mirror of
https://github.com/falcosecurity/falco.git
synced 2026-03-18 18:58:41 +00:00
a37e2252b2
Update tests that validated rules files (typically looking for errors/warnings) to use the new result struct + json based validation: - When validating rules files, always use json output. - In test cases, instead of parsing stderr/stdout, use new test properties "validate_ok", "validate_errors", "validate_warnings". These parse the json output and look for specific tuples of (error code, error message, item type, item name) in the output. - There were a few tests that were actually validation tests but using the -r argument to load rules. Convert them to validation tests. In one case, split the test into two separate tests--one for validation, one ensuring that the rule doesn't match anything. - There were a couple of tests that were duplicates of existing validation tests, just checking for the error in a different way. Remove them. Signed-off-by: Mark Stemm <mark.stemm@gmail.com>
271 lines
7.9 KiB
YAML
271 lines
7.9 KiB
YAML
#
|
|
# Copyright (C) 2016-2020 The Falco Authors..
|
|
#
|
|
# This file is part of falco.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
#
|
|
|
|
trace_files: !mux
|
|
|
|
rule_exception_no_fields:
|
|
exit_status: 1
|
|
validate_errors:
|
|
- item_type: exception
|
|
item_name: ex1
|
|
code: LOAD_ERR_YAML_VALIDATE
|
|
message: "Item has no mapping for key 'fields'"
|
|
validate_rules_file:
|
|
- rules/exceptions/item_no_fields.yaml
|
|
trace_file: trace_files/cat_write.scap
|
|
|
|
rule_exception_no_name:
|
|
exit_status: 1
|
|
validate_errors:
|
|
- item_type: exception
|
|
item_name: ""
|
|
code: LOAD_ERR_YAML_VALIDATE
|
|
message: "Item has no mapping for key 'name'"
|
|
validate_rules_file:
|
|
- rules/exceptions/item_no_name.yaml
|
|
trace_file: trace_files/cat_write.scap
|
|
|
|
rule_exception_append_no_name:
|
|
exit_status: 1
|
|
validate_errors:
|
|
- item_type: exception
|
|
item_name: ""
|
|
code: LOAD_ERR_YAML_VALIDATE
|
|
message: "Item has no mapping for key 'name'"
|
|
validate_rules_file:
|
|
- rules/exceptions/append_item_no_name.yaml
|
|
trace_file: trace_files/cat_write.scap
|
|
|
|
rule_exception_unknown_fields:
|
|
exit_status: 1
|
|
validate_errors:
|
|
- item_type: exception
|
|
item_name: ex1
|
|
code: LOAD_ERR_VALIDATE
|
|
message: "'not.exist' is not a supported filter field"
|
|
validate_rules_file:
|
|
- rules/exceptions/item_unknown_fields.yaml
|
|
trace_file: trace_files/cat_write.scap
|
|
|
|
rule_exception_comps_fields_len_mismatch:
|
|
exit_status: 1
|
|
validate_errors:
|
|
- item_type: exception
|
|
item_name: ex1
|
|
code: LOAD_ERR_VALIDATE
|
|
message: "Fields and comps lists must have equal length"
|
|
validate_rules_file:
|
|
- rules/exceptions/item_comps_fields_len_mismatch.yaml
|
|
trace_file: trace_files/cat_write.scap
|
|
|
|
rule_exception_unknown_comp:
|
|
exit_status: 1
|
|
validate_errors:
|
|
- item_type: exception
|
|
item_name: ex1
|
|
code: LOAD_ERR_VALIDATE
|
|
message: "'no-comp' is not a supported comparison operator"
|
|
validate_rules_file:
|
|
- rules/exceptions/item_unknown_comp.yaml
|
|
trace_file: trace_files/cat_write.scap
|
|
|
|
rule_exception_fields_values_len_mismatch:
|
|
exit_status: 1
|
|
validate_errors:
|
|
- item_type: exception
|
|
item_name: ex1
|
|
code: LOAD_ERR_VALIDATE
|
|
message: "Fields and values lists must have equal length"
|
|
validate_rules_file:
|
|
- rules/exceptions/item_fields_values_len_mismatch.yaml
|
|
trace_file: trace_files/cat_write.scap
|
|
|
|
rule_exception_append_fields_values_len_mismatch:
|
|
exit_status: 1
|
|
validate_errors:
|
|
- item_type: exception
|
|
item_name: ex1
|
|
code: LOAD_ERR_VALIDATE
|
|
message: "Fields and values lists must have equal length"
|
|
validate_rules_file:
|
|
- rules/exceptions/append_item_fields_values_len_mismatch.yaml
|
|
trace_file: trace_files/cat_write.scap
|
|
|
|
rule_exception_append_item_not_in_rule:
|
|
exit_status: 1
|
|
validate_errors:
|
|
- item_type: exception
|
|
item_name: ex2
|
|
code: LOAD_ERR_VALIDATE
|
|
message: "Rule exception must have fields property with a list of fields"
|
|
validate_rules_file:
|
|
- rules/exceptions/append_item_not_in_rule.yaml
|
|
trace_file: trace_files/cat_write.scap
|
|
|
|
rule_exception_no_values:
|
|
detect: True
|
|
detect_level: WARNING
|
|
rules_file:
|
|
- rules/exceptions/rule_exception_no_values.yaml
|
|
trace_file: trace_files/cat_write.scap
|
|
|
|
rule_exception_one_value:
|
|
detect: False
|
|
detect_level: WARNING
|
|
rules_file:
|
|
- rules/exceptions/rule_exception_one_value.yaml
|
|
trace_file: trace_files/cat_write.scap
|
|
|
|
rule_exception_append_one_value:
|
|
detect: False
|
|
detect_level: WARNING
|
|
rules_file:
|
|
- rules/exceptions/rule_exception_append_one_value.yaml
|
|
trace_file: trace_files/cat_write.scap
|
|
|
|
rule_exception_second_value:
|
|
detect: False
|
|
detect_level: WARNING
|
|
rules_file:
|
|
- rules/exceptions/rule_exception_second_value.yaml
|
|
trace_file: trace_files/cat_write.scap
|
|
|
|
rule_exception_append_second_value:
|
|
detect: False
|
|
detect_level: WARNING
|
|
rules_file:
|
|
- rules/exceptions/rule_exception_append_second_value.yaml
|
|
trace_file: trace_files/cat_write.scap
|
|
|
|
rule_exception_second_item:
|
|
detect: False
|
|
detect_level: WARNING
|
|
rules_file:
|
|
- rules/exceptions/rule_exception_second_item.yaml
|
|
trace_file: trace_files/cat_write.scap
|
|
|
|
rule_exception_append_second_item:
|
|
detect: False
|
|
detect_level: WARNING
|
|
rules_file:
|
|
- rules/exceptions/rule_exception_append_second_item.yaml
|
|
trace_file: trace_files/cat_write.scap
|
|
|
|
rule_exception_third_item:
|
|
detect: False
|
|
detect_level: WARNING
|
|
rules_file:
|
|
- rules/exceptions/rule_exception_third_item.yaml
|
|
trace_file: trace_files/cat_write.scap
|
|
|
|
rule_exception_append_third_item:
|
|
detect: False
|
|
detect_level: WARNING
|
|
rules_file:
|
|
- rules/exceptions/rule_exception_append_third_item.yaml
|
|
trace_file: trace_files/cat_write.scap
|
|
|
|
rule_exception_quoted:
|
|
detect: False
|
|
detect_level: WARNING
|
|
rules_file:
|
|
- rules/exceptions/rule_exception_quoted.yaml
|
|
trace_file: trace_files/cat_write.scap
|
|
|
|
rule_exception_append_multiple_values:
|
|
detect: False
|
|
detect_level: WARNING
|
|
rules_file:
|
|
- rules/exceptions/rule_exception_append_multiple.yaml
|
|
trace_file: trace_files/cat_write.scap
|
|
|
|
rule_exception_comp:
|
|
detect: False
|
|
detect_level: WARNING
|
|
rules_file:
|
|
- rules/exceptions/rule_exception_comp.yaml
|
|
trace_file: trace_files/cat_write.scap
|
|
|
|
rule_exception_append_comp:
|
|
detect: False
|
|
detect_level: WARNING
|
|
rules_file:
|
|
- rules/exceptions/rule_exception_append_comp.yaml
|
|
trace_file: trace_files/cat_write.scap
|
|
|
|
rule_exception_values_listref:
|
|
detect: False
|
|
detect_level: WARNING
|
|
rules_file:
|
|
- rules/exceptions/rule_exception_values_listref.yaml
|
|
trace_file: trace_files/cat_write.scap
|
|
|
|
rule_exception_values_listref_noparens:
|
|
detect: False
|
|
detect_level: WARNING
|
|
rules_file:
|
|
- rules/exceptions/rule_exception_values_listref_noparens.yaml
|
|
trace_file: trace_files/cat_write.scap
|
|
|
|
rule_exception_values_list:
|
|
detect: False
|
|
detect_level: WARNING
|
|
rules_file:
|
|
- rules/exceptions/rule_exception_values_list.yaml
|
|
trace_file: trace_files/cat_write.scap
|
|
|
|
rule_exception_single_field:
|
|
detect: False
|
|
detect_level: WARNING
|
|
rules_file:
|
|
- rules/exceptions/rule_exception_single_field.yaml
|
|
trace_file: trace_files/cat_write.scap
|
|
|
|
rule_exception_single_field_append:
|
|
detect: False
|
|
detect_level: WARNING
|
|
rules_file:
|
|
- rules/exceptions/rule_exception_single_field_append.yaml
|
|
trace_file: trace_files/cat_write.scap
|
|
|
|
rule_exception_new_single_field_append:
|
|
detect: False
|
|
detect_level: WARNING
|
|
rules_file:
|
|
- rules/exceptions/rule_exception_new_single_field_append.yaml
|
|
trace_file: trace_files/cat_write.scap
|
|
|
|
rule_exception_new_second_field_append:
|
|
detect: False
|
|
detect_level: WARNING
|
|
rules_file:
|
|
- rules/exceptions/rule_exception_new_second_field_append.yaml
|
|
trace_file: trace_files/cat_write.scap
|
|
|
|
rule_exception_new_append_no_field:
|
|
exit_status: 1
|
|
validate_errors:
|
|
- item_type: exception
|
|
item_name: proc_cmdline
|
|
code: LOAD_ERR_VALIDATE
|
|
message: "Rule exception must have fields property with a list of fields"
|
|
validate_rules_file:
|
|
- rules/exceptions/rule_exception_new_no_field_append.yaml
|
|
trace_file: trace_files/cat_write.scap
|
|
|