github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-09-03 15:46:33 +00:00
Code Issues Projects Releases Wiki Activity

cleanup(unit_tests): add selection_custom_base_set_repair tests

Browse Source 
Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>
This commit is contained in:
Melissa Kilby
2023-03-27 04:22:10 +00:00
committed by poiana
parent e360175c15
commit ea3571564b
1 changed files with 29 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
unit_tests/falco/app/actions/test_configure_interesting_sets.cpp
View File

@@ -251,6 +251,7 @@ TEST(ConfigureInterestingSets, selection_generic_evts)
{ {
// run app action with fake engine and without the `-A` option // run app action with fake engine and without the `-A` option
falco::app::state s; falco::app::state s;
s.options.all_events = false;
auto filters = s_sample_filters; auto filters = s_sample_filters;
filters.insert(s_sample_generic_filters.begin(), s_sample_generic_filters.end()); filters.insert(s_sample_generic_filters.begin(), s_sample_generic_filters.end());
s.engine = mock_engine_from_filters(filters); s.engine = mock_engine_from_filters(filters);
@@ -269,6 +270,8 @@ TEST(ConfigureInterestingSets, selection_generic_evts)
"socket", "bind", "close" // from sinsp state set (network, files) "socket", "bind", "close" // from sinsp state set (network, files)
}); });
ASSERT_NAMES_CONTAIN(selected_sc_names, expected_sc_names); ASSERT_NAMES_CONTAIN(selected_sc_names, expected_sc_names);
auto unexpected_sc_names = libsinsp::events::sc_set_to_names(libsinsp::events::io_sc_set());
ASSERT_NAMES_NOCONTAIN(selected_sc_names, unexpected_sc_names);
} }
// expected combinations precedence: // expected combinations precedence:
@@ -349,4 +352,30 @@ TEST(ConfigureInterestingSets, selection_custom_base_set)
"connect", "accept", "open", "ptrace", "mmap", "execve", "sched_process_exit" "connect", "accept", "open", "ptrace", "mmap", "execve", "sched_process_exit"
}); });
ASSERT_NAMES_CONTAIN(selected_sc_names, expected_sc_names); ASSERT_NAMES_CONTAIN(selected_sc_names, expected_sc_names);
auto unexpected_sc_names = libsinsp::events::sc_set_to_names(libsinsp::events::io_sc_set());
ASSERT_NAMES_NOCONTAIN(selected_sc_names, unexpected_sc_names);
}
TEST(ConfigureInterestingSets, selection_custom_base_set_repair)
{
// run app action with fake engine and without the `-A` option
falco::app::state s;
s.options.all_events = false;
s.engine = mock_engine_from_filters(s_sample_filters);
// simulate empty custom set but repair option set
s.config->m_base_syscalls_custom_set = {};
s.config->m_base_syscalls_repair = true;
auto result = falco::app::actions::configure_interesting_sets(s);
ASSERT_TRUE(result.success);
ASSERT_EQ(result.errstr, "");
auto selected_sc_names = libsinsp::events::sc_set_to_names(s.selected_sc_set);
auto expected_sc_names = strset_t({
// note: expecting syscalls from mock rules and `sinsp_repair_state_sc_set` enforced syscalls
"connect", "accept", "accept4", "umount2", "open", "ptrace", "mmap", "execve", "sched_process_exit", \
"bind", "socket", "clone3", "setuid"
});
ASSERT_NAMES_CONTAIN(selected_sc_names, expected_sc_names);
auto unexpected_sc_names = libsinsp::events::sc_set_to_names(libsinsp::events::io_sc_set());
ASSERT_NAMES_NOCONTAIN(selected_sc_names, unexpected_sc_names);
} }