vulnerability_test.go

Documentation: github.com/prometheus/procfs/sysfs

     1  // Copyright 2023 The Prometheus Authors
     2  // Licensed under the Apache License, Version 2.0 (the "License");
     3  // you may not use this file except in compliance with the License.
     4  // You may obtain a copy of the License at
     5  //
     6  // http://www.apache.org/licenses/LICENSE-2.0
     7  //
     8  // Unless required by applicable law or agreed to in writing, software
     9  // distributed under the License is distributed on an "AS IS" BASIS,
    10  // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    11  // See the License for the specific language governing permissions and
    12  // limitations under the License.
    13  
    14  //go:build linux
    15  // +build linux
    16  
    17  package sysfs
    18  
    19  import (
    20  	"fmt"
    21  	"reflect"
    22  	"testing"
    23  )
    24  
    25  func TestFS_CPUVulnerabilities(t *testing.T) {
    26  	sysFs, err := NewFS(sysTestFixtures)
    27  	if err != nil {
    28  		t.Fatal(fmt.Errorf("failed to get sysfs FS: %w", err))
    29  	}
    30  	got, err := sysFs.CPUVulnerabilities()
    31  	if err != nil {
    32  		t.Fatal(fmt.Errorf("failed to parse sysfs vulnerabilities files: %w", err))
    33  	}
    34  
    35  	tests := []struct {
    36  		name              string
    37  		vulnerabilityName string
    38  		want              *Vulnerability
    39  		wantErr           bool
    40  	}{
    41  		{"Not affected", "tsx_async_abort", &Vulnerability{CodeName: "tsx_async_abort", State: VulnerabilityStateNotAffected, Mitigation: ""}, false},
    42  		{"Mitigation simple string", "spec_store_bypass", &Vulnerability{CodeName: "spec_store_bypass", State: VulnerabilityStateMitigation, Mitigation: "Speculative Store Bypass disabled via prctl"}, false},
    43  		{"Mitigation special chars", "retbleed", &Vulnerability{CodeName: "retbleed", State: VulnerabilityStateMitigation, Mitigation: "untrained return thunk; SMT enabled with STIBP protection"}, false},
    44  		{"Mitigation more special chars", "spectre_v1", &Vulnerability{CodeName: "spectre_v1", State: VulnerabilityStateMitigation, Mitigation: "usercopy/swapgs barriers and __user pointer sanitization"}, false},
    45  		{"Mitigation with multiple subsections", "spectre_v2", &Vulnerability{CodeName: "spectre_v2", State: VulnerabilityStateMitigation, Mitigation: "Retpolines, IBPB: conditional, STIBP: always-on, RSB filling, PBRSB-eIBRS: Not affected"}, false},
    46  		{"Vulnerable", "mds", &Vulnerability{CodeName: "mds", State: VulnerabilityStateVulnerable, Mitigation: ""}, false},
    47  		{"Vulnerable with mitigation available", "mmio_stale_data", &Vulnerability{CodeName: "mmio_stale_data", State: VulnerabilityStateVulnerable, Mitigation: "Clear CPU buffers attempted, no microcode"}, false},
    48  		{"Unknown", "srbds", &Vulnerability{CodeName: "srbds", State: VulnerabilityStateUnknown, Mitigation: "Dependent on hypervisor status"}, false},
    49  		{"Unknown with unparseable mitigation", "itlb_multihit", &Vulnerability{CodeName: "itlb_multihit", State: VulnerabilityStateUnknown, Mitigation: "KVM: Mitigation: VMX unsupported"}, false},
    50  	}
    51  	for _, tt := range tests {
    52  		t.Run(tt.name, func(t *testing.T) {
    53  			gotVulnerability, ok := got[tt.vulnerabilityName]
    54  			if !ok && !tt.wantErr {
    55  				t.Errorf("CPUVulnerabilities() vulnerability %s not found", tt.vulnerabilityName)
    56  			}
    57  			if !reflect.DeepEqual(gotVulnerability, tt.want) {
    58  				t.Errorf("CPUVulnerabilities() gotVulnerability = %v, want %v", gotVulnerability, tt.want)
    59  			}
    60  		})
    61  	}
    62  }
    63
View as plain text