github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-07-20 09:29:42 +00:00
Code Issues Projects Releases Wiki Activity

update(test): check all fields for gRPC output

Browse Source 
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
This commit is contained in:
Leonardo Grasso 2020-10-09 17:15:50 +02:00 committed by poiana
parent 60c322a73d
commit ab615c36ad
2 changed files with 17 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
test/falco_test.py
View File

@ -525,7 +525,7 @@ class FalcoTest(Test):
if not self.is_grpc_using_unix_socket: if not self.is_grpc_using_unix_socket:
self.fail("This test suite supports gRPC with unix socket only") self.fail("This test suite supports gRPC with unix socket only")
cmdline = "grpcurl -import-path ../userspace/falco " \ cmdline = "grpcurl -format text -import-path ../userspace/falco " \
"-proto {} -plaintext -unix {} " \ "-proto {} -plaintext -unix {} " \
"{}/{}".format(self.grpc_proto, self.grpc_address, "{}/{}".format(self.grpc_proto, self.grpc_address,
self.grpc_service, self.grpc_method) self.grpc_service, self.grpc_method)
@ -554,14 +554,13 @@ class FalcoTest(Test):
for exp_result in self.grpc_results: for exp_result in self.grpc_results:
found = False found = False
for line in self.grpcurl_res.stdout.decode("utf-8").splitlines(): for line in self.grpcurl_res.stdout.decode("utf-8").splitlines():
match = re.search(exp_result, line) if exp_result in line:
if match is not None:
found = True found = True
break
if found == False: if found == False:
self.fail( self.fail(
"Could not find a line '{}' in gRPC responses".format(exp_result)) "Could not find a line with '{}' in gRPC responses (protobuf text".format(exp_result))
def test(self): def test(self):
self.log.info("Trace file %s", self.trace_file) self.log.info("Trace file %s", self.trace_file)

14
test/falco_tests.yaml
View File

@ -706,8 +706,20 @@ trace_files: !mux
proto: outputs.proto proto: outputs.proto
service: falco.outputs.service service: falco.outputs.service
method: get method: get
# protobuf text format
results: results:
- "Warning An open was seen" - "seconds:1470327477 nanos:881781397"
- "priority: WARNING"
- "rule: \"open_from_cat\""
- "output: \"18:17:57.881781397: Warning An open was seen (command=cat /dev/null)\""
# output fields
- "key: \"evt.time\""
- "value: \"18:17:57.881781397\""
- "key: \"proc.cmdline\""
- "value: \"cat /dev/null\""
# For the hostname, since we don't know that beforehand,
# only check the field presence
- "hostname: "
detect_counts: detect_counts:
detect: True detect: True