From acba90d97a0e8af5742b2a4238b8bd857dc36960 Mon Sep 17 00:00:00 2001 From: Jason Dellaluce Date: Mon, 22 Jan 2024 17:53:03 +0000 Subject: [PATCH] test(engine): assess proper list escaping in engine collector Signed-off-by: Jason Dellaluce --- unit_tests/engine/test_rule_loader.cpp | 27 ++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) diff --git a/unit_tests/engine/test_rule_loader.cpp b/unit_tests/engine/test_rule_loader.cpp index a6b7d1da2eb..28366020409 100644 --- a/unit_tests/engine/test_rule_loader.cpp +++ b/unit_tests/engine/test_rule_loader.cpp @@ -941,3 +941,30 @@ TEST_F(engine_loader_test, required_engine_version_invalid) ASSERT_FALSE(load_rules(rules_content, "rules.yaml")); ASSERT_TRUE(check_error_message("Unable to parse engine version")); } + +// checks for issue described in https://github.com/falcosecurity/falco/pull/3028 +TEST_F(engine_loader_test, list_value_with_escaping) +{ + std::string rules_content = R"END( +- list: my_list + items: [non_escaped_val, "escaped val"] +)END"; + + ASSERT_TRUE(load_rules(rules_content, "rules.yaml")); + ASSERT_TRUE(m_load_result->successful()); + ASSERT_TRUE(m_load_result->has_warnings()); // a warning for the unused list + + auto rule_description = m_engine->describe_rule(nullptr, {}); + ASSERT_TRUE(m_load_result->successful()); + ASSERT_EQ(rule_description["rules"].size(), 0); + ASSERT_EQ(rule_description["macros"].size(), 0); + ASSERT_EQ(rule_description["lists"].size(), 1); + + // escaped values must not be interpreted as list refs by mistake + ASSERT_EQ(rule_description["lists"][0]["details"]["lists"].size(), 0); + + // values should be escaped correctly + ASSERT_EQ(rule_description["lists"][0]["details"]["items_compiled"].size(), 2); + ASSERT_EQ(rule_description["lists"][0]["details"]["items_compiled"][0].template get(), "non_escaped_val"); + ASSERT_EQ(rule_description["lists"][0]["details"]["items_compiled"][1].template get(), "escaped val"); +} \ No newline at end of file