tests: update datajson to new file format

Update the tests to use JSON format and the new dataset syntax.

diff --git a/tests/datajson/datajson-01-ip/src.lst b/tests/datajson/datajson-01-ip/src.lst
index f44ad188c097b2b99dc10a0d6202dc4ed9dd991f..7553335cf09c658b98b8e06b827d9034419b928d 100644 (file)
--- a/tests/datajson/datajson-01-ip/src.lst
+++ b/tests/datajson/datajson-01-ip/src.lst
@@ -1 +1 @@
-10.16.1.11,{"test": "success","context":3}
+[{"ip": "10.16.1.11", "test": "success", "context":3}]

diff --git a/tests/datajson/datajson-01-ip/test.rules b/tests/datajson/datajson-01-ip/test.rules
index 6a94208f48f9c190a5a965cea3c0e6cf4c2c50e7..ce880a2ff7379981e4cb7bb1147699cd33e1163c 100644 (file)
--- a/tests/datajson/datajson-01-ip/test.rules
+++ b/tests/datajson/datajson-01-ip/test.rules
@@ -1 +1 @@
-alert http any any -> any any (flow:established,to_server; http.host; content:"testmyids.com"; ip.src; datajson:isset,src_ip,type ip,load src.lst,key src_ip; sid:1;)
+alert http any any -> any any (flow:established,to_server; http.host; content:"testmyids.com"; ip.src; dataset:isset,src_ip,type ip,load src.lst,format json, enrichment_key src_ip, value_key ip; sid:1;)

diff --git a/tests/datajson/datajson-02-multiple/host.lst b/tests/datajson/datajson-02-multiple/host.lst
index f1b1a17a64ea514b3baf26ae8eec269961818591..e72716b089db8d146247d011041c939f1cc5802e 100644 (file)
--- a/tests/datajson/datajson-02-multiple/host.lst
+++ b/tests/datajson/datajson-02-multiple/host.lst
@@ -1 +1 @@
-d3d3LnRlc3RteWlkcy5jb20=,{"context":"gold old test", "year": 2005}
+[{"host": "www.testmyids.com", "context":"gold old test", "year": 2005}]

diff --git a/tests/datajson/datajson-02-multiple/src.lst b/tests/datajson/datajson-02-multiple/src.lst
index f44ad188c097b2b99dc10a0d6202dc4ed9dd991f..7553335cf09c658b98b8e06b827d9034419b928d 100644 (file)
--- a/tests/datajson/datajson-02-multiple/src.lst
+++ b/tests/datajson/datajson-02-multiple/src.lst
@@ -1 +1 @@
-10.16.1.11,{"test": "success","context":3}
+[{"ip": "10.16.1.11", "test": "success", "context":3}]

diff --git a/tests/datajson/datajson-02-multiple/test.rules b/tests/datajson/datajson-02-multiple/test.rules
index acbf3045a22d2f46bbb724b62cc24665d3051676..592636c0c3a0449a70caa73c3f9adf6bffd8ccc6 100644 (file)
--- a/tests/datajson/datajson-02-multiple/test.rules
+++ b/tests/datajson/datajson-02-multiple/test.rules
@@ -1 +1 @@
-alert http any any -> any any (flow:established,to_server; http.host; datajson:isset,badhost,type string,load host.lst,key bad_host; ip.src; datajson:isset,src_ip,type ip,load src.lst,key src_ip; sid:1;)
+alert http any any -> any any (flow:established,to_server; http.host; dataset:isset,badhost,type string,load host.lst,format json,enrichment_key bad_host,value_key host; ip.src; dataset:isset,src_ip,type ip,load src.lst,format json,enrichment_key src_ip,value_key ip; sid:1;)

diff --git a/tests/datajson/datajson-04-hashes/badmd5.lst b/tests/datajson/datajson-04-hashes/badmd5.lst
index 390a1e659630a8915ceef80ec64b14618375b0e0..9ae44e3fded2798ec7ae24d951be7571fbb98184 100644 (file)
--- a/tests/datajson/datajson-04-hashes/badmd5.lst
+++ b/tests/datajson/datajson-04-hashes/badmd5.lst
@@ -1 +1 @@
-b65d49730d16e5a8a7b2ab95350848b8,{"year": 2007, "where": "home"}
+[{"hash": "b65d49730d16e5a8a7b2ab95350848b8", "year": 2007, "where": "home"}]

diff --git a/tests/datajson/datajson-04-hashes/badsha.lst b/tests/datajson/datajson-04-hashes/badsha.lst
index 58bcade9df5c2c6826b2ed52dddfeda55348d408..d8e87afdb8389844e9a1197a40d1a9f14842edcc 100644 (file)
--- a/tests/datajson/datajson-04-hashes/badsha.lst
+++ b/tests/datajson/datajson-04-hashes/badsha.lst
@@ -1,2 +1 @@
-e0ca4ff795b3f32d45260678e4ab79884793c05a149f2b350d10274451dc210a,{"year":2005,"where":"internet"}
-#E0CA4FF795B3F32D45260678E4AB79884793C05A149F2B350D10274451DC210A,{"year":2005,"where":"internet"}
+[{"hash": "e0ca4ff795b3f32d45260678e4ab79884793c05a149f2b350d10274451dc210a","year":2005,"where":"internet"}]

diff --git a/tests/datajson/datajson-04-hashes/badsha1.lst b/tests/datajson/datajson-04-hashes/badsha1.lst
deleted file mode 100644 (file)
index 1cdea21..0000000
--- a/tests/datajson/datajson-04-hashes/badsha1.lst
+++ /dev/null
@@ -1 +0,0 @@
-6951a4eb86e09aac29a003a35ee4d6b4a8468a6e,{"year":2006,"where":"internet"}

diff --git a/tests/datajson/datajson-04-hashes/test.rules b/tests/datajson/datajson-04-hashes/test.rules
index af67a6908481000d406ff4c7b3e5abab680e1a9b..900bdbba3983c2b5cc107018f184805b0735c0dd 100644 (file)
--- a/tests/datajson/datajson-04-hashes/test.rules
+++ b/tests/datajson/datajson-04-hashes/test.rules
@@ -1,2 +1,2 @@
-alert http any any -> any any (flow:established,to_server; http.host; content: "testmyids"; to_sha256; datajson:isset,badcat,type sha256,load badsha.lst,key bad_sha; sid:1; rev:1;)
-alert http any any -> any any (flow:established,to_server; http.host; content: "testmyids"; to_md5; datajson:isset,badmd5,type md5,load badmd5.lst,key bad_md5; sid:2; rev:1;)
+alert http any any -> any any (flow:established,to_server; http.host; content: "testmyids"; to_sha256; dataset:isset,badcat,type sha256,load badsha.lst,format json,enrichment_key bad_sha,value_key hash; sid:1; rev:1;)
+alert http any any -> any any (flow:established,to_server; http.host; content: "testmyids"; to_md5; dataset:isset,badmd5,type md5,load badmd5.lst,format json,enrichment_key bad_md5,value_key hash; sid:2; rev:1;)

diff --git a/tests/datajson/datajson-05-duplicate/host.lst b/tests/datajson/datajson-05-duplicate/host.lst
index d852cad3b46e78445a4ef9a342ef6f1319d01ee7..76f22e577cbde8b48268964bf0aaf8ff6070a3e1 100644 (file)
--- a/tests/datajson/datajson-05-duplicate/host.lst
+++ b/tests/datajson/datajson-05-duplicate/host.lst
@@ -1,2 +1,4 @@
-d3d3LnRlc3RteWlkcy5jb20=,{"context":"good old test", "year": 2005}
-d3d3LnRlc3RteWlkcy5jb20=,{"context":"gold old test", "year": 2006}
+[
+    {"host":"www.testmyids.com", "context":"good old test", "year": 2005},
+    {"host":"www.testmyids.com", "context":"gold old test", "year": 2006}
+]

diff --git a/tests/datajson/datajson-05-duplicate/src.lst b/tests/datajson/datajson-05-duplicate/src.lst
index 4993bc672ac7b24dec38783b30b9a83bd1aa728a..b5945d4bcd6baa86eafb6410a833d1ef33c4939c 100644 (file)
--- a/tests/datajson/datajson-05-duplicate/src.lst
+++ b/tests/datajson/datajson-05-duplicate/src.lst
@@ -1,2 +1,4 @@
-10.16.1.11,{"test": "success","context":1}
-10.16.1.11,{"test": "fail","context":2}
+[
+    {"ip": "10.16.1.11","test": "success","context":1},
+    {"ip": "10.16.1.11","test": "fail","context":2}
+]

diff --git a/tests/datajson/datajson-05-duplicate/test.rules b/tests/datajson/datajson-05-duplicate/test.rules
index acbf3045a22d2f46bbb724b62cc24665d3051676..592636c0c3a0449a70caa73c3f9adf6bffd8ccc6 100644 (file)
--- a/tests/datajson/datajson-05-duplicate/test.rules
+++ b/tests/datajson/datajson-05-duplicate/test.rules
@@ -1 +1 @@
-alert http any any -> any any (flow:established,to_server; http.host; datajson:isset,badhost,type string,load host.lst,key bad_host; ip.src; datajson:isset,src_ip,type ip,load src.lst,key src_ip; sid:1;)
+alert http any any -> any any (flow:established,to_server; http.host; dataset:isset,badhost,type string,load host.lst,format json,enrichment_key bad_host,value_key host; ip.src; dataset:isset,src_ip,type ip,load src.lst,format json,enrichment_key src_ip,value_key ip; sid:1;)

diff --git a/tests/datajson/datajson-06-valid-json/host.lst b/tests/datajson/datajson-06-valid-json/host.lst
deleted file mode 100644 (file)
index e184bf6..0000000
--- a/tests/datajson/datajson-06-valid-json/host.lst
+++ /dev/null
@@ -1 +0,0 @@
-d3d3LnRlc3RteWlkcy5jb20=,"context"

diff --git a/tests/datajson/datajson-06-valid-json/input.pcap b/tests/datajson/datajson-06-valid-json/input.pcap
deleted file mode 100644 (file)
index 8fb6832..0000000
Binary files a/tests/datajson/datajson-06-valid-json/input.pcap and /dev/null differ

diff --git a/tests/datajson/datajson-06-valid-json/ip.lst b/tests/datajson/datajson-06-valid-json/ip.lst
deleted file mode 100644 (file)
index 4d112f8..0000000
--- a/tests/datajson/datajson-06-valid-json/ip.lst
+++ /dev/null
@@ -1,2 +0,0 @@
-10.16.1.12,1.2
-10.16.1.11,42

diff --git a/tests/datajson/datajson-06-valid-json/ip2.lst b/tests/datajson/datajson-06-valid-json/ip2.lst
deleted file mode 100644 (file)
index 19d54fd..0000000
--- a/tests/datajson/datajson-06-valid-json/ip2.lst
+++ /dev/null
@@ -1 +0,0 @@
-10.16.1.11,1.2

diff --git a/tests/datajson/datajson-06-valid-json/test.rules b/tests/datajson/datajson-06-valid-json/test.rules
deleted file mode 100644 (file)
index 599e421..0000000
--- a/tests/datajson/datajson-06-valid-json/test.rules
+++ /dev/null
@@ -1,2 +0,0 @@
-alert http any any -> any any (flow:established,to_server; http.host; datajson:isset,badhost,type string,load host.lst,key bad_host; ip.src; datajson:isset,bip,type ipv6,load ip.lst,key ip; sid:1;)
-alert http any any -> any any (flow:established,to_server; http.host; datajson:isset,badhost,type string,load host.lst,key bad_host; ip.src; datajson:isset,bip2,type ipv6,load ip2.lst,key ip; sid:2;)

diff --git a/tests/datajson/datajson-06-valid-json/test.yaml b/tests/datajson/datajson-06-valid-json/test.yaml
deleted file mode 100644 (file)
index 933e9a6..0000000
--- a/tests/datajson/datajson-06-valid-json/test.yaml
+++ /dev/null
@@ -1,25 +0,0 @@
-requires:
-  min-version: 8
-
-args:
- - -k none --set datasets.enabled=yes
-
-checks:
-  - filter:
-      count: 2
-      match:
-        event_type: alert
-  - filter:
-      count: 1
-      match:
-        event_type: alert
-        alert.signature_id: 1
-        alert.extra.ip: 42
-        alert.extra.bad_host: context
-  - filter:
-      count: 1
-      match:
-        event_type: alert
-        alert.signature_id: 2
-        alert.extra.ip: 1.2
-        alert.extra.bad_host: context

diff --git a/tests/datajson/datajson-07-dataset/test.rules b/tests/datajson/datajson-07-dataset/test.rules
index 5513f03b2ba8fae322694a38a8341eefebdea00d..95a8258957d99a64854acc9c10217829acbe5e58 100644 (file)
--- a/tests/datajson/datajson-07-dataset/test.rules
+++ b/tests/datajson/datajson-07-dataset/test.rules
@@ -1,2 +1,2 @@
-alert http any any -> any any (flow:established,to_server; ip.src; datajson:isset,bip,type ipv6,load ip.lst,key ip; sid:1;)
-alert http any any -> any any (flow:established,to_server; http.host; datajson:isset,badhost,type string,load host.lst,key bad_host; sid:2;)
+alert http any any -> any any (flow:established,to_server; ip.src; dataset:isset,bip,type ipv6,load ip.lst,key ip; sid:1;)
+alert http any any -> any any (flow:established,to_server; http.host; dataset:isset,badhost,type string,load host.lst,enrichment_key bad_host; sid:2;)

diff --git a/tests/datajson/datajson-08-invalid-json/test.rules b/tests/datajson/datajson-08-invalid-json/test.rules
index 4de245d335814e4289a39200031917c60c26ffb2..71aa789ba5ffd5e788c98ec95234fe38ed73f940 100644 (file)
--- a/tests/datajson/datajson-08-invalid-json/test.rules
+++ b/tests/datajson/datajson-08-invalid-json/test.rules
@@ -1 +1 @@
-alert http any any -> any any (flow:established,to_server; ip.src; datajson:isset,bip,type ipv6,load ip.lst,key ip; sid:1;)
+alert http any any -> any any (flow:established,to_server; ip.src; dataset:isset,bip,type ipv6,load ip.lst,format json, enrichment_key ip, value_key ip; sid:1;)