tests/log: Verify bug 5198

This issue requires an ASAN build -- it doesn't reproduce without ASAN.

Issue: 5198

diff --git a/tests/bug-5198/README.md b/tests/bug-5198/README.md
new file mode 100644 (file)
index 0000000..8054304
--- /dev/null
+++ b/tests/bug-5198/README.md
@@ -0,0 +1,8 @@
+This test covers the conditions described in issue 5198. An ASAN-enabled build is required for verification as the problem does not present
+on a build without ASAN.
+
+The problem occurs when
+- Eve threaded logging is enabled
+- Suricata doesn't have permissions to create the eve output file
+
+An ASAN build is required to detect the condition (see the issue for the ASAN diagnostics)

diff --git a/tests/bug-5198/input.pcap b/tests/bug-5198/input.pcap
new file mode 100644 (file)
index 0000000..6cfd80f
Binary files /dev/null and b/tests/bug-5198/input.pcap differ

diff --git a/tests/bug-5198/test.yaml b/tests/bug-5198/test.yaml
new file mode 100644 (file)
index 0000000..3759a71
--- /dev/null
+++ b/tests/bug-5198/test.yaml
@@ -0,0 +1,14 @@
+requires:
+  min-version: 7
+
+setup:
+  # Create a log directory without write permission
+  - script: |
+      rm -rf ./noperms
+      mkdir -p ./noperms
+      chmod 555 ./noperms
+
+args:
+    - --set outputs.1.eve-log.filename=noperms/eve.json --set outputs.1.eve-log.threaded=true
+
+exit-code: 0