leviathan
8243817f7e
Three coupled improvements to the test harness:
1. New tests/test_kernel_range.c — 32 pure unit tests covering
kernel_range_is_patched(), skeletonkey_host_kernel_at_least(),
and skeletonkey_host_kernel_in_range(). These are the central
comparison primitives every module routes through; a regression
in any of them silently mis-classifies entire CVE families. Tests
cover exact boundary, one-below, mainline-only, multi-LTS,
between-branch, and NULL-safety cases. Builds and runs
cross-platform (no Linux syscalls).
2. tests/test_detect.c additions:
- mk_host(base, major, minor, patch, release) builder so new
fingerprint-based tests don't duplicate 14-line struct literals
to override one (major, minor, patch) triple.
- Post-run coverage report that iterates the runtime registry and
warns about modules without at least one direct test row. Output
is informational (no CI fail) so coverage grows incrementally.
- 7 new boundary tests for the kernel_patched_from entries added
by tools/refresh-kernel-ranges.py (commit 8de46e2):
- af_unix_gc 6.4.12 → VULNERABLE / 6.4.13 → OK
- vmwgfx 5.10.127 → OK
- nft_set_uaf 5.10.179 → OK / 6.1.27 → OK
- nft_payload 5.10.162 → OK
- nf_tables 5.10.209 → OK
3. core/registry_all.c — extracts the 27-line 'call every
skeletonkey_register_<family>()' enumeration from skeletonkey.c
into a shared helper. skeletonkey.c main() now calls
skeletonkey_register_all_modules() once; the detect-test main()
does the same. Kept in its own translation unit so registry.c
stays standalone for the lean kernel_range unit-test binary
(which links core/ only, no modules).
Makefile: builds two test binaries now —
skeletonkey-test — detect() integration tests (full corpus)
skeletonkey-test-kr — kernel_range unit tests (core/ only)
'make test' runs both.
Verification:
- macOS: 32/32 kernel_range tests pass; detect tests skipped
(non-Linux platform, stubbed bodies).
- Linux (docker gcc:latest): 32/32 kernel_range + 51/51 detect.
Coverage report identifies 2 modules without direct tests
(copy_fail, entrybleed) out of 31 registered.
Test counts: 44 -> 83 (+39).
47 lines
1.7 KiB
C
47 lines
1.7 KiB
C
/*
|
|
* SKELETONKEY — canonical "register every module family" enumeration.
|
|
*
|
|
* Kept in its own translation unit so registry.c stays standalone:
|
|
* the kernel_range unit-test binary links registry.c (for the basic
|
|
* register / count / find API) without pulling in every module's
|
|
* symbol. The main binary and detect-integration test link this
|
|
* file too and get the full lineup.
|
|
*
|
|
* Adding a new module is one new register_<family>() declaration in
|
|
* registry.h plus one call below — the integration test picks it up
|
|
* via skeletonkey_register_all_modules() in its main().
|
|
*/
|
|
|
|
#include "registry.h"
|
|
|
|
void skeletonkey_register_all_modules(void)
|
|
{
|
|
skeletonkey_register_copy_fail_family();
|
|
skeletonkey_register_dirty_pipe();
|
|
skeletonkey_register_entrybleed();
|
|
skeletonkey_register_pwnkit();
|
|
skeletonkey_register_nf_tables();
|
|
skeletonkey_register_overlayfs();
|
|
skeletonkey_register_cls_route4();
|
|
skeletonkey_register_dirty_cow();
|
|
skeletonkey_register_ptrace_traceme();
|
|
skeletonkey_register_netfilter_xtcompat();
|
|
skeletonkey_register_af_packet();
|
|
skeletonkey_register_fuse_legacy();
|
|
skeletonkey_register_stackrot();
|
|
skeletonkey_register_af_packet2();
|
|
skeletonkey_register_cgroup_release_agent();
|
|
skeletonkey_register_overlayfs_setuid();
|
|
skeletonkey_register_nft_set_uaf();
|
|
skeletonkey_register_af_unix_gc();
|
|
skeletonkey_register_nft_fwd_dup();
|
|
skeletonkey_register_nft_payload();
|
|
skeletonkey_register_sudo_samedit();
|
|
skeletonkey_register_sequoia();
|
|
skeletonkey_register_sudoedit_editor();
|
|
skeletonkey_register_vmwgfx();
|
|
skeletonkey_register_dirtydecrypt();
|
|
skeletonkey_register_fragnesia();
|
|
skeletonkey_register_pack2theroot();
|
|
}
|