test(presets): add unit tests for base and anonmapexec utility functions#2752
Open
cynox-66 wants to merge 1 commit into
Open
test(presets): add unit tests for base and anonmapexec utility functions#2752cynox-66 wants to merge 1 commit into
cynox-66 wants to merge 1 commit into
Conversation
cynox-66
requested review from
Aryan-sharma11,
AryanBakliwal and
achrefbensaad
as code owners
July 8, 2026 12:15
Add unit test coverage for the pure-Go utility functions in the presets subsystem as part of the test coverage audit tracked in kubearmor#2130. Two packages are covered: presets/base/common_test.go: - TestAddPolicyLogInfo: 6 table-driven cases covering empty policy, name-only, single tag, multiple tags, severity+message, and all-fields-set inputs. Verifies PolicyName, Tags (joined string), ATags (slice), Severity, Message, Type, and KubeArmorVersion fields. - TestUpdateMatchPolicy: 5 table-driven cases covering zero-value policy, full policy, missing policyName key, high severity, and single-tag inputs. Verifies PolicyName, Severity (strconv.Itoa conversion), Message, and Tags fields are correctly mapped from SecurityPolicy. - TestPresetConstants: verifies PRESET_ENFORCER, Audit, and Block constant values match their documented semantics. - TestNsKeyConstruction: verifies NsKey struct construction with zero, typical, and max uint32 values. presets/anonmapexec/utils_test.go: - TestParseProtectionFlags: 9 table-driven cases covering all bitmask combinations of PROT_READ (0x1), PROT_WRITE (0x2), PROT_EXEC (0x4), zero flags, and high-bit passthrough values. - TestParseMemoryFlags: 11 table-driven cases covering all 6 flag bits (MAP_SHARED, MAP_PRIVATE, MAP_FIXED, MAP_ANONYMOUS, MAP_GROWSDOWN, MAP_DENYWRITE) individually and in combination. BPF-dependent sub-packages (exec/, filelessexec/) are intentionally excluded — they require bpf2go codegen and cannot compile in standard go test without a kernel BPF runtime. Validation: GOOS=linux GOARCH=amd64 go vet and go test -c pass cleanly. Execution is verified on Linux CI (macOS dev env has case-insensitive FS and Linux-specific syscall constraints in transitive deps). Part of kubearmor#2130 Signed-off-by: cynox-66 <devj2311@gmail.com>
cynox-66
force-pushed
the
test-presets-base-coverage
branch
from
July 8, 2026 12:19
f6751fa to
1190f02
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
This PR adds unit test coverage for the pure-Go utility functions in the
presetssubsystem as part of the test coverage initiative tracked in #2130.What is covered
presets/base/common_test.goAdds comprehensive table-driven tests for core helper functions and types:
TestAddPolicyLogInfo(6 test cases)Verifies correct population of:
PolicyNameTagsATagsSeverityMessageTypeKubeArmorVersionTestUpdateMatchPolicy(5 test cases)policyNameVerifies correct mapping from
SecurityPolicyintoMatchPolicy, including metadata, severity conversion, message, and tags.TestPresetConstantsPRESET_ENFORCER,Audit, andBlock.TestNsKeyConstructionNsKeyusing zero, typical, and maximum namespace values.presets/anonmapexec/utils_test.goAdds table-driven tests for utility parsing helpers:
TestParseProtectionFlags(9 test cases)TestParseMemoryFlags(11 test cases)Out of Scope
The following components are intentionally excluded because they depend on eBPF code generation, kernel runtime support, or live subsystem integration and cannot be reliably exercised through standard Go unit tests:
presets/exec/presets/filelessexec/presets/protectenv/presets/protectproc/presets/anonmapexec/preset.gopresets.goThis PR is intentionally limited to deterministic, pure-Go utility code to keep the review focused and self-contained.
Validation
The following validations were completed locally:
gofmtcompleted with no formatting issues.go vetcompleted without warnings.Manual verification
The following scenarios were verified:
ParseProtectionFlags()correctly handles zero, individual, combined, and high-bit protection flags.ParseMemoryFlags()correctly parses supported memory mapping flags and common flag combinations.AddPolicyLogInfo()correctly populates log metadata from empty, partial, and fully populatedMatchPolicyinputs.UpdateMatchPolicy()correctly mapsSecurityPolicymetadata, severity, message, and tags intoMatchPolicy.NsKeyconstruction behaves correctly across representative namespace values.Additional information
This PR is part of the ongoing unit test coverage effort tracked in #2130.
It continues the existing coverage series following:
common)cert)config)The goal is to incrementally improve coverage across independent packages using small, reviewable PRs without modifying production code.