Falco: Upgrading event-generator and automating Falco performance testing

Architecture Overview:

The enhanced event generator will support testing Falco rules using declarative YAML files. These YAML files will contain tests for different rules, including setup and cleanup phases, and will specify the runner type for each test or block of tests. The event generator will interpret these YAML files, execute the tests in the specified environment using the corresponding runner, and provide logging and reporting functionalities.

YAML Test File Structure:

The YAML test file structure will include the following fields:

tests: A list of tests, each containing:
- rule: The name of the Falco rule being tested;
- runner: The type of runner to be used for executing the test (e.g., HostRunner, ContainerRunner);
- setup: Bash script for the setup phase before running the test steps.
- steps: The steps needed to trigger the rule, specifying syscalls and their arguments;
- cleanup: Bash script for the cleanup phase after running the test steps.

Example:



























tests:
  - rule: RuleName
    runner: HostRunner
    before: |
      # Bash script for setup phase on host
      echo "Setting up environment on host..."
    steps:
      - syscall: open
        args:
          filepath: /path/to/file
          mode: "rw"
    after: |
      # Bash script for cleanup phase on host
      echo "Cleaning up environment on host..."
  - rule: AnotherRule
    runner: ContainerRunner
    before: |
      # Bash script for setup phase in container
      echo "Setting up environment in container..."
    steps:
      - syscall: connect
        args:
          address: "127.0.0.1"
          port: 8080
    after: |
      # Bash script for cleanup phase in container
      echo "Cleaning up environment in container..."

Runner Interface:

Implement a runner interface within the event generator to execute tests in different environments. Each runner will provide methods for setup, cleanup, and executing test steps in its specific environment.

Runner Types:

Define different runner types to represent various environments, such as:

HostRunner: Executes tests on the host system.
ContainerRunner: Executes tests within containers.
CustomRunners: Allow users to define custom runnerss for specific environments.

Execution Flow:

The event generator will parse the YAML test file, select the appropriate runner based on the specified runner type for each test, execute the setup phase, execute the test steps, execute the cleanup phase, and log the results.

Error Handling and Logging:

Proper error handling mechanisms will be implemented within each runner to capture any issues specific to the environment and report them to the user. Additionally, logging functionalities will be enhanced to provide detailed information about the execution of setup, test steps, and cleanup phases.

Documentation and Examples:

The documentation will be updated to include guidelines on writing YAML test files, specifying runner types, and implementing setup and cleanup scripts. Examples will be provided to illustrate different testing scenarios and best practices for testing Falco rules in different environments.