diff --git a/test/falco_tests.yaml b/test/falco_tests.yaml index 7f4ce7848ac..7a58aa4a740 100644 --- a/test/falco_tests.yaml +++ b/test/falco_tests.yaml @@ -402,6 +402,81 @@ trace_files: !mux - rules/rule_append_failure.yaml trace_file: trace_files/cat_write.scap + invalid_overwrite_macro: + exit_status: 1 + stdout_contains: |+ + .*invalid_base_macro.yaml: Ok + .*invalid_overwrite_macro.yaml: Compilation error when compiling "foo": Undefined macro 'foo' used in filter. + --- + - macro: some macro + condition: foo + append: false + --- + validate_rules_file: + - rules/invalid_base_macro.yaml + - rules/invalid_overwrite_macro.yaml + trace_file: trace_files/cat_write.scap + + invalid_append_macro: + exit_status: 1 + stdout_contains: |+ + .*invalid_base_macro.yaml: Ok + .*invalid_append_macro.yaml: Compilation error when compiling "evt.type=execve foo": 17: syntax error, unexpected 'foo', expecting 'or', 'and' + --- + - macro: some macro + condition: evt.type=execve + + - macro: some macro + condition: foo + append: true + --- + validate_rules_file: + - rules/invalid_base_macro.yaml + - rules/invalid_append_macro.yaml + trace_file: trace_files/cat_write.scap + + invalid_overwrite_rule: + exit_status: 1 + stdout_contains: |+ + .*invalid_base_rule.yaml: Ok + .*invalid_overwrite_rule.yaml: Undefined macro 'bar' used in filter. + --- + - rule: some rule + desc: some desc + condition: bar + output: some output + priority: INFO + append: false + --- + validate_rules_file: + - rules/invalid_base_rule.yaml + - rules/invalid_overwrite_rule.yaml + trace_file: trace_files/cat_write.scap + + invalid_append_rule: + exit_status: 1 + stdout_contains: |+ + .*invalid_base_rule.yaml: Ok + .*invalid_append_rule.yaml: Compilation error when compiling "evt.type=open bar": 15: syntax error, unexpected 'bar', expecting 'or', 'and' + --- + - rule: some rule + desc: some desc + condition: evt.type=open + output: some output + priority: INFO + + - rule: some rule + desc: some desc + condition: bar + output: some output + priority: INFO + append: true + --- + validate_rules_file: + - rules/invalid_base_rule.yaml + - rules/invalid_append_rule.yaml + trace_file: trace_files/cat_write.scap + invalid_missing_rule_name: exit_status: 1 stdout_is: |+ diff --git a/test/rules/invalid_append_macro.yaml b/test/rules/invalid_append_macro.yaml new file mode 100644 index 00000000000..d6dba2e5865 --- /dev/null +++ b/test/rules/invalid_append_macro.yaml @@ -0,0 +1,3 @@ +- macro: some macro + condition: foo + append: true diff --git a/test/rules/invalid_append_rule.yaml b/test/rules/invalid_append_rule.yaml new file mode 100644 index 00000000000..6db019bd6f9 --- /dev/null +++ b/test/rules/invalid_append_rule.yaml @@ -0,0 +1,6 @@ +- rule: some rule + desc: some desc + condition: bar + output: some output + priority: INFO + append: true \ No newline at end of file diff --git a/test/rules/invalid_base_macro.yaml b/test/rules/invalid_base_macro.yaml new file mode 100644 index 00000000000..9d1e3763888 --- /dev/null +++ b/test/rules/invalid_base_macro.yaml @@ -0,0 +1,2 @@ +- macro: some macro + condition: evt.type=execve diff --git a/test/rules/invalid_base_rule.yaml b/test/rules/invalid_base_rule.yaml new file mode 100644 index 00000000000..eb9ceb3c136 --- /dev/null +++ b/test/rules/invalid_base_rule.yaml @@ -0,0 +1,5 @@ +- rule: some rule + desc: some desc + condition: evt.type=open + output: some output + priority: INFO \ No newline at end of file diff --git a/test/rules/invalid_overwrite_macro.yaml b/test/rules/invalid_overwrite_macro.yaml new file mode 100644 index 00000000000..e0fb97f5263 --- /dev/null +++ b/test/rules/invalid_overwrite_macro.yaml @@ -0,0 +1,3 @@ +- macro: some macro + condition: foo + append: false diff --git a/test/rules/invalid_overwrite_rule.yaml b/test/rules/invalid_overwrite_rule.yaml new file mode 100644 index 00000000000..aba97688fab --- /dev/null +++ b/test/rules/invalid_overwrite_rule.yaml @@ -0,0 +1,6 @@ +- rule: some rule + desc: some desc + condition: bar + output: some output + priority: INFO + append: false \ No newline at end of file