test(falco): fix broken tests

Signed-off-by: Andrea Terzolo <andrea.terzolo@polito.it>
2025-08-01 06:29:47 +00:00 · 2022-09-19 13:19:44 +00:00 · 2022-09-19 13:19:44 +00:00 · a325086363
commit a325086363
parent 1930ec56c7
7 changed files with 10 additions and 16 deletions
--- a/cmake/modules/driver.cmake
+++ b/cmake/modules/driver.cmake
@ -26,8 +26,8 @@ else()
  # In case you want to test against another driver version (or branch, or commit) just pass the variable -
  # ie., `cmake -DDRIVER_VERSION=dev ..`
  if(NOT DRIVER_VERSION)
-    set(DRIVER_VERSION "7cdd608db39287417a09c5c4743cd90efde7baec")
-    set(DRIVER_CHECKSUM "SHA256=ab9b621aad060b0dfddba0d7ee16f5f53ae72a7c9fe5dd84aadfed27046343e6")
+    set(DRIVER_VERSION "ccb0e0a2ce564f32e0fdc00b60ed9a1f4d01a3df")
+    set(DRIVER_CHECKSUM "SHA256=d6ef99d45825dad298580e41b25b5683eb7f97cd886533325b17428c4c6c5148")
  endif()

  # cd /path/to/build && cmake /path/to/source
--- a/cmake/modules/falcosecurity-libs.cmake
+++ b/cmake/modules/falcosecurity-libs.cmake
@ -27,8 +27,8 @@ else()
  # In case you want to test against another falcosecurity/libs version (or branch, or commit) just pass the variable -
  # ie., `cmake -DFALCOSECURITY_LIBS_VERSION=dev ..`
  if(NOT FALCOSECURITY_LIBS_VERSION)
-    set(FALCOSECURITY_LIBS_VERSION "7cdd608db39287417a09c5c4743cd90efde7baec")
-    set(FALCOSECURITY_LIBS_CHECKSUM "SHA256=ab9b621aad060b0dfddba0d7ee16f5f53ae72a7c9fe5dd84aadfed27046343e6")
+    set(FALCOSECURITY_LIBS_VERSION "ccb0e0a2ce564f32e0fdc00b60ed9a1f4d01a3df")
+    set(FALCOSECURITY_LIBS_CHECKSUM "SHA256=d6ef99d45825dad298580e41b25b5683eb7f97cd886533325b17428c4c6c5148")
  endif()

  # cd /path/to/build && cmake /path/to/source
--- a/test/falco_tests.yaml
+++ b/test/falco_tests.yaml
@ -1098,7 +1098,7 @@ trace_files: !mux
      - rules/catchall_order.yaml
    detect_counts:
      - open_dev_null: 1
-        dev_null: 0
+        dev_null: 6
    trace_file: trace_files/cat_write.scap

  validate_skip_unknown_noevt:
--- a/userspace/falco/app_actions/configure_interesting_sets.cpp
+++ b/userspace/falco/app_actions/configure_interesting_sets.cpp
@ -21,7 +21,7 @@ using namespace falco::app;
 void application::configure_interesting_sets()
 {
 	/// TODO: in the next future we need to change the interface of `enforce_simple_ppm_sc_set`
-	/// and `enforce_sinsp_state_tracepoints` APIs, they shouldn't require an inspector to be called!
+	/// and `enforce_sinsp_state_tp` APIs, they shouldn't require an inspector to be called!
 	std::unique_ptr<sinsp> inspector(new sinsp());

 	/* Please note: here we fill these 2 sets because we are interested in only some features, if we leave
@ -38,6 +38,6 @@ void application::configure_interesting_sets()
 	 * the `sched_switch` tracepoint since it is highly noisy and not so useful
 	 * for our state/events enrichment.
 	 */
-	m_state->tp_of_interest = inspector->enforce_sinsp_state_tracepoints();
+	m_state->tp_of_interest = inspector->enforce_sinsp_state_tp();
 	m_state->tp_of_interest.erase(SCHED_SWITCH);
 }
--- a/userspace/falco/app_actions/load_rules_files.cpp
+++ b/userspace/falco/app_actions/load_rules_files.cpp
@ -177,7 +177,8 @@ application::run_result application::load_rules_files()
 		m_state->engine->enable_rule_by_tag(m_options.enabled_rule_tags, true);
 	}

-	if(!m_options.all_events)
+	/* Reading a scap file we have no concepts of ignored events we read all we need. */
+	if(!m_options.all_events && !is_capture_mode())
 	{
 		/* Here we have already initialized the application state with the interesting syscalls,
 		 * so we have to check if any event types used by the loaded rules are not considered by 
--- a/userspace/falco/app_actions/process_events.cpp
+++ b/userspace/falco/app_actions/process_events.cpp
@ -189,13 +189,6 @@ application::run_result application::do_inspect(
 			return run_result::fatal("Drop manager internal error");
 		}

-		/* If we have not set the `-A` flag and the event is unused or old, interrupt the flow */
-		uint16_t evt_type = ev->get_type();
-		if(!m_options.all_events && (sinsp::is_unused_event(evt_type) || sinsp::is_old_version_event(evt_type)))
-		{
-			continue;
-		}
-
 		// As the inspector has no filter at its level, all
 		// events are returned here. Pass them to the falco
 		// engine, which will match the event against the set
--- a/userspace/falco/app_cmdline_options.cpp
+++ b/userspace/falco/app_cmdline_options.cpp
@ -155,7 +155,7 @@ void cmdline_options::define()
 #else
 		("c",                             "Configuration file. If not specified tries " FALCO_SOURCE_CONF_FILE ", " FALCO_INSTALL_CONF_FILE ".", cxxopts::value(conf_filename), "<path>")
 #endif
-		("A",                             "Monitor all events, including those with EF_DROP_SIMPLE_CONS flag.", cxxopts::value(all_events)->default_value("false"))
+		("A",                             "Monitor all events, including not interesting ones. Please use the `--i` command line option to see the ignored events. This option has no effect if the capture is not live", cxxopts::value(all_events)->default_value("false"))
 		("b,print-base64",                "Print data buffers in base64. This is useful for encoding binary data that needs to be used over media designed to consume this format.")
 		("cri",                           "Path to CRI socket for container metadata. Use the specified socket to fetch data from a CRI-compatible runtime. If not specified, uses libs default. It can be passed multiple times to specify socket to be tried until a successful one is found.", cxxopts::value(cri_socket_paths), "<path>")
 		("d,daemon",                      "Run as a daemon.", cxxopts::value(daemon)->default_value("false"))