Update negative regression tests and fix bugs

Signed-off-by: Mark Stemm <mark.stemm@gmail.com>
falcosecurity · Nov 4, 2021 · 1376aed · 1376aed
1 parent 451590d
commit 1376aed
Show file tree

Hide file tree

Showing 2 changed files with 33 additions and 7 deletions.
diff --git a/test/falco_tests_exceptions.yaml b/test/falco_tests_exceptions.yaml
@@ -177,10 +177,18 @@ trace_files: !mux
     trace_file: trace_files/cat_write.scap
 
   rule_exception_append_item_not_in_rule:
-    exit_status: 0
-    stderr_contains: |+
-      1 warnings:
-      Rule My Rule with append=true: no set of fields matching name ex2
+    exit_status: 1
+    stdout_is: |+
+      1 errors:
+      Rule exception new item ex2: must have fields property with a list of fields
+      ---
+      - rule: My Rule
+        exceptions:
+          - name: ex2
+            values:
+              - [apache, /tmp]
+        append: true
+      ---
     validate_rules_file:
       - rules/exceptions/append_item_not_in_rule.yaml
     trace_file: trace_files/cat_write.scap
@@ -315,13 +323,31 @@ trace_files: !mux
     detect: False
     detect_level: WARNING
     rules_file:
-      - rule_exception_new_single_field_append.yaml
+      - rules/exceptions/rule_exception_new_single_field_append.yaml
     trace_file: trace_files/cat_write.scap
 
   rule_exception_new_second_field_append:
     detect: False
     detect_level: WARNING
     rules_file:
-      - rule_exception_new_second_field_append.yaml
+      - rules/exceptions/rule_exception_new_second_field_append.yaml
+    trace_file: trace_files/cat_write.scap
+
+  rule_exception_new_append_no_field:
+    exit_status: 1
+    stdout_is: |+
+      1 errors:
+      Rule exception new item proc_cmdline: must have fields property with a list of fields
+      ---
+      - rule: Open From Cat
+        exceptions:
+          - name: proc_cmdline
+            comps: in
+            values:
+              - "cat /dev/null"
+        append: true
+      ---
+    validate_rules_file:
+      - rules/exceptions/rule_exception_new_no_field_append.yaml
     trace_file: trace_files/cat_write.scap
 
diff --git a/userspace/engine/lua/rule_loader.lua b/userspace/engine/lua/rule_loader.lua
@@ -613,7 +613,7 @@ function load_rules_doc(rules_mgr, doc, load_state)
 
 		     if new_exception then
 			local exceptions = state.rules_by_name[v['rule']]['exceptions']
-			if exceptions == nil do
+			if exceptions == nil then
 			   exceptions = {}
 			end