new(test): stdout output strict

Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
2025-07-19 17:16:53 +00:00 · 2020-10-09 13:00:35 +02:00 · 2020-10-09 13:00:35 +02:00 · c512784503
commit c512784503
parent b0942f8774
3 changed files with 60 additions and 0 deletions
--- a/test/confs/file_stdout.yaml
+++ b/test/confs/file_stdout.yaml
@ -0,0 +1,42 @@
+#
+# Copyright (C) 2019 The Falco Authors.
+#
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+# File containing Falco rules, loaded at startup.
+rules_file: /etc/falco_rules.yaml
+
+# Whether to output events in json or text
+json_output: false
+
+# Send information logs to stderr and/or syslog Note these are *not* security
+# notification logs! These are just Falco lifecycle (and possibly error) logs.
+log_stderr: false
+log_syslog: false
+
+# Where security notifications should go.
+# Multiple outputs can be enabled.
+
+syslog_output:
+  enabled: false
+
+file_output:
+  enabled: false
+
+stdout_output:
+  enabled: true
+
+program_output:
+  enabled: false
--- a/test/falco_tests.yaml
+++ b/test/falco_tests.yaml
@ -688,6 +688,16 @@ trace_files: !mux
      results:
        - "Warning An open was seen"

+  stdout_output_strict:
+    detect: True
+    detect_level: WARNING
+    rules_file:
+      - rules/single_rule.yaml
+    conf_file: confs/file_stdout.yaml
+    trace_file: trace_files/cat_write.scap
+    output_strictly_contains:
+      - stdout: output_files/single_rule_with_cat_write.txt
+
  detect_counts:
    detect: True
    detect_level: WARNING
--- a/test/output_files/single_rule_with_cat_write.txt
+++ b/test/output_files/single_rule_with_cat_write.txt
@ -0,0 +1,8 @@
+18:17:57.881781397: Warning An open was seen (command=cat /dev/null)
+18:17:57.881785348: Warning An open was seen (command=cat /dev/null)
+18:17:57.881796705: Warning An open was seen (command=cat /dev/null)
+18:17:57.881799840: Warning An open was seen (command=cat /dev/null)
+18:17:57.882003104: Warning An open was seen (command=cat /dev/null)
+18:17:57.882008208: Warning An open was seen (command=cat /dev/null)
+18:17:57.882045694: Warning An open was seen (command=cat /dev/null)
+18:17:57.882054739: Warning An open was seen (command=cat /dev/null)