Test For command falco -i (ignore default events)

pkg/run/runner.go

@@ -58,12 +58,12 @@ func WithArgs(args ...string) RunnerOption {
 	return func(ro *runOpts) { ro.args = append(ro.args, args...) }
 }
 
-// WithArgs is an option for running Falco by writing stdout on a given writer
+// WithStdout is an option for running Falco by writing stdout on a given writer
 func WithStdout(writer io.Writer) RunnerOption {
 	return func(ro *runOpts) { ro.stdout = writer }
 }
 
-// WithArgs is an option for running Falco by writing stderr on a given writer
+// WithStderr is an option for running Falco by writing stderr on a given writer
 func WithStderr(writer io.Writer) RunnerOption {
 	return func(ro *runOpts) { ro.stderr = writer }
 }

tests/data/outputs/event.go

@@ -0,0 +1,41 @@
+package outputs
+
+import (
+	"encoding/json"
+	"os"
+	"path/filepath"
+	"runtime"
+	"strings"
+
+	"github.com/falcosecurity/testing/pkg/run"
+)
+
+type Data struct {
+	Events []string `json:"events"`
+}
+
+func deserialize() string {
+	_, file, _, ok := runtime.Caller(1)
+	if !ok {
+		panic("not able to extract runtime caller info")
+	}
+	dir, err := filepath.Abs(filepath.Dir(file))
+	if err != nil {
+		panic(err)
+	}
+	filePath := filepath.Join(dir, "events.json")
+	evntfile, err := os.Open(filePath)
+	if err != nil {
+		panic(err)
+	}
+	defer evntfile.Close()
+
+	var events Data
+	err = json.NewDecoder(evntfile).Decode(&events)
+	if err != nil {
+		panic(err)
+	}
+	return strings.Join(events.Events, ",")
+}
+
+var EventData = run.NewStringFileAccessor("eventData", deserialize())

tests/data/outputs/events.json

@@ -0,0 +1,278 @@
+{
+  "events": [
+    "getdents64",
+    "getdents",
+    "getresgid",
+    "getresuid",
+    "getegid",
+    "geteuid",
+    "munmap",
+    "sendmmsg",
+    "splice",
+    "getpeername",
+    "write",
+    "stat",
+    "getsockname",
+    "access",
+    "nanosleep",
+    "setsockopt",
+    "read",
+    "futex",
+    "semget",
+    "getgid",
+    "page_fault",
+    "brk",
+    "readahead",
+    "set_mempolicy_home_node",
+    "io_pgetevents",
+    "setreuid",
+    "rt_sigtimedwait",
+    "process_madvise",
+    "vmsplice",
+    "lstat",
+    "preadv2",
+    "io_uring_register",
+    "rt_sigreturn",
+    "sched_get_priority_min",
+    "pread",
+    "sched_setscheduler",
+    "sched_getparam",
+    "init_module",
+    "sched_setparam",
+    "rt_sigpending",
+    "rt_sigsuspend",
+    "getpgid",
+    "delete_module",
+    "fremovexattr",
+    "msgsnd",
+    "uname",
+    "syslog",
+    "ioperm",
+    "fstatfs",
+    "getpgrp",
+    "sched_getscheduler",
+    "setpriority",
+    "open_tree",
+    "kcmp",
+    "getuid",
+    "prctl",
+    "llistxattr",
+    "waitid",
+    "arch_prctl",
+    "getpriority",
+    "send",
+    "ftruncate",
+    "truncate",
+    "mremap",
+    "reboot",
+    "settimeofday",
+    "pidfd_get_fd",
+    "readlink",
+    "gettimeofday",
+    "clock_gettime",
+    "getrusage",
+    "sethostname",
+    "timer_settime",
+    "mmap2",
+    "sysinfo",
+    "setdomainname",
+    "io_setup",
+    "inotify_add_watch",
+    "recvmmsg",
+    "pidfd_send_signal",
+    "getxattr",
+    "ppoll",
+    "move_mount",
+    "getpid",
+    "utime",
+    "mknod",
+    "semop",
+    "getppid",
+    "exit",
+    "recv",
+    "munlockall",
+    "sched_get_priority_max",
+    "sched_yield",
+    "mmap",
+    "restart_syscall",
+    "fchownat",
+    "getrlimit",
+    "fstat64",
+    "pkey_free",
+    "copy_file_range",
+    "fdatasync",
+    "clock_settime",
+    "get_mempolicy",
+    "pwritev",
+    "iopl",
+    "getsid",
+    "msgrcv",
+    "semctl",
+    "finit_module",
+    "writev",
+    "statx",
+    "lchown",
+    "set_mempolicy",
+    "listxattr",
+    "shmdt",
+    "sched_rr_get_interval",
+    "fsync",
+    "lgetxattr",
+    "getitimer",
+    "timerfd_settime",
+    "memfd_secret",
+    "mknodat",
+    "mlock2",
+    "pause",
+    "llseek",
+    "syncfs",
+    "uselib",
+    "keyctl",
+    "swapoff",
+    "umask",
+    "readv",
+    "add_key",
+    "select",
+    "getcwd",
+    "alarm",
+    "rt_sigprocmask",
+    "name_to_handle_at",
+    "lseek",
+    "poll",
+    "rt_tgsigqueueinfo",
+    "_sysctl",
+    "vhangup",
+    "timerfd_gettime",
+    "io_uring_enter",
+    "mlock",
+    "lstat64",
+    "futex_waitv",
+    "move_pages",
+    "clock_getres",
+    "munlock",
+    "query_module",
+    "adjtimex",
+    "swapon",
+    "mq_unlink",
+    "pidfd_open",
+    "capget",
+    "set_thread_area",
+    "faccessat",
+    "newfstatat",
+    "timer_delete",
+    "fspick",
+    "io_getevents",
+    "sysfs",
+    "get_kernel_syms",
+    "epoll_pwait",
+    "acct",
+    "preadv",
+    "epoll_wait",
+    "times",
+    "ioprio_set",
+    "pwrite",
+    "setxattr",
+    "mq_timedsend",
+    "personality",
+    "rt_sigaction",
+    "wait4",
+    "fstat",
+    "setgroups",
+    "flistxattr",
+    "sync",
+    "pluginevent",
+    "clock_adjtime",
+    "mprotect",
+    "timer_getoverrun",
+    "statfs",
+    "sched_getaffinity",
+    "utimensat",
+    "mq_timedreceive",
+    "switch",
+    "landlock_add_rule",
+    "setregid",
+    "inotify_rm_watch",
+    "tee",
+    "epoll_wait_old",
+    "ustat",
+    "fchown",
+    "remap_file_pages",
+    "chown",
+    "setfsuid",
+    "setfsgid",
+    "pivot_root",
+    "mincore",
+    "madvise",
+    "timer_create",
+    "gettid",
+    "lsetxattr",
+    "shmat",
+    "fsetxattr",
+    "quotactl_fd",
+    "lookup_dcookie",
+    "fgetxattr",
+    "lremovexattr",
+    "landlock_create_ruleset",
+    "sched_setaffinity",
+    "setitimer",
+    "io_submit",
+    "fsconfig",
+    "request_key",
+    "fanotify_init",
+    "fsopen",
+    "perf_event_open",
+    "epoll_pwait2",
+    "sched_setattr",
+    "get_thread_area",
+    "io_destroy",
+    "exit_group",
+    "fsmount",
+    "epoll_ctl",
+    "signaldeliver",
+    "set_tid_address",
+    "get_robust_list",
+    "timer_gettime",
+    "clock_nanosleep",
+    "pkey_mprotect",
+    "utimes",
+    "mq_open",
+    "mq_notify",
+    "pwritev2",
+    "mq_getsetattr",
+    "kexec_load",
+    "io_cancel",
+    "ioprio_get",
+    "futimesat",
+    "mount_setattr",
+    "readlinkat",
+    "stat64",
+    "shmget",
+    "pselect6",
+    "set_robust_list",
+    "time",
+    "shmctl",
+    "getcpu",
+    "msgctl",
+    "fallocate",
+    "process_vm_readv",
+    "getgroups",
+    "removexattr",
+    "process_vm_writev",
+    "sigaltstack",
+    "getrandom",
+    "fadvise64",
+    "rt_sigqueueinfo",
+    "memfd_create",
+    "mlockall",
+    "kexec_file_load",
+    "pkey_alloc",
+    "msgget",
+    "landlock_restrict_self",
+    "msync",
+    "modify_ldt",
+    "migrate_pages",
+    "sendfile",
+    "mbind",
+    "epoll_ctl_old"
+  ]
+}

tests/falco/commands_test.go

@@ -19,10 +19,12 @@ package testfalco
 
 import (
 	"regexp"
+	"strings"
 	"testing"
 
 	"github.com/falcosecurity/testing/pkg/falco"
 	"github.com/falcosecurity/testing/tests"
+	"github.com/falcosecurity/testing/tests/data/outputs"
 
 	"github.com/stretchr/testify/assert"
 )
@@ -132,3 +134,26 @@ func TestFalco_Cmd_PluginInfo(t *testing.T) {
 			`No suggested open params available.*`),
 		res.Stdout())
 }
+
+func TestFalco_Print_IgnoredEvents(t *testing.T) {
+	t.Parallel()
+	checkDefaultConfig(t)
+	bytearr, err := outputs.EventData.Content()
+	if err != nil {
+		panic(err)
+	}
+	events := strings.Split(string(bytearr), ",")
+	runner := tests.NewFalcoExecutableRunner(t)
+	res := falco.Test(
+		runner,
+		falco.WithArgs("-i"),
+	)
+	assert.Regexp(t, regexp.MustCompile(
+		`Ignored\sEvent\(s\):\n`,
+	), res.Stdout())
+	for _, event := range events {
+		assert.Contains(t, res.Stdout(), event)
+	}
+	assert.NoError(t, res.Err(), "%s", res.Stderr())
+	assert.Equal(t, res.ExitCode(), 0)
+}