github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-10-21 11:29:26 +00:00
Code Issues Projects Releases Wiki Activity

Automated tests for list append.

Browse Source 
Test the case of appending to a list and appending to a nonexistent
list (should error).
This commit is contained in:
Mark Stemm
2017-08-09 16:47:53 -07:00
parent 2c189d6a60
commit 0bc2d4f162
4 changed files with 47 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
test/rules/list_append.yaml Normal file
View File

@@ -0,0 +1,12 @@
- list: my_list
items: [not-cat]
- list: my_list
append: true
items: [cat]
- rule: Open From Cat
desc: A process named cat does an open
condition: evt.type=open and proc.name in (my_list)
output: "An open was seen (command=%proc.cmdline)"
priority: WARNING

3
test/rules/list_append_failure.yaml Normal file
View File

@@ -0,0 +1,3 @@
- list: my_list
items: [not-cat]
append: true

12
test/rules/list_append_false.yaml Normal file
View File

@@ -0,0 +1,12 @@
- list: my_list
items: [cat]
- list: my_list
append: false
items: [not-cat]
- rule: Open From Cat
desc: A process named cat does an open
condition: evt.type=open and proc.name in (my_list)
output: "An open was seen (command=%proc.cmdline)"
priority: WARNING