tests: check exception policies flow output

Add checks for `flow.exception_policy` fields in the
exception policies tests.

Related to
Task #6215

diff --git a/tests/exception-policy-applayer-01/test.yaml b/tests/exception-policy-applayer-01/test.yaml
index f7a5fdc7cf1af215c987a4666fc41b091fb10715..8569a2be2478198d982f700a966743ec123cbd00 100644 (file)
--- a/tests/exception-policy-applayer-01/test.yaml
+++ b/tests/exception-policy-applayer-01/test.yaml
@@ -59,3 +59,10 @@ checks:
         event_type: stats
         stats.app_layer.error.exception_policy.drop_flow: 1
         stats.app_layer.error.exception_policy.pass_flow: 0
+  - filter:
+      min-version: 8
+      count: 1
+      match:
+        event_type: flow
+        flow.exception_policy[0].target: "app_layer_error"
+        flow.exception_policy[0].policy: "drop_flow"

diff --git a/tests/exception-policy-applayer-02/test.yaml b/tests/exception-policy-applayer-02/test.yaml
index c0e33bba5716d6cc7582a5a38b623e2184ba1a2f..a45b97e5abec34b124363326a255f6c5cf041c62 100644 (file)
--- a/tests/exception-policy-applayer-02/test.yaml
+++ b/tests/exception-policy-applayer-02/test.yaml
@@ -48,3 +48,10 @@ checks:
         event_type: stats
         stats.app_layer.error.tls.exception_policy.pass_packet: 1
         stats.app_layer.error.tls.exception_policy.drop_packet: 0
+  - filter:
+      min-version: 8
+      count: 1
+      match:
+        event_type: flow
+        flow.exception_policy[0].target: "app_layer_error"
+        flow.exception_policy[0].policy: "pass_packet"

diff --git a/tests/exception-policy-applayer-03/test.yaml b/tests/exception-policy-applayer-03/test.yaml
index 2eedb523024393adc17229751917aa2f784ab14b..c0189b0f84562f05003beda69a34806839d5a8b7 100644 (file)
--- a/tests/exception-policy-applayer-03/test.yaml
+++ b/tests/exception-policy-applayer-03/test.yaml
@@ -71,3 +71,10 @@ checks:
       event_type: stats
       stats.app_layer.error.exception_policy.pass_packet: 1
       stats.app_layer.error.exception_policy.drop_packet: 0
+- filter:
+    min-version: 8
+    count: 1
+    match:
+      event_type: flow
+      flow.exception_policy[0].target: "app_layer_error"
+      flow.exception_policy[0].policy: "pass_packet"

diff --git a/tests/exception-policy-default-01/suricata.yaml b/tests/exception-policy-default-01/suricata.yaml
index 09637bdec0577db17716f1792d3fcbbf264fc25a..a84c700553fe53176a65fa17a3b91fb3e622ca57 100644 (file)
--- a/tests/exception-policy-default-01/suricata.yaml
+++ b/tests/exception-policy-default-01/suricata.yaml
@@ -13,6 +13,7 @@ outputs:
             alerts: yes      # log alerts that caused drops
             flows: all       # start or all: 'start' logs only a single drop
         - stats
+        - flow
   - stats:
        enabled: yes
        filename: stats.log

diff --git a/tests/exception-policy-default-01/test.yaml b/tests/exception-policy-default-01/test.yaml
index 676b6c260be46676cb5ffddeab8e66f01269d512..4391585aec4bf19645e2f99ac0d323b5ad70418b 100644 (file)
--- a/tests/exception-policy-default-01/test.yaml
+++ b/tests/exception-policy-default-01/test.yaml
@@ -22,3 +22,10 @@ checks:
       match:
         event_type: tls
         tls.sni: example.com
+  - filter:
+      min-version: 8
+      count: 1
+      match:
+        event_type: flow
+        not-has-key: flow.exception_policy[0].target
+        not-has-key: flow.exception_policy[0].policy

diff --git a/tests/exception-policy-default-02/test.yaml b/tests/exception-policy-default-02/test.yaml
index 8c02045046be5b388f0c1ebdc4dbd5fb2141f624..738756b05e60eaeabc90e1a807e953ce4651cb89 100644 (file)
--- a/tests/exception-policy-default-02/test.yaml
+++ b/tests/exception-policy-default-02/test.yaml
@@ -12,3 +12,10 @@ checks:
       count: 1
       match:
         event_type: http
+  - filter:
+      min-version: 8
+      count: 1
+      match:
+        event_type: flow
+        flow.exception_policy[0].target: "stream_midstream"
+        flow.exception_policy[0].policy: "ignore"

diff --git a/tests/exception-policy-default-03/test.yaml b/tests/exception-policy-default-03/test.yaml
index 90a2f1859c49f6da960bb52b4e55254d5cac72eb..c244dda35a30bb7d78a0a324849b3c2a1fec11e4 100644 (file)
--- a/tests/exception-policy-default-03/test.yaml
+++ b/tests/exception-policy-default-03/test.yaml
@@ -36,3 +36,10 @@ checks:
       count: 0
       match:
         event_type: http
+  - filter:
+      min-version: 8
+      count: 1
+      match:
+        event_type: flow
+        flow.exception_policy[0].target: "stream_midstream"
+        flow.exception_policy[0].policy: "drop_flow"

diff --git a/tests/exception-policy-default-04/test.yaml b/tests/exception-policy-default-04/test.yaml
index f751f3d9d8794f7450432b2bf91f008d688588c3..88191d798307e4ada743516d32c06a6081c4eca9 100644 (file)
--- a/tests/exception-policy-default-04/test.yaml
+++ b/tests/exception-policy-default-04/test.yaml
@@ -23,3 +23,10 @@ checks:
       count: 0
       match:
         event_type: http
+  - filter:
+      min-version: 8
+      count: 1
+      match:
+        event_type: flow
+        flow.exception_policy[0].target: "stream_midstream"
+        flow.exception_policy[0].policy: "ignore"

diff --git a/tests/exception-policy-master-switch/exception-policy-master-switch-01/test.yaml b/tests/exception-policy-master-switch/exception-policy-master-switch-01/test.yaml
index 7adfc8048a6935956b34d77aff1a65c4e3a7464b..ff4fb586dd3f271133d713868f1a3ac9bf2a6b2b 100644 (file)
--- a/tests/exception-policy-master-switch/exception-policy-master-switch-01/test.yaml
+++ b/tests/exception-policy-master-switch/exception-policy-master-switch-01/test.yaml
@@ -35,3 +35,10 @@ checks:
       count: 0
       match:
         event_type: http
+  - filter:
+      min-version: 8
+      count: 1
+      match:
+        event_type: flow
+        flow.exception_policy[0].target: "stream_midstream"
+        flow.exception_policy[0].policy: "drop_flow"

diff --git a/tests/exception-policy-master-switch/exception-policy-master-switch-02/test.yaml b/tests/exception-policy-master-switch/exception-policy-master-switch-02/test.yaml
index 3cbb4658ac251cea736647e65885dd4074a0103a..41369a3cd583993f6e8f4113d704afd8d87f3f01 100644 (file)
--- a/tests/exception-policy-master-switch/exception-policy-master-switch-02/test.yaml
+++ b/tests/exception-policy-master-switch/exception-policy-master-switch-02/test.yaml
@@ -25,3 +25,10 @@ checks:
       count: 0
       match:
         event_type: http
+  - filter:
+      min-version: 8
+      count: 1
+      match:
+        event_type: flow
+        flow.exception_policy[0].target: "stream_midstream"
+        flow.exception_policy[0].policy: "bypass"

diff --git a/tests/exception-policy-master-switch/exception-policy-master-switch-03/test.yaml b/tests/exception-policy-master-switch/exception-policy-master-switch-03/test.yaml
index 562c31d4a2b552f06d801f4ecc3335c58a3e8216..302d878f58423f3a934308ef631121e8945ca7f6 100644 (file)
--- a/tests/exception-policy-master-switch/exception-policy-master-switch-03/test.yaml
+++ b/tests/exception-policy-master-switch/exception-policy-master-switch-03/test.yaml
@@ -25,3 +25,10 @@ checks:
       count: 1
       match:
         event_type: http
+  - filter:
+      min-version: 8
+      count: 1
+      match:
+        event_type: flow
+        flow.exception_policy[0].target: "stream_midstream"
+        flow.exception_policy[0].policy: "ignore"

diff --git a/tests/exception-policy-master-switch/exception-policy-master-switch-04/test.yaml b/tests/exception-policy-master-switch/exception-policy-master-switch-04/test.yaml
index e1c3d501ecdf35cf756d4eebf0e859a19e333f4d..eeb36937d80952c3ea8e572e87a9fd48763450ff 100644 (file)
--- a/tests/exception-policy-master-switch/exception-policy-master-switch-04/test.yaml
+++ b/tests/exception-policy-master-switch/exception-policy-master-switch-04/test.yaml
@@ -26,3 +26,10 @@ checks:
       count: 1
       match:
         event_type: http
+  - filter:
+      min-version: 8
+      count: 1
+      match:
+        event_type: flow
+        flow.exception_policy[0].target: "stream_midstream"
+        flow.exception_policy[0].policy: "pass_flow"

diff --git a/tests/exception-policy-master-switch/exception-policy-master-switch-05/test.yaml b/tests/exception-policy-master-switch/exception-policy-master-switch-05/test.yaml
index e61f73090f2a5482b03d4d2375ed8e3da18fc9d0..e34973a03b3ef47cc6dc37703ef7edd64d0f8dee 100644 (file)
--- a/tests/exception-policy-master-switch/exception-policy-master-switch-05/test.yaml
+++ b/tests/exception-policy-master-switch/exception-policy-master-switch-05/test.yaml
@@ -20,3 +20,10 @@ checks:
       count: 0
       match:
         event_type: http
+  - filter:
+      min-version: 8
+      count: 1
+      match:
+        event_type: flow
+        flow.exception_policy[0].target: "stream_midstream"
+        flow.exception_policy[0].policy: "bypass"

diff --git a/tests/exception-policy-master-switch/exception-policy-master-switch-06/test.yaml b/tests/exception-policy-master-switch/exception-policy-master-switch-06/test.yaml
index c08352b49c5679f5cd76b2719b0e998a9ee83e86..756bfb638edd67d08e30ac12be0d42e9176bcb91 100644 (file)
--- a/tests/exception-policy-master-switch/exception-policy-master-switch-06/test.yaml
+++ b/tests/exception-policy-master-switch/exception-policy-master-switch-06/test.yaml
@@ -36,3 +36,10 @@ checks:
         event_type: engine
         log_level: Warning
         engine.module: exception-policy
+  - filter:
+      min-version: 8
+      count: 1
+      match:
+        event_type: flow
+        flow.exception_policy[0].target: "stream_midstream"
+        flow.exception_policy[0].policy: "ignore"

diff --git a/tests/exception-policy-master-switch/exception-policy-master-switch-07/test.yaml b/tests/exception-policy-master-switch/exception-policy-master-switch-07/test.yaml
index c08352b49c5679f5cd76b2719b0e998a9ee83e86..756bfb638edd67d08e30ac12be0d42e9176bcb91 100644 (file)
--- a/tests/exception-policy-master-switch/exception-policy-master-switch-07/test.yaml
+++ b/tests/exception-policy-master-switch/exception-policy-master-switch-07/test.yaml
@@ -36,3 +36,10 @@ checks:
         event_type: engine
         log_level: Warning
         engine.module: exception-policy
+  - filter:
+      min-version: 8
+      count: 1
+      match:
+        event_type: flow
+        flow.exception_policy[0].target: "stream_midstream"
+        flow.exception_policy[0].policy: "ignore"

diff --git a/tests/exception-policy-midstream-01/test.yaml b/tests/exception-policy-midstream-01/test.yaml
index 29fb09d8a821baf86adb3070463cc2b3ba4fd896..864d325647c8ef9e901cb5b2c740b5f4b290ba6b 100644 (file)
--- a/tests/exception-policy-midstream-01/test.yaml
+++ b/tests/exception-policy-midstream-01/test.yaml
@@ -24,3 +24,10 @@ checks:
       match:
         event_type: stats
         stats.tcp.midstream_exception_policy.pass_flow: 9
+  - filter:
+      min-version: 8
+      count: 1
+      match:
+        event_type: flow
+        flow.exception_policy[0].target: "stream_midstream"
+        flow.exception_policy[0].policy: "pass_flow"

diff --git a/tests/exception-policy-midstream-02/test.yaml b/tests/exception-policy-midstream-02/test.yaml
index 0db32854371f2536e7bc82ee851a1f99775564e1..b8f0b02ca7369802d817a23dca50b6d5a33255a8 100644 (file)
--- a/tests/exception-policy-midstream-02/test.yaml
+++ b/tests/exception-policy-midstream-02/test.yaml
@@ -36,3 +36,10 @@ checks:
       match:
         event_type: stats
         stats.tcp.midstream_exception_policy.drop_flow: 1
+  - filter:
+      min-version: 8
+      count: 1
+      match:
+        event_type: flow
+        flow.exception_policy[0].target: stream_midstream
+        flow.exception_policy[0].policy: drop_flow

diff --git a/tests/exception-policy-midstream-03/test.yaml b/tests/exception-policy-midstream-03/test.yaml
index 04233a600f4e5d2e1624f4c6cdfc79bcc7413ce2..3974e7dc3dde8c8587471b06c5ccdac44ab613cf 100644 (file)
--- a/tests/exception-policy-midstream-03/test.yaml
+++ b/tests/exception-policy-midstream-03/test.yaml
@@ -24,3 +24,10 @@ checks:
       match:
         event_type: http
         dest_port: 80
+  - filter:
+      min-version: 8
+      count: 1
+      match:
+        event_type: flow
+        flow.exception_policy[0].target: "stream_midstream"
+        flow.exception_policy[0].policy: "ignore"

diff --git a/tests/exception-policy-midstream-04/test.yaml b/tests/exception-policy-midstream-04/test.yaml
index 10fb97e7e510a7b69f92a0d7a0dab31a4265b4e2..263ac2efed675059a565022603f9363823664f01 100644 (file)
--- a/tests/exception-policy-midstream-04/test.yaml
+++ b/tests/exception-policy-midstream-04/test.yaml
@@ -25,3 +25,10 @@ checks:
     match:
       event_type: stats
       stats.tcp.midstream_exception_policy.pass_flow: 2
+- filter:
+    min-version: 8
+    count: 1
+    match:
+      event_type: flow
+      flow.exception_policy[0].target: "stream_midstream"
+      flow.exception_policy[0].policy: "pass_flow"

diff --git a/tests/exception-policy-midstream-05/test.yaml b/tests/exception-policy-midstream-05/test.yaml
index 7c6db568a2b14ac688b7119bdc8a9f1a233f4837..5d90a9a66d22d7e8c4c58dbe7dae0ad662e3cba8 100644 (file)
--- a/tests/exception-policy-midstream-05/test.yaml
+++ b/tests/exception-policy-midstream-05/test.yaml
@@ -24,3 +24,10 @@ checks:
       match:
         event_type: stats
         stats.tcp.midstream_exception_policy.bypass: 1
+  - filter:
+      min-version: 8
+      count: 1
+      match:
+        event_type: flow
+        flow.exception_policy[0].target: "stream_midstream"
+        flow.exception_policy[0].policy: "bypass"

diff --git a/tests/exception-policy-midstream-06/test.yaml b/tests/exception-policy-midstream-06/test.yaml
index f4e4c44f335144b46b86ff75432907b6c9926fc1..3b6cf2b93cb6d4579e352fe416b5d6708ac57e12 100644 (file)
--- a/tests/exception-policy-midstream-06/test.yaml
+++ b/tests/exception-policy-midstream-06/test.yaml
@@ -22,3 +22,10 @@ checks:
       match:
         event_type: stats
         stats.tcp.midstream_exception_policy.drop_flow: 1
+  - filter:
+      min-version: 8
+      count: 1
+      match:
+        event_type: flow
+        flow.exception_policy[0].target: "stream_midstream"
+        flow.exception_policy[0].policy: "drop_flow"

diff --git a/tests/exception-policy-midstream-07/test.yaml b/tests/exception-policy-midstream-07/test.yaml
index 37430914a83327f4289506747309995d69cc3647..644bb21258737cdb2606c20f6754a41b1ffd06d6 100644 (file)
--- a/tests/exception-policy-midstream-07/test.yaml
+++ b/tests/exception-policy-midstream-07/test.yaml
@@ -18,3 +18,10 @@ checks:
       count: 0
       match:
         event_type: smb
+  - filter:
+      min-version: 8
+      count: 1
+      match:
+        event_type: flow
+        flow.exception_policy[0].target: "stream_midstream"
+        flow.exception_policy[0].policy: "bypass"

diff --git a/tests/exception-policy-reject-action-01/test.yaml b/tests/exception-policy-reject-action-01/test.yaml
index 4bea809b67031a637c1c74f0bc5eaa946203f5ac..5809415d0eb7d2f4df17282d8bb07d0ade1bad3b 100644 (file)
--- a/tests/exception-policy-reject-action-01/test.yaml
+++ b/tests/exception-policy-reject-action-01/test.yaml
@@ -18,4 +18,10 @@ checks:
       match:
         event_type: flow
         flow.action: drop
-
+  - filter:
+      min-version: 8
+      count: 1
+      match:
+        event_type: flow
+        flow.exception_policy[0].target: "stream_midstream"
+        flow.exception_policy[0].policy: "reject"

diff --git a/tests/exception-policy-simulated-flow-memcap/test.yaml b/tests/exception-policy-simulated-flow-memcap/test.yaml
index c378a8e856c2de9210c00e023cd1656f83cba889..a79398b340fb7135eae4860d91365db230213a89 100644 (file)
--- a/tests/exception-policy-simulated-flow-memcap/test.yaml
+++ b/tests/exception-policy-simulated-flow-memcap/test.yaml
@@ -39,3 +39,10 @@ checks:
         event_type: stats
         stats.flow.memcap_exception_policy.drop_packet: 1
         stats.flow.memcap_exception_policy.pass_packet: 0
+  - filter:
+      min-version: 8
+      count: 1
+      match:
+        event_type: flow
+        flow.exception_policy[0].target: "stream_midstream"
+        flow.exception_policy[0].policy: "ignore"

diff --git a/tests/exception-policy-stream-reassembly-memcap-01/test.yaml b/tests/exception-policy-stream-reassembly-memcap-01/test.yaml
index 28d053b8d6f935815e2588bd4ba64eb37a372a10..8e59d36b721e5312218ba17a9bf45f8a1c30accf 100644 (file)
--- a/tests/exception-policy-stream-reassembly-memcap-01/test.yaml
+++ b/tests/exception-policy-stream-reassembly-memcap-01/test.yaml
@@ -52,3 +52,10 @@ checks:
       match:
         event_type: stats
         stats.ips.drop_reason.stream_reassembly: 1
+  - filter:
+      min-version: 8
+      count: 1
+      match:
+        event_type: flow
+        flow.exception_policy[0].target: "stream_reassembly_memcap"
+        flow.exception_policy[0].policy: "drop_flow"

diff --git a/tests/exception-policy-stream-reassembly-memcap-02/test.yaml b/tests/exception-policy-stream-reassembly-memcap-02/test.yaml
index e25e98b3ecc9c5b53fe1051ad1867f18cee01c2c..0a027ae1985d5c05a064614bff8804aeb0ac25a7 100644 (file)
--- a/tests/exception-policy-stream-reassembly-memcap-02/test.yaml
+++ b/tests/exception-policy-stream-reassembly-memcap-02/test.yaml
@@ -32,3 +32,12 @@ checks:
         event_type: flow
         app_proto: tls
         flow.action: pass
+  - filter:
+      min-version: 8
+      count: 1
+      match:
+        event_type: flow
+        flow.exception_policy[0].target: "stream_reassembly_memcap"
+        flow.exception_policy[0].policy: "pass_flow"
+        flow.exception_policy[1].target: "app_layer_error"
+        flow.exception_policy[1].policy: "ignore"

diff --git a/tests/exception-policy-stream-reassembly-memcap-03/test.yaml b/tests/exception-policy-stream-reassembly-memcap-03/test.yaml
index 6a6fd8d8f55013ab964a8da9a0e8c34a54884263..6756a2ee15a2c868a291dbbb8d72e92efa5ecb83 100644 (file)
--- a/tests/exception-policy-stream-reassembly-memcap-03/test.yaml
+++ b/tests/exception-policy-stream-reassembly-memcap-03/test.yaml
@@ -30,3 +30,10 @@ checks:
       match:
         event_type: flow
         flow.state: bypassed
+  - filter:
+      min-version: 8
+      count: 1
+      match:
+        event_type: flow
+        flow.exception_policy[0].target: "stream_reassembly_memcap"
+        flow.exception_policy[0].policy: "bypass"

diff --git a/tests/exception-policy-stream-reassembly-memcap-04/test.yaml b/tests/exception-policy-stream-reassembly-memcap-04/test.yaml
index 28d053b8d6f935815e2588bd4ba64eb37a372a10..8e59d36b721e5312218ba17a9bf45f8a1c30accf 100644 (file)
--- a/tests/exception-policy-stream-reassembly-memcap-04/test.yaml
+++ b/tests/exception-policy-stream-reassembly-memcap-04/test.yaml
@@ -52,3 +52,10 @@ checks:
       match:
         event_type: stats
         stats.ips.drop_reason.stream_reassembly: 1
+  - filter:
+      min-version: 8
+      count: 1
+      match:
+        event_type: flow
+        flow.exception_policy[0].target: "stream_reassembly_memcap"
+        flow.exception_policy[0].policy: "drop_flow"

diff --git a/tests/exception-policy-stream-reassembly-memcap-05/test.yaml b/tests/exception-policy-stream-reassembly-memcap-05/test.yaml
index b07cc3f5b041757f0fb3c61aafd58f5e48b1fbe4..70a1e56fbf6b205ece4724994af6c16108c973cb 100644 (file)
--- a/tests/exception-policy-stream-reassembly-memcap-05/test.yaml
+++ b/tests/exception-policy-stream-reassembly-memcap-05/test.yaml
@@ -53,3 +53,12 @@ checks:
       match:
         event_type: stats
         stats.ips.drop_reason.stream_reassembly: 1
+  - filter:
+      min-version: 8
+      count: 1
+      match:
+        event_type: flow
+        flow.exception_policy[0].target: "stream_reassembly_memcap"
+        flow.exception_policy[0].policy: "drop_packet"
+        flow.exception_policy[1].target: "app_layer_error"
+        flow.exception_policy[1].policy: "ignore"

diff --git a/tests/exception-policy-stream-reassembly-memcap-06/test.yaml b/tests/exception-policy-stream-reassembly-memcap-06/test.yaml
index 0f4b238994b0ef1835760bb8ab1f0e13ff99c4f1..4990a373560873390bde5befb2d0d984540d86eb 100644 (file)
--- a/tests/exception-policy-stream-reassembly-memcap-06/test.yaml
+++ b/tests/exception-policy-stream-reassembly-memcap-06/test.yaml
@@ -53,3 +53,12 @@ checks:
       match:
         event_type: stats
         stats.tcp.reassembly_exception_policy.pass_packet: 1
+  - filter:
+      min-version: 8
+      count: 1
+      match:
+        event_type: flow
+        flow.exception_policy[0].target: "stream_reassembly_memcap"
+        flow.exception_policy[0].policy: "pass_packet"
+        flow.exception_policy[1].target: "app_layer_error"
+        flow.exception_policy[1].policy: "ignore"

diff --git a/tests/exception-policy-stream-ssn-memcap-01/test.yaml b/tests/exception-policy-stream-ssn-memcap-01/test.yaml
index 58f9fabef7738f78d46245ae25e4c5b30a119baa..93d3f75673ceb618267424775b7a9c8f2ae72140 100644 (file)
--- a/tests/exception-policy-stream-ssn-memcap-01/test.yaml
+++ b/tests/exception-policy-stream-ssn-memcap-01/test.yaml
@@ -57,3 +57,10 @@ checks:
       match:
         event_type: stats
         stats.tcp.ssn_memcap_exception_policy.drop_flow: 1
+  - filter:
+      min-version: 8
+      count: 1
+      match:
+        event_type: flow
+        flow.exception_policy[0].target: "stream_memcap"
+        flow.exception_policy[0].policy: "drop_flow"