github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-08-02 06:52:10 +00:00
Code Issues Projects Releases Wiki Activity

fix(unit_tests): fixed extra format unit tests.

Browse Source 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
This commit is contained in:
Federico Di Pierro 2025-04-30 11:09:15 +02:00 committed by poiana
parent 6e4b7663ca
commit fb292e6fbb
1 changed files with 6 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

37
unit_tests/engine/test_extra_output.cpp
View File

@ -28,7 +28,7 @@ TEST_F(test_falco_engine, extra_format_all) {
priority: INFO
)END";
m_engine->add_extra_output_format("evt.type=%evt.type", "", {}, "", false);
m_engine->add_extra_output_format("evt.type=%evt.type", "", {}, "");
ASSERT_TRUE(load_rules(rules_content, "legit_rules.yaml")) << m_load_result_string;
EXPECT_EQ(get_compiled_rule_output("legit_rule"),
@ -50,7 +50,7 @@ TEST_F(test_falco_engine, extra_format_by_rule) {
priority: INFO
)END";
m_engine->add_extra_output_format("evt.type=%evt.type", "", {}, "legit_rule", false);
m_engine->add_extra_output_format("evt.type=%evt.type", "", {}, "legit_rule");
ASSERT_TRUE(load_rules(rules_content, "legit_rules.yaml")) << m_load_result_string;
EXPECT_EQ(get_compiled_rule_output("legit_rule"), "out 1 evt.type=%evt.type");
@ -81,9 +81,9 @@ TEST_F(test_falco_engine, extra_format_by_tag_rule) {
tags: [tag1, tag2]
)END";
m_engine->add_extra_output_format("extra 1", "", {"tag1"}, "", false);
m_engine->add_extra_output_format("extra 2", "", {}, "another_rule", false);
m_engine->add_extra_output_format("extra 3", "", {"tag1", "tag2"}, "", false);
m_engine->add_extra_output_format("extra 1", "", {"tag1"}, "");
m_engine->add_extra_output_format("extra 2", "", {}, "another_rule");
m_engine->add_extra_output_format("extra 3", "", {"tag1", "tag2"}, "");
ASSERT_TRUE(load_rules(rules_content, "legit_rules.yaml")) << m_load_result_string;
@ -92,32 +92,7 @@ TEST_F(test_falco_engine, extra_format_by_tag_rule) {
EXPECT_EQ(get_compiled_rule_output("a_third_rule"), "out 3 extra 1 extra 3");
}
TEST_F(test_falco_engine, extra_format_replace_container_info) {
std::string rules_content = R"END(
- rule: legit_rule
desc: legit rule description
condition: evt.type=open
output: out 1 (%container.info)
priority: INFO
tags: [tag1]
- rule: another_rule
desc: legit rule description
condition: evt.type=open
output: out 2
priority: INFO
tags: [tag1]
)END";
m_engine->add_extra_output_format("extra 1", "", {}, "", true);
ASSERT_TRUE(load_rules(rules_content, "legit_rules.yaml")) << m_load_result_string;
EXPECT_EQ(get_compiled_rule_output("legit_rule"), "out 1 (extra 1)");
EXPECT_EQ(get_compiled_rule_output("another_rule"), "out 2 extra 1");
}
TEST_F(test_falco_engine, extra_format_do_not_replace_container_info) {
TEST_F(test_falco_engine, extra_format_empty_container_info) {
std::string rules_content = R"END(
- rule: legit_rule
desc: legit rule description