-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathsockfinder_test.go
More file actions
90 lines (72 loc) · 2.86 KB
/
sockfinder_test.go
File metadata and controls
90 lines (72 loc) · 2.86 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
// (c) Siemens AG 2023
//
// SPDX-License-Identifier: MIT
package turtlefinder
import (
"net"
"os"
"github.com/thediveo/lxkns/model"
. "github.com/onsi/ginkgo/v2"
. "github.com/onsi/gomega"
. "github.com/onsi/gomega/gleak"
. "github.com/thediveo/fdooze"
. "github.com/thediveo/success"
)
var _ = Describe("socket finder", func() {
BeforeEach(func() {
goodfds := Filedescriptors()
goodgos := Goroutines() // avoid other failed goroutine tests to spill over
DeferCleanup(func() {
Eventually(Goroutines).WithTimeout(goroutinesUnwindTimeout).WithPolling(goroutinesUnwindPolling).
ShouldNot(HaveLeaked(goodgos))
Expect(Filedescriptors()).NotTo(HaveLeakedFds(goodfds))
})
})
When("reading socket file descriptors of a process", func() {
It("reports a non-existing PID", func() {
Expect(rawSocketFdsOfProcess("", 0)).Error().To(MatchError(ContainSubstring(
"cannot determine fds for process with PID 0, reason")))
})
It("reports when access is denied", func() {
if os.Getegid() == 0 {
Skip("must be run as non-root")
}
Expect(rawSocketFdsOfProcess("", 1)).Error().To(MatchError(ContainSubstring(
"permission denied")))
})
It("only returns sockets, nothing else", func() {
fakeproc := Successful(os.MkdirTemp("", "fakeproc-*"))
defer os.RemoveAll(fakeproc)
fakefds := fakeproc + "/proc/123456/fd"
Expect(os.MkdirAll(fakefds, 0770)).To(Succeed())
Expect(os.Symlink("/foobar", fakefds+"/1")).To(Succeed())
Expect(os.Symlink("socket:[2345678]", fakefds+"/2")).To(Succeed())
Expect(os.WriteFile(fakefds+"/3", []byte("foobar"), 0644)).To(Succeed())
Expect(os.Symlink("socket:[", fakefds+"/666")).To(Succeed())
Expect(rawSocketFdsOfProcess(fakeproc, 123456)).To(ConsistOf(
rawSocketFd{fd: "2", socketino: "2345678"},
))
})
})
It("finds Docker API unix socket", func() {
sox := listeningUDSVisibleToProcess(model.PIDType(os.Getpid()))
// when inside devcontainer, the docker features will put the genuine
// socket into /var/run with /run referencing it, instead of what
// standard Docker package setup does, so we have to cover both situations.
Expect(sox).To(ContainElement(MatchRegexp("^/(?:var/)?run/docker.sock$")))
})
It("finds listening canary unix socket", func() {
fakesockdir := Successful(os.MkdirTemp("", "fakesock-*"))
defer os.RemoveAll(fakesockdir)
canarysockpath := fakesockdir + "/canary.sock"
lsock := Successful(net.Listen("unix", canarysockpath))
defer lsock.Close()
soxpaths := listeningUDSPathsOfProcess(
model.PIDType(os.Getpid()),
listeningUDSVisibleToProcess(model.PIDType(os.Getpid())))
Expect(soxpaths).To(ContainElement(canarysockpath))
rawfds := Successful(rawSocketFdsOfProcess("", model.PIDType(os.Getpid())))
lsox := listeningUDSPaths(rawfds, listeningUDSVisibleToProcess(model.PIDType(os.Getpid())))
Expect(lsox).To(ContainElement(canarysockpath))
})
})