracerexectype "github.com/inspektor-gadget/inspektor-gadget/pkg/gadgets/trace/exec/types"
 	traceropentype "github.com/inspektor-gadget/inspektor-gadget/pkg/gadgets/trace/open/types"
 	eventtypes "github.com/inspektor-gadget/inspektor-gadget/pkg/types"
 	corev1 "k8s.io/api/core/v1"
@@ -35,19 +35,21 @@ func TestR1011LdPreloadHook(t *testing.T) {
 	}
 
 	// Create open event
-	e := &traceropentype.Event{
-		Event: eventtypes.Event{
-			CommonData: eventtypes.CommonData{
-				K8s: eventtypes.K8sMetadata{
-					BasicK8sMetadata: eventtypes.BasicK8sMetadata{
-						ContainerName: "test",
+	e := &events.OpenEvent{
+		Event: traceropentype.Event{
+			Event: eventtypes.Event{
+				CommonData: eventtypes.CommonData{
+					K8s: eventtypes.K8sMetadata{
+						BasicK8sMetadata: eventtypes.BasicK8sMetadata{
+							ContainerName: "test",
+						},
 					},
 				},
 			},
+			Comm:     "test",
+			FullPath: "/etc/ld.so.preload",
+			FlagsRaw: 1,
 		},
-		Comm:     "test",
-		FullPath: "/etc/ld.so.preload",
-		FlagsRaw: 1,
 	}
 
 	// Test with existing ld_preload file
@@ -100,17 +102,19 @@ func TestR1011LdPreloadHook(t *testing.T) {
 	}
 
 	// Create open event
-	e2 := &tracerexectype.Event{
-		Event: eventtypes.Event{
-			CommonData: eventtypes.CommonData{
-				K8s: eventtypes.K8sMetadata{
-					BasicK8sMetadata: eventtypes.BasicK8sMetadata{
-						ContainerName: "test",
+	e2 := &events.OpenEvent{
+		Event: traceropentype.Event{
+			Event: eventtypes.Event{
+				CommonData: eventtypes.CommonData{
+					K8s: eventtypes.K8sMetadata{
+						BasicK8sMetadata: eventtypes.BasicK8sMetadata{
+							ContainerName: "test",
+						},
 					},
 				},
 			},
+			Comm: "java",
 		},
-		Comm: "java",
 	}
 	// Test with exec event
 	ruleResult = r.ProcessEvent(utils.ExecveEventType, e2, &objCache)
@@ -118,19 +122,21 @@ func TestR1011LdPreloadHook(t *testing.T) {
 		t.Errorf("Expected ruleResult to be nil since exec event is on java")
 	}
 
-	e3 := &traceropentype.Event{
-		Event: eventtypes.Event{
-			CommonData: eventtypes.CommonData{
-				K8s: eventtypes.K8sMetadata{
-					BasicK8sMetadata: eventtypes.BasicK8sMetadata{
-						ContainerName: "test",
+	e3 := &events.OpenEvent{
+		Event: traceropentype.Event{
+			Event: eventtypes.Event{
+				CommonData: eventtypes.CommonData{
+					K8s: eventtypes.K8sMetadata{
+						BasicK8sMetadata: eventtypes.BasicK8sMetadata{
+							ContainerName: "test",
+						},
 					},
 				},
 			},
+			Comm:     "test",
+			FullPath: "/etc/ld.so.preload",
+			FlagsRaw: 1,
 		},
-		Comm:     "test",
-		FullPath: "/etc/ld.so.preload",
-		FlagsRaw: 1,
 	}
 
 	objCache = RuleObjectCacheMock{}