github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-07-04 02:16:46 +00:00
Code Issues Projects Releases Wiki Activity

fix(tests): index old version of events in rulesets

Browse Source 
Co-authored-by: Andrea Terzolo <andrea.terzolo@polito.it>
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
This commit is contained in:
Jason Dellaluce 2022-08-03 12:55:42 +00:00 committed by poiana
parent a46cbcffe8
commit 136b528849
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
tests/engine/test_filter_evttype_resolver.cpp
View File

@ -57,12 +57,14 @@ ast::expr* compile(const string &fltstr)
TEST_CASE("Should find event types from filter", "[rule_loader]") TEST_CASE("Should find event types from filter", "[rule_loader]")
{ {
set<uint16_t> openat_only{ set<uint16_t> openat_only{
PPME_SYSCALL_OPENAT_E, PPME_SYSCALL_OPENAT_X,
PPME_SYSCALL_OPENAT_2_E, PPME_SYSCALL_OPENAT_2_X }; PPME_SYSCALL_OPENAT_2_E, PPME_SYSCALL_OPENAT_2_X };
set<uint16_t> close_only{ set<uint16_t> close_only{
PPME_SYSCALL_CLOSE_E, PPME_SYSCALL_CLOSE_X }; PPME_SYSCALL_CLOSE_E, PPME_SYSCALL_CLOSE_X };
set<uint16_t> openat_close{ set<uint16_t> openat_close{
PPME_SYSCALL_OPENAT_E, PPME_SYSCALL_OPENAT_X,
PPME_SYSCALL_OPENAT_2_E, PPME_SYSCALL_OPENAT_2_X, PPME_SYSCALL_OPENAT_2_E, PPME_SYSCALL_OPENAT_2_X,
PPME_SYSCALL_CLOSE_E, PPME_SYSCALL_CLOSE_X }; PPME_SYSCALL_CLOSE_E, PPME_SYSCALL_CLOSE_X };
@ -75,7 +77,7 @@ TEST_CASE("Should find event types from filter", "[rule_loader]")
{ {
// Skip "old" event versions that have been replaced // Skip "old" event versions that have been replaced
// by newer event versions, or events that are unused. // by newer event versions, or events that are unused.
if(g_infotables.m_event_info[i].flags & (EF_OLD_VERSION | EF_UNUSED)) if(g_infotables.m_event_info[i].flags & EF_UNUSED)
{ {
continue; continue;
} }