Skip to content

Commit

Permalink
Merge pull request #1872 from prady0t/HostPolicy-fuzzer
Browse files Browse the repository at this point in the history 
Adding fuzzer for HostPolicy
  • Loading branch information
@daemon1024
daemon1024 authored Oct 16, 2024
2 parents 8147d52 + 2c305b7 commit 8dd10c4
Showing 1 changed file with 59 additions and 0 deletions.
59 changes: 59 additions & 0 deletions KubeArmor/core/hostPolicy_fuzz_test.go
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,59 @@
// SPDX-License-Identifier: Apache-2.0
// Copyright 2024 Authors of KubeArmor
package core

import (
"context"
"github.com/kubearmor/KubeArmor/KubeArmor/policy"
pb "github.com/kubearmor/KubeArmor/protobuf"
"testing"
)

func FuzzHostPolicy(f *testing.F) {
data := &pb.Policy{
Policy: []byte(`
apiVersion: security.kubearmor.com/v1
kind: KubeArmorHostPolicy
metadata:
name: hsp-cve-2019-14271
spec:
tags: ["CVE-2019-14271","docker-cp","libraries","docker-tar","root-code-execution"]
message: "Alert! Docker Binary Has Been Executed."
nodeSelector:
matchLabels:
kubernetes.io/hostname: gke-ubuntu #change with your hostname
process:
severity: 2
matchPaths:
- path: /usr/bin/docker
- path: /usr/sbin/chroot
- path: /usr/lib/tar
- path: /usr/lib/chmod
action: Block
file:
severity: 3
matchDirectories:
- dir: /lib/x86_64-linux-gnu/
- dir: /var/log/
action: Block
`),
}
dm := NewKubeArmorDaemon()
f.Add(data.Policy)
f.Fuzz(func(t *testing.T, data []byte) {
p := &policy.PolicyServer{
UpdateHostPolicy: dm.ParseAndUpdateHostSecurityPolicy,
HostPolicyEnabled: true,
}
policy := &pb.Policy{
Policy: data,
}
res, err := p.HostPolicy(context.Background(), policy)
if err != nil {
t.Errorf("Unexpected error: %v", err)
}
if res.Status != pb.PolicyStatus_Invalid && res.Status != pb.PolicyStatus_Applied {
t.Errorf("Unexpected status: %v, %v", res.Status, data)
}
})
}

0 comments on commit 8dd10c4

Please sign in to comment.