From 7b68fc269202199480bba34c94f3d8dae7a4c7d4 Mon Sep 17 00:00:00 2001
From: Mark Stemm <mark.stemm@sysdig.com>
Date: Wed, 13 Jul 2016 18:42:34 -0700
Subject: [PATCH] Add tests for event type rule identification

Add tests that verify that the event type identification functionality
is working. Notable changes:

 - Modify falco_test.py to additionally check for warnings when loading
   any set of rules and verify that the event types for each rule match
   expected values. This is controlled by the new multiplex fields
   "rules_warning" and "rules_events".

 - Instead of starting with an empty falco_tests.yaml from scratch from
   the downloaded trace files, use a checked-in version which defines
   two tests:
     - Loading the checked-in falco_rules.yaml and verify that no rules
       have warnings.
     - A sample falco_rules_warnings.yaml that has ~30 different
       mutations of rule filtering expressions. The test verifies for each
       rule whether or not the rule should result in a warning and what the
       extracted event types are.
   The generated tests from the trace files are appended to this file.

- Add an empty .scap file to use with the above tests.
---
 test/empty.scap                | Bin 0 -> 129696 bytes
 test/falco_rules_warnings.yaml | 186 +++++++++++++++++++++++++++++++++
 test/falco_test.py             |  89 +++++++++++++---
 test/falco_tests.yaml.in       |  62 +++++++++++
 test/run_regression_tests.sh   |   2 +-
 5 files changed, 326 insertions(+), 13 deletions(-)
 create mode 100644 test/empty.scap
 create mode 100644 test/falco_rules_warnings.yaml
 create mode 100644 test/falco_tests.yaml.in

diff --git a/test/empty.scap b/test/empty.scap
new file mode 100644
index 0000000000000000000000000000000000000000..9e0651e36a133a7ba8a56921ed5fb6afe0826f1a
GIT binary patch
literal 129696
zcmeHw33Oyvb>REGNp9P;ZQRB-#*w>eymhJelJrGkskOA^)<#QhW4GP%uc}{CbuGVK
z|Cd_bZktXHi*qI?fSu%!kV#;Ga6-ty%y>v*2=q*tgh@iemJ>LT9EOB}0Fw+PCkMzJ
zJohd4Z}qB5YN@Ns_AgugmVfVC?z{KC`}V!pUc2`;Ldfjv@4Zz4_XY8zamo%tE>ai%
z$Ya-jk~;XSXX+KJj-l>zFG7)aL;0&vc!lgBZwBWDh@&o+wqz(|57|q0?1M^EmjbY#
zUa3aRxI%i!N3I7vh^H=o%^BIEUW@F2WPLvX_5OU{?O@5+0a^d_0*}~B?tI~=+GCF+
zt_{}2!;7~AiiatXBj11Fr`JyQZ!`tF3Rl}n^nK}$7k(N${?Uylv8G$Axm+%)r;<=i
zO6NU5kFWH)%Djuz48z(@!qmBngfoRoIHQ@XjFgm|dq_^x%SHvh)y-Pi1c2)uZ@6NV
zjFm!#(V5bECjo$6EFBrxP6k53%(Etd<@7Zf*e(G3DKzOW0IOtqa-wiFg6xLxuZO?g
zWJN3M=3ZVP=9eY62SBfZzn!G4RbD~DYg#Rw)v~L47{W4y9ss6)J4mT2;LWOGl)|NI
zP6kgYO8<62289xol;%LaGT^HKkpAr=75$94j|21MX@m@AFM!j(U8G*mRy`;*LWXiJ
zfYZO-q*^o9&o*z8I{=9O^^!AZ&V+KBrS<Y6K~R?P0f41{dq_sh7VFh(I5ZDPOaD56
zrhmIgsbEqjqtu~ZS@L%RApP4(3bpLD9JW@kgdrp){oMdd|9}-Lnq`XCDitze7M5i}
zIg9@7Ar&KI<jz73Dn><LhZ5-(X`ynE!3z9cN7>fW%ejzM0KNlO1YBA=5e<w;1t_nT
zOr7X}unK?sY@~{AoiS>~8$38+h%Mwjn0de|cra_aX_VIV8@-q!)`Lrnc^dw%w{y+Z
z%@E^(7G<U7EW_U(iUkr4psPk%r}cu6Cj(lr3jFOQKmk)*(II_TJLMqgfv1Hr;BPnZ
zZXuV0Z<Ju@cgXb}&<*r&4=Ga;m$3*uB&46IrXr*!w1c^tbLDM9P}bnzhGeNO>mh3y
zV_nPTu5<WG#CVEa0$7U`*({eW4U*&>n+cnGB}e7j15OD?``O(Dz)dQREx{@A&cNT*
zWL(b_v`Pp#uPjQ$)c}o1xU-;z2l1ggTA_Ya%C!6EDp%o}71~Ro%5x{ta%F|8$(_Wq
z&MH&`?jpH@SyXz!OZA%KC@keF_L*uQ#ZfbgtuhstB2o4+*kV~PD>s6-2U68aM%_~O
zLue<-YwOBQ;M+~sj6zmdZf5>$u4a^#Tfo1E<V!}idRDm=0=tN%Rdwan%xl(jhVmK)
zuGMn|L%ALNJ0bb1;?+-zTm2}90IHW5RlTNJMon=Pjbf`2<t~<zS<5OeRiWGivB2=F
zTFyA5+zSCvuU5IL90o5GzmU@nCB&jl%`7SX;O!yRQhfz_EhWZ)OiRn>6<1fJP*nk}
zZt68tp-kEXN@k^I)T;{B2fIn3QUzL333v3uX`^1NXeC9iVic(oQKSk&X(IXxl^M`?
zx<$)Q`MZZ?YevP=GKyR76~AOFF40x046j@=vYMqUk3$IhadTC1i>*>)K&2`$V4<Rz
z5ZX&jtxP3XtLX}r#XU?8&AjrzS%6zQic8`YmpCbFkVG%!QwnAEnx!;|4z*`)06|#)
zRmC;{nZN)Z{xIBwS`nm+nlj-+r2zRVB<wOe5s553L&$TKt>HJw9rDZs_dH9c=4U6;
zVQA2Tm3Ado)3e5!UOSs6OB2Uu)1^YCzD|JstIJufYNpAN`T3>g>DkevfV@_wpU;I7
z{jvT?D4q<h=oP(I$dZN8r751MYMWgu?OS*dJY?a)ambyjgmMK6Ks^oBKTWb#U`6;$
zR_iOeRmy-5H~<9G1Ruyuepz3GP7eYg&<2z`O!75dKd0Bgmnjts2DrdB%h?jepuTF2
zMMBCD0sm^*EX4;JeofE_U8FjOdq`=mtXmq@*^K%kxRZqPtPQB@^8Nn&tqNJE>I;6D
z-XHQHj1*=@=Z>cJ%JPZD{u4`+p+P}7YN=8#EwOAk&3M=*A<f?=rYhhlU1z2jmnP<x
z7pBM4vFH#6C&w4lQL;F`JUX^C{lMtb^!yxzv0~`{m4fu<20_1B0#b*enz4|mYd>fP
zN`I$8+Jo9H)*jT|r0t=x&D%rTOwk@xa7}wao2@nm%K5H6EMv?KfpN}l4+^aPO~G>L
zA}eCJL7BgXfQbtR1Gg8^4GC2by#&=cBO+Co^U1S>yyX=<g7)9^r%rSC4=xA4&&@AQ
zPd>D~I6ro5VhQw!W6gq943_Cx6agj?u@nZWL?p<Aqf28`<MT(kyuepG;>6;_SUMHq
zKZ0~ZSJ@$z6hSVVOl_p4DY#r>nu0f#nx+_1$!Q8Lm!78JG6`x5ESI8|;1Wq{3g0MA
ztw1Fb)f5~A;9H!p3A!j%7`_&}>rfq9G<U09rr0+wP?8RWe1wn)HDKX~pRc869sIgM
zpgdhn%#j~1ZbMFlSD=tY=zc@q^&s^bjW#GvUf9;6<b`c3M_%xjLgWQ)EkRz`R^sD@
zY%M#Duq_0~3*2048sJ)pj29N<<=sL+&_#K{u+s~P`H9=*5`(iBq8mc70EvJYHq-H$
zw=3lPbc6^$I<%y}pA*^r`zzB8**y!Dj6`IxnPea_(7mR0S7Xy+gVNCm-&#T%;oC|{
zBT7q2X#{UAEsgN4B&HF%wbaPrTS!hLLUZYn!nTm0MtG2-_qUNE7_a6+Vs33y0;KfG
z1qj6y2AS;F<pSiVPar^I9EY80BUin=1n6^uq0vSD#&9pmt!7IFm{)LoizE~!p*0e!
z=J^aTg7ovHvi@ozM?xj|h?A!PP!0Q`O1ft1CgC{E<_v!QBq9HDz%loz(EX5$9(kTj
zPo7v9pMP*}nJ1F28m1MhSIO+e($xHTnr2I8=f@|~Fu7N=$jtoF>9Nrnm}Q^~j$~nK
zbaBGQ866)#J~=v@E`UxX4@?|CGQT*z^iVpo4f7DwlcQr3cCKu)2kDFMbFFN?P$6Hh
za>i{k*TC7?4cDqCbHlai!Q7xNdM-Cus~*b@*IdxtP_23>KU~wE$qm@7NAkfm?TOrQ
z&;#ASgL5OgC_otAM<68wmhVkikfW=wckvZYI-`JJ#5|H67LZNHL0^93E^;HCjfdYs
z?vPtWITkO6MTeC^_h04QiuDoYZ)1fugO+n{Gw7!L+YCX<#m#`_yxa_0#?j4S<$T==
zTEgAUz#DnI1tffeNnfr(MDN%P8u<MkZTKA)Z(&vKQn_5|6YLC*o6AL}_Nf1|aJj!~
z0hhb=mMzUM2QL3udoHJ|<Cmz*n{hevK3&75zsthq{;CCB{<7urdBNrAqV0m=U2I_)
z_Tk`mu`pd|W=njYjY~AvR?VDs*}wk}R+&F0m>JVPB4(m43vXk=(S1^Gr_l1+>danE
z_4I%q5V=L-0cmQ6c%Y=VhX+D#aCksu`qu*>H!T`KB=&>{rqPJ-f0kGd9uP1WmIRBT
zi)?^l*cJ#oecUWY!@y$W%|?WGU9XTCx-A8MbmIyAeL*C9>T(#ri;Gj^%kv9Mi?9vA
zSDTugzn}_j*vkze=PoxyQ|595NqNf+AZIN%gp9M?-{p+uhmi1<8>Eq~d|xG8<%R&J
zIw6_?U1TZ@_mUb2GwgQD!Tvm3cVQebSH;g<bYBkLJX8ILo#c~OQ<mbpG^zUmk^H+Z
z2Xk#|$u>DO;9jzg609(~zai&GQS&xD>4%c@r5~y(Z~6hH{OJdh^Qa$6#;1N5Ij_o~
zB>d_JYvfr8goJPXP{6y-wBg;WVHc8GDA(6b*!R8>_Eq}$-c&#PQr4xvJGeu-kbV8M
z2-w#a(QakmXWOvvRh)f`pnSK3d5?83^ZF?fFmKm0?=Q7s-X5?UR62XL9jr@tFVkNa
z>Rmq_0@m$%)_p**F1l#)Vi=AQuyb-SE~f@B?0yaNi0j0mFA|y}`J5VNyL;*J7ymEv
zo~y{ypW=s~z9&Ae#(B2gz{7)H(-$j_?z3{!mlMHmUio0(2P8LqeLzj^ULTy)?DfIO
ztzI9H%;@!j$c+XGki_KmK{Z;ujQ|pZ*9Qdl?z=7v<0^d)`??tyV^?=`Ul%g2pCAF_
z>dvVI&m5eOnJ9O6ka2(ciZCv2(Cb3R^%Epu-0o!DKkX>vip<FS=y5;zbs^*W2@)`F
zcQWo5JIc7?AR2j6EFyFv<N65_Fm87;?#-gt#<9ru49=83s!#b(X5$Kl+l?C6Pmq9d
zyOVKm=_upkoWsYDa;EM=jq4{!z_{JXxVLtcaZ#U-i(I>qas31d7`Hna_jMg*Tr?jZ
z>s}kzPmq9dyOVK0C-&`i*2dlOs;)H^`~(RYw>ug4R<QxKvy6Kmy<!S}-DoQK2of-E
zcQWoz=%sD&>n!7bOU#RPA>;Z95-@IeGVVojMN4NG7YAptgIrv?ka7J42^hCK8TW5H
z%D9|e33-fOUJ1W0WL!T%0><r5#yucznd^+k<?KqxUx`yVUC6k8f&`4)os3)TDC6R}
z+CAMn9p)!Uz_{JXxYjGV7VNCX{n1@K*Dln!eu4yy+ntR2TUUf}Q^IEGLdNwIBw*a`
zWZVy35ym}ysB1N@pCAF_b|>Thc1IZ(_u~$YbuHui2@)`FcQWpWJIc7iLLk2>IJgT<
z1wTOo#_dkVy?8|!_cipfA^3G6<N65_Fm87;?w9E^T=47ctOC!oD;d{MkbrT!lW{Ym
z(?%B;Wibqo*je<cDEl%d2(o+RZsM0j^T+b&<zZpXI&EZ3_jPhKG5Yt7`{AY=-}_Pj
zK``%SxlRsCk8YFezMw8`4w$<k<fqHs5KWJkyMd(V%H06+L*;G=*@<%ZclmL0KZN8+
zt{bHBAi3|W<P^CZ0*;Uu1#_W`%!T2r3B8L`TsjQzYT6edII)u?6yj%#!2_>G!jk}I
znn&bRh^iQQc+Hb};PUc(p`_agxsaB%3Tv8GfJ+XcG@KVX+ZDj6z~A402p+r?i^sUg
za6}Z-xE$Apxn4F)`Cm3evY^}K5=2U~Hf-wwk@Kwwq$%TiproAZfsnJV2SmoZ9soJ>
zHh@UD*8|hYzW&b={`G(W%RDC-7+qvw48OvD8wsvWDpYc>mOu5vKk{3_M>qqz|2+@y
zJKiPkt`ob=$(<srZg{35HRO5{$@>Bl5(3@t$uIK|0vqClXv4fsfaPr51h^?fH-VS3
zb`w}RlQ#jDv3nCxIpengmWV(T=tf~^4k!_eCcq#d&kF%T7X<{v@K&n<4_I2c+qib8
zm*+!FA$t}gLs9CdU$15gJd}fXj92_OJffuBsO}=aAT}<DT*<Q{zsq7oU>(qHa@mro
zLK~*`L&>?>57m^7{eV*b^#jQn*AFG*SU-%MRb@~T9`%DYGN%MW!j*m~V8@GX*iqbZ
ze`(C9^dTz};$}vSMb&*-n9*OefEjIp>sDs`OnYXe_QvI5Mq$%lo}1|XH4B)r>zVP>
zf*H}pjvB*zhz4&{TW7BkuR`<Ce%3E%;lZaGeZoFU_)FS!Fy(r$5EbC}(}W~?cnEvw
z{~|vAkPoJ|;Y}vji{A9*=@ax3Z!$BsJht@E0{6|Gn4LI2J;q{}rs08b_IZA0W^{@B
zXXoc8mPU_1#6HYUEG|MCa7j2MvM{<Zah&<)Mg<~$UJ5{1<kG~<#KII{3(V2Q6UQfJ
zC+3z|czPUs)06O06?>YRAZ=~8m2nKujst}^@>Y}^P;N$Wd(D$#Q%gbuD>Wu0aB_P>
z0w^;nBw%ty-ULu$SV$lnZ3{V&#JrFI0^k3oU~F`8!WYB)#C49LtWmMxLQ?&De?%>(
z!5eFQ_KZIC%r8r$4^<;dEhi%FL~1Zk1-C?kGy(>F`3@6>V3tmJ&{xtz^n+2iNUY4K
zJMh{Dlutt5G`)*NqWn>|M@97WBiwVjr#q5EzKbA{WatJ{#N9bX{P`Ch%PW1HrRl$J
zmdDt8Meo;fmiLn~VEOK3`7gX=SRU=LBVzfb<1FtdWx(>?$?{)%$*??X`TgREO2=8=
zPs)JhyOZU={*qyN)bdx|z?r|}Ebk{}!1CS6^51&Nu)Mg{i2SpdaOybA`$-wFe0Q?^
zd&Ig7PBV1>jE&NVCX9Ue`hKxjpyMp>CuP9$-O2JlD<<b(IxPR35aN!ryq}Z-%XcTs
zUndv@U0mPVC*rRr4;(Sp7xmg&A*=6q?PqmG-w8A6xQQ^lrq#l9dVVcqti!&;kjYW|
z0if9qm66}uNj@*k5!B%4g{QLhl`oY(4yA@o_Al<omF!V`a6BC*NC$MAJQnV+ov0;|
zKeyBjTD}U^47%x3R5JwWdQ>xD`Jz-aXxYkCGg$fZR4Zu78dWp!#)YaDkdoD^X3(%?
zb$uJr=pl6Bsb-Y+Z=YBweJB8g$ixCyk2@_Eep&=#;ZbfV{x1iyxS@?$^b)$BYM!lR
zJ17^}ZFO2M{KN?4;$<rruWTb1d&pY3P{|t|lnU6fz<!;U3O^|Vsd(8+#f@#GVlM#;
zZq=}=rTR(-B?GOjPD_TL9D!uKY$aoVTgia&TShCD45RWgkPJUL0?ByUO2$oXB%=o`
zDcHGbnJ)ve@Y5m?i<hlfysC{@Tt&3HWt0ur>D)oVz%3M=wxs;j2n6G0D;R$!1Or{1
z48m{^o;HW866ir%enKIKZVxP9)L{nCzdZ3BNS6MsevFWJiw#0JZg{_7`!7h=5k{A$
z((Foxl9AO)u5||<_AEoFcy|M?Prz3)HxH*_9$H?UA3HX&lxC|bSmcUf74m1v)I1!r
z39lMuJq$geUM`cF`J?RQjR?YN^W$mZU!0nlnMu<{kZ?vbSIL{kk1iiS0Vi%|Czi*j
zkMj&D0m9KpBtnpC=zfKc&`jN;b<%78gEp=>do{xq=U%gLMdQkZE6QGfaK(w~R9B3>
zmf(xyD+aDewl3fe^Vxq_9L(|mxnLc1vC`=FlDo`YsH&Ckc6_wy=}9j52Y<*apZpdf
z@5FbO#m83*_gT?uq);gUG3jztn0iS~&l+ob?QEL3j%ej-Ms+!>Rn0UxGC#kxJUvU#
zYlYX!^d#B2P@+H99|^^ia8{|J*9uv&O6FbT5({7Ab`Y|_7PxALVU;UT0O}!FZ**VM
zjeW0JJwX@S55s$inXT!1We-^#J3cWnM+ltia|;=+zCer87QYwV&z9g03h{0crngHd
zhu`g?qP7T!;HKy2mZ!(lQQpGqmR>7|V#!q2C>b^4m(Rt;spYYmX?i*?8tIQfOUL?>
zL$Oq}FBT*8<I>VY=`cuJxN4c<2yx5$%;NIc{LK9E#dOU~N7P&)9f=Od6Kbi#JSnxj
znvO)&Y9XD749DZDX|VXDnnO<}$3G26qH5OVH)<?CO5@FXIzBL*0MAM~9vM!=)vU%m
zQPn!bJTcV(PhvO`Q%#EjCsci%<rP!!>4#%i%paxxm2<XVt7TpO)3)Ez9GKFoX2+M#
zC0u@}8dR31SvpsCfUJ^(Y^}Te=Xjl2AqJfIbA_s%kQ4i`9hY+=T}3a|oM=~uC08b{
zyff!wc6u2H(enBo7|Vfy%N}ghTD5HZPrGP(#^r}Is5Xr0^4DB`%~fJ8tK0DB42MM7
zYQYJ($mObcR&$DWy1K%WNkVg+uIf%;rI5EjWXhb>6sVfvbz%M$mtWM8##<}AS*d^B
z1;6fwaitHPrIT5;;uOMM^Y}S+X{u!xP&Larmc<)ucB#v*s+HYUE5}?wMaO?eca_y}
z)va9R{L6AkI0z8$1l9~rRSNXDWtXB-cR<dR9lvHeRjxT?td-ZCWb!30XEaG|jVlT2
z&zIbOC(V_Too&wXu4kQ`*3aZ@kh89mWnHz^%MQG@?xe0&96B2-PQ0<=#A_Oq7*tk@
zmbh+v^Cee&IRV@uV9Et3kK>1GVW8*&s>Yr8s*{1S0^A|sYYzAs4az2>wRI=npj;{9
z%_@{x_}9%URG0<G?C3PuV03d#Su2##YFpT<t;p@i6%7_#xtH6REP{9V?*5CO`%deX
z<r9njCzd8dgJ5ZnPr%u2+h7IbxMJk=)0mhDFPDv6y@Xkqt6EJDpVrni=q?LY3p%iw
z2WFsiYipIVo^5_^Zeolb^!D{`A{b55er^VO&H06ix%BxyG?Bwl0<&7E>V1dIc1A2k
zADfw91d|CbM{{A*1eTpIyw@ja2B15*qtWnXHgJgA$=nbQn@}dWCoL51H?u}ncQyby
zc4k`~iQ(K9M{ZcRMQb#?+oDJe^R_q*hI?BKiDADX9KYe;7Rfg-*a*CT;LsKaMhAz5
zt%xo%6^3^aIu_&q5^{uu!6pxz`DH$43!j0@`NC!`8_sK`tkF-6J?0DR>sq-AtQ;;E
zta8X)4HYUd6<R96@YQFXvN6diLJo_&pTsbP{6O5=`-y87!H$eZQUm>9M}{K(^$g4$
z)wzi(M1l@T#zq&?i(}_`%=rhF`hfexqjQVXeQ%2QrxJZ@g_>2@N`2I*EmX9U`pDj^
z)baWBBNHbN<&LN`6Wlkh9-rpEG4;d(_l>F<Q_Wa3@GwIIgA@Gst6+kFdrZxis5`~u
z%G7_Ta40u?C^w~M8CraW;eqvf>VCDtu*cM@rGg##$i$!uM(`sOS=FSW0cwdpGBKsr
ztKiHsypo<iHKk@s=~GA5Y%P6iRxMZu2h~*rAWlxHl{4T@sFs#KHLVtCT6ae{Ug01Z
z)mh_UG#Xd6vbtVT*VojU1=Xyvv^7@l8Fh4qCUht_!)r%Vz#7z4=t&_stBwnxSv5z?
zd2&G=ALD2X46VQ_o>*1&0*y|T)N(<EYdUCJxe>L<QoS#_`p86@!510v?u(WlnRtT=
zojbtY7fY7ZH5MOF03eN6Ro57191^5WW^u@9Br&wAS|SYyl+-$dOO(|*i;aN~#to24
zyv#679u1*#hDImB!<r%ro>dwX0}rLl$pMa0W*87@vINEqAbM3hm`bRllPuvwxw1NX
zgnARyYtSY;86O%>3_<*x7!sH>k4&tnM<c36%Xb&JG}XI~u&-biJQ7Vr=%1$L^D8T-
zPZx`&Qn_5I7)G`F_~W&jX<AmjzP5Je%=-G-v**q|@x=M_Pd@q7Q~mv+(7pE_KD@d*
zJq=?eN}DRHZnB_4hfd2>P>-=jnN^Ds8WD{=r52;$n_p0iG3vgN;T7Z5e_SmlsJo~Z
zli;3=CILFdd;{PcqP`fUKyxY%vrzOYb&{rcG8P9PP4Q$b0X~}E$>?xwL7k*YQZLVG
zlBYZzJFZUhq=#dR>f`_eN)E>WcaZr9sGsIE$?}a3vTvj8+Yt2^GwC<0$5<sM)FNvG
zE}TWyG?3#FwRl`)KC0fs$`PlS_wd|?W0UGZR%C#kVtE~8<&IIHgIMly^$=tC6pcN^
z7=o4a5aUBY9peOH3<UHTVe|k`af)UR)EHs;fu}e}V^ZK@iUr8aNI6YoX^qCI2MAfL
zgJ*tJEmH2BhicTQJEj(?B+iek#j;8soSqw>e=r>p!*YAZ%rlG+hUjdVt<{1dIve${
zDTH8%PKS`e5Iq>82Saq%a!xQrm#;Hj$`E~gdU0W96z-qHVHCQ-Se?y21Y`9}8LJP7
zku$nDR>yE>#_D&$SUtBNN9o)x-oo8rtbUamjMZTb6O7e^v3f98_l?z~!C2i{;tiJ5
zopE@uoIV_<WAdtN5w_}HDi4;^?M3TgIi0Ql2g~WTaIl>2-xIo}u{sW;&<)1w!B}0V
zn~E=Gtp1mK`G^?ZC9&5M!@G!SuI66J{#E<<YI@&E*d?&`C~VK9+jd>c<T%*={kJOQ
zX))BsxC<g-7?oefUz%XS(H+~&u9MWIY&)@$HnZ=<M%v`Y6B}<6J5Ow!%}i(6NE_dK
zVxw$k^N9y(!@Eyxtc`9zaU*P4PHZIL^Vf*W?$Aa4LYE854IV)mp&N<^aDTf?P;h@c
z6_j0Kw=+t`&kE1w78I-qx`CjC?Dh@>Wpf>hO*jyg+l8Q@i~NOQKKr|ygxFSqHb(-e
zpu7`a2stkvWJe)+R6LTJQ5yDOdbaO-Pw_NvsC4bsytKnbEmx!Dn^ZS+J|U7!4&eEO
zG1(SR2H@G^*>IF$KzcmFcZMPrZMXLm8xGw-Q3Q$tcIetNzZuKZMgm2l3Pph~@)w48
z6TPfuP2ub!p~{&JXp7I+c9LBexSqh1WBWhA!wm<Bfce=Ou}e8Y<d#s+38I1E1QDJZ
z3QiE=398@(5uZ8@P7v8Mq`?Uye*CB$oFMAH6GV;XWhYM%v5udhA%JdRcsfQ`Fhafb
z5$bST!*c}=6;?K2cq)DT<T@Rux(!cmZaOy_1cqmDbR7=SJLkQFqw91XJvh4VoF@;C
zu2YT(j;`0jmw3%l%b7@aSIvv!=z2F8o_+%%Fgydpb30}{UoQ+#ba7yVVZJnS6|wIY
z+Xq*vRSZ2>unLtG5-N}btq-<`E#0)-EAqI|I0b7c*SreNQttls9o+p|PlI+~lcKqL
zIm4z$>4|j$*C3skom))D1|no)c64kpZINj>wGJ0v@L(*_pX`qw&KhuP-Ev<C!3T5g
zx4g8uN3GrXv*~3R5{=SsSqN|7*q-}58kVT8#Hv$plT~n&6&P5-JajM*O%3hfCM$aL
z72Ild#c#55?^lp4;Y+VZu-6_XSCP6dR)FPAG%e5#OxeJc-40WBWFI#k(M3}h!|hGk
zJKLDDnR=m=3&HJ-&FtB)i;I}>1?E?a!=8J3nLWF~3!v<5;8LheeTDA_2u$B?y2>sv
zed)EX!6mNH*SfAm4Q9fD9>FE9!6mN11~2DJTraQbi>3&=f$1BVzT08?-gh52ebL3&
z?J>NM<cw@luZ8Gy#;}h-zsVm_gJ--~3+0cHY$}mRMF#S*Y(mc_<EcnAlT9Y#x)vSM
z2eZk1JQ2}{vhg7;71i?bSSqJw@<W=YNAt-@EFT>p_VeI8OZprK=32{zx17AF2)sX@
zB_{}bIb$1>=g&2e>o_@G|3=`o^xLj=MSyo$yar%gju%2^rWcnc=9U-WO@ZXlAQ8dI
z@kO|W8JiW|XBF7+%--+dkBEqii#e(K@#SLq!{t68`@mSMl-vizTEXFguvRekuAx>y
zvPYMF1-B1)wMvHq@dI70px6PfHURv<Rx2RbPJSd1OVBmjAoU)xRQen-l!@g5@www-
z>2K~pEOpY2VmTIw<;zJd{mmVSWp|3@{ef6s0kOoX>W=r8{^kzEvOC4{SRj^HKrF@8
zB&6eF>2K~pEW1-I-x!GH6%b2t$3y4E(%;;HSazpaJ{*YU6%b3D5bAhu>2K~pEW1-I
zvw>J%0kOnu#5yjP{^kzEvOC3cMTjN3xS)mMeI#R8bPBnwneg~vzuChNqL`~Uk+4;+
zhJBw``K#@X%Xi=3O~|--2p%uJ`;#|7B>Wx~FRRm6L@)868@!9UxHLC9JCPPIEb?o;
z*!$~Zk<flh{>)BXtm7+KTVE2j7xuO*L3<H!yApIS7;aaZxVX4o>DddB+m)bLwA`-b
z?3I-5Opq^zZdZzI;dC1l<BP1@l^`t0epl!lbRQ7YEa>he`nrA%?v1F{jP<h*kPx_*
zL9A?*gjNmH3Kgm(($D@A5mlpRk--SDw^!6COmraD9~}U|r27NHLTQL(pTX+ec984x
zXwP!j;(CgF<Z|pYn44dko_uI|aenOB#1g+0ny+f-;GJl=8tE)<J&^81SejiJpFYlC
zy@rh*VbNBgnhDYv-JlQd&OZ1byHX~UK1T**GJ#)TTr%OObs!VnDHA_@QOX1wwl6N3
z@Y6bwiSCq%qa$4BVt<Y{6S`N%c2fFysp!A5enOZ|FEZQ7PwPM?x>F{mMmYDqxMYHt
znY_qk!cXf!Cc0B5W`#_ki)Rrqyos|2T5d2NiRLnqfrzdRM&i0Yn9}nD$#@oyDCDB4
zd^{V8#s)LVTs)uBVneA&a$q1A$;FeYcrucVw>gWj<>dKjH`L@T!d8>_Y<fnSr7qp{
z9Pyn+NMEV52-vLX24dNrVmTLxC0_yCR<Tt2Kpw?UCYE@=RmWGr{LLMRWp|3@{0QeB
zRG&d_d5L|!r?*u4I92JtGO@fzeD1hd`kOlt%kC7*g%Qpnfmm+Q1mBcc;)_}x7fXM0
z2V&WsVtG6e%PU~S;+s_+7fXM02V&WsVtFDE%PSz3Vmn*s&m#DnI}pq66w8MKvAhCe
zdBu85e{%<7*_~o}DiF&nAeKb@I&Q@Jn>!H8?i9<s5KDA%>IcKSNoA!_S-*!nY9Bw6
z&<C4?v$|>av5$SBmA;&&myJrFk<Sm)*Ve+aUB0;|;Oz^v-vnbWi16PiP0~UR4%`<r
z1==15+3NZf@gE1-a)SQjAX`pQavWsKY5I<XY&kvuagZ%1=sgay<>dUwLAE79&vB3~
zr|3QovK@(ej)QDDK~T*<9^sk<T~zhx3YEVfRsI>H2A61}%5Tu_tB_g|{ua&?@(rJM
z|9PGh`5Tmf5e}S}6a{d*DY^}Z{kF`ufp*tx;Vn}!(C%9%Vb^Q-e>cum3%aOze_q7z
zCi#qJuDaf~>m~hR7DtY>ehCB~=2#2owNlmy>+4#%TGGvMxnPyy4&_jxVp>|Mq}ODR
zgnTwa$X&a<D(^uN{J}N!xjENcIZ^)dhncPEdW9^qhjnO)iSz-Up;#)~7mKlvOG^)>
z!?cW5%M3?|`%?4Z(Y4^wHMrwHcyujzbS-#vEfN`ycgv$|^np|Qtm)#|d9Lx#Kd{sn
zjYPtu@T6(qo8tYcMBiGWX4SP)AKZljPnv2a^^v_-spIqMM<z}l${kT>Cb(~0JwDBS
zW9o?o?i*Dzrkb&6;9-WA%~AjTYF4N2F*RGF?i7zJQ~#mDq1^DH+?1MSXz>+>mow6*
z?pG@edrYlbYAp-EgKEtLC##w?G@zOkWlF7A!I@=vB|Uv=O3jqgr;e)GTKd$iTCffd
zs;dS-oSafCXTY6MEiHX&S}oAD?v8N0!ohe#%^C-z(YUIW)%A+HzNXGBsAi3&t+8^?
zsG~D9p+mVDUOSos)}W^57|^UbE`Vm$94+U`1$BIkqb)GB0;_mpRn-eLI#E)~1$A10
zjHpGH>V47GM<&t?zQ~AoU$ped#2eH#hI3ymSyI<nd^`bwCm~{0U1OMWNRT#}#UZ1S
z#L%j0i8LTkQtJ#ZQC90LHU>VEQ7B$!m?n>gP&q?Om;?`NiYRziX-o_}lrkp=I7XRa
zK%~hM7&CzARqbFZp^i>cu=t@|Ssgt>y$R|yXp^0c4-F@VApT7ZX^rN!q8^Q?8ZF;l
z;L=p@I>NqcK+0$$LjN=^pI=!yeY#jImCEHx#W1SX#~-iNOw+RJ^|iG#XV%xxo;`Q&
zi6_pVfAYzvp6c%ph3>ug@Zr_f>FEe>?<%WqvY=M;v>=IsdW<#7tXhoFh-l;~wHO88
z{DNAHQTL6k6va68A6JVB>Mp9qB)BJ|Nq|l<-vIcAs4oU7&{il8vrzOYb&{rcG8P9P
zP4Q$b0X~}E$>?xwL7k*YQZLVGlBYZzJFZUhq=#dR>f`_eN)E>WcaZr9sGsIE$?}a3
zvTvj8+Yt2^GwC<0$5<sM)FNvGE}TWyG?3#FwRl`)KC0fs$`PlS_wd|?W0UGZR%C#k
zVtE~8<&IIHgIMly^$=tC6pcN^7=o4a5aUBY9peOH3<UHTVe|k`af)UR)EHs;fu}e}
zV^ZK@iUr8aNI6YoX^qCI2MAfLgJ*tJEmH2BhicTQJEj(?B+iek#j;9fN2h1_-4SK2
zPzsmfj-PUQ>$mZ=e0F{jOyg)IHP8>HaVXL+?(5mi^L#BV{)V^Zw&%5G{`PYmZW)3b
zhQg~xSw~vUc%O}aaC&Zh{y}&lr0L7kY?KhCmzTihBuP46X!nS9n>Vn>rxzDyMjuME
zbjD`p7omjoCZ$ZF5{6-sSuIrczC$Mb?|y(A9xE{mIf6qobO(3f-AM4930(J7Dr9v?
z4IZw6jxZv^CZt+`S97BMX4a_c&V2VKaO^4VP2jj^tv7*&6VsbOv1cbXfg`4uH-TZ#
zAa4?fPZDneiOm#j4xUf-ZUP5pbDt68dUTPgaJ;{VRL@$gMg`qh!f0RIAC@f@^orGA
zJ$u;({=fbfxPYvWkMwaO;<aKTKr--m4fff?_c#ZzIJG=BGd(f41Uih#aI7yG4E!U}
zVLqr|)zY^AT*BpFb@|H<kmY&-(po=f16k(`$3Ni2pDR@DcqjH@J1*x$t~lOO&E<D{
zolIPLXU@g!^fC^#<@Gx-mIDLN#oDN~YT5Rm)@rst82ASR|6t%B4E%$Ee=zV52L8do
z|B4L!7e<$+_%QJjFWhZ8#FtMiych@mjRSr@6_6ku82H;G`!+KGbOK?+1AjgQBREDw
zHyHS{sf=LYe<=fh<w-HF7B1c%j_z(^mUO);oE;?DY+LT%!?qpY;yk%qtj-r3?)c`S
z7!|W}?5^)E>ovkABFV)4JXdrZwh?Xl8D;-AqAe$A&!}zJb<OVSw(Uw2=i;_2JzHM4
zD?#rj(JeQMJ;k?O<)aCDHi>Szi0*Af+mV=OljxQcglWYcLaU(r`m4EYVt5xZ>p6q}
zdyv50*}1|B37sK&xoVw-DQc}s^fjyBI$PD#6{Dh)1FiQKg)QB*{A%bsu$?sV7lfSO
zC)AN}R>fT6yLR~Y4y9lXfNdCJ6Y*@<5SvKM)yo<A{-H=RIUwCXG~n4kG%-6mwwShv
zvyX`FQlcx@WNd!s#O&N+IyMlwB5ONsS8+IPFY78zto<rY)5RIq1lzedGYwk@#wV6}
zo5d3S$^Pi!tN~jGp#3&uwNVZy^E2b^37n}HO1ThBL=uz_bjLQcwv)P)#T^^T?u$0C
zfM6rJ`<u<+VV|-Y9J}Ax4ARC|c<ega`hPR|I68haSQ}mBvC9Ss8#eZAB+$n@g+4|X
z`3v1WLI<OJ+qNrXs(U~A1wuY>kZa*vg)$EHaL?U}qiS7ha_h!ngW{5n4<}||O`Wd3
zGNtbu3o|Pf$Brz(_J-O%_J$1$EuI*kUmlyEogJMUcUE+H_tqCW)8}+=ectYkA-Z>*
z@`&kiSh9*l2n!v>5H=#ZfszQ>ydEeCom{Gt06|>;RfX(?_gyZ+pbl4Dg`g5Vqp!f`
zZ@NvoQZJPdM)nO~<CT5GgFg7!8Kzk*n=3e&{AZye00vKnU=&!BcB-OyJK%9E5VUaK
z3};trM!iZyur($p^b0}UR}g{^lD_`{M^>&UVR|Gr91WL^dc`VK^2T0~E~3HJvBHKW
ze?-XtrC*h+1)6zAtD0Dq4~Rs2FMRt8N%HgyFNlQ5jU)`0-eR%DLos{tO4<)1+Q?75
zX#2frFpyZ&EPXFjgZ;345XPIp-YHszmX9`+R=142d80u1U6E1G)r4*{QBMvI4h%fH
z-<KQ|3$Nk)D3<Kv-+4=Ro3~`Ajd~5XSB6b1XVk5|H;WWMhUnxQ8$&m;Mcvwq{ljyJ
ze&Jue=(q6POKasY{8f!oDc5gu+*gaNlY$UEg7mqvz6M(sav|6pv!>T>6JV)kV0?$e
zYXsPT#gbh7p|>Qjk<$T4A1WCudv6!`A4h!hPhR|+JvGrS&92DL2-N+r<(}S)$G_^~
zsT(+Ioi=mUs8}_lw6{+ny$X>oJm5uowYR)^Gh6Hj_Ft*N9-+OWkmL<W6hUVpP3&sA
ztW^r<3wc9iKqe1i@ecl?r+Cdc<g7^vBe2NVZ1mb&J?MnIPSgdt9N6+s5%rbBB2!{`
zu|Qzfv>KB&K7wa#vG*>4_f^EZu;#^krJ!ZKkjsT@`r~yNQtri>tgj;$>0AG}TdMn9
zxn=665btI1E(>nNdo%wAleloFHwn>*TDDrSTmIh0iVJk|1RRH<zut?nclgM~^fuMs
zUxx2rV^GdNw#Jm`@6Xu0a;LWi34zquuLTHd^Go3HT_W}SP-k6d3j-4bAPKDtt<!q}
z_L~A6omO>{eZ$JgzF|==RnD=Kx<q}6MY=?NiQU{af;8?PwO7QU6afr&ffxnd2ljZf
z6tL_24I!!uXa&||(k>T{_g3^0Y_T-0idKfF;P?-d23+i{9v|SJdN1Dabr0({Qxv=_
z!TB3Z5t6%3Wby;l9i-38xUEyXUZDRN(MP`L)yb{VZxHB51wSbxf@_VHFm{9aTz*iG
z>B)?y#pAJTBpHjq4qAvv<+B5^{GiYj{Q@4l=VL<hd&&I&+60NP|Gpt4C`{)6XcOqz
z*N38r{@4zWnrlrD?Caw(fj)AtS2eXpzeSL9*v|dEpZbJb$+kvEQvtT{vR^Ox=w{Hd
zlU=mY-+S)&H=aAwOH@C-8&uf0L`~2^p+;$R+st3GdGBFwQ#m@f1qkZgO_>I}MY;aX
z&ia@?Yb^22Lc|p4o#-Ql%*0qdlgsqOFd3DN@;aVi@5M2HI;eAYAjpLW{2+cE1f4tT
zAe3~_C8&BZ3c`L31Ns1P*$<&0ina%~3-!BySW8*EOrr#jJnWS~r(IfrV7r{OQ@Pr!
z>YUXwEGtw88wR7Gl2}BHf*K*&^LE<jye1471)`QK2tpq7gCN;gZ4lxwAvQw+K`uPt
zC&kqwBP<>?z{Z-zZWpTY-Y?pP`e|F;4B^jhqOFif?sja|$7Ab^9OlIbgWAuPXa@Xv
zH%~};Ew}L4OP#CPYB;wlc0TKsYQ&89mvjww*JDXCB4yU1<76l5^-*{Hf$C0F*hfS>
z;tR48@~i(Q=t1f79f-akD<(h?!(DeI-SyZFjNI$(79AdL0fJP*wgrwss<@(%XP-j7
zdEr;89=+Mf!;ld2FebzWm)4KglTzy)qMpbT)cu$*?%fbKzX^JL#HPnNZ@=cyqXh`k
z<Dke<c?Iw8vo)iV>jx8+(DKmoKL_s8CdyUs2L$-_Ubx9GgP2MS5G>dGL<_JMxryw+
z#`<j$kDS8uf`0*qmz9<|0!(uPa}ywlA>%FCH$<0x!%|-2C=o039-MXAD@;#1SA;zH
zqg}iN%03~iV2FWf3ZqOc(bKo{a?rURIy{6=%y8`o5Ax*COJHE~WR=2jIw6lfBP#6X
z(Pt%bzvPQshvMMdf7lvWLK&_98u{bmfA*R*4&Sx_LCQat<azayZ@ljh+?GwwrP}D!
zNi7WP81%v(7~a$C8T4ExnIDQo@~KoVn~%g&T4W#<i{yr)k->Z<9?uUBfsLC@MTRm1
z`XD?pl}cu!$#^c7iED#Hd7Y2Eu?5w*D8_}Oex-};h+5$qM|W&?oR5w9;e^O-<a^#q
zJDud4uMu2xuz?P1MyXz=7gW$usAg&XxeWH3b!5cr2vAEsnE<*Z<I$nyz@yl2DxX4v
zle>S<P4Fgj6WE!4HNzEn@5u9B6SN5)kcs{N_&*9fvTsBAVdwMkCqy|fzJEjcp`m`;
zvLM{u4TOVNtiwljYr3qh=toLMCJHBQVngx40h~sAN{B>Ho-0wY%L2MrI)SC}TQ0Y{
z2Z2pfg<vL9uhsf^9m)BQW(-rH_lS(2IVGs|!3JvCRfbvXR01Ao8_3792|b&Pry|iz
zHkpX)T69Ps%qH{kL_{CT#)q_2RLjR>shpO{4{4en%_k$Vd~{&T34~6YMun<6(QA-T
zZ-ii5y%NW6DIk~_J(7zZ%@|ljs0#8I8)~U7S9z-m*exaWI(bKq%m2>3WXHbLx1--Y
z{(nB9P$JU)2K%gc397pLtY4PI{i!7Gi;}pTMfc)P?-ohit&+IcN#Z^y#xCykZWT(`
z9rqKV_1tk6xf#jqN38GPO5zT{D2o2vxJ5~vCDu~haK9yq`;a8=w<U2Omc(6@#C@4&
z=qlgS;Lix!vk&l3D|<oq4bf%aL^F_U1(0$LSIU~j?OK{Yr6;|2wTKCcg2>Y2Y)DAS
zo}>Puzw^aZT7Y1wwlL|AHiyfgKpW%ZI9?$m-gOa&w1@>9gyuy35U;iZt3CdiPuQ-u
zT+&Qy89Znud<t{9nDvi1&`S8U4RX*sTjor9T(m*5-eG+EWe2nk{u?GS@;f^{lWOgg
z5CTLVu&4Eo-MGmlglv&p<D7iGBe!}7I_*n=v%kNU5J`}K^72&sByhfV?qRgAj(O)Z
z+9$zffXc#;AdTmci#H$(_agN!K6B7RJ;#P`0fMqHW~VadZG*<KIkY_TIx;de1B&bI
zf-&g42A#c!r9-$dzzmCPa>AB%mi|S;TGlG8>B#?>5}2yUStslw9rqUrIR~*If8>Ps
z3X;)*7+tn3RH}6=%ob)N*wpW94im+h|KD#86Te=3Lwgm6R#2~$(6D4(G+~c#a#`Gz
zV1{8&Nlnl5_NMLL2krj+CfXedj+xWBUqqLE!<I&xfhO^5F(AIbWdRBky9H(JLXTI*
z94+QbTlBW}z6fYC)LjS#QK+kq&vTN(gqc@zI9;&MMa#|IZ+=Ep8sp%iSKG7{?Zo<H
z>PK2ZLq)l$^1j;t4e5xD>BjRDjq)PRla}!@_=vAX(lqH0$%kpU=jdAuuCWL$K>RHV
zf`f%i3UuXGF_q+ueV8bi)DXwEK7kEOKI$E&CHa7YZYz-vqj+S<9%b<5<-J&AY-cDJ
ziuvy(I8k8tidV^AVpb^8Zxi+HdAOmzTORlnDg{s=>jewN{%OqY(aV&X*lK|rNHjq`
zrRv{<#P_*k<7~O6Jh^_uC@+g5;N}u+N)X{YcngvtA>r*xwbjuG%#oCh+F5t04vHfD
zF*ZbFt8Y11yVYMSGW!$Etg+R%Co@5EVF=oalWI+>S5OCjUX%m%9d*ATiTjcy?(34c
zZ%N|bBUFn!kDnE~1>?Q~`Cf-ANYDr+U#9D1-$d3@9f?VQNGNJLD^5G~wT!X8LO0K#
zuDeI1qKJ)76hO=IU07gx&<S+R`-2Hy(B6@sc-0R?)A}Hdub0&S21(p2C2==O;`U48
zZj!{k$`?nco&QY42@*?bg?(8CH$aT2-aSB$E!YACGkVHS<=6ZxE=Y6K2cX)q7r`hn
zB9PqwU6gspm|t<>cCQw@+3BYde#I1Qr-O#XJ_IuYiw`Y|w}}!fu*r&zo`wdtW3T1g
zkq{SS-es=ax#Fiq4AUZt%@#TTuFIz}ff3c4z|S;G0QX-)R}O7Y`SI6*h<}bvBM6EF
zmdRO*28PtwuLTHZRL7EEc)OnmAPHI~TDBj7doS_?OWJ9CS=nUe#zM)yVbZuZ+4DM1
zH-7a}crnDUr-L@|T^@%_xlg1{3q#GAI?NwqMh}SsV?nD{c^!F7_6@*keQCYvyv1QG
zoJa<P3M?Q|Jw>m1wv9~bN36N@Bkt>!e#Chb>JA`;C<j*EU5*$k2<b;Ghx8+sL;4ZR
z@p?%AFVU74<v=ncdEIue>>HLs_6@o6!w>O_u!%^RjD%g;PyP>kJ@O0UD@+1-mnj@2
zC2LpAa1uxF7ruS9Zy=3qvB5!IuOPuJrg-uF-nkL_ozjf*65USy8eF02X4*~IwfUi+
zK1jl80n&4gz4<$p7<%*)$=4(`RQj^EL^{g8;k<(E8_=D$1IqU8n2u-<WNo)h4RBU;
z#;~4`$jwqrlqu;)l&M{izIu7ffntTZ(CJyKy6QEpk~7MvSg^wd!lM?z2^gi9W59qK
zdB6pY?JlD@%82Y6p>?NiL2b=pQ986cDShy~uV@~76PLRQ2C;qY+PM_-AhwV6Besw9
zBeoB9M{xWp3W6-=F2@j-L;4ZRA^nKukbcB+yc=5azWb08+{L!oPTh;`3WY(&_(f5A
zCChtPXCh$BtA%XcE^MwA%Jh&!KV3US-s{L%A1T<Wu|A55`bpk`wgycMMh8=mqRtzZ
zeI9re8TIwD&x4Pmw03-n8Yg8tz9^4!`Gnxm9-VWjbQ){R^ConzfbIq;RG{&wJfiM8
zBIFWv7j?%ZaraB&j!EL)D2aPm5|{PGQF|S4Ug7)&eT$4&QjemxYQkx#ubOZg_Gs%O
z7iB*Q(=8j~PFMauV?R8X;*24_1OD%d@?zOg`nE%Vp|U!Mn`TCS&A(29n#HB!umn#C
zEDU1_$pYDdLfK-+4uI48AwT@1uU#lV{7@2ibOb)Y&&@YeBP_~}`+MNCSrNy-Z130$
zjRO}^kd&WouJ^ZRDom>PJ2Kmc?cAx^KGgf~6ny5=`vZdsTkpS1_Bm<m{byvKQ?}mk
z_)Z(t`?y}yax>Ppu#DJ@g?j%FH=_5qE#pGvW+8znET9_j*oZ6Y_C~0_#wduPvW+@p
zZiIulb-}zOZb1@vToQLe68DfK?vyX?I_MelB94e(6RyQRqzTtzAJT+tQSrRt(>#~n
zk)q`}EaVuVO)@}z-XsH*@z;wC7&z#2l*RinV`BI-h7wUa(6)IkxIZ2dgb>bUp$BT+
zj#su<)CxHmEPw3sFbcxh<-4L7Z77XOkOE%$j+8>`%ldX~IQRG|hU_B!$n&6i9fl0>
z>O#zG_RqMFp?-1K4hlnIEpYLMI)uF}_7Ega^P+kF3%Gb63g(G+ySu(y7`LM2OugX_
zmP0SO@KMi(Y{x<v6d*mX5HmHg=)hnqnzH9=ngSqK9K%d5{E9ylR##eQHjWo}!(8S%
ze^n?QoWp<>2DtPqg2L1HFwb8JZQ!P_uyc`$&2*ypJ9hIG2IS&7L4_T#I>lBV;&2W#
z9?s`j-RT_u1+2KoeH=p9DG!k+4%ma{1L_k83b_O70e8Q2;P8P0-Rlg|>@{<>1h+Go
z7DUstun<e1I9z6*AdX&Wc0i3h`6LJ>&6no?3!Z#2@DzBiQ}WXM-Qyuw{#vODyQdop
zpjnni_x3M)Y<zEFXc@Y#EQ5>`FMR34FC6}d$8HqdL+*jt@4_*+UZS$^gzOieC_Jr$
z7Y`!X&%qNB_WdSuJQUSNydSj85BsP_yx$Q?%JW0T-H7*KOT25E*6#uFMV=q-m1xWl
zB~p$@tsMGm#Crq(!06xD4nHHlHsZavC0?{C9&&`doNG<-`djAr!KQe-Tekbx8t|}u
z=*r9a%?7-%h*=b_9Pe8VcsGccJ6htsTNKA>2W;=#TH@gfpM!^zCD59*JD%oq@J<K>
z7?rc1yncAP&%wifZEs6FJbmZjA^inflXBt-I0p~m5no<TJPGFDVb6maM2?52#T-1$
z58FeIhbPJ$JcLILBFDp1XAU0L3)@kSho=S{yq^;l`_WCj#Bw}5Md0B5ov7d)!j<FU
zNdpHDZ7`&(91l+(IC$eCpSxP-ho=)9JftVmN1h*^U~uqm7Wtq?mgC_m2M6yz3B1;H
z!IKaU9&Ut1`pEOc(-ICI%2Dh3;fV?dFDDRxNg&Ge!&4UyUS61J*NTG5@$h7ZgSRXi
z;_ZT<ay&e};o!YR@aK11;^7Go2k)#9ptrQFAD;Md@D7Xi!=7JWPCOOj;N31}{l6#>
z<#>2<#KGGbf8yy92k$1qF#oe<et62m!NZ>I`Id5oJK`NY)JJG($m@qwUk;wg#$L*l
z<KZseM!eR1jl1(4JfX(m6*K;m=Z8D^96Yi6oxHIn9`5pU@Q^O(%JajWfDYc<L_R3@
zay;BE=-^>LB+#4mf4HO2!9#v--9O;2LkDk0WYk(;<8D0%56f9=Nl)C-=is59|Ex$r
zP8Zza=iv2;d~ktVj)%Jd9lS|__jJp0;!Z&a?>z$kHw8iE`QdIt2M_7ex*c$rmxG6s
znXhhHPTVEs;Js47x9(SPSCfM$)UAC5iM)Qe;^yFC`+cWnIdKKf!MjDk(-``b=Z7nD
z4&G}ycpG`g)i?+5LBwm>ez=0<;9<L=-j<hhZiFZA;9<MB#>+S0q5c!aZ9*5EiF5M%
ztU&k`;mXU2JE0sr<g?#xNf+F)<KUrwXkAX+VdLQa!+wtOe9L|scc3_UsLzm3<@LiI
zBMu&xv$fuR>oHy`2M_D@k1fl&u-*)BuSh^%PV0$gc*r+$JiIj6DJR0a`RxA#qXRWH

literal 0
HcmV?d00001

diff --git a/test/falco_rules_warnings.yaml b/test/falco_rules_warnings.yaml
new file mode 100644
index 00000000..476ca3ad
--- /dev/null
+++ b/test/falco_rules_warnings.yaml
@@ -0,0 +1,186 @@
+- rule: no_warnings
+  desc: Rule with no warnings
+  condition: evt.type=execve
+  output: "None"
+  priority: WARNING
+
+- rule: no_evttype
+  desc: No evttype at all
+  condition: proc.name=foo
+  output: "None"
+  priority: WARNING
+
+- rule: evttype_not_equals
+  desc: Using != for event type
+  condition: evt.type!=execve
+  output: "None"
+  priority: WARNING
+
+- rule: leading_not
+  desc: condition starts with not
+  condition: not evt.type=execve
+  output: "None"
+  priority: WARNING
+
+- rule: not_equals_after_evttype
+  desc: != after evt.type, not affecting results
+  condition: evt.type=execve and proc.name!=foo
+  output: "None"
+  priority: WARNING
+
+- rule: not_after_evttype
+  desc: not operator after evt.type, not affecting results
+  condition: evt.type=execve and not proc.name=foo
+  output: "None"
+  priority: WARNING
+
+- rule: leading_trailing_evttypes
+  desc: evttype at beginning and end
+  condition: evt.type=execve and proc.name=foo or evt.type=open
+  output: "None"
+  priority: WARNING
+
+- rule: leading_multtrailing_evttypes
+  desc: one evttype at beginning, multiple at end
+  condition: evt.type=execve and proc.name=foo or evt.type=open or evt.type=connect
+  output: "None"
+  priority: WARNING
+
+- rule: leading_multtrailing_evttypes_using_in
+  desc: one evttype at beginning, multiple at end, using in
+  condition: evt.type=execve and proc.name=foo or evt.type in (open, connect)
+  output: "None"
+  priority: WARNING
+
+- rule: not_equals_at_end
+  desc: not_equals at final evttype
+  condition: evt.type=execve and proc.name=foo or evt.type=open or evt.type!=connect
+  output: "None"
+  priority: WARNING
+
+- rule: not_at_end
+  desc: not operator for final evttype
+  condition: evt.type=execve and proc.name=foo or evt.type=open or not evt.type=connect
+  output: "None"
+  priority: WARNING
+
+- rule: not_before_trailing_evttype
+  desc: a not before a trailing event type
+  condition: evt.type=execve and not proc.name=foo or evt.type=open
+  output: "None"
+  priority: WARNING
+
+- rule: not_equals_before_trailing_evttype
+  desc: a != before a trailing event type
+  condition: evt.type=execve and proc.name!=foo or evt.type=open
+  output: "None"
+  priority: WARNING
+
+- rule: not_equals_and_not
+  desc: both != and not before event types
+  condition: evt.type=execve and proc.name!=foo or evt.type=open or not evt.type=connect
+  output: "None"
+  priority: WARNING
+
+- rule: not_equals_before_in
+  desc: != before an in with event types
+  condition: evt.type=execve and proc.name!=foo or evt.type in (open, connect)
+  output: "None"
+  priority: WARNING
+
+- rule: not_before_in
+  desc: a not before an in with event types
+  condition: evt.type=execve and not proc.name=foo or evt.type in (open, connect)
+  output: "None"
+  priority: WARNING
+
+- rule: not_in_before_in
+  desc: a not with in before an in with event types
+  condition: evt.type=execve and not proc.name in (foo, bar) or evt.type in (open, connect)
+  output: "None"
+  priority: WARNING
+
+- rule: evttype_in
+  desc: using in for event types
+  condition: evt.type in (execve, open)
+  output: "None"
+  priority: WARNING
+
+- rule: evttype_in_plus_trailing
+  desc: using in for event types and a trailing evttype
+  condition: evt.type in (execve, open) and proc.name=foo or evt.type=connect
+  output: "None"
+  priority: WARNING
+
+- rule: leading_in_not_equals_before_evttype
+  desc: initial in() for event types, then a != before an additional event type
+  condition: evt.type in (execve, open) and proc.name!=foo or evt.type=connect
+  output: "None"
+  priority: WARNING
+
+- rule: leading_in_not_equals_at_evttype
+  desc: initial in() for event types, then a != with an additional event type
+  condition: evt.type in (execve, open) or evt.type!=connect
+  output: "None"
+  priority: WARNING
+
+- rule: not_with_evttypes
+  desc: not in for event types
+  condition: not evt.type in (execve, open)
+  output: "None"
+  priority: WARNING
+
+- rule: not_with_evttypes_addl
+  desc: not in for event types, and an additional event type
+  condition: not evt.type in (execve, open) or evt.type=connect
+  output: "None"
+  priority: WARNING
+
+- rule: not_equals_before_evttype
+  desc: != before any event type
+  condition: proc.name!=foo and evt.type=execve
+  output: "None"
+  priority: WARNING
+
+- rule: not_equals_before_in_evttype
+  desc: != before any event type using in
+  condition: proc.name!=foo and evt.type in (execve, open)
+  output: "None"
+  priority: WARNING
+
+- rule: not_before_evttype
+  desc: not operator before any event type
+  condition: not proc.name=foo and evt.type=execve
+  output: "None"
+  priority: WARNING
+
+- rule: not_before_evttype_using_in
+  desc: not operator before any event type using in
+  condition: not proc.name=foo and evt.type in (execve, open)
+  output: "None"
+  priority: WARNING
+
+- rule: repeated_evttypes
+  desc: event types appearing multiple times
+  condition: evt.type=open or evt.type=open
+  output: "None"
+  priority: WARNING
+
+- rule: repeated_evttypes_with_in
+  desc: event types appearing multiple times with in
+  condition: evt.type in (open, open)
+  output: "None"
+  priority: WARNING
+
+- rule: repeated_evttypes_with_separate_in
+  desc: event types appearing multiple times with separate ins
+  condition: evt.type in (open) or evt.type in (open, open)
+  output: "None"
+  priority: WARNING
+
+- rule: repeated_evttypes_with_mix
+  desc: event types appearing multiple times with mix of = and in
+  condition: evt.type=open or evt.type in (open, open)
+  output: "None"
+  priority: WARNING
+
diff --git a/test/falco_test.py b/test/falco_test.py
index b9358e17..8c4cf9f7 100644
--- a/test/falco_test.py
+++ b/test/falco_test.py
@@ -3,6 +3,7 @@
 import os
 import re
 import json
+import sets
 
 from avocado import Test
 from avocado.utils import process
@@ -16,9 +17,34 @@ class FalcoTest(Test):
         """
         self.falcodir = self.params.get('falcodir', '/', default=os.path.join(self.basedir, '../build'))
 
-        self.should_detect = self.params.get('detect', '*')
+        self.should_detect = self.params.get('detect', '*', default=False)
         self.trace_file = self.params.get('trace_file', '*')
-        self.json_output = self.params.get('json_output', '*')
+
+        if not os.path.isabs(self.trace_file):
+            self.trace_file = os.path.join(self.basedir, self.trace_file)
+
+        self.json_output = self.params.get('json_output', '*', default=False)
+        self.rules_file = self.params.get('rules_file', '*', default=os.path.join(self.basedir, '../rules/falco_rules.yaml'))
+
+        if not os.path.isabs(self.rules_file):
+            self.rules_file = os.path.join(self.basedir, self.rules_file)
+
+        self.rules_warning = self.params.get('rules_warning', '*', default=False)
+        if self.rules_warning == False:
+            self.rules_warning = sets.Set()
+        else:
+            self.rules_warning = sets.Set(self.rules_warning)
+
+        # Maps from rule name to set of evttypes
+        self.rules_events = self.params.get('rules_events', '*', default=False)
+        if self.rules_events == False:
+            self.rules_events = {}
+        else:
+            events = {}
+            for item in self.rules_events:
+                for item2 in item:
+                    events[item2[0]] = sets.Set(item2[1])
+            self.rules_events = events
 
         if self.should_detect:
             self.detect_level = self.params.get('detect_level', '*')
@@ -33,21 +59,38 @@ class FalcoTest(Test):
 
         self.str_variant = self.trace_file
 
-    def test(self):
-        self.log.info("Trace file %s", self.trace_file)
+    def check_rules_warnings(self, res):
 
-        # Run the provided trace file though falco
-        cmd = '{}/userspace/falco/falco -r {}/../rules/falco_rules.yaml -c {}/../falco.yaml -e {} -o json_output={}'.format(
-            self.falcodir, self.falcodir, self.falcodir, self.trace_file, self.json_output)
+        found_warning = sets.Set()
 
-        self.falco_proc = process.SubProcess(cmd)
+        for match in re.finditer('Rule ([^:]+): warning \(([^)]+)\):', res.stderr):
+            rule = match.group(1)
+            warning = match.group(2)
+            found_warning.add(rule)
 
-        res = self.falco_proc.run(timeout=180, sig=9)
+        self.log.debug("Expected warning rules: {}".format(self.rules_warning))
+        self.log.debug("Actual warning rules: {}".format(found_warning))
 
-        if res.exit_status != 0:
-            self.error("Falco command \"{}\" exited with non-zero return value {}".format(
-                cmd, res.exit_status))
+        if found_warning != self.rules_warning:
+            self.fail("Expected rules with warnings {} does not match actual rules with warnings {}".format(self.rules_warning, found_warning))
 
+    def check_rules_events(self, res):
+
+        found_events = {}
+
+        for match in re.finditer('Event types for rule ([^:]+): (\S+)', res.stderr):
+            rule = match.group(1)
+            events = sets.Set(match.group(2).split(","))
+            found_events[rule] = events
+
+        self.log.debug("Expected events for rules: {}".format(self.rules_events))
+        self.log.debug("Actual events for rules: {}".format(found_events))
+
+        for rule in found_events.keys():
+            if found_events.get(rule) != self.rules_events.get(rule):
+                self.fail("rule {}: expected events {} differs from actual events {}".format(rule, self.rules_events.get(rule), found_events.get(rule)))
+
+    def check_detections(self, res):
         # Get the number of events detected.
         match = re.search('Events detected: (\d+)', res.stdout)
         if match is None:
@@ -73,6 +116,7 @@ class FalcoTest(Test):
             if not events_detected > 0:
                 self.fail("Detected {} events at level {} when should have detected > 0".format(events_detected, self.detect_level))
 
+    def check_json_output(self, res):
         if self.json_output:
             # Just verify that any lines starting with '{' are valid json objects.
             # Doesn't do any deep inspection of the contents.
@@ -82,6 +126,27 @@ class FalcoTest(Test):
                     for attr in ['time', 'rule', 'priority', 'output']:
                         if not attr in obj:
                             self.fail("Falco JSON object {} does not contain property \"{}\"".format(line, attr))
+
+    def test(self):
+        self.log.info("Trace file %s", self.trace_file)
+
+        # Run the provided trace file though falco
+        cmd = '{}/userspace/falco/falco -r {} -c {}/../falco.yaml -e {} -o json_output={} -v'.format(
+            self.falcodir, self.rules_file, self.falcodir, self.trace_file, self.json_output)
+
+        self.falco_proc = process.SubProcess(cmd)
+
+        res = self.falco_proc.run(timeout=180, sig=9)
+
+        if res.exit_status != 0:
+            self.error("Falco command \"{}\" exited with non-zero return value {}".format(
+                cmd, res.exit_status))
+
+        self.check_rules_warnings(res)
+        if len(self.rules_events) > 0:
+            self.check_rules_events(res)
+        self.check_detections(res)
+        self.check_json_output(res)
         pass
 
 
diff --git a/test/falco_tests.yaml.in b/test/falco_tests.yaml.in
new file mode 100644
index 00000000..bb1eb511
--- /dev/null
+++ b/test/falco_tests.yaml.in
@@ -0,0 +1,62 @@
+trace_files: !mux
+  builtin_rules_no_warnings:
+    detect: False
+    trace_file: empty.scap
+    rules_warning: False
+
+  test_warnings:
+    detect: False
+    trace_file: empty.scap
+    rules_file: falco_rules_warnings.yaml
+    rules_warning:
+      - no_evttype
+      - evttype_not_equals
+      - leading_not
+      - not_equals_at_end
+      - not_at_end
+      - not_before_trailing_evttype
+      - not_equals_before_trailing_evttype
+      - not_equals_and_not
+      - not_equals_before_in
+      - not_before_in
+      - not_in_before_in
+      - leading_in_not_equals_before_evttype
+      - leading_in_not_equals_at_evttype
+      - not_with_evttypes
+      - not_with_evttypes_addl
+      - not_equals_before_evttype
+      - not_equals_before_in_evttype
+      - not_before_evttype
+      - not_before_evttype_using_in
+    rules_events:
+      - no_warnings: [execve]
+      - no_evttype: [all]
+      - evttype_not_equals: [all]
+      - leading_not: [all]
+      - not_equals_after_evttype: [execve]
+      - not_after_evttype: [execve]
+      - leading_trailing_evttypes: [execve,open]
+      - leading_multtrailing_evttypes: [connect,execve,open]
+      - leading_multtrailing_evttypes_using_in: [connect,execve,open]
+      - not_equals_at_end: [all]
+      - not_at_end: [all]
+      - not_before_trailing_evttype: [all]
+      - not_equals_before_trailing_evttype: [all]
+      - not_equals_and_not: [all]
+      - not_equals_before_in: [all]
+      - not_before_in: [all]
+      - not_in_before_in: [all]
+      - evttype_in: [execve,open]
+      - evttype_in_plus_trailing: [connect,execve,open]
+      - leading_in_not_equals_before_evttype: [all]
+      - leading_in_not_equals_at_evttype: [all]
+      - not_with_evttypes: [all]
+      - not_with_evttypes_addl: [all]
+      - not_equals_before_evttype: [all]
+      - not_equals_before_in_evttype: [all]
+      - not_before_evttype: [all]
+      - not_before_evttype_using_in: [all]
+      - repeated_evttypes: [open]
+      - repeated_evttypes_with_in: [open]
+      - repeated_evttypes_with_separate_in: [open]
+      - repeated_evttypes_with_mix: [open]
diff --git a/test/run_regression_tests.sh b/test/run_regression_tests.sh
index 8d63073b..efc40034 100755
--- a/test/run_regression_tests.sh
+++ b/test/run_regression_tests.sh
@@ -36,7 +36,7 @@ EOF
 }
 
 function prepare_multiplex_file() {
-    echo "trace_files: !mux" > $MULT_FILE
+    cp $SCRIPTDIR/falco_tests.yaml.in $MULT_FILE
 
     prepare_multiplex_fileset traces-positive True Warning False
     prepare_multiplex_fileset traces-negative False Warning True