diff --git a/test/e2e/tests/test_event_generator/test_db_program_spawned_process.py b/test/e2e/tests/test_event_generator/test_db_program_spawned_process.py index 278e6db35d..96a8f9e56d 100644 --- a/test/e2e/tests/test_event_generator/test_db_program_spawned_process.py +++ b/test/e2e/tests/test_event_generator/test_db_program_spawned_process.py @@ -53,7 +53,7 @@ def test_db_program_spawned_process(sinsp, run_containers: dict): }, { "container.id": generator_id, - "evt.args": SinspField.regex_field(r'^res=0 exe=/bin/ls args=NULL tid=\d+\(ls\) pid=\d+\(ls\) ptid=\d+\(mysqld\) .* tty=0 pgid=1\(systemd\) loginuid=-1\(\\) flags=9\(EXE_WRITABLE\|EXE_LOWER_LAYER\) cap_inheritable=0'), + "evt.args": SinspField.regex_field(r'^res=0 exe=/bin/ls args=NULL tid=\d+\(ls\) pid=\d+\(ls\) ptid=\d+\(mysqld\) .* tty=0 vpgid=1\(systemd\) loginuid=-1\(\\) flags=9\(EXE_WRITABLE\|EXE_LOWER_LAYER\) cap_inheritable=0'), "evt.category": "process", "evt.num": SinspField.numeric_field(), "evt.time": SinspField.numeric_field(), diff --git a/test/e2e/tests/test_event_generator/test_run_shell_untrusted.py b/test/e2e/tests/test_event_generator/test_run_shell_untrusted.py index 9f6d032c20..200f24a5de 100644 --- a/test/e2e/tests/test_event_generator/test_run_shell_untrusted.py +++ b/test/e2e/tests/test_event_generator/test_run_shell_untrusted.py @@ -26,7 +26,7 @@ def test_run_shell_untrusted(sinsp, run_containers: dict): expected_events = [ { "container.id": generator_id, - "evt.args": SinspField.regex_field(r'^res=0 exe=\/tmp\/falco-event-generator\d+\/httpd args=--loglevel.info.run.\^helper.RunShell\$. tid=\d+\(httpd\) pid=\d+\(httpd\) ptid=\d+\(event-generator\) .* tty=0 pgid=\d+\(systemd\) loginuid=-1\(\\) flags=9\(EXE_WRITABLE\|EXE_LOWER_LAYER\) cap_inheritable=0'), + "evt.args": SinspField.regex_field(r'^res=0 exe=\/tmp\/falco-event-generator\d+\/httpd args=--loglevel.info.run.\^helper.RunShell\$. tid=\d+\(httpd\) pid=\d+\(httpd\) ptid=\d+\(event-generator\) .* tty=0 vpgid=\d+\(systemd\) loginuid=-1\(\\) flags=9\(EXE_WRITABLE\|EXE_LOWER_LAYER\) cap_inheritable=0'), "evt.category": "process", "evt.num": SinspField.numeric_field(), "evt.time": SinspField.numeric_field(), @@ -38,7 +38,7 @@ def test_run_shell_untrusted(sinsp, run_containers: dict): }, { "container.id": generator_id, - "evt.args": SinspField.regex_field(r'^res=0 exe=bash args=-c.ls > \/dev\/null. tid=\d+\(bash\) pid=\d+\(bash\) ptid=\d+\(httpd\) .* tty=0 pgid=\d+\(systemd\) loginuid=-1\(\\) flags=9\(EXE_WRITABLE\|EXE_LOWER_LAYER\) cap_inheritable=0'), + "evt.args": SinspField.regex_field(r'^res=0 exe=bash args=-c.ls > \/dev\/null. tid=\d+\(bash\) pid=\d+\(bash\) ptid=\d+\(httpd\) .* tty=0 vpgid=\d+\(systemd\) loginuid=-1\(\\) flags=9\(EXE_WRITABLE\|EXE_LOWER_LAYER\) cap_inheritable=0'), "evt.category": "process", "evt.num": SinspField.numeric_field(), "evt.time": SinspField.numeric_field(), diff --git a/test/e2e/tests/test_event_generator/test_system_user_interactive.py b/test/e2e/tests/test_event_generator/test_system_user_interactive.py index 7993f968b9..4c94664c6e 100644 --- a/test/e2e/tests/test_event_generator/test_system_user_interactive.py +++ b/test/e2e/tests/test_event_generator/test_system_user_interactive.py @@ -27,7 +27,7 @@ def test_system_user_interactive(sinsp, run_containers: dict): expected_events = [ { "container.id": generator_id, - "evt.args": SinspField.regex_field(r'^res=0 exe=\/bin\/login args=NULL tid=\d+\(login\) pid=\d+\(login\) ptid=\d+\(event-generator\) .* pgid=\d+\(systemd\) loginuid=-1\(\\) flags=8\(EXE_LOWER_LAYER\) cap_inheritable=0 cap_permitted=0 cap_effective=0'), + "evt.args": SinspField.regex_field(r'^res=0 exe=\/bin\/login args=NULL tid=\d+\(login\) pid=\d+\(login\) ptid=\d+\(event-generator\) .* vpgid=\d+\(systemd\) loginuid=-1\(\\) flags=8\(EXE_LOWER_LAYER\) cap_inheritable=0 cap_permitted=0 cap_effective=0'), "evt.category": "process", "evt.num": SinspField.numeric_field(), "evt.time": SinspField.numeric_field(),