test: test setting to ignore unknown requirement

Test that the new behavior in 8 for treating unknown requirements as
unsatisfied can be disable in 7.0.8 and newer, but that this setting is not
respected in 8.

diff --git a/tests/requires-7-unknown/README.md b/tests/requires-7-unknown/README.md
new file mode 100644 (file)
index 0000000..e01299b
--- /dev/null
+++ b/tests/requires-7-unknown/README.md
@@ -0,0 +1,3 @@
+Test that the new behavior in 8 for treating unknown requirements as
+unsatisfied can be disable in 7.0.8 and newer, but that this setting is not
+respected in 8.

diff --git a/tests/requires-7-unknown/test.rules b/tests/requires-7-unknown/test.rules
new file mode 100644 (file)
index 0000000..136269b
--- /dev/null
+++ b/tests/requires-7-unknown/test.rules
@@ -0,0 +1 @@
+alert http any any -> any any (content:"uid=0"; requires: foo bar; sid:9; rev:1;)

diff --git a/tests/requires-7-unknown/test.yaml b/tests/requires-7-unknown/test.yaml
new file mode 100644 (file)
index 0000000..8b4c149
--- /dev/null
+++ b/tests/requires-7-unknown/test.yaml
@@ -0,0 +1,27 @@
+args:
+  # Suricata 8 doesn't respect this setting.
+  - --set ignore-unknown-requirements=true
+
+pcap: ../eve-metadata/testmyids.pcap
+
+checks:
+
+  - filter:
+      requires:
+        lt-version: 8
+      count: 1
+      match:
+        event_type: stats
+        stats.detect.engines[0].rules_skipped: 0
+        stats.detect.engines[0].rules_loaded: 1
+        stats.detect.engines[0].rules_failed: 0
+
+  - filter:
+      requires:
+        min-version: 8
+      count: 1
+      match:
+        event_type: stats
+        stats.detect.engines[0].rules_skipped: 1
+        stats.detect.engines[0].rules_loaded: 0
+        stats.detect.engines[0].rules_failed: 0