tests: fix bad http host rule tests

The test.yaml files were missing the command set to compare eve.json
output and to run without a pcap file, therefore being simply skipped
for lack of a pcap file.

Also took the opportunity to make these compatible with new error
message formats for Suricata 7.

Test 1 also had a typo in the expected message to be checked, making it
fail.

diff --git a/tests/test-bad-http-host-rule-1/test.yaml b/tests/test-bad-http-host-rule-1/test.yaml
index 49b0ab50ca4343039b0bd6e82a32217ff6551cfc..13810f2913bea4cf1bc840df4ad0349ed7872ec3 100644 (file)
--- a/tests/test-bad-http-host-rule-1/test.yaml
+++ b/tests/test-bad-http-host-rule-1/test.yaml
@@ -1,17 +1,24 @@
-requires:
-  min-version: 7.0.0
+command: |
+  ${SRCDIR}/src/suricata --set classification-file="${SRCDIR}/classification.config" --set reference-config-file="${SRCDIR}/reference.config" -l ${OUTPUT_DIR} -c ${TEST_DIR}/suricata.yaml -r ${TEST_DIR}/ -S ${TEST_DIR}/test.rules
 
 checks:
-  # check that we have the following entres in eve.json
+  # check that we have the following entries in eve.json
   # match 1 specific rule load failure reason
   - filter:
+      lt-version: 7
       count: 1
       match:
         event_type: engine
-        engine.message: "rule 1111: A pattern with uppercase chararacters detected for http.host. The hostname buffer is normalized to lowercase, please specify a lowercase pattern."
-
+        engine.error: "SC_ERR_NO_RULES_LOADED"
   - filter:
+      min-version: 7
       count: 1
       match:
         event_type: engine
-        engine.error: "SC_ERR_NO_RULES_LOADED"
+        engine.message: "rule 1111: A pattern with uppercase characters detected for http.host. The hostname buffer is normalized to lowercase, please specify a lowercase pattern."
+  - filter:
+      min-version: 7
+      count: 3
+      match:
+        event_type: engine
+        engine.module: detect

diff --git a/tests/test-bad-http-host-rule-2/test.yaml b/tests/test-bad-http-host-rule-2/test.yaml
index 32370d9a18977c611371e29b3cd541e9039479c3..c78279fa6348c4e29d99e9bf6631d20a4c103af5 100644 (file)
--- a/tests/test-bad-http-host-rule-2/test.yaml
+++ b/tests/test-bad-http-host-rule-2/test.yaml
@@ -1,17 +1,25 @@
-requires:
-  min-version: 7.0.0
+command: |
+  ${SRCDIR}/src/suricata --set classification-file="${SRCDIR}/classification.config" --set reference-config-file="${SRCDIR}/reference.config" -l ${OUTPUT_DIR} -c ${TEST_DIR}/suricata.yaml -r ${TEST_DIR}/ -S ${TEST_DIR}/test.rules
 
 checks:
-  # check that we have the following entres in eve.json
+  # check that we have the following entries in eve.json
   # match 1 specific rule load failure reason
   - filter:
+      lt-version: 7
       count: 1
       match:
         event_type: engine
-        engine.message: "rule 123: http.host keyword specified along with \"nocase\". The hostname buffer is normalized to lowercase, specifying nocase is redundant."
-
+        engine.error: "SC_ERR_NO_RULES_LOADED"
   - filter:
+      min-version: 7
       count: 1
       match:
         event_type: engine
-        engine.error: "SC_ERR_NO_RULES_LOADED"
+        engine.message: "rule 123: http.host keyword specified along with \"nocase\". The hostname buffer is normalized to lowercase, specifying nocase is redundant."
+  - filter:
+      min-version: 7
+      count: 3
+      match:
+        event_type: engine
+        engine.module: detect
+