Added helper functions for open openat openat2 syscalls

DirectoryTraversalMonitoredFileRead rule is triggered

Signed-off-by: GLVS Kiriti <glvskiriti2003369@gmail.com>

Author: GLVSKiriti

events/exampleyamlfile.yml

@@ -1,23 +1,14 @@
 tests:
-  - rule: WriteBelowRoot
+  - rule: DirectoryTraversalMonitoredFileRead
     runner: HostRunner
     before: ""
     steps:
-      - syscall: "write"
+      - syscall: "open"
         args:
-          filepath: "/root/created-by-event-generator"
-          content: ""
-    after: "rm -f /root/created-by-event-generator"
-
-  - rule: WriteBelowEtc
-    runner: HostRunner
-    before: ""
-    steps:
-      - syscall: "write"
-        args:
-          filepath: "/etc/created-by-event-generator"
-          content: ""
-    after: "rm -f /etc/created-by-event-generator"
+          filepath: "/etc/../etc/../etc/shadow"
+          flag: 0
+          mode: 0655
+    after: ""
 
   - rule: LaunchIngressRemoteFileCopyToolsInsideContainer
     runner: ContainerRunner

pkg/declarative/helpers.go

@@ -59,18 +59,32 @@ func CreateTarReader(filePath string) (io.Reader, error) {
 	return tarBuffer, nil
 }
 
-func WriteSyscall(filepath string, content string) error {
-	// Open the file using unix.Open syscall
-	fd, err := unix.Open(filepath, unix.O_WRONLY|unix.O_CREAT, 0644)
+func OpenSyscall(filepath string, flags int, mode uint32) (int, error) {
+	fd, err := unix.Open(filepath, flags, mode)
 	if err != nil {
-		return fmt.Errorf("error opening file: %v", err)
+		return -1, fmt.Errorf("error opening file: %v", err)
+	}
+	return fd, nil
+}
+
+func OpenatSyscall(dirfd int, filepath string, flags int, mode uint32) (int, error) {
+	fd, err := unix.Openat(dirfd, filepath, flags, mode)
+	if err != nil {
+		return -1, fmt.Errorf("error opening file: %v", err)
+	}
+	return fd, nil
+}
+
+func Openat2Syscall(dirfd int, filepath string, flags int, mode uint32, resolve uint64) (int, error) {
+	how := &unix.OpenHow{
+		Flags:   uint64(flags),
+		Mode:    uint64(mode),
+		Resolve: resolve,
 	}
-	defer unix.Close(fd)
 
-	// Write to the file using unix.Write
-	_, err = unix.Write(fd, []byte(content))
+	fd, err := unix.Openat2(dirfd, filepath, how)
 	if err != nil {
-		return fmt.Errorf("error writing to file: %v", err)
+		return -1, fmt.Errorf("error opening file: %v", err)
 	}
-	return nil
+	return fd, nil
 }

pkg/declarative/host.go

@@ -35,9 +35,20 @@ func (r *Hostrunner) ExecuteStep(ctx context.Context, test Test) error {
 	steps := test.Steps
 	for _, step := range steps {
 		switch step.Syscall {
-		case "write":
-			if err := WriteSyscall(step.Args["filepath"], step.Args["content"]); err != nil {
-				return fmt.Errorf("write syscall failed with error: %v", err)
+		case "open":
+			_, err := OpenSyscall(*step.Args.Filepath, *step.Args.Flags, *step.Args.Mode)
+			if err != nil {
+				return fmt.Errorf("open syscall failed with error: %v", err)
+			}
+		case "openat":
+			_, err := OpenatSyscall(*step.Args.Dirfd, *step.Args.Filepath, *step.Args.Flags, *step.Args.Mode)
+			if err != nil {
+				return fmt.Errorf("openat syscall failed with error: %v", err)
+			}
+		case "openat2":
+			_, err := Openat2Syscall(*step.Args.Dirfd, *step.Args.Filepath, *step.Args.Flags, *step.Args.Mode, *step.Args.Resolve)
+			if err != nil {
+				return fmt.Errorf("openat2 syscall failed with error: %v", err)
 			}
 		default:
 			return fmt.Errorf("unsupported syscall: %s", step.Syscall)

pkg/declarative/yamltypes.go

@@ -15,9 +15,17 @@ limitations under the License.
 package declarative
 
 // Yaml file structure
+type Args struct {
+	Dirfd    *int    `yaml:"dirfd,omitempty"`
+	Filepath *string `yaml:"filepath,omitempty"`
+	Flags    *int    `yaml:"flag,omitempty"`
+	Mode     *uint32 `yaml:"mode,omitempty"`
+	Resolve  *uint64 `yaml:"resolve,omitempty"`
+}
+
 type SyscallStep struct {
-	Syscall string            `yaml:"syscall"`
-	Args    map[string]string `yaml:"args"`
+	Syscall string `yaml:"syscall"`
+	Args    Args   `yaml:"args"`
 }
 
 type Test struct {