Add tests for the app_layer rule type for the engine-analysis report to
accompany rule types documentation.
Related to
Task #7031
--- /dev/null
+# Application Layer Protocol Rules
+alert dns any any -> any any (msg:"app-layer, dns"; sid:404;)
+alert http any any -> any any (msg:"http, no content"; sid:601;)
+pass tls any any -> any any (msg:"tls, pkt or app-layer? pass"; sid:605;)
+alert tls any any -> any any (msg:"tls, pkt or app-layer?"; flowint:tls_error_int,=,0; sid:613;)
--- /dev/null
+requires:
+ min-version: 7
+ pcap: false
+args:
+- --engine-analysis
+checks:
+ - filter:
+ filename: rules.json
+ count: 1
+ match:
+ id: 404
+ type: "app_layer"
+ - filter:
+ filename: rules.json
+ count: 1
+ match:
+ raw: "alert http any any -> any any (msg:\"http, no content\"; sid:601;)"
+ id: 601
+ type: "app_layer"
+ - filter:
+ filename: rules.json
+ count: 1
+ match:
+ id: 613
+ type: "app_layer"
projects / thirdparty / suricata-verify.git / commitdiff
