github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-07-17 16:21:31 +00:00
Code Issues Projects Releases Wiki Activity

test(userspace/engine): add unit tests for filter_warning_resolver

Browse Source 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
This commit is contained in:
Jason Dellaluce 2022-04-21 11:13:49 +00:00 committed by poiana
parent 95727b268f
commit 71274b4369
2 changed files with 46 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
tests/CMakeLists.txt
View File

@ -22,6 +22,7 @@ if(MINIMAL_BUILD)
engine/test_falco_utils.cpp engine/test_falco_utils.cpp
engine/test_filter_macro_resolver.cpp engine/test_filter_macro_resolver.cpp
engine/test_filter_evttype_resolver.cpp engine/test_filter_evttype_resolver.cpp
engine/test_filter_warning_resolver.cpp
falco/test_configuration.cpp falco/test_configuration.cpp
) )
else() else()
@ -32,6 +33,7 @@ else()
engine/test_falco_utils.cpp engine/test_falco_utils.cpp
engine/test_filter_macro_resolver.cpp engine/test_filter_macro_resolver.cpp
engine/test_filter_evttype_resolver.cpp engine/test_filter_evttype_resolver.cpp
engine/test_filter_warning_resolver.cpp
falco/test_configuration.cpp falco/test_configuration.cpp
falco/test_webserver.cpp falco/test_webserver.cpp
) )

44
tests/engine/test_filter_warning_resolver.cpp Normal file
View File

@ -0,0 +1,44 @@
/*
Copyright (C) 2020 The Falco Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
#include "filter_warning_resolver.h"
#include <catch.hpp>
static bool warns(const std::string& condition)
{
std::set<std::string> w;
auto ast = libsinsp::filter::parser(condition).parse();
filter_warning_resolver().run(ast, w);
delete ast;
return !w.empty();
}
TEST_CASE("Should spot warnings in filtering conditions", "[rule_loader]")
{
SECTION("for unsafe usage of <NA>")
{
REQUIRE(false == warns("sample.field exists"));
REQUIRE(true == warns("sample.field = <NA>"));
REQUIRE(true == warns("sample.field == <NA>"));
REQUIRE(true == warns("sample.field != <NA>"));
REQUIRE(true == warns("sample.field in (<NA>)"));
REQUIRE(true == warns("sample.field in (otherval, <NA>)"));
REQUIRE(true == warns("sample.field intersects (<NA>)"));
REQUIRE(true == warns("sample.field intersects (otherval, <NA>)"));
REQUIRE(true == warns("sample.field pmatch (<NA>)"));
REQUIRE(true == warns("sample.field pmatch (otherval, <NA>)"));
}
}