github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2026-01-29 21:48:32 +00:00
Code Issues Projects Releases Wiki Activity
2,417 Commits 122 Branches 184 Tags
bb8113320107b1261718cb4f466c6dd94342c482
Commit Graph

157 Commits

Author SHA1 Message Date
Jason Dellaluce
0eb170cf5f update(test): enhance test cases for tags in json outputs 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2021-09-28 12:44:27 +02:00
Jason Dellaluce
c7d9b6ee7f test(outputs): add source and tags to json output 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2021-09-21 18:59:10 +02:00
Jason Dellaluce
b0562242e8 test(grpc): Test tags on outputs service 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2021-09-21 18:59:10 +02:00
Jason Dellaluce
9ea43c2663 update(test): check output order in output_strictly_contains 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2021-09-21 18:53:09 +02:00
Jason Dellaluce
4d55847bd4 fix(test): avoid output_strictly_contains failures 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2021-09-21 18:53:09 +02:00
Kaizhe Huang
684a5d85ff disable test 
Signed-off-by: Kaizhe Huang <khuang@aurora.tech>
 2021-06-07 12:17:21 +02:00
Kaizhe Huang
58cea0c5e7 minor fix 
Signed-off-by: Kaizhe Huang <khuang@aurora.tech>
 2021-06-07 12:17:21 +02:00
Kaizhe Huang
38ebc61808 fix tests 
Signed-off-by: Kaizhe Huang <khuang@aurora.tech>
 2021-06-07 12:17:21 +02:00
Kaizhe Huang
535db19991 disable change thread namespace test 
Signed-off-by: Kaizhe Huang <khuang@aurora.tech>
 2021-06-07 12:17:21 +02:00
Kaizhe Huang
abe46a19a0 minor changes 
Signed-off-by: Kaizhe Huang <derek0405@gmail.com>
 2021-06-07 12:17:21 +02:00
Kaizhe Huang
96fc8d1a27 update test 
Signed-off-by: Kaizhe Huang <derek0405@gmail.com>
 2021-06-07 12:17:21 +02:00
Leonardo Grasso
c60fac9e34 build(test): upgrade urllib3 to 1.26.5 
CVE-2021-33503 has been fixed in urllib3 v1.26.5.
See:
 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33503
 - https://github.com/urllib3/urllib3/releases/tag/1.26.5

Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2021-06-04 22:15:33 +02:00
Leonardo Di Donato
6e94c37399 new(test): regression test for FAL-01-003 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2021-04-21 15:11:17 +02:00
Leonardo Di Donato
d3c22d3d0c new(test/trace_files): test fixture for FAL-01-003 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2021-04-21 15:11:17 +02:00
Lorenzo Fontana
bd562a1ed9 update(userspace/engine): remove warnings for missing exceptions 
We want users to continue using rules without having to use exceptions.
Exceptions are an additional feature for more advanced use-cases, having
a warning in there will mean that everyone now adds an empty exception
to avoid the warning.

Co-Authored-By: Leonardo Grasso <me@leonardograsso.com>
Signed-off-by: Lorenzo Fontana <lo@linux.com>
 2021-04-09 18:17:11 +02:00
Mark Stemm
f14b37984c Add test for some containers being privileged 
Add a test that verifies that a pod where one container has no security
context and the second container has a security context + privileged
properly matches the Create Privileged Pod falco rule.

There's a very similar test case already in
trace_files/k8s_audit/create_nginx_pod_privileged_2nd_container.json,
but in that case both containers have a securityContext property.

Signed-off-by: Mark Stemm <mark.stemm@gmail.com>
 2021-04-09 10:34:48 +02:00
Lorenzo Fontana
f4ff2ed072 chore(test): replace bucket url with official distribution url 
Signed-off-by: Lorenzo Fontana <lo@linux.com>
 2021-04-09 10:23:42 +02:00
Lorenzo Fontana
cdeafa6fdc docs(test): express that grpcurl and virtualenv are needed 
Signed-off-by: Lorenzo Fontana <lo@linux.com>
 2021-04-08 17:32:02 +02:00
Leonardo Grasso
36378371ab update(test): update performance tests fixture URL 
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2021-04-08 12:36:09 +02:00
Leonardo Grasso
aeca36bdaf update(test): update regression tests fixture URL 
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2021-04-08 12:36:09 +02:00
Leo Di Donato
8c9d4f49d5 fix(falco/test): bump pyyaml from 5.3.1 to 5.4 
CVE-2020-14343 affects one of the dependencies the Falco (integration) test suite uses.

Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2021-03-30 14:47:01 +02:00
Leonardo Di Donato
1ded30f173 update(test): tighten the condition to test the drops thresholds 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2021-03-22 19:42:30 +01:00
Leonardo Di Donato
7edd965a08 fix(test/confs): drop log messages are debug, fix the test fixture accordingly 
Co-authored-by: Leonardo Grasso <me@leonardograsso.com>
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2021-03-22 19:42:30 +01:00
Leonardo Di Donato
920ab6982a new(test): test cases about wrong threshold drop config value 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2021-03-22 19:42:30 +01:00
Leonardo Di Donato
5380fe5308 new(test): test case about illogical drop actions 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2021-03-22 19:42:30 +01:00
Shane Lawrence
da8f054043 Fix broken links to docs. 
Signed-off-by: Shane Lawrence <shane@lawrence.dev>
 2021-03-05 10:48:21 +01:00
Mark Stemm
987ececa54 Remove test case for unknown objects. 
The rules loader now allows objects with unknown keys.

Signed-off-by: Mark Stemm <mark.stemm@gmail.com>
 2021-01-19 10:37:55 +01:00
Mark Stemm
b2eb3ec345 Don't look for event counts with -V/validate 
When running falco with -V/valdiate <rules file>, you won't get any
event counts. All prior tests didn't get this far as they also resulted
in rules parsing errors.

However, validating can now result in warnings only. This won't exit but
won't print event counts either.

Signed-off-by: Mark Stemm <mark.stemm@gmail.com>
 2021-01-19 10:37:55 +01:00
Mark Stemm
b4eb5b87b6 Automated tests for exceptions 
Handle various positive and negative cases. Should handle every error
and warning path when reading exceptions objects or rule exception
fields, and various positive cases of using exceptions to prevent
alerts.

Signed-off-by: Mark Stemm <mark.stemm@gmail.com>
 2021-01-19 10:37:55 +01:00
Mark Stemm
3fb1d207e2 Update tests expected outputs 
The format of error responses has changed to include a summary of errors
and/or warnings. This changed many test cases that were looking for
specific outputs.

Update to add counts and other minor formatting changes.

Signed-off-by: Mark Stemm <mark.stemm@gmail.com>
 2021-01-19 10:37:55 +01:00
Lorenzo Fontana
f5c1e7c165 build: fix build directory for xunit tests 
Co-Authored-By: Leonardo Di Donato <leodidonato@gmail.com>
Signed-off-by: Lorenzo Fontana <lo@linux.com>
 2020-11-05 11:49:40 -05:00
Lorenzo Fontana
aaf6816821 build: make our integration tests report clear steps for circleCI UI 
inspection via collect test data [0]

[0] https://circleci.com/docs/2.0/collect-test-data/

Signed-off-by: Lorenzo Fontana <lo@linux.com>
 2020-11-05 11:49:40 -05:00
Leonardo Grasso
d07f18ad05 update(test): use to iso time 
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2020-10-13 05:12:00 -04:00
Leonardo Grasso
4af705c15d fix(test): correct parent dir creation for strict tests 
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2020-10-13 05:12:00 -04:00
Leonardo Grasso
f567f2f7f7 chore(test): update copyright year 
Co-authored-by: Lorenzo Fontana <lo@linux.com>
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2020-10-12 06:00:54 -04:00
Leonardo Grasso
ab615c36ad update(test): check all fields for gRPC output 
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2020-10-12 06:00:54 -04:00
Leonardo Grasso
60c322a73d new(test): strict json output 
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2020-10-12 06:00:54 -04:00
Leonardo Grasso
f12210325f chore(test): correct file name 
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2020-10-12 06:00:54 -04:00
Leonardo Grasso
682e53f5b5 update(test): strict output tests 
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2020-10-12 06:00:54 -04:00
Leonardo Grasso
6e8352e847 chore(test): cleanup tmp file 
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2020-10-12 06:00:54 -04:00
Leonardo Grasso
c512784503 new(test): stdout output strict 
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2020-10-12 06:00:54 -04:00
Leonardo Grasso
b0942f8774 new(test): add "output_strictly_contains" option 
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2020-10-12 06:00:54 -04:00
Lorenzo Fontana
7e9ca5c540 build: run_regression_tests.sh skip packages tests if asked 
Co-Authored-By: Leonardo Grasso <me@leonardograsso.com>
Signed-off-by: Lorenzo Fontana <fontanalorenz@gmail.com>
 2020-09-10 15:01:07 +02:00
Mark Stemm
f32bb84851 Start versioning trace files 
Start versioning trace files with a unique date. Any time we need to
create new trace files, change TRACE_FILES_VERSION in this script and
copy to traces-{positive,negative,info}-<VERSION>.zip.

The zip file should unzip to traces-{positive,negative,info}, without
any version.

Signed-off-by: Mark Stemm <mark.stemm@gmail.com>
 2020-09-03 18:56:51 +02:00
Chuck Schweizer
d678be5579 Adding user.loginuid to the default falco rules in any place user.name exists 
This update will provide information as to which process uid intitiated the event.  This is really important for processes that are started
by a different user name.

Signed-off-by: Chuck Schweizer <chuck.schweizer.lvk2@statefarm.com>
 2020-08-28 10:02:19 +02:00
Leonardo Grasso
e0b66ecae9 revert: "build: temporary remove falco_traces.yaml from integration test suite" 
This reverts commit 7a2708de09.

Co-Authored-By: Lorenzo Fontana <fontanalorenz@gmail.com>
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2020-08-24 20:32:24 +02:00
Lorenzo Fontana
7a2708de09 build: temporary remove falco_traces.yaml from integration test suite 
This happens because the file descriptors paths have been fixed
in this commit [0].
However, the scap files fixtures we have for the tests still contain
the old paths causing this problem.

We are commenting out those tests and opening an issue to get this fixed
later.

[0] 37aab8debf

Co-Authored-By: Leonardo Di Donato <leodidonato@gmail.com>
Signed-off-by: Lorenzo Fontana <fontanalorenz@gmail.com>
 2020-08-20 19:26:56 +02:00
Leo Di Donato
23224355a5 docs(test): integration tests intended to be run against a release build of Falco 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>

Co-authored-by: Leonardo Grasso <me@leonardograsso.com>
 2020-07-20 22:48:00 +02:00
Leonardo Di Donato
3814b2e81b docs(test): run all the test suites at once 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2020-07-20 22:48:00 +02:00
Leonardo Di Donato
a83b91fc53 new(test): run_regression_tests.sh -h 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2020-07-20 22:48:00 +02:00