From ae3b1da99a71739a56469c0e2fbfce3c780307d5 Mon Sep 17 00:00:00 2001 From: Rohith-Raju Date: Wed, 29 Mar 2023 21:11:33 +0530 Subject: [PATCH 1/8] Added test to print ignored events Signed-off-by: Rohith-Raju --- tests/falco/commands_test.go | 37 +++++ tests/falco/events.json | 278 +++++++++++++++++++++++++++++++++++ 2 files changed, 315 insertions(+) create mode 100644 tests/falco/events.json diff --git a/tests/falco/commands_test.go b/tests/falco/commands_test.go index 42a3580..2edec65 100644 --- a/tests/falco/commands_test.go +++ b/tests/falco/commands_test.go @@ -18,6 +18,8 @@ limitations under the License. package testfalco import ( + "encoding/json" + "os" "regexp" "testing" @@ -132,3 +134,38 @@ func TestFalco_Cmd_PluginInfo(t *testing.T) { `No suggested open params available.*`), res.Stdout()) } + +func TestFalco_Print_IgnoredEvents(t *testing.T) { + t.Parallel() + checkDefaultConfig(t) + type Data struct { + Events []string `json:"events"` + } + evntfile, err := os.Open("events.json") + if err != nil { + panic(err) + } + defer evntfile.Close() + + var events Data + err = json.NewDecoder(evntfile).Decode(&events) + if err != nil { + panic(err) + } + + runner := tests.NewFalcoExecutableRunner(t) + t.Run("all-events-ignored-by-default", func(t *testing.T) { + res := falco.Test( + runner, + falco.WithArgs("-i"), + ) + assert.Regexp(t, regexp.MustCompile( + `Ignored\sEvent\(s\):\n`, + ), res.Stdout()) + for _, event := range events.Events { + assert.Regexp(t, regexp.MustCompile(`\b`+event+`\b`), res.Stdout()) + } + assert.NoError(t, res.Err(), "%s", res.Stderr()) + assert.Equal(t, res.ExitCode(), 0) + }) +} diff --git a/tests/falco/events.json b/tests/falco/events.json new file mode 100644 index 0000000..1ed6d2f --- /dev/null +++ b/tests/falco/events.json @@ -0,0 +1,278 @@ +{ + "events": [ + "getdents64", + "getdents", + "getresgid", + "getresuid", + "getegid", + "geteuid", + "munmap", + "sendmmsg", + "splice", + "getpeername", + "write", + "stat", + "getsockname", + "access", + "nanosleep", + "setsockopt", + "read", + "futex", + "semget", + "getgid", + "page_fault", + "brk", + "readahead", + "set_mempolicy_home_node", + "io_pgetevents", + "setreuid", + "rt_sigtimedwait", + "process_madvise", + "vmsplice", + "lstat", + "preadv2", + "io_uring_register", + "rt_sigreturn", + "sched_get_priority_min", + "pread", + "sched_setscheduler", + "sched_getparam", + "init_module", + "sched_setparam", + "rt_sigpending", + "rt_sigsuspend", + "getpgid", + "delete_module", + "fremovexattr", + "msgsnd", + "uname", + "syslog", + "ioperm", + "fstatfs", + "getpgrp", + "sched_getscheduler", + "setpriority", + "open_tree", + "kcmp", + "getuid", + "prctl", + "llistxattr", + "waitid", + "arch_prctl", + "getpriority", + "send", + "ftruncate", + "truncate", + "mremap", + "reboot", + "settimeofday", + "pidfd_get_fd", + "readlink", + "gettimeofday", + "clock_gettime", + "getrusage", + "sethostname", + "timer_settime", + "mmap2", + "sysinfo", + "setdomainname", + "io_setup", + "inotify_add_watch", + "recvmmsg", + "pidfd_send_signal", + "getxattr", + "ppoll", + "move_mount", + "getpid", + "utime", + "mknod", + "semop", + "getppid", + "exit", + "recv", + "munlockall", + "sched_get_priority_max", + "sched_yield", + "mmap", + "restart_syscall", + "fchownat", + "getrlimit", + "fstat64", + "pkey_free", + "copy_file_range", + "fdatasync", + "clock_settime", + "get_mempolicy", + "pwritev", + "iopl", + "getsid", + "msgrcv", + "semctl", + "finit_module", + "writev", + "statx", + "lchown", + "set_mempolicy", + "listxattr", + "shmdt", + "sched_rr_get_interval", + "fsync", + "lgetxattr", + "getitimer", + "timerfd_settime", + "memfd_secret", + "mknodat", + "mlock2", + "pause", + "llseek", + "syncfs", + "uselib", + "keyctl", + "swapoff", + "umask", + "readv", + "add_key", + "select", + "getcwd", + "alarm", + "rt_sigprocmask", + "name_to_handle_at", + "lseek", + "poll", + "rt_tgsigqueueinfo", + "_sysctl", + "vhangup", + "timerfd_gettime", + "io_uring_enter", + "mlock", + "lstat64", + "futex_waitv", + "move_pages", + "clock_getres", + "munlock", + "query_module", + "adjtimex", + "swapon", + "mq_unlink", + "pidfd_open", + "capget", + "set_thread_area", + "faccessat", + "newfstatat", + "timer_delete", + "fspick", + "io_getevents", + "sysfs", + "get_kernel_syms", + "epoll_pwait", + "acct", + "preadv", + "epoll_wait", + "times", + "ioprio_set", + "pwrite", + "setxattr", + "mq_timedsend", + "personality", + "rt_sigaction", + "wait4", + "fstat", + "setgroups", + "flistxattr", + "sync", + "pluginevent", + "clock_adjtime", + "mprotect", + "timer_getoverrun", + "statfs", + "sched_getaffinity", + "utimensat", + "mq_timedreceive", + "switch", + "landlock_add_rule", + "setregid", + "inotify_rm_watch", + "tee", + "epoll_wait_old", + "ustat", + "fchown", + "remap_file_pages", + "chown", + "setfsuid", + "setfsgid", + "pivot_root", + "mincore", + "madvise", + "timer_create", + "gettid", + "lsetxattr", + "shmat", + "fsetxattr", + "quotactl_fd", + "lookup_dcookie", + "fgetxattr", + "lremovexattr", + "landlock_create_ruleset", + "sched_setaffinity", + "setitimer", + "io_submit", + "fsconfig", + "request_key", + "fanotify_init", + "fsopen", + "perf_event_open", + "epoll_pwait2", + "sched_setattr", + "get_thread_area", + "io_destroy", + "exit_group", + "fsmount", + "epoll_ctl", + "signaldeliver", + "set_tid_address", + "get_robust_list", + "timer_gettime", + "clock_nanosleep", + "pkey_mprotect", + "utimes", + "mq_open", + "mq_notify", + "pwritev2", + "mq_getsetattr", + "kexec_load", + "io_cancel", + "ioprio_get", + "futimesat", + "mount_setattr", + "readlinkat", + "stat64", + "shmget", + "pselect6", + "set_robust_list", + "time", + "shmctl", + "getcpu", + "msgctl", + "fallocate", + "process_vm_readv", + "getgroups", + "removexattr", + "process_vm_writev", + "sigaltstack", + "getrandom", + "fadvise64", + "rt_sigqueueinfo", + "memfd_create", + "mlockall", + "kexec_file_load", + "pkey_alloc", + "msgget", + "landlock_restrict_self", + "msync", + "modify_ldt", + "migrate_pages", + "sendfile", + "mbind", + "epoll_ctl_old" + ] +} From d465af0e564917243d746a87a03096f685193f53 Mon Sep 17 00:00:00 2001 From: Rohith-Raju Date: Mon, 3 Apr 2023 13:22:22 +0530 Subject: [PATCH 2/8] Made changes as per review requests Signed-off-by: Rohith-Raju --- tests/data/outputs/event.go | 41 +++++++++++++++++++++ tests/{falco => data/outputs}/events.json | 0 tests/falco/commands_test.go | 44 +++++++++-------------- 3 files changed, 57 insertions(+), 28 deletions(-) create mode 100644 tests/data/outputs/event.go rename tests/{falco => data/outputs}/events.json (100%) diff --git a/tests/data/outputs/event.go b/tests/data/outputs/event.go new file mode 100644 index 0000000..924df39 --- /dev/null +++ b/tests/data/outputs/event.go @@ -0,0 +1,41 @@ +package outputs + +import ( + "encoding/json" + "os" + "path/filepath" + "runtime" + "strings" + + "github.com/falcosecurity/testing/pkg/run" +) + +type Data struct { + Events []string `json:"events"` +} + +func deserialize() string { + _, file, _, ok := runtime.Caller(1) + if !ok { + panic("not able to extract runtime caller info") + } + dir, err := filepath.Abs(filepath.Dir(file)) + if err != nil { + panic(err) + } + filePath := filepath.Join(dir, "events.json") + evntfile, err := os.Open(filePath) + if err != nil { + panic(err) + } + defer evntfile.Close() + + var events Data + err = json.NewDecoder(evntfile).Decode(&events) + if err != nil { + panic(err) + } + return strings.Join(events.Events, ",") +} + +var EventData = run.NewStringFileAccessor("eventData", deserialize()) diff --git a/tests/falco/events.json b/tests/data/outputs/events.json similarity index 100% rename from tests/falco/events.json rename to tests/data/outputs/events.json diff --git a/tests/falco/commands_test.go b/tests/falco/commands_test.go index 2edec65..c62426c 100644 --- a/tests/falco/commands_test.go +++ b/tests/falco/commands_test.go @@ -18,13 +18,13 @@ limitations under the License. package testfalco import ( - "encoding/json" - "os" "regexp" + "strings" "testing" "github.com/falcosecurity/testing/pkg/falco" "github.com/falcosecurity/testing/tests" + "github.com/falcosecurity/testing/tests/data/outputs" "github.com/stretchr/testify/assert" ) @@ -138,34 +138,22 @@ func TestFalco_Cmd_PluginInfo(t *testing.T) { func TestFalco_Print_IgnoredEvents(t *testing.T) { t.Parallel() checkDefaultConfig(t) - type Data struct { - Events []string `json:"events"` - } - evntfile, err := os.Open("events.json") - if err != nil { - panic(err) - } - defer evntfile.Close() - - var events Data - err = json.NewDecoder(evntfile).Decode(&events) + bytearr, err := outputs.EventData.Content() if err != nil { panic(err) } - + events := strings.Split(string(bytearr), ",") runner := tests.NewFalcoExecutableRunner(t) - t.Run("all-events-ignored-by-default", func(t *testing.T) { - res := falco.Test( - runner, - falco.WithArgs("-i"), - ) - assert.Regexp(t, regexp.MustCompile( - `Ignored\sEvent\(s\):\n`, - ), res.Stdout()) - for _, event := range events.Events { - assert.Regexp(t, regexp.MustCompile(`\b`+event+`\b`), res.Stdout()) - } - assert.NoError(t, res.Err(), "%s", res.Stderr()) - assert.Equal(t, res.ExitCode(), 0) - }) + res := falco.Test( + runner, + falco.WithArgs("-i"), + ) + assert.Regexp(t, regexp.MustCompile( + `Ignored\sEvent\(s\):\n`, + ), res.Stdout()) + for _, event := range events { + assert.Contains(t, res.Stdout(), event) + } + assert.NoError(t, res.Err(), "%s", res.Stderr()) + assert.Equal(t, res.ExitCode(), 0) } From 4cae337c0bd8e166dac15390804a9934702f3b54 Mon Sep 17 00:00:00 2001 From: Rohith-Raju Date: Mon, 3 Apr 2023 13:24:51 +0530 Subject: [PATCH 3/8] doc changes Signed-off-by: Rohith-Raju --- pkg/run/runner.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkg/run/runner.go b/pkg/run/runner.go index efef353..05b817e 100644 --- a/pkg/run/runner.go +++ b/pkg/run/runner.go @@ -58,12 +58,12 @@ func WithArgs(args ...string) RunnerOption { return func(ro *runOpts) { ro.args = append(ro.args, args...) } } -// WithArgs is an option for running Falco by writing stdout on a given writer +// WithStdout is an option for running Falco by writing stdout on a given writer func WithStdout(writer io.Writer) RunnerOption { return func(ro *runOpts) { ro.stdout = writer } } -// WithArgs is an option for running Falco by writing stderr on a given writer +// WithStderr is an option for running Falco by writing stderr on a given writer func WithStderr(writer io.Writer) RunnerOption { return func(ro *runOpts) { ro.stderr = writer } } From 506f3ddce38f2e654823552e829c951d66df450f Mon Sep 17 00:00:00 2001 From: Rohith-Raju Date: Mon, 3 Apr 2023 16:22:21 +0530 Subject: [PATCH 4/8] use embed to read the output file Signed-off-by: Rohith-Raju --- tests/data/outputs/event.go | 38 +---- tests/data/outputs/events.json | 278 --------------------------------- tests/data/outputs/events.txt | 1 + 3 files changed, 5 insertions(+), 312 deletions(-) delete mode 100644 tests/data/outputs/events.json create mode 100644 tests/data/outputs/events.txt diff --git a/tests/data/outputs/event.go b/tests/data/outputs/event.go index 924df39..7d9aeb5 100644 --- a/tests/data/outputs/event.go +++ b/tests/data/outputs/event.go @@ -1,41 +1,11 @@ package outputs import ( - "encoding/json" - "os" - "path/filepath" - "runtime" - "strings" + _ "embed" "github.com/falcosecurity/testing/pkg/run" ) -type Data struct { - Events []string `json:"events"` -} - -func deserialize() string { - _, file, _, ok := runtime.Caller(1) - if !ok { - panic("not able to extract runtime caller info") - } - dir, err := filepath.Abs(filepath.Dir(file)) - if err != nil { - panic(err) - } - filePath := filepath.Join(dir, "events.json") - evntfile, err := os.Open(filePath) - if err != nil { - panic(err) - } - defer evntfile.Close() - - var events Data - err = json.NewDecoder(evntfile).Decode(&events) - if err != nil { - panic(err) - } - return strings.Join(events.Events, ",") -} - -var EventData = run.NewStringFileAccessor("eventData", deserialize()) +//go:embed events.txt +var s string +var EventData = run.NewStringFileAccessor("eventData", s) diff --git a/tests/data/outputs/events.json b/tests/data/outputs/events.json deleted file mode 100644 index 1ed6d2f..0000000 --- a/tests/data/outputs/events.json +++ /dev/null @@ -1,278 +0,0 @@ -{ - "events": [ - "getdents64", - "getdents", - "getresgid", - "getresuid", - "getegid", - "geteuid", - "munmap", - "sendmmsg", - "splice", - "getpeername", - "write", - "stat", - "getsockname", - "access", - "nanosleep", - "setsockopt", - "read", - "futex", - "semget", - "getgid", - "page_fault", - "brk", - "readahead", - "set_mempolicy_home_node", - "io_pgetevents", - "setreuid", - "rt_sigtimedwait", - "process_madvise", - "vmsplice", - "lstat", - "preadv2", - "io_uring_register", - "rt_sigreturn", - "sched_get_priority_min", - "pread", - "sched_setscheduler", - "sched_getparam", - "init_module", - "sched_setparam", - "rt_sigpending", - "rt_sigsuspend", - "getpgid", - "delete_module", - "fremovexattr", - "msgsnd", - "uname", - "syslog", - "ioperm", - "fstatfs", - "getpgrp", - "sched_getscheduler", - "setpriority", - "open_tree", - "kcmp", - "getuid", - "prctl", - "llistxattr", - "waitid", - "arch_prctl", - "getpriority", - "send", - "ftruncate", - "truncate", - "mremap", - "reboot", - "settimeofday", - "pidfd_get_fd", - "readlink", - "gettimeofday", - "clock_gettime", - "getrusage", - "sethostname", - "timer_settime", - "mmap2", - "sysinfo", - "setdomainname", - "io_setup", - "inotify_add_watch", - "recvmmsg", - "pidfd_send_signal", - "getxattr", - "ppoll", - "move_mount", - "getpid", - "utime", - "mknod", - "semop", - "getppid", - "exit", - "recv", - "munlockall", - "sched_get_priority_max", - "sched_yield", - "mmap", - "restart_syscall", - "fchownat", - "getrlimit", - "fstat64", - "pkey_free", - "copy_file_range", - "fdatasync", - "clock_settime", - "get_mempolicy", - "pwritev", - "iopl", - "getsid", - "msgrcv", - "semctl", - "finit_module", - "writev", - "statx", - "lchown", - "set_mempolicy", - "listxattr", - "shmdt", - "sched_rr_get_interval", - "fsync", - "lgetxattr", - "getitimer", - "timerfd_settime", - "memfd_secret", - "mknodat", - "mlock2", - "pause", - "llseek", - "syncfs", - "uselib", - "keyctl", - "swapoff", - "umask", - "readv", - "add_key", - "select", - "getcwd", - "alarm", - "rt_sigprocmask", - "name_to_handle_at", - "lseek", - "poll", - "rt_tgsigqueueinfo", - "_sysctl", - "vhangup", - "timerfd_gettime", - "io_uring_enter", - "mlock", - "lstat64", - "futex_waitv", - "move_pages", - "clock_getres", - "munlock", - "query_module", - "adjtimex", - "swapon", - "mq_unlink", - "pidfd_open", - "capget", - "set_thread_area", - "faccessat", - "newfstatat", - "timer_delete", - "fspick", - "io_getevents", - "sysfs", - "get_kernel_syms", - "epoll_pwait", - "acct", - "preadv", - "epoll_wait", - "times", - "ioprio_set", - "pwrite", - "setxattr", - "mq_timedsend", - "personality", - "rt_sigaction", - "wait4", - "fstat", - "setgroups", - "flistxattr", - "sync", - "pluginevent", - "clock_adjtime", - "mprotect", - "timer_getoverrun", - "statfs", - "sched_getaffinity", - "utimensat", - "mq_timedreceive", - "switch", - "landlock_add_rule", - "setregid", - "inotify_rm_watch", - "tee", - "epoll_wait_old", - "ustat", - "fchown", - "remap_file_pages", - "chown", - "setfsuid", - "setfsgid", - "pivot_root", - "mincore", - "madvise", - "timer_create", - "gettid", - "lsetxattr", - "shmat", - "fsetxattr", - "quotactl_fd", - "lookup_dcookie", - "fgetxattr", - "lremovexattr", - "landlock_create_ruleset", - "sched_setaffinity", - "setitimer", - "io_submit", - "fsconfig", - "request_key", - "fanotify_init", - "fsopen", - "perf_event_open", - "epoll_pwait2", - "sched_setattr", - "get_thread_area", - "io_destroy", - "exit_group", - "fsmount", - "epoll_ctl", - "signaldeliver", - "set_tid_address", - "get_robust_list", - "timer_gettime", - "clock_nanosleep", - "pkey_mprotect", - "utimes", - "mq_open", - "mq_notify", - "pwritev2", - "mq_getsetattr", - "kexec_load", - "io_cancel", - "ioprio_get", - "futimesat", - "mount_setattr", - "readlinkat", - "stat64", - "shmget", - "pselect6", - "set_robust_list", - "time", - "shmctl", - "getcpu", - "msgctl", - "fallocate", - "process_vm_readv", - "getgroups", - "removexattr", - "process_vm_writev", - "sigaltstack", - "getrandom", - "fadvise64", - "rt_sigqueueinfo", - "memfd_create", - "mlockall", - "kexec_file_load", - "pkey_alloc", - "msgget", - "landlock_restrict_self", - "msync", - "modify_ldt", - "migrate_pages", - "sendfile", - "mbind", - "epoll_ctl_old" - ] -} diff --git a/tests/data/outputs/events.txt b/tests/data/outputs/events.txt new file mode 100644 index 0000000..5c6a831 --- /dev/null +++ b/tests/data/outputs/events.txt @@ -0,0 +1 @@ +getdents64,getdents,getresgid,getresuid,getegid,geteuid,munmap,sendmmsg,splice,getpeername,write,stat,getsockname,access,nanosleep,setsockopt,read,futex,semget,getgid,page_fault,brk,readahead,set_mempolicy_home_node,io_pgetevents,setreuid,rt_sigtimedwait,process_madvise,vmsplice,lstat,preadv2,io_uring_register,rt_sigreturn,sched_get_priority_min,pread,sched_setscheduler,sched_getparam,init_module,sched_setparam,rt_sigpending,rt_sigsuspend,getpgid,delete_module,fremovexattr,msgsnd,uname,syslog,ioperm,fstatfs,getpgrp,sched_getscheduler,setpriority,open_tree,kcmp,getuid,prctl,llistxattr,waitid,arch_prctl,getpriority,send,ftruncate,truncate,mremap,reboot,settimeofday,pidfd_get_fd,readlink,gettimeofday,clock_gettime,getrusage,sethostname,timer_settime,mmap2,sysinfo,setdomainname,io_setup,inotify_add_watch,recvmmsg,pidfd_send_signal,getxattr,ppoll,move_mount,getpid,utime,mknod,semop,getppid,exit,recv,munlockall,sched_get_priority_max,sched_yield,mmap,restart_syscall,fchownat,getrlimit,fstat64,pkey_free,copy_file_range,fdatasync,clock_settime,get_mempolicy,pwritev,iopl,getsid,msgrcv,semctl,finit_module,writev,statx,lchown,set_mempolicy,listxattr,shmdt,sched_rr_get_interval,fsync,lgetxattr,getitimer,timerfd_settime,memfd_secret,mknodat,mlock2,pause,llseek,syncfs,uselib,keyctl,swapoff,umask,readv,add_key,select,getcwd,alarm,rt_sigprocmask,name_to_handle_at,lseek,poll,rt_tgsigqueueinfo,_sysctl,vhangup,timerfd_gettime,io_uring_enter,mlock,lstat64,futex_waitv,move_pages,clock_getres,munlock,query_module,adjtimex,swapon,mq_unlink,pidfd_open,capget,set_thread_area,faccessat,newfstatat,timer_delete,fspick,io_getevents,sysfs,get_kernel_syms,epoll_pwait,acct,preadv,epoll_wait,times,ioprio_set,pwrite,setxattr,mq_timedsend,personality,rt_sigaction,wait4,fstat,setgroups,flistxattr,sync,pluginevent,clock_adjtime,mprotect,timer_getoverrun,statfs,sched_getaffinity,utimensat,mq_timedreceive,switch,landlock_add_rule,setregid,inotify_rm_watch,tee,epoll_wait_old,ustat,fchown,remap_file_pages,chown,setfsuid,setfsgid,pivot_root,mincore,madvise,timer_create,gettid,lsetxattr,shmat,fsetxattr,quotactl_fd,lookup_dcookie,fgetxattr,lremovexattr,landlock_create_ruleset,sched_setaffinity,setitimer,io_submit,fsconfig,request_key,fanotify_init,fsopen,perf_event_open,epoll_pwait2,sched_setattr,get_thread_area,io_destroy,exit_group,fsmount,epoll_ctl,signaldeliver,set_tid_address,get_robust_list,timer_gettime,clock_nanosleep,pkey_mprotect,utimes,mq_open,mq_notify,pwritev2,mq_getsetattr,kexec_load,io_cancel,ioprio_get,futimesat,mount_setattr,readlinkat,stat64,shmget,pselect6,set_robust_list,time,shmctl,getcpu,msgctl,fallocate,process_vm_readv,getgroups,removexattr,process_vm_writev,sigaltstack,getrandom,fadvise64,rt_sigqueueinfo,memfd_create,mlockall,kexec_file_load,pkey_alloc,msgget,landlock_restrict_self,msync,modify_ldt,migrate_pages,sendfile,mbind,epoll_ctl_old \ No newline at end of file From 3813047cf930cde4c80e9d359e83b1e3d1badce6 Mon Sep 17 00:00:00 2001 From: Rohith-Raju Date: Tue, 4 Apr 2023 20:25:04 +0530 Subject: [PATCH 5/8] made changes to syscall events Signed-off-by: Rohith-Raju --- tests/data/outputs/events.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/data/outputs/events.txt b/tests/data/outputs/events.txt index 5c6a831..b447c72 100644 --- a/tests/data/outputs/events.txt +++ b/tests/data/outputs/events.txt @@ -1 +1 @@ -getdents64,getdents,getresgid,getresuid,getegid,geteuid,munmap,sendmmsg,splice,getpeername,write,stat,getsockname,access,nanosleep,setsockopt,read,futex,semget,getgid,page_fault,brk,readahead,set_mempolicy_home_node,io_pgetevents,setreuid,rt_sigtimedwait,process_madvise,vmsplice,lstat,preadv2,io_uring_register,rt_sigreturn,sched_get_priority_min,pread,sched_setscheduler,sched_getparam,init_module,sched_setparam,rt_sigpending,rt_sigsuspend,getpgid,delete_module,fremovexattr,msgsnd,uname,syslog,ioperm,fstatfs,getpgrp,sched_getscheduler,setpriority,open_tree,kcmp,getuid,prctl,llistxattr,waitid,arch_prctl,getpriority,send,ftruncate,truncate,mremap,reboot,settimeofday,pidfd_get_fd,readlink,gettimeofday,clock_gettime,getrusage,sethostname,timer_settime,mmap2,sysinfo,setdomainname,io_setup,inotify_add_watch,recvmmsg,pidfd_send_signal,getxattr,ppoll,move_mount,getpid,utime,mknod,semop,getppid,exit,recv,munlockall,sched_get_priority_max,sched_yield,mmap,restart_syscall,fchownat,getrlimit,fstat64,pkey_free,copy_file_range,fdatasync,clock_settime,get_mempolicy,pwritev,iopl,getsid,msgrcv,semctl,finit_module,writev,statx,lchown,set_mempolicy,listxattr,shmdt,sched_rr_get_interval,fsync,lgetxattr,getitimer,timerfd_settime,memfd_secret,mknodat,mlock2,pause,llseek,syncfs,uselib,keyctl,swapoff,umask,readv,add_key,select,getcwd,alarm,rt_sigprocmask,name_to_handle_at,lseek,poll,rt_tgsigqueueinfo,_sysctl,vhangup,timerfd_gettime,io_uring_enter,mlock,lstat64,futex_waitv,move_pages,clock_getres,munlock,query_module,adjtimex,swapon,mq_unlink,pidfd_open,capget,set_thread_area,faccessat,newfstatat,timer_delete,fspick,io_getevents,sysfs,get_kernel_syms,epoll_pwait,acct,preadv,epoll_wait,times,ioprio_set,pwrite,setxattr,mq_timedsend,personality,rt_sigaction,wait4,fstat,setgroups,flistxattr,sync,pluginevent,clock_adjtime,mprotect,timer_getoverrun,statfs,sched_getaffinity,utimensat,mq_timedreceive,switch,landlock_add_rule,setregid,inotify_rm_watch,tee,epoll_wait_old,ustat,fchown,remap_file_pages,chown,setfsuid,setfsgid,pivot_root,mincore,madvise,timer_create,gettid,lsetxattr,shmat,fsetxattr,quotactl_fd,lookup_dcookie,fgetxattr,lremovexattr,landlock_create_ruleset,sched_setaffinity,setitimer,io_submit,fsconfig,request_key,fanotify_init,fsopen,perf_event_open,epoll_pwait2,sched_setattr,get_thread_area,io_destroy,exit_group,fsmount,epoll_ctl,signaldeliver,set_tid_address,get_robust_list,timer_gettime,clock_nanosleep,pkey_mprotect,utimes,mq_open,mq_notify,pwritev2,mq_getsetattr,kexec_load,io_cancel,ioprio_get,futimesat,mount_setattr,readlinkat,stat64,shmget,pselect6,set_robust_list,time,shmctl,getcpu,msgctl,fallocate,process_vm_readv,getgroups,removexattr,process_vm_writev,sigaltstack,getrandom,fadvise64,rt_sigqueueinfo,memfd_create,mlockall,kexec_file_load,pkey_alloc,msgget,landlock_restrict_self,msync,modify_ldt,migrate_pages,sendfile,mbind,epoll_ctl_old \ No newline at end of file +recv,pwrite64,pread64,sendfile64,read,write,writev,pwritev,readv,sendfile,preadv,sendto,recvfrom,send,sendmsg,recvmsg,sendmmsg,recvmmsg \ No newline at end of file From 5fce27d4a1393efdac2b4d05f1833d9655539a92 Mon Sep 17 00:00:00 2001 From: Rohith-Raju Date: Wed, 5 Apr 2023 12:52:23 +0530 Subject: [PATCH 6/8] made changes to regex Signed-off-by: Rohith-Raju --- tests/falco/commands_test.go | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/tests/falco/commands_test.go b/tests/falco/commands_test.go index c62426c..8911cdd 100644 --- a/tests/falco/commands_test.go +++ b/tests/falco/commands_test.go @@ -148,9 +148,7 @@ func TestFalco_Print_IgnoredEvents(t *testing.T) { runner, falco.WithArgs("-i"), ) - assert.Regexp(t, regexp.MustCompile( - `Ignored\sEvent\(s\):\n`, - ), res.Stdout()) + assert.Contains(t, res.Stdout(), "Ignored I/O syscall(s)") for _, event := range events { assert.Contains(t, res.Stdout(), event) } From 0dfb739d205a9e05e7d4ac9b80a9b2012fa23572 Mon Sep 17 00:00:00 2001 From: Rohith-Raju Date: Wed, 5 Apr 2023 13:09:46 +0530 Subject: [PATCH 7/8] made changes to events Signed-off-by: Rohith-Raju --- tests/data/outputs/events.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/data/outputs/events.txt b/tests/data/outputs/events.txt index b447c72..8636ca8 100644 --- a/tests/data/outputs/events.txt +++ b/tests/data/outputs/events.txt @@ -1 +1 @@ -recv,pwrite64,pread64,sendfile64,read,write,writev,pwritev,readv,sendfile,preadv,sendto,recvfrom,send,sendmsg,recvmsg,sendmmsg,recvmmsg \ No newline at end of file +sendfile,recvfrom,readv,sendto,send,read,recvmmsg,write,recvmsg,pwrite,sendmmsg,sendmsg,pread,writev,recv,pwritev,prea \ No newline at end of file From b3bd0f6579615474f62fe2151f5b2e804cd47665 Mon Sep 17 00:00:00 2001 From: Rohith-Raju Date: Wed, 5 Apr 2023 13:22:13 +0530 Subject: [PATCH 8/8] final changes Signed-off-by: Rohith-Raju --- tests/data/outputs/events.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/data/outputs/events.txt b/tests/data/outputs/events.txt index 8636ca8..c0e593f 100644 --- a/tests/data/outputs/events.txt +++ b/tests/data/outputs/events.txt @@ -1 +1 @@ -sendfile,recvfrom,readv,sendto,send,read,recvmmsg,write,recvmsg,pwrite,sendmmsg,sendmsg,pread,writev,recv,pwritev,prea \ No newline at end of file +sendfile,recvfrom,readv,sendto,send,read,recvmmsg,write,recvmsg,pwrite,sendmmsg,sendmsg,pread,writev,recv,pwritev,preadv \ No newline at end of file