From 60c322a73db750e1341d9ba37faba44bad0789d5 Mon Sep 17 00:00:00 2001
From: Leonardo Grasso <me@leonardograsso.com>
Date: Fri, 9 Oct 2020 16:33:54 +0200
Subject: [PATCH] new(test): strict json output

Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
---
 test/falco_tests.yaml                             | 11 +++++++++++
 test/output_files/single_rule_with_cat_write.json |  8 ++++++++
 2 files changed, 19 insertions(+)
 create mode 100644 test/output_files/single_rule_with_cat_write.json

diff --git a/test/falco_tests.yaml b/test/falco_tests.yaml
index 4858ad58..a1609fbc 100644
--- a/test/falco_tests.yaml
+++ b/test/falco_tests.yaml
@@ -662,6 +662,17 @@ trace_files: !mux
     output_strictly_contains:
       - stdout: output_files/single_rule_with_cat_write.txt
 
+  stdout_output_json_strict:
+    json_output: True
+    detect: True
+    detect_level: WARNING
+    rules_file:
+      - rules/single_rule.yaml
+    conf_file: confs/stdout_output.yaml
+    trace_file: trace_files/cat_write.scap
+    output_strictly_contains:
+      - stdout: output_files/single_rule_with_cat_write.json
+
   file_output_strict:
     detect: True
     detect_level: WARNING
diff --git a/test/output_files/single_rule_with_cat_write.json b/test/output_files/single_rule_with_cat_write.json
new file mode 100644
index 00000000..e58ec4bf
--- /dev/null
+++ b/test/output_files/single_rule_with_cat_write.json
@@ -0,0 +1,8 @@
+{"output":"18:17:57.881781397: Warning An open was seen (command=cat /dev/null)","priority":"Warning","rule":"open_from_cat","time":"2016-08-04T16:17:57.881781397Z", "output_fields": {"evt.time":1470327477881781397,"proc.cmdline":"cat /dev/null"}}
+{"output":"18:17:57.881785348: Warning An open was seen (command=cat /dev/null)","priority":"Warning","rule":"open_from_cat","time":"2016-08-04T16:17:57.881785348Z", "output_fields": {"evt.time":1470327477881785348,"proc.cmdline":"cat /dev/null"}}
+{"output":"18:17:57.881796705: Warning An open was seen (command=cat /dev/null)","priority":"Warning","rule":"open_from_cat","time":"2016-08-04T16:17:57.881796705Z", "output_fields": {"evt.time":1470327477881796705,"proc.cmdline":"cat /dev/null"}}
+{"output":"18:17:57.881799840: Warning An open was seen (command=cat /dev/null)","priority":"Warning","rule":"open_from_cat","time":"2016-08-04T16:17:57.881799840Z", "output_fields": {"evt.time":1470327477881799840,"proc.cmdline":"cat /dev/null"}}
+{"output":"18:17:57.882003104: Warning An open was seen (command=cat /dev/null)","priority":"Warning","rule":"open_from_cat","time":"2016-08-04T16:17:57.882003104Z", "output_fields": {"evt.time":1470327477882003104,"proc.cmdline":"cat /dev/null"}}
+{"output":"18:17:57.882008208: Warning An open was seen (command=cat /dev/null)","priority":"Warning","rule":"open_from_cat","time":"2016-08-04T16:17:57.882008208Z", "output_fields": {"evt.time":1470327477882008208,"proc.cmdline":"cat /dev/null"}}
+{"output":"18:17:57.882045694: Warning An open was seen (command=cat /dev/null)","priority":"Warning","rule":"open_from_cat","time":"2016-08-04T16:17:57.882045694Z", "output_fields": {"evt.time":1470327477882045694,"proc.cmdline":"cat /dev/null"}}
+{"output":"18:17:57.882054739: Warning An open was seen (command=cat /dev/null)","priority":"Warning","rule":"open_from_cat","time":"2016-08-04T16:17:57.882054739Z", "output_fields": {"evt.time":1470327477882054739,"proc.cmdline":"cat /dev/null"}}