forked from aquasecurity/tracee
-
Notifications
You must be signed in to change notification settings - Fork 0
/
entrypoint_test.bats
44 lines (37 loc) · 1.23 KB
/
entrypoint_test.bats
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
#!/usr/bin/env bats
load test/bats-helpers.bash
setup() {
export PATH="$PWD/test/mocks:$PATH"
log=$(mktemp)
export MOCK_LOG=$log
export TRACEE_EBPF_EXE="tracee-ebpf"
export TRACEE_RULES_EXE="tracee-rules"
export TRACEE_WEBHOOK_EXE="falco-sidekick"
export TRACEE_WEBHOOK_CONFIG="$0" #some existing file
}
teardown() {
rm $log
}
@test "trace" {
run ./entrypoint.sh trace --output json -t event=execve --capture dir:/something
assert_success
assert_contains 'tracee-ebpf --output json -t event=execve --capture dir:/something' $log
}
@test "config integrations" {
run ./entrypoint.sh
assert_success
assert_contains "$TRACEE_WEBHOOK_EXE --config-file=$0"
}
@test "select rules" {
run ./entrypoint.sh --rules 'example1,example2'
assert_success
assert_contains "$TRACEE_RULES_EXE .* --rules=example1,example2" $log
}
@test "no flags" {
run ./entrypoint.sh
assert_success
assert_contains "$TRACEE_WEBHOOK_EXE --config-file=$0"
assert_contains "processed: event1"
assert_contains "$TRACEE_RULES_EXE --input-tracee=file:stdin --input-tracee=format:gob --webhook=http://localhost:2801" $log
assert_contains "$TRACEE_EBPF_EXE --output=format:gob --security-alerts" $log
}