mirror of
https://github.com/falcosecurity/falco.git
synced 2025-10-21 11:29:26 +00:00
Add unit test for rule with invalid output.
Add the ability to check falco's return code with exit_status and to generally match stderr with stderr_contains in a test. Use those to create a test that has an invalid output expression using %not_a_real_field. It expects falco to exit with 1 and the output to contain a message about the invalid output.
This commit is contained in:
Mark Stemm
5
test/rules/invalid_rule_output.yaml
Normal file
5
test/rules/invalid_rule_output.yaml
Normal file
@@ -0,0 +1,5 @@
|
||||
- rule: rule_with_invalid_output
|
||||
desc: A rule with an invalid output field
|
||||
condition: evt.type=open
|
||||
output: "An open was seen %not_a_real_field"
|
||||
priority: WARNING
|
||||
Reference in New Issue
Block a user