From 107e8f08df7db752858ca1513d16ceb75dca0e1f Mon Sep 17 00:00:00 2001
From: Jason Ish <jason.ish@oisf.net>
Date: Wed, 16 Sep 2020 09:21:22 -0600
Subject: [PATCH] smb-eicar-file: check files array

Add a check for the files array to make sure it exists
and has a filename.

Only applicable to v6.0.0+.
---
 tests/smb-eicar-file/test.yaml | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/tests/smb-eicar-file/test.yaml b/tests/smb-eicar-file/test.yaml
index 54b53cc40..ad7a26e07 100644
--- a/tests/smb-eicar-file/test.yaml
+++ b/tests/smb-eicar-file/test.yaml
@@ -13,3 +13,12 @@ checks:
       match:
         event_type: alert
         alert.signature_id: 1
+
+  # Check for something in the files array, which is an array of
+  # fileinfo objects.
+  - filter:
+      min-version: 6.0.0
+      count: 1
+      match:
+        event_type: alert
+        files[0].filename: "\\eicar"
-- 
2.47.2