Add basic test for location module.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>

diff --git a/tests/location/create-database.py b/tests/location/create-database.py
new file mode 100644 (file)
index 0000000..9f2f91d
--- /dev/null
+++ b/tests/location/create-database.py
@@ -0,0 +1,51 @@
+#!/usr/bin/python3
+
+import _location as location
+
+# Test data.
+test_data = {
+        '123.125.71.29/32': {
+            'ccode': 'CN',
+            'cname': 'China',
+            'ccontinent': 'AS',
+            'asnumber': 4808,
+            'asname': 'China Unicom', 
+        },
+        '82.165.177.154/32': {
+            'ccode': 'DE',
+            'cname': 'Germany',
+            'ccontinent': 'EU',
+            'asnumber': 8560,
+            'asname': '1&1 IONOS SE',
+        }
+    }
+
+db = location.Writer()
+
+# Set the vendor
+db.vendor = "suricata-verify"
+
+# Set a description
+db.description = "suricata-verify location test database"
+
+# Set a license
+db.license = "CC"
+
+# Loop through the dict of testdata
+for addr, data in test_data.items():
+    # Add country and details
+    country = db.add_country(data["ccode"])
+    country.continent_code = data["ccontinent"]
+    country.name = data["cname"]
+
+    # Add AS and data
+    asn = db.add_as(data["asnumber"])
+    asn.name = data["asname"]
+
+    # Add a network
+    net = db.add_network(addr)
+    net.country_code = data["ccode"]
+    net.asn = asn.number
+
+# Write the database to disk
+db.write("test.db")

diff --git a/tests/location/input.pcap b/tests/location/input.pcap
new file mode 120000 (symlink)
index 0000000..39fbe32
--- /dev/null
+++ b/tests/location/input.pcap
@@ -0,0 +1 @@
+../alert-testmyids/input.pcap
\ No newline at end of file

diff --git a/tests/location/suricata.yaml b/tests/location/suricata.yaml
new file mode 100644 (file)
index 0000000..3e83836
--- /dev/null
+++ b/tests/location/suricata.yaml
@@ -0,0 +1,13 @@
+%YAML 1.1
+---
+
+location-database: ./test.db
+
+outputs:
+  - eve-log:
+      enabled: yes
+      filetype: regular
+      filename: eve.json
+      types:
+        - alert
+

diff --git a/tests/location/test.db b/tests/location/test.db
new file mode 100644 (file)
index 0000000..098592f
Binary files /dev/null and b/tests/location/test.db differ

diff --git a/tests/location/test.rules b/tests/location/test.rules
new file mode 100644 (file)
index 0000000..a4a88f7
--- /dev/null
+++ b/tests/location/test.rules
@@ -0,0 +1,2 @@
+alert tcp any any -> any any (msg:"China IP"; flow:established,to_server; geoip:dst,CN; sid:1; rev:1; flowbits:isnotset,china; flowbits:set,china;)
+alert tcp any any -> any any (msg:"German IP"; flow:established,to_server; geoip: dst,DE; sid:2; rev:1; flowbits:isnotset,german; flowbits:set,german;)

diff --git a/tests/location/test.yaml b/tests/location/test.yaml
new file mode 100644 (file)
index 0000000..49b29b3
--- /dev/null
+++ b/tests/location/test.yaml
@@ -0,0 +1,19 @@
+requires:
+  features:
+    - HAVE_LIBJANSSON
+    - IPFire Location
+
+checks:
+
+  # Check that we only have one alert event type in eve.
+  - filter:
+      count: 1
+      match:
+        event_type: alert
+
+  # Check alert is the good one
+  - filter:
+      count: 1
+      match:
+        event_type: alert
+        alert.signature_id: 2