Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
gitpod-io
GitHub Repository: gitpod-io/gitpod
 Path: blob/main/components/ee/agent-smith/pkg/classifier/classifier_test.go
2501 views
1
// Copyright (c) 2022 Gitpod GmbH. All rights reserved.

2
// Licensed under the GNU Affero General Public License (AGPL).

3
// See License.AGPL.txt in the project root for license information.

4


5
package classifier_test

6


7
import (

8
	"testing"

9


10
	"github.com/gitpod-io/gitpod/agent-smith/pkg/classifier"

11
	"github.com/google/go-cmp/cmp"

12
)

13


14
func TestCommandlineClassifier(t *testing.T) {

15
	var (

16
		allowed = []string{"allowed"}

17
		blocked = []string{"blocked"}

18
	)

19


20
	type Input struct {

21
		Executable string

22
		Cmdline    []string

23
	}

24
	tests := []struct {

25
		Name        string

26
		AllowList   []string

27
		BlockList   []string

28
		Input       Input

29
		Expectation *classifier.Classification

30
	}{

31
		{

32
			Name:        "empty lists",

33
			Expectation: &classifier.Classification{Level: classifier.LevelNoMatch, Classifier: classifier.ClassifierCommandline},

34
		},

35
		{

36
			Name:        "blocked cmd positive",

37
			BlockList:   blocked,

38
			Input:       Input{Cmdline: blocked},

39
			Expectation: &classifier.Classification{Level: classifier.LevelAudit, Classifier: classifier.ClassifierCommandline, Message: `matched "blocked"`},

40
		},

41
		{

42
			Name:        "blocked exec positive",

43
			BlockList:   blocked,

44
			Input:       Input{Executable: "./" + blocked[0]},

45
			Expectation: &classifier.Classification{Level: classifier.LevelAudit, Classifier: classifier.ClassifierCommandline, Message: `matched "blocked"`},

46
		},

47
		{

48
			Name:        "blocked negative",

49
			BlockList:   blocked,

50
			Input:       Input{Cmdline: allowed},

51
			Expectation: &classifier.Classification{Level: classifier.LevelNoMatch, Classifier: classifier.ClassifierCommandline},

52
		},

53
		{

54
			Name:        "alowed positive",

55
			AllowList:   allowed,

56
			BlockList:   blocked,

57
			Input:       Input{Cmdline: []string{allowed[0], blocked[0]}},

58
			Expectation: &classifier.Classification{Level: classifier.LevelNoMatch, Classifier: classifier.ClassifierCommandline},

59
		},

60
		{

61
			Name:        "alowed cmd positive",

62
			AllowList:   allowed,

63
			BlockList:   blocked,

64
			Input:       Input{Executable: allowed[0] + "/" + blocked[0]},

65
			Expectation: &classifier.Classification{Level: classifier.LevelNoMatch, Classifier: classifier.ClassifierCommandline},

66
		},

67
		{

68
			Name:        "alowed negative",

69
			AllowList:   blocked,

70
			BlockList:   blocked,

71
			Input:       Input{Cmdline: []string{allowed[0], blocked[0]}},

72
			Expectation: &classifier.Classification{Level: classifier.LevelNoMatch, Classifier: classifier.ClassifierCommandline},

73
		},

74
	}

75
	for _, test := range tests {

76
		t.Run(test.Name, func(t *testing.T) {

77
			class, err := classifier.NewCommandlineClassifier("test", classifier.LevelAudit, test.AllowList, test.BlockList)

78
			if err != nil {

79
				t.Fatal(err)

80
			}

81


82
			act, err := class.Matches(test.Input.Executable, test.Input.Cmdline)

83
			if err != nil {

84
				t.Error(err)

85
				return

86
			}

87


88
			if diff := cmp.Diff(test.Expectation, act); diff != "" {

89
				t.Errorf("unexpected CommandlineClassifier (-want +got):\n%s", diff)

90
			}

91
		})

92
	}

93
}

94


95