github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-10-21 19:44:57 +00:00
Code Issues Projects Releases Wiki Activity
2,300 Commits 123 Branches 176 Tags
f14b37984c13cc00b00a0dcdb8fde81364ea3201
Commit Graph

142 Commits

Author SHA1 Message Date
Mark Stemm
f14b37984c Add test for some containers being privileged 
Add a test that verifies that a pod where one container has no security
context and the second container has a security context + privileged
properly matches the Create Privileged Pod falco rule.

There's a very similar test case already in
trace_files/k8s_audit/create_nginx_pod_privileged_2nd_container.json,
but in that case both containers have a securityContext property.

Signed-off-by: Mark Stemm <mark.stemm@gmail.com>
 2021-04-09 10:34:48 +02:00
Lorenzo Fontana
f4ff2ed072 chore(test): replace bucket url with official distribution url 
Signed-off-by: Lorenzo Fontana <lo@linux.com>
 2021-04-09 10:23:42 +02:00
Lorenzo Fontana
cdeafa6fdc docs(test): express that grpcurl and virtualenv are needed 
Signed-off-by: Lorenzo Fontana <lo@linux.com>
 2021-04-08 17:32:02 +02:00
Leonardo Grasso
36378371ab update(test): update performance tests fixture URL 
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2021-04-08 12:36:09 +02:00
Leonardo Grasso
aeca36bdaf update(test): update regression tests fixture URL 
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2021-04-08 12:36:09 +02:00
Leo Di Donato
8c9d4f49d5 fix(falco/test): bump pyyaml from 5.3.1 to 5.4 
CVE-2020-14343 affects one of the dependencies the Falco (integration) test suite uses.

Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2021-03-30 14:47:01 +02:00
Leonardo Di Donato
1ded30f173 update(test): tighten the condition to test the drops thresholds 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2021-03-22 19:42:30 +01:00
Leonardo Di Donato
7edd965a08 fix(test/confs): drop log messages are debug, fix the test fixture accordingly 
Co-authored-by: Leonardo Grasso <me@leonardograsso.com>
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2021-03-22 19:42:30 +01:00
Leonardo Di Donato
920ab6982a new(test): test cases about wrong threshold drop config value 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2021-03-22 19:42:30 +01:00
Leonardo Di Donato
5380fe5308 new(test): test case about illogical drop actions 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2021-03-22 19:42:30 +01:00
Shane Lawrence
da8f054043 Fix broken links to docs. 
Signed-off-by: Shane Lawrence <shane@lawrence.dev>
 2021-03-05 10:48:21 +01:00
Mark Stemm
987ececa54 Remove test case for unknown objects. 
The rules loader now allows objects with unknown keys.

Signed-off-by: Mark Stemm <mark.stemm@gmail.com>
 2021-01-19 10:37:55 +01:00
Mark Stemm
b2eb3ec345 Don't look for event counts with -V/validate 
When running falco with -V/valdiate <rules file>, you won't get any
event counts. All prior tests didn't get this far as they also resulted
in rules parsing errors.

However, validating can now result in warnings only. This won't exit but
won't print event counts either.

Signed-off-by: Mark Stemm <mark.stemm@gmail.com>
 2021-01-19 10:37:55 +01:00
Mark Stemm
b4eb5b87b6 Automated tests for exceptions 
Handle various positive and negative cases. Should handle every error
and warning path when reading exceptions objects or rule exception
fields, and various positive cases of using exceptions to prevent
alerts.

Signed-off-by: Mark Stemm <mark.stemm@gmail.com>
 2021-01-19 10:37:55 +01:00
Mark Stemm
3fb1d207e2 Update tests expected outputs 
The format of error responses has changed to include a summary of errors
and/or warnings. This changed many test cases that were looking for
specific outputs.

Update to add counts and other minor formatting changes.

Signed-off-by: Mark Stemm <mark.stemm@gmail.com>
 2021-01-19 10:37:55 +01:00
Lorenzo Fontana
f5c1e7c165 build: fix build directory for xunit tests 
Co-Authored-By: Leonardo Di Donato <leodidonato@gmail.com>
Signed-off-by: Lorenzo Fontana <lo@linux.com>
 2020-11-05 11:49:40 -05:00
Lorenzo Fontana
aaf6816821 build: make our integration tests report clear steps for circleCI UI 
inspection via collect test data [0]

[0] https://circleci.com/docs/2.0/collect-test-data/

Signed-off-by: Lorenzo Fontana <lo@linux.com>
 2020-11-05 11:49:40 -05:00
Leonardo Grasso
d07f18ad05 update(test): use to iso time 
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2020-10-13 05:12:00 -04:00
Leonardo Grasso
4af705c15d fix(test): correct parent dir creation for strict tests 
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2020-10-13 05:12:00 -04:00
Leonardo Grasso
f567f2f7f7 chore(test): update copyright year 
Co-authored-by: Lorenzo Fontana <lo@linux.com>
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2020-10-12 06:00:54 -04:00
Leonardo Grasso
ab615c36ad update(test): check all fields for gRPC output 
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2020-10-12 06:00:54 -04:00
Leonardo Grasso
60c322a73d new(test): strict json output 
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2020-10-12 06:00:54 -04:00
Leonardo Grasso
f12210325f chore(test): correct file name 
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2020-10-12 06:00:54 -04:00
Leonardo Grasso
682e53f5b5 update(test): strict output tests 
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2020-10-12 06:00:54 -04:00
Leonardo Grasso
6e8352e847 chore(test): cleanup tmp file 
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2020-10-12 06:00:54 -04:00
Leonardo Grasso
c512784503 new(test): stdout output strict 
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2020-10-12 06:00:54 -04:00
Leonardo Grasso
b0942f8774 new(test): add "output_strictly_contains" option 
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2020-10-12 06:00:54 -04:00
Lorenzo Fontana
7e9ca5c540 build: run_regression_tests.sh skip packages tests if asked 
Co-Authored-By: Leonardo Grasso <me@leonardograsso.com>
Signed-off-by: Lorenzo Fontana <fontanalorenz@gmail.com>
 2020-09-10 15:01:07 +02:00
Mark Stemm
f32bb84851 Start versioning trace files 
Start versioning trace files with a unique date. Any time we need to
create new trace files, change TRACE_FILES_VERSION in this script and
copy to traces-{positive,negative,info}-<VERSION>.zip.

The zip file should unzip to traces-{positive,negative,info}, without
any version.

Signed-off-by: Mark Stemm <mark.stemm@gmail.com>
 2020-09-03 18:56:51 +02:00
Chuck Schweizer
d678be5579 Adding user.loginuid to the default falco rules in any place user.name exists 
This update will provide information as to which process uid intitiated the event.  This is really important for processes that are started
by a different user name.

Signed-off-by: Chuck Schweizer <chuck.schweizer.lvk2@statefarm.com>
 2020-08-28 10:02:19 +02:00
Leonardo Grasso
e0b66ecae9 revert: "build: temporary remove falco_traces.yaml from integration test suite" 
This reverts commit 7a2708de09.

Co-Authored-By: Lorenzo Fontana <fontanalorenz@gmail.com>
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2020-08-24 20:32:24 +02:00
Lorenzo Fontana
7a2708de09 build: temporary remove falco_traces.yaml from integration test suite 
This happens because the file descriptors paths have been fixed
in this commit [0].
However, the scap files fixtures we have for the tests still contain
the old paths causing this problem.

We are commenting out those tests and opening an issue to get this fixed
later.

[0] 37aab8debf

Co-Authored-By: Leonardo Di Donato <leodidonato@gmail.com>
Signed-off-by: Lorenzo Fontana <fontanalorenz@gmail.com>
 2020-08-20 19:26:56 +02:00
Leo Di Donato
23224355a5 docs(test): integration tests intended to be run against a release build of Falco 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>

Co-authored-by: Leonardo Grasso <me@leonardograsso.com>
 2020-07-20 22:48:00 +02:00
Leonardo Di Donato
3814b2e81b docs(test): run all the test suites at once 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2020-07-20 22:48:00 +02:00
Leonardo Di Donato
a83b91fc53 new(test): run_regression_tests.sh -h 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2020-07-20 22:48:00 +02:00
Leonardo Di Donato
d8faa95702 fix(test): run_regression_tests.sh must generate falco_traces test suite in a non-interactive way 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2020-07-20 22:48:00 +02:00
Leonardo Di Donato
ef5e71598a docs(test): instruction to run falco_tests_package integration test suite locally 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2020-07-20 22:48:00 +02:00
Leonardo Di Donato
bb1282c7be update(test): make run_regression_tests.sh script accept different 
options

The following options have been added:
* -v (verbose)
* -p (prepare falco_traces test suite)
* -b (specify custom branch for downloading trace files)
* -d (specify the build directory)

Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2020-07-20 22:48:00 +02:00
Leonardo Di Donato
8f07189ede docs(test): instructions for executing falco_traces integration test suite 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2020-07-20 22:48:00 +02:00
Leonardo Di Donato
dec2ff7d72 docs(test): prepare the local environment for running integration test suites 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2020-07-20 22:48:00 +02:00
Leonardo Di Donato
f3022e0abf build(test): target test-traces files 
This make target calls the `trace-files-psp`, `trace-files-k8s-audit`,
`trace-files-base-scap` targets to place all the integration test
fixtures in the proper position.

Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2020-07-20 22:48:00 +02:00
Leonardo Di Donato
9b42b20e1c build(test/trace_files): target trace-files-base-scap 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2020-07-20 22:48:00 +02:00
Leonardo Di Donato
850a49989f build(test/trace_files/psp): target trace-files-psp 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2020-07-20 22:48:00 +02:00
Leonardo Di Donato
0dc2a6abd3 build(test/traces_file/k8s_audit): target trace-files-k8s-audit 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2020-07-20 22:48:00 +02:00
Lorenzo Fontana
324a3b88e7 build: remove libyaml-0-2 as dependency in packages and dockerfiles 
Signed-off-by: Lorenzo Fontana <lo@linux.com>
 2020-07-16 19:34:39 +02:00
Lorenzo Fontana
352307431a fix: update k8s audit endpoint to /k8s-audit everywhere 
Co-Authored-By: Leonardo Di Donato <leodidonato@gmail.com>
Signed-off-by: Lorenzo Fontana <lo@linux.com>
 2020-07-01 13:29:51 +02:00
Leonardo Grasso
6cfb0ec2b8 update(test): setup bidi gRPC integration test 
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2020-06-30 13:04:03 +02:00
Leonardo Grasso
4af769f84c new(test): add gRPC unix socket support 
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2020-06-30 13:04:03 +02:00
Leonardo Di Donato
b4d005eb51 new(test): read grpc config fields 
Co-authored-by: Lorenzo Fontana <lo@linux.com>
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2020-06-30 13:04:03 +02:00
Leonardo Di Donato
061c5f5ac9 new(test): setup gRPC output test case 
Co-authored-by: Lorenzo Fontana <lo@linux.com>
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2020-06-30 13:04:03 +02:00