update(tests/falco): add case for appending to unknown rule

Signed-off-by: Jason Dellaluce <[email protected]>
falcosecurity · Sep 1, 2023 · 9110022 · 9110022
1 parent b39c807
commit 9110022
Show file tree

Hide file tree

Showing 2 changed files with 33 additions and 0 deletions.
diff --git a/tests/data/rules/falco.go b/tests/data/rules/falco.go
@@ -1377,3 +1377,19 @@ var ShadowingRules = run.NewStringFileAccessor(
   priority: WARNING
   `,
 )
+
+var AppendUnknownSource = run.NewStringFileAccessor(
+	"append_unknown_source.yaml",
+	`
+- rule: Rule1
+  desc: NoDesc
+  condition: evt.type=open
+  priority: INFO
+  output: Never
+  source: mysource
+
+- rule: Rule1
+  append: true
+  condition: or evt.type=openat
+  `,
+)
diff --git a/tests/falco/legacy_test.go b/tests/falco/legacy_test.go
@@ -3063,6 +3063,23 @@ func TestFalco_Legacy_NoPluginsUnknownSource(t *testing.T) {
 	assert.Equal(t, 0, res.ExitCode())
 }
 
+func TestFalco_Legacy_AppendUnknownSource(t *testing.T) {
+	t.Parallel()
+	checkDefaultConfig(t)
+	res := falco.Test(
+		tests.NewFalcoExecutableRunner(t),
+		falco.WithOutputJSON(),
+		falco.WithRulesValidation(rules.AppendUnknownSource),
+	)
+	assert.NotNil(t, res.RuleValidation().AllWarnings().
+		OfCode("LOAD_UNKNOWN_SOURCE").
+		OfItemType("rule").
+		OfItemName("Rule1").
+		OfMessage("Unknown source mysource, skipping"))
+	assert.NoError(t, res.Err(), "%s", res.Stderr())
+	assert.Equal(t, 0, res.ExitCode())
+}
+
 func TestFalco_Legacy_NoPluginsUnknownSourceRuleException(t *testing.T) {
 	t.Parallel()
 	checkDefaultConfig(t)