Add tests catchall order (#355)

* Only check whole rule names when matching counts Tweak the regex so a rule my_great_rule doesn't pick up event counts for a rule "great_rule: nnn". * Add ability to skip evttype warnings for rules A new attribute warn_evttypes, if present, suppresses printing warnings related to a rule not matching any event type. Useful if you have a rule where not including an event type is intentional. * Add test for preserving rule order Test the fix for https://github.com/draios/falco/issues/354. A rules file has a event-specific rule first and a catchall rule second. Without the changes in https://github.com/draios/sysdig/pull/1103, the first rule does not match the event.
2025-10-22 20:29:39 +00:00 · 2018-04-19 09:31:20 -07:00
parent b6b490e26e
commit e922a849a9
5 changed files with 48 additions and 16 deletions
--- a/test/falco_test.py
+++ b/test/falco_test.py
@@ -213,7 +213,7 @@ class FalcoTest(Test):
        triggered_rules = match.group(1)

        for rule, count in self.detect_counts.iteritems():
-            expected = '{}: (\d+)'.format(rule)
+            expected = '\s{}: (\d+)'.format(rule)
            match = re.search(expected, triggered_rules)

            if match is None: