diff --git a/suite2cases/secDetector.json b/suite2cases/secDetector.json new file mode 100644 index 0000000000000000000000000000000000000000..f79e8ea60661dc7746c4c0a0ad49f35e8b8df4f5 --- /dev/null +++ b/suite2cases/secDetector.json @@ -0,0 +1,8 @@ +{ + "path": "$OET_PATH/testcases/smoke-test/smoke-secDetector", + "cases": [ + { + "name": "os_test_secDetector_basic_test" + } + ] +} diff --git a/testcases/smoke-test/smoke-secDetector/client.py b/testcases/smoke-test/smoke-secDetector/client.py new file mode 100644 index 0000000000000000000000000000000000000000..b6222995b347ea8de01ab58597a9bdd3a1c76a30 --- /dev/null +++ b/testcases/smoke-test/smoke-secDetector/client.py @@ -0,0 +1,42 @@ +#!/usr/bin/python3 +# -*- coding: utf-8 -*- + +import ctypes +import time +import sys +import threading +from threading import Thread + +sys.path.append("./common") +from common import * + +def main(): + + topic = int(0x00FFFFFF) + + reader = thread_func_sub(topic) + + threadlist = [] + + tsub_read = Thread(target=thread_func_read,args=(reader,)) + tsub_read.start() + + threadlist.append(tsub_read) + + file_check() + time.sleep(1) + process_check() + time.sleep(1) + behav_check() + time.sleep(1) + + thread_func_unsub(topic, reader) + + for t in threadlist: + t.join() + + print("client end") + +if __name__ == '__main__': + main() + diff --git a/testcases/smoke-test/smoke-secDetector/common/common.py b/testcases/smoke-test/smoke-secDetector/common/common.py new file mode 100644 index 0000000000000000000000000000000000000000..67548618bb75835f69fbbece0bba4612179def58 --- /dev/null +++ b/testcases/smoke-test/smoke-secDetector/common/common.py @@ -0,0 +1,93 @@ +import ctypes +import time +import sys, os +import tempfile +import threading +import subprocess +from threading import Thread + +DATA_LEN = 1024 + +secDetectorsdklib = ctypes.cdll.LoadLibrary('/usr/lib64/secDetector/libsecDetectorsdk.so') + +g_cli_reader = ctypes.c_void_p +g_cli_reader_lock = threading.Lock() + +secDetectorsdklib.secSub.argtypes = [ctypes.c_int] +secDetectorsdklib.secSub.restype = ctypes.c_void_p +secDetectorsdklib.secUnsub.argtypes = [ctypes.c_void_p] +secDetectorsdklib.secUnsub.restype = None +secDetectorsdklib.secReadFrom.argtypes = [ctypes.c_void_p, ctypes.c_char_p, ctypes.c_int] +secDetectorsdklib.secReadFrom.restype = None + +reader_state = False + +def thread_func_sub(num): + global reader_state + cli_reader = secDetectorsdklib.secSub(num) + if cli_reader == None: + print("sub fail") + else: + print("sub success") + print("client thread_func_sub end") + reader_state = True + + return cli_reader + + +def thread_func_read(cli_reader): + global reader_state + print("client thread_func_read start") + + data = ctypes.create_string_buffer(DATA_LEN) + data_len = ctypes.c_int(DATA_LEN) + + while reader_state: + if data.value.decode() == 'end': + print("client received end") + break + secDetectorsdklib.secReadFrom(cli_reader, data, data_len) + + print("client thread_func_read end") + print(time.strftime('%Y-%m-%d %H:%M:%S',time.localtime(time.time()))) + +def thread_func_unsub(num, cli_reader): + global reader_state + print("client thread_func_unsub start") + print(time.strftime('%Y-%m-%d %H:%M:%S',time.localtime(time.time()))) + secDetectorsdklib.secUnsub(cli_reader) + + print("client thread_func_unsub end") + print(time.strftime('%Y-%m-%d %H:%M:%S',time.localtime(time.time()))) + reader_state = False + +def file_check(): + fd, path = tempfile.mkstemp() + try: + with os.fdopen(fd, 'w+') as tmp: + tmp.write('stuff') + s = tmp.readline() + finally: + os.utime(path, (1602179630, 1602179630)) + os.remove(path) + +def process_check(): + os.system("id") + subprocess.run(["su", "tester", "-c", "id"]) + +def behav_check(): + os.system('id | grep uid') + + + +def expect_eq(left, right): + if left == right: + print("check success!!") + else: + print("check fail!!") + +def expect_ne(left, right): + if left == right: + print("check fail!!") + else: + print("check success!!") diff --git a/testcases/smoke-test/smoke-secDetector/common/common.sh b/testcases/smoke-test/smoke-secDetector/common/common.sh new file mode 100644 index 0000000000000000000000000000000000000000..bfd864e047f07796cb7cf6bf01ef64c0376736a9 --- /dev/null +++ b/testcases/smoke-test/smoke-secDetector/common/common.sh @@ -0,0 +1,30 @@ +#!/bin/bash +# shellcheck disable=SC1017 + +source "${OET_PATH}/libs/locallibs/common_lib.sh" + +# 部署secD +function secD_deploy() { + yum install -y gdb secDetector* + modprobe secDetector_core + modprobe secDetector_kmodule_baseline + modprobe secDetector_memory_corruption + modprobe secDetector_program_action +} + +# 移除secD +function secD_remove() { + modprobe -r secDetector_program_action + modprobe -r secDetector_memory_corruption + modprobe -r secDetector_kmodule_baseline + modprobe -r secDetector_core +} + +function secD_start() { + ulimit -l unlimited + secDetectord +} + +function secD_stop() { + pkill secDetectord +} diff --git a/testcases/smoke-test/smoke-secDetector/os_test_secDetector_basic_test.sh b/testcases/smoke-test/smoke-secDetector/os_test_secDetector_basic_test.sh new file mode 100644 index 0000000000000000000000000000000000000000..9c662268a863898ef3b37cc33b1195031d788849 --- /dev/null +++ b/testcases/smoke-test/smoke-secDetector/os_test_secDetector_basic_test.sh @@ -0,0 +1,43 @@ +#!/bin/bash +# Copyright (c), 2024-2024, HUAWEI tech. Co., Ltd. +# Description: secDetector basic test +# Author: lijiaming +# Create: 2024-07-29 +# shellcheck disable=SC1017,SC1091 + +source ./common/common.sh +set +e + +function pre_test() { + secD_deploy + secD_start + useradd tester +} + +function run_test() { + python client.py > res.txt + grep 'event_name:sched_process_fork' res.txt + CHECK_RESULT $? + grep 'event_name:readfile' res.txt + CHECK_RESULT $? + grep 'event_name:execve_cmd' res.txt + CHECK_RESULT $? + grep 'event_name:createfile' res.txt + CHECK_RESULT $? + grep 'event_name:delfile' res.txt + CHECK_RESULT $? + grep 'event_name:commit_creds' res.txt + CHECK_RESULT $? + grep 'event_type=createpipe' res.txt + CHECK_RESULT $? + +} + +function post_test() { + rm -rf res.txt + userdel -r tester + secD_stop + secD_remove +} + +main "$@"