From 66df790b9d0e74b90726e783ca3fdf2eb0482d78 Mon Sep 17 00:00:00 2001
From: Erick Cheng <19863605+ec4n6@users.noreply.github.com>
Date: Thu, 18 Nov 2021 16:47:08 +0100
Subject: [PATCH] Fix syntax error

Signed-off-by: Erick Cheng <19863605+ec4n6@users.noreply.github.com>
---
 rules/falco_rules.yaml | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/rules/falco_rules.yaml b/rules/falco_rules.yaml
index 7e771ebf..f1e3af8f 100644
--- a/rules/falco_rules.yaml
+++ b/rules/falco_rules.yaml
@@ -3096,13 +3096,13 @@
 
 -  macro: curl_download
    condition: proc.name = curl and
-              (proc.cmdline contains (" > ") or
-              proc.cmdline contains (" >> ") or
-              proc.cmdline contains (" | ") or
-              proc.cmdline contains (" -o ") or
-              proc.cmdline contains (" --output ") or
-              proc.cmdline contains (" -O ") or
-              proc.cmdline contains (" --remote-name "))
+              (proc.cmdline contains " > " or
+              proc.cmdline contains " >> " or
+              proc.cmdline contains " | " or
+              proc.cmdline contains " -o " or
+              proc.cmdline contains " --output " or
+              proc.cmdline contains " -O " or
+              proc.cmdline contains " --remote-name ")
 
 - rule: Launch Ingress Remote File Copy Tools in Container
   desc: Detect ingress remote file copy tools launched in container