# # Copyright (C) 2016-2020 The Falco Authors.. # # This file is part of falco. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # trace_files: !mux rule_exception_no_fields: exit_status: 1 validate_errors: - item_type: exception item_name: ex1 code: LOAD_ERR_YAML_VALIDATE message: "Item has no mapping for key 'fields'" validate_rules_file: - rules/exceptions/item_no_fields.yaml trace_file: trace_files/cat_write.scap rule_exception_no_name: exit_status: 1 validate_errors: - item_type: exception item_name: "" code: LOAD_ERR_YAML_VALIDATE message: "Item has no mapping for key 'name'" validate_rules_file: - rules/exceptions/item_no_name.yaml trace_file: trace_files/cat_write.scap rule_exception_append_no_name: exit_status: 1 validate_errors: - item_type: exception item_name: "" code: LOAD_ERR_YAML_VALIDATE message: "Item has no mapping for key 'name'" validate_rules_file: - rules/exceptions/append_item_no_name.yaml trace_file: trace_files/cat_write.scap rule_exception_unknown_fields: exit_status: 1 validate_errors: - item_type: exception item_name: ex1 code: LOAD_ERR_VALIDATE message: "'not.exist' is not a supported filter field" validate_rules_file: - rules/exceptions/item_unknown_fields.yaml trace_file: trace_files/cat_write.scap rule_exception_comps_fields_len_mismatch: exit_status: 1 validate_errors: - item_type: exception item_name: ex1 code: LOAD_ERR_VALIDATE message: "Fields and comps lists must have equal length" validate_rules_file: - rules/exceptions/item_comps_fields_len_mismatch.yaml trace_file: trace_files/cat_write.scap rule_exception_unknown_comp: exit_status: 1 validate_errors: - item_type: exception item_name: ex1 code: LOAD_ERR_VALIDATE message: "'no-comp' is not a supported comparison operator" validate_rules_file: - rules/exceptions/item_unknown_comp.yaml trace_file: trace_files/cat_write.scap rule_exception_fields_values_len_mismatch: exit_status: 1 validate_errors: - item_type: exception item_name: ex1 code: LOAD_ERR_VALIDATE message: "Fields and values lists must have equal length" validate_rules_file: - rules/exceptions/item_fields_values_len_mismatch.yaml trace_file: trace_files/cat_write.scap rule_exception_append_fields_values_len_mismatch: exit_status: 1 validate_errors: - item_type: exception item_name: ex1 code: LOAD_ERR_VALIDATE message: "Fields and values lists must have equal length" validate_rules_file: - rules/exceptions/append_item_fields_values_len_mismatch.yaml trace_file: trace_files/cat_write.scap rule_exception_append_item_not_in_rule: exit_status: 1 validate_errors: - item_type: exception item_name: ex2 code: LOAD_ERR_VALIDATE message: "Rule exception must have fields property with a list of fields" validate_rules_file: - rules/exceptions/append_item_not_in_rule.yaml trace_file: trace_files/cat_write.scap rule_exception_no_values: detect: True detect_level: WARNING rules_file: - rules/exceptions/rule_exception_no_values.yaml trace_file: trace_files/cat_write.scap rule_exception_one_value: detect: False detect_level: WARNING rules_file: - rules/exceptions/rule_exception_one_value.yaml trace_file: trace_files/cat_write.scap rule_exception_append_one_value: detect: False detect_level: WARNING rules_file: - rules/exceptions/rule_exception_append_one_value.yaml trace_file: trace_files/cat_write.scap rule_exception_second_value: detect: False detect_level: WARNING rules_file: - rules/exceptions/rule_exception_second_value.yaml trace_file: trace_files/cat_write.scap rule_exception_append_second_value: detect: False detect_level: WARNING rules_file: - rules/exceptions/rule_exception_append_second_value.yaml trace_file: trace_files/cat_write.scap rule_exception_second_item: detect: False detect_level: WARNING rules_file: - rules/exceptions/rule_exception_second_item.yaml trace_file: trace_files/cat_write.scap rule_exception_append_second_item: detect: False detect_level: WARNING rules_file: - rules/exceptions/rule_exception_append_second_item.yaml trace_file: trace_files/cat_write.scap rule_exception_third_item: detect: False detect_level: WARNING rules_file: - rules/exceptions/rule_exception_third_item.yaml trace_file: trace_files/cat_write.scap rule_exception_append_third_item: detect: False detect_level: WARNING rules_file: - rules/exceptions/rule_exception_append_third_item.yaml trace_file: trace_files/cat_write.scap rule_exception_quoted: detect: False detect_level: WARNING rules_file: - rules/exceptions/rule_exception_quoted.yaml trace_file: trace_files/cat_write.scap rule_exception_append_multiple_values: detect: False detect_level: WARNING rules_file: - rules/exceptions/rule_exception_append_multiple.yaml trace_file: trace_files/cat_write.scap rule_exception_comp: detect: False detect_level: WARNING rules_file: - rules/exceptions/rule_exception_comp.yaml trace_file: trace_files/cat_write.scap rule_exception_append_comp: detect: False detect_level: WARNING rules_file: - rules/exceptions/rule_exception_append_comp.yaml trace_file: trace_files/cat_write.scap rule_exception_values_listref: detect: False detect_level: WARNING rules_file: - rules/exceptions/rule_exception_values_listref.yaml trace_file: trace_files/cat_write.scap rule_exception_values_listref_noparens: detect: False detect_level: WARNING rules_file: - rules/exceptions/rule_exception_values_listref_noparens.yaml trace_file: trace_files/cat_write.scap rule_exception_values_list: detect: False detect_level: WARNING rules_file: - rules/exceptions/rule_exception_values_list.yaml trace_file: trace_files/cat_write.scap rule_exception_single_field: detect: False detect_level: WARNING rules_file: - rules/exceptions/rule_exception_single_field.yaml trace_file: trace_files/cat_write.scap rule_exception_single_field_append: detect: False detect_level: WARNING rules_file: - rules/exceptions/rule_exception_single_field_append.yaml trace_file: trace_files/cat_write.scap rule_exception_new_single_field_append: detect: False detect_level: WARNING rules_file: - rules/exceptions/rule_exception_new_single_field_append.yaml trace_file: trace_files/cat_write.scap rule_exception_new_second_field_append: detect: False detect_level: WARNING rules_file: - rules/exceptions/rule_exception_new_second_field_append.yaml trace_file: trace_files/cat_write.scap rule_exception_new_append_no_field: exit_status: 1 validate_errors: - item_type: exception item_name: proc_cmdline code: LOAD_ERR_VALIDATE message: "Rule exception must have fields property with a list of fields" validate_rules_file: - rules/exceptions/rule_exception_new_no_field_append.yaml trace_file: trace_files/cat_write.scap