falco

mirror of https://github.com/falcosecurity/falco.git synced 2025-08-09 01:58:13 +00:00

Author	SHA1	Message	Date
Mark Stemm	ab0133d1dd	Add unit tests for enabling/disabling rules Add unit tests for enabling/disabling rules, covering: - matching names by substring - using "" to match all rules - matching names exactly - using ruleset ids in addition to ruleset names Signed-off-by: Mark Stemm <mark.stemm@gmail.com>	2023-12-18 15:58:04 +01:00
Federico Di Pierro	9e1e68f64b	chore(unit_tests): added more tests for yaml env vars expansion. Signed-off-by: Federico Di Pierro <nierro92@gmail.com>	2023-12-14 12:44:47 +01:00
Federico Di Pierro	cbbcb61153	new(unit_tests,userspace): properly support env var expansions in all scalar values of yaml file. Signed-off-by: Federico Di Pierro <nierro92@gmail.com>	2023-12-13 17:03:46 +01:00
Federico Di Pierro	3b095a5eda	chore(unit_tests): added tests around empty config value resolving to default. Signed-off-by: Federico Di Pierro <nierro92@gmail.com>	2023-12-13 17:03:46 +01:00
Federico Di Pierro	7805bf5ad5	fix(userspace,unit_tests): fixed bool parsing. Moreover, added some more tests around env vars. Signed-off-by: Federico Di Pierro <nierro92@gmail.com>	2023-12-13 17:03:46 +01:00
Federico Di Pierro	0c0fb63008	chore(unit_test,userspace): allow env var to get expanded in yaml even when part of a string. Moreover, support env variable embedding another env variable. Signed-off-by: Federico Di Pierro <nierro92@gmail.com>	2023-12-13 17:03:46 +01:00
Federico Aponte	44b7352180	cleanup: fix several warnings from a Clang build Signed-off-by: Federico Aponte <federico.aponte@sysdig.com>	2023-12-06 16:40:26 +01:00
Luca Guerra	6411eed4a7	cleanup(falco): remove decode_uri as it is no longer used Signed-off-by: Luca Guerra <luca@guerra.sh>	2023-11-29 17:42:06 +01:00
Andrea Terzolo	00b7c56d54	cleanup: rename `modern-ebpf` into `modern_ebpf` Signed-off-by: Andrea Terzolo <andreaterzolo3@gmail.com>	2023-11-27 15:01:00 +01:00
Andrea Terzolo	4443e9d64f	fix: fix some broken tests Signed-off-by: Andrea Terzolo <andreaterzolo3@gmail.com>	2023-11-27 15:01:00 +01:00
Federico Di Pierro	b92e0d6134	chore(userspace,unit_tests): renamed `engine.replay.trace_file` to `engine.replay.capture_file`. Signed-off-by: Federico Di Pierro <nierro92@gmail.com>	2023-11-27 15:01:00 +01:00
Andrea Terzolo	898ba68b3b	test: don't test load config if we are under wasm Signed-off-by: Andrea Terzolo <andreaterzolo3@gmail.com>	2023-11-27 15:01:00 +01:00
Andrea Terzolo	96f474a29c	docs: fix codespell Signed-off-by: Andrea Terzolo <andreaterzolo3@gmail.com>	2023-11-27 15:01:00 +01:00
Andrea Terzolo	1b14fed380	tests: call the callback `action` only once moreover this commit corrects `cpus_for_each_syscall_buffer` into test configs Signed-off-by: Andrea Terzolo <andreaterzolo3@gmail.com>	2023-11-27 15:01:00 +01:00
Andrea Terzolo	be16af7fe0	cleanup: rename `cpus_for_each_syscall_buffer` Signed-off-by: Andrea Terzolo <andreaterzolo3@gmail.com>	2023-11-27 15:01:00 +01:00
Andrea Terzolo	588a94578a	fix: take into consideration that `load_yaml` is called more than once Signed-off-by: Andrea Terzolo <andreaterzolo3@gmail.com>	2023-11-27 15:01:00 +01:00
Andrea Terzolo	bc8f61ca68	tests: add a basic test to check config precedence Signed-off-by: Andrea Terzolo <andreaterzolo3@gmail.com>	2023-11-27 15:01:00 +01:00
Andrea Terzolo	1ee6569a5d	fix: use only new config instead of old command line options Signed-off-by: Andrea Terzolo <andreaterzolo3@gmail.com>	2023-11-27 15:01:00 +01:00
Andrea Terzolo	f3f56db5ca	cleanup: some renaming from `bpf` to `ebpf` the idea is to use only the word `ebpf` in Falco Signed-off-by: Andrea Terzolo <andreaterzolo3@gmail.com>	2023-11-27 15:01:00 +01:00
Federico Di Pierro	4127764129	chore(userspace): renamed `driver.` config to `engine.`; renamed `engine.replay.scap_file` to `engine.replay.trace_file`. Signed-off-by: Federico Di Pierro <nierro92@gmail.com>	2023-11-27 15:01:00 +01:00
Federico Di Pierro	4f1b950e0d	chore(userspace,falco.yaml): rename new config key to `driver.kind`. Moreover, renamed driver kinds to use better naming, and move driver's related config keys under `driver.$kind`. Added DEPRECTATION notices on CLI options, and in falco.yaml. DEPRECATED options (both CLI and config ones) will have priority over the new ones, to retain compatibility with existing configs. DEPRECATED options will be dropped in Falco 0.38. Signed-off-by: Federico Di Pierro <nierro92@gmail.com> Co-authored-by: Andrea Terzolo <andreaterzolo3@gmail.com>	2023-11-27 15:01:00 +01:00
Jason Dellaluce	04e2f19915	refactor: solve compilation issues with latest libs changes Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2023-11-16 09:26:19 +01:00
Luca Guerra	f073a6ee88	update(engine): add tests for decode_url() Signed-off-by: Luca Guerra <luca@guerra.sh>	2023-11-14 20:36:15 +01:00
Roberto Scolaro	115729a86a	fix(unit_test): new macro for env var setting Signed-off-by: Roberto Scolaro <roberto.scolaro21@gmail.com>	2023-11-13 10:59:47 +01:00
Roberto Scolaro	5db29f4692	fix(unit_tests/falco): enable env test on win32 Signed-off-by: Roberto Scolaro <roberto.scolaro21@gmail.com>	2023-11-13 10:59:47 +01:00
Samuel Gaist	d074728994	feat(userspace/falco): add configuration support for IPV6 webserver listen address The IPV6 capabilities is provided through cpp-httplib. Signed-off-by: Samuel Gaist <samuel.gaist@idiap.ch>	2023-11-03 09:09:08 +01:00
Samuel Gaist	fac48cd145	test(configuration): implement basic webserver listen address test Signed-off-by: Samuel Gaist <samuel.gaist@idiap.ch>	2023-11-03 09:09:08 +01:00
Leonardo Grasso	fe50ac22ee	update: add SPDX license identifier See https://github.com/falcosecurity/evolution/issues/318 Signed-off-by: Leonardo Grasso <me@leonardograsso.com>	2023-09-21 13:21:47 +02:00
Daniel Wright	513f122aff	feat: support parsing of system environment variables in yaml In order to allow the user to supply environment variables in standard ways performed in other applications the get_scalar function has been extended to support defining an environment variable in the format `${FOO}`. Environment variables can be escaped via defining as `$${FOO}`. As this handles some additional complexity, a unit test has been added to cover this new functionality Signed-off-by: Daniel Wright <danielwright@bitgo.com>	2023-09-06 11:45:00 +02:00
Melissa Kilby	6cdb740786	cleanup(userspace): update parse_prometheus_interval Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>	2023-08-25 15:20:45 +02:00
Jason Dellaluce	527c42c030	chore: polish conditional compilation flags for emscripten Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2023-08-24 10:30:40 +02:00
rohith-raju	e8ee850dee	update(ci,cmake): add support for emscripten build Signed-off-by: rohith-raju <rohithraju488@gmail.com>	2023-08-24 10:30:40 +02:00
rohith-raju	105f2f6ee3	update(unit_tests): use typecast as wasm can't handle 64 bit int Signed-off-by: rohith-raju <rohithraju488@gmail.com>	2023-08-24 10:30:40 +02:00
Jason Dellaluce	aa6061681d	update: adapt code to multi-platform builds Co-authored-by: Rohith Raju <rohithraju488@gmail.com> Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2023-08-24 10:30:40 +02:00
Andrea Terzolo	1a359f5806	fix: add a check on online CPUs Signed-off-by: Andrea Terzolo <andrea.terzolo@polito.it>	2023-05-25 10:23:10 +02:00
Melissa Kilby	9b341b2c49	new(unit_tests): tests for prometheus compliant time durations Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>	2023-05-23 09:58:34 +02:00
Lorenzo Susini	a269866976	test(unit_tests/engine): test filter_details_resolver class Signed-off-by: Lorenzo Susini <susinilorenzo1@gmail.com>	2023-05-19 15:56:05 +02:00
Jason Dellaluce	9bfce8cfae	update(userspace): make sure that async event is always matched in rules Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2023-05-19 12:15:04 +02:00
Jason Dellaluce	1f4919bfe1	update: improve control and UX of ignored events Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2023-04-27 11:10:14 +02:00
Jason Dellaluce	8926022035	update: adapt Falco to new sinsp event source management Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2023-04-26 12:59:13 +02:00
Jason Dellaluce	91cca0bd0e	update(cmake): bump libs and drivers to 5b4dd9e2ae0cd2efeaf9da37d8c29631241d448c9ce5b0e35d8dd7f81d814034 Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2023-04-04 19:39:53 +02:00
Jason Dellaluce	06d36d6e1b	test(userspace/falco): leverage new sc_set_to_event_names API and solve last few todos Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2023-04-04 19:39:53 +02:00
Melissa Kilby	306d76d06b	cleanup(unit_tests): try making test_configure_interesting_sets more robust Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>	2023-04-04 17:55:52 +02:00
Melissa Kilby	78daafb56c	cleanup(app_actions): finalize base_syscalls.repair option Co-authored-by: Jason Dellaluce <jasondellaluce@gmail.com> Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>	2023-03-30 19:08:33 +02:00
Jason Dellaluce	2b93a79521	refactor: apply review suggestions Co-authored-by: Melissa Kilby <melissa.kilby.oss@gmail.com> Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2023-03-30 19:08:33 +02:00
Melissa Kilby	3e0f0d3692	cleanup(unit_tests): revert some test extensions in interim Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>	2023-03-30 19:08:33 +02:00
Melissa Kilby	ea3571564b	cleanup(unit_tests): add selection_custom_base_set_repair tests Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>	2023-03-30 19:08:33 +02:00
Melissa Kilby	e360175c15	fix(app_actions): enforce PPM_SC_SCHED_PROCESS_EXIT for base_syscalls.custom_set Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>	2023-03-30 19:08:33 +02:00
Jason Dellaluce	b32c0b9283	fix(unit_tests): adapt to connect4 corner cases Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2023-03-09 09:39:12 +01:00
Jason Dellaluce	3ab7c7d753	chore: fix typos Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2023-03-09 09:39:12 +01:00

1 2

74 Commits