test(unit_tests): add tests for select_event_sources action

Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
2025-06-30 16:42:14 +00:00 · 2023-02-14 19:27:56 +00:00 · 2023-02-14 19:27:56 +00:00 · 94882f3fd2
commit 94882f3fd2
parent 9fd6bbf2bf
1 changed files with 97 additions and 0 deletions
--- a/unit_tests/falco/actions/test_select_event_sources.cpp
+++ b/unit_tests/falco/actions/test_select_event_sources.cpp
@ -0,0 +1,97 @@
 /*
 Copyright (C) 2023 The Falco Authors.
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
 You may obtain a copy of the License at
    http://www.apache.org/licenses/LICENSE-2.0
 Unless ASSERTd by applicable law or agreed to in writing, software
 distributed under the License is distributed on an "AS IS" BASIS,
 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 See the License for the specific language governing permissions and
 limitations under the License.
 */
 #include <gtest/gtest.h>
 #include <falco/app/state.h>
 #include <falco/app/actions/actions.h>
 #define EXPECT_ACTION_OK(r)     { EXPECT_TRUE(r.success); EXPECT_TRUE(r.proceed); EXPECT_EQ(r.errstr, ""); }
 #define EXPECT_ACTION_FAIL(r)   { EXPECT_FALSE(r.success); EXPECT_FALSE(r.proceed); EXPECT_NE(r.errstr, ""); }
 TEST(ActionSelectEventSources, pre_post_conditions)
 {
    auto action = falco::app::actions::select_event_sources;
    // requires sources to be already loaded
    {
        falco::app::state s;
        EXPECT_ACTION_FAIL(action(s));
    }
    // ignore source selection in capture mode
    {
        falco::app::state s;
        s.options.trace_filename = "some_capture_file.scap";
        EXPECT_TRUE(s.is_capture_mode());
        EXPECT_ACTION_OK(action(s));
    }
    // enable all loaded sources by default, even with multiple calls
    {
        falco::app::state s;
        s.loaded_sources = {"syscall", "some_source"};
        EXPECT_ACTION_OK(action(s));
        EXPECT_EQ(s.loaded_sources, s.enabled_sources);
        s.loaded_sources.insert("another_source");
        EXPECT_ACTION_OK(action(s));
        EXPECT_EQ(s.loaded_sources, s.enabled_sources);
    }
    // enable only selected sources
    {
        falco::app::state s;
        s.loaded_sources = {"syscall", "some_source"};
        s.options.enable_sources = {"syscall"};
        EXPECT_ACTION_OK(action(s));
        EXPECT_EQ(s.enabled_sources.size(), 1);
        EXPECT_EQ(*s.enabled_sources.begin(), "syscall");
    }
    // enable all loaded sources expect the disabled ones
    {
        falco::app::state s;
        s.loaded_sources = {"syscall", "some_source"};
        s.options.disable_sources = {"syscall"};
        EXPECT_ACTION_OK(action(s));
        EXPECT_EQ(s.enabled_sources.size(), 1);
        EXPECT_EQ(*s.enabled_sources.begin(), "some_source");
    }
    // enable unknown sources
    {
        falco::app::state s;
        s.loaded_sources = {"syscall", "some_source"};
        s.options.enable_sources = {"some_other_source"};
        EXPECT_ACTION_FAIL(action(s));
    }
    // disable unknown sources
    {
        falco::app::state s;
        s.loaded_sources = {"syscall", "some_source"};
        s.options.disable_sources = {"some_other_source"};
        EXPECT_ACTION_FAIL(action(s));
    }
    // mix enable and disable sources options
    {
        falco::app::state s;
        s.loaded_sources = {"syscall", "some_source"};
        s.options.disable_sources = {"syscall"};
        s.options.enable_sources = {"syscall"};
        EXPECT_ACTION_FAIL(action(s));
    }
 }