Unit test for appending to skipped rules

Unit test verifies fix for appending to skipped rules. One rules file defines a rule with priority WARNING, a second rules file appends to that rules file, and the configured priority is ERROR. Ensures that falco rules without errors.
falcosecurity · Apr 5, 2018 · 856fda4 · 856fda4
1 parent ce97f1e
commit 856fda4
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 1 deletion.
diff --git a/test/falco_tests.yaml b/test/falco_tests.yaml
@@ -642,6 +642,14 @@ trace_files: !mux
       - rules/rule_append_failure.yaml
     trace_file: trace_files/cat_write.scap
 
+  rule_append_skipped:
+    detect: False
+    priority: ERROR
+    rules_file:
+      - rules/single_rule.yaml
+      - rules/append_single_rule.yaml
+    trace_file: trace_files/cat_write.scap
+
   rule_append:
     detect: True
     detect_level: WARNING
@@ -670,4 +678,4 @@ trace_files: !mux
     detect_level: INFO
     rules_file:
       - rules/detect_connect_using_in.yaml
-    trace_file: trace_files/connect_localhost.scap
+    trace_file: trace_files/connect_localhost.scap
diff --git a/test/rules/append_single_rule.yaml b/test/rules/append_single_rule.yaml
@@ -0,0 +1,3 @@
+- rule: open_from_cat
+  append: true
+  condition: and fd.name=/tmp