Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
gitpod-io
GitHub Repository: gitpod-io/gitpod
 Path: blob/main/components/ee/agent-smith/pkg/config/config_test.go
2501 views
1
// Copyright (c) 2024 Gitpod GmbH. All rights reserved.

2
// Licensed under the GNU Affero General Public License (AGPL).

3
// See License.AGPL.txt in the project root for license information.

4


5
package config

6


7
import (

8
	"testing"

9


10
	"github.com/gitpod-io/gitpod/agent-smith/pkg/classifier"

11
)

12


13
func TestFileClassifierIndependence(t *testing.T) {

14
	// Create a blocklist with both process and filesystem signatures

15
	blocklists := &Blocklists{

16
		Audit: &PerLevelBlocklist{

17
			Binaries: []string{"malware"}, // Process-related

18
			Signatures: []*classifier.Signature{

19
				{

20
					Name:     "process-sig",

21
					Domain:   classifier.DomainProcess,

22
					Pattern:  []byte("process-pattern"),

23
					Filename: []string{"malware.exe"},

24
				},

25
				{

26
					Name:     "filesystem-sig",

27
					Domain:   classifier.DomainFileSystem,

28
					Pattern:  []byte("filesystem-pattern"),

29
					Filename: []string{"virus.exe"},

30
				},

31
			},

32
		},

33
		Very: &PerLevelBlocklist{

34
			Signatures: []*classifier.Signature{

35
				{

36
					Name:     "filesystem-sig-2",

37
					Domain:   classifier.DomainFileSystem,

38
					Pattern:  []byte("another-pattern"),

39
					Filename: []string{"trojan.exe"},

40
				},

41
			},

42
		},

43
	}

44


45
	// Test process classifier (existing functionality - should be unchanged)

46
	processClass, err := blocklists.Classifier()

47
	if err != nil {

48
		t.Fatalf("Failed to create process classifier: %v", err)

49
	}

50
	if processClass == nil {

51
		t.Fatal("Process classifier should not be nil")

52
	}

53


54
	// Test new filesystem classifier

55
	filesystemClass, err := blocklists.FileClassifier()

56
	if err != nil {

57
		t.Fatalf("Failed to create filesystem classifier: %v", err)

58
	}

59
	if filesystemClass == nil {

60
		t.Fatal("Filesystem classifier should not be nil")

61
	}

62


63
	// Verify filesystem classifier has the right signatures

64
	fsSignatures := filesystemClass.GetFileSignatures()

65
	if len(fsSignatures) != 2 {

66
		t.Errorf("Expected 2 filesystem signatures, got %d", len(fsSignatures))

67
	}

68


69
	// Verify signatures are filesystem domain only

70
	for _, sig := range fsSignatures {

71
		if sig.Domain != classifier.DomainFileSystem {

72
			t.Errorf("Expected filesystem domain signature, got %s", sig.Domain)

73
		}

74
	}

75


76
	// Verify they are completely independent objects (can't directly compare different interface types)

77
	// Instead, verify they have different behaviors

78
	processSignatures := 0

79
	if pc, ok := processClass.(*classifier.CountingMetricsClassifier); ok {

80
		// Process classifier is wrapped in CountingMetricsClassifier

81
		_ = pc                // Just verify the type cast works

82
		processSignatures = 1 // We know it exists because we created it

83
	}

84


85
	filesystemSignatures := len(filesystemClass.GetFileSignatures())

86
	if filesystemSignatures == 0 {

87
		t.Error("Filesystem classifier should have signatures")

88
	}

89


90
	// They should serve different purposes

91
	if processSignatures == 0 && filesystemSignatures == 0 {

92
		t.Error("At least one classifier should have content")

93
	}

94


95
	// Test filesystem classifier functionality

96
	result, err := filesystemClass.MatchesFile("/nonexistent/virus.exe")

97
	if err != nil {

98
		t.Fatalf("Filesystem classification failed: %v", err)

99
	}

100
	if result == nil {

101
		t.Error("Expected non-nil classification result")

102
	}

103
}

104


105
func TestFileClassifierEmptyConfig(t *testing.T) {

106
	// Test with nil blocklists

107
	var blocklists *Blocklists

108
	filesystemClass, err := blocklists.FileClassifier()

109
	if err != nil {

110
		t.Fatalf("Failed to create filesystem classifier from nil config: %v", err)

111
	}

112
	if filesystemClass == nil {

113
		t.Fatal("Filesystem classifier should not be nil even with empty config")

114
	}

115


116
	// Should have no signatures

117
	signatures := filesystemClass.GetFileSignatures()

118
	if len(signatures) != 0 {

119
		t.Errorf("Expected 0 signatures from empty config, got %d", len(signatures))

120
	}

121
}

122


123
func TestFileClassifierNoFilesystemSignatures(t *testing.T) {

124
	// Test with blocklists that have no filesystem signatures

125
	blocklists := &Blocklists{

126
		Audit: &PerLevelBlocklist{

127
			Binaries: []string{"malware"},

128
			Signatures: []*classifier.Signature{

129
				{

130
					Name:     "process-only",

131
					Domain:   classifier.DomainProcess,

132
					Pattern:  []byte("process-pattern"),

133
					Filename: []string{"malware.exe"},

134
				},

135
			},

136
		},

137
	}

138


139
	filesystemClass, err := blocklists.FileClassifier()

140
	if err != nil {

141
		t.Fatalf("Failed to create filesystem classifier: %v", err)

142
	}

143


144
	// Should have no filesystem signatures

145
	signatures := filesystemClass.GetFileSignatures()

146
	if len(signatures) != 0 {

147
		t.Errorf("Expected 0 filesystem signatures, got %d", len(signatures))

148
	}

149
}

150


151