github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-07-02 01:22:16 +00:00
Code Issues Projects Releases Wiki Activity

Use falcoctl 0.0.4+ tests for space/dash psp names

Browse Source 
Use falcoctl, which properly handles psp names containing
spaces/dashes. Also add tests that verify that the resulting rules are
valid.

Signed-off-by: Mark Stemm <mark.stemm@gmail.com>
This commit is contained in:
Mark Stemm 2019-10-24 10:53:23 -07:00 committed by Leo Di Donato
parent 5c61276695
commit daec9cb30d
4 changed files with 38 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
test/falco_test.py
View File

@ -43,7 +43,7 @@ class FalcoTest(Test):
self.falcodir = self.params.get('falcodir', '/', default=build_dir) self.falcodir = self.params.get('falcodir', '/', default=build_dir)
self.psp_conv_path = os.path.join(build_dir, "falcoctl") self.psp_conv_path = os.path.join(build_dir, "falcoctl")
self.psp_conv_url = "https://github.com/falcosecurity/falcoctl/releases/download/v0.0.3/falcoctl-0.0.3-linux-amd64" self.psp_conv_url = "https://github.com/falcosecurity/falcoctl/releases/download/v0.0.4/falcoctl-0.0.4-linux-amd64"
self.stdout_is = self.params.get('stdout_is', '*', default='') self.stdout_is = self.params.get('stdout_is', '*', default='')
self.stderr_is = self.params.get('stderr_is', '*', default='') self.stderr_is = self.params.get('stderr_is', '*', default='')

20
test/falco_tests_psp.yaml
View File

@ -644,3 +644,23 @@ trace_files: !mux
conf_file: confs/psp.yaml conf_file: confs/psp.yaml
psp_file: psps/allowed_proc_mount_types.yaml psp_file: psps/allowed_proc_mount_types.yaml
trace_file: trace_files/psp/proc_mount_type_default.json trace_file: trace_files/psp/proc_mount_type_default.json
psp_name_with_dashes:
detect: True
detect_level: WARNING
detect_counts:
- "PSP no_privileged Violation (privileged) System Activity": 1
rules_file: []
conf_file: confs/psp.yaml
psp_file: psps/privileged_name_with_dashes.yaml
trace_file: trace_files/psp/privileged.scap
psp_name_with_spaces:
detect: True
detect_level: WARNING
detect_counts:
- "PSP no_privileged Violation (privileged) System Activity": 1
rules_file: []
conf_file: confs/psp.yaml
psp_file: psps/privileged_name_with_spaces.yaml
trace_file: trace_files/psp/privileged.scap

8
test/psps/privileged_name_with_dashes.yaml Normal file
View File

@ -0,0 +1,8 @@
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
annotations:
falco-rules-psp-images: "[nginx]"
name: no-privileged
spec:
privileged: false

8
test/psps/privileged_name_with_spaces.yaml Normal file
View File

@ -0,0 +1,8 @@
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
annotations:
falco-rules-psp-images: "[nginx]"
name: no privileged
spec:
privileged: false