tests: add test for integer and string value

author Eric Leblond <el@stamus-networks.com>

Sun, 1 Dec 2024 21:49:19 +0000 (22:49 +0100)

committer Eric Leblond <el@stamus-networks.com>

Wed, 11 Jun 2025 12:01:45 +0000 (14:01 +0200)
author Eric Leblond <el@stamus-networks.com>
Sun, 1 Dec 2024 21:49:19 +0000 (22:49 +0100)
committer Eric Leblond <el@stamus-networks.com>
Wed, 11 Jun 2025 12:01:45 +0000 (14:01 +0200)
diff --git a/tests/datajson/datajson-06-valid-json/host.lst b/tests/datajson/datajson-06-valid-json/host.lst

new file mode 100644 (file)

index 0000000..e184bf6
--- /dev/null
+++ b/tests/datajson/datajson-06-valid-json/host.lst
@@ -0,0 +1 @@
+d3d3LnRlc3RteWlkcy5jb20=,"context"
diff --git a/tests/datajson/datajson-06-valid-json/input.pcap b/tests/datajson/datajson-06-valid-json/input.pcap

new file mode 100644 (file)

index 0000000..8fb6832

Binary files /dev/null and b/tests/datajson/datajson-06-valid-json/input.pcap differ
diff --git a/tests/datajson/datajson-06-valid-json/ip.lst b/tests/datajson/datajson-06-valid-json/ip.lst

new file mode 100644 (file)

index 0000000..4d112f8
--- /dev/null
+++ b/tests/datajson/datajson-06-valid-json/ip.lst
@@ -0,0 +1,2 @@
+10.16.1.12,1.2
+10.16.1.11,42
diff --git a/tests/datajson/datajson-06-valid-json/ip2.lst b/tests/datajson/datajson-06-valid-json/ip2.lst

new file mode 100644 (file)

index 0000000..19d54fd
--- /dev/null
+++ b/tests/datajson/datajson-06-valid-json/ip2.lst
@@ -0,0 +1 @@
+10.16.1.11,1.2
diff --git a/tests/datajson/datajson-06-valid-json/test.rules b/tests/datajson/datajson-06-valid-json/test.rules

new file mode 100644 (file)

index 0000000..599e421
--- /dev/null
+++ b/tests/datajson/datajson-06-valid-json/test.rules
@@ -0,0 +1,2 @@
+alert http any any -> any any (flow:established,to_server; http.host; datajson:isset,badhost,type string,load host.lst,key bad_host; ip.src; datajson:isset,bip,type ipv6,load ip.lst,key ip; sid:1;)
+alert http any any -> any any (flow:established,to_server; http.host; datajson:isset,badhost,type string,load host.lst,key bad_host; ip.src; datajson:isset,bip2,type ipv6,load ip2.lst,key ip; sid:2;)
diff --git a/tests/datajson/datajson-06-valid-json/test.yaml b/tests/datajson/datajson-06-valid-json/test.yaml

new file mode 100644 (file)

index 0000000..ace23cd
--- /dev/null
+++ b/tests/datajson/datajson-06-valid-json/test.yaml
@@ -0,0 +1,28 @@
+requires:
+  features:
+    - HAVE_LIBJANSSON
+  files:
+    - src/datasets.c
+
+args:
+ - -k none --set datasets.enabled=yes
+
+checks:
+  - filter:
+      count: 2
+      match:
+        event_type: alert
+  - filter:
+      count: 1
+      match:
+        event_type: alert
+        alert.signature_id: 1
+        alert.extra.ip: 42
+        alert.extra.bad_host: context
+  - filter:
+      count: 1
+      match:
+        event_type: alert
+        alert.signature_id: 2
+        alert.extra.ip: 1.2
+        alert.extra.bad_host: context
author	Eric Leblond <el@stamus-networks.com>
	Sun, 1 Dec 2024 21:49:19 +0000 (22:49 +0100)
committer	Eric Leblond <el@stamus-networks.com>
	Wed, 11 Jun 2025 12:01:45 +0000 (14:01 +0200)
tests/datajson/datajson-06-valid-json/host.lst	[new file with mode: 0644]	patch \| blob
tests/datajson/datajson-06-valid-json/input.pcap	[new file with mode: 0644]	patch \| blob
tests/datajson/datajson-06-valid-json/ip.lst	[new file with mode: 0644]	patch \| blob
tests/datajson/datajson-06-valid-json/ip2.lst	[new file with mode: 0644]	patch \| blob
tests/datajson/datajson-06-valid-json/test.rules	[new file with mode: 0644]	patch \| blob
tests/datajson/datajson-06-valid-json/test.yaml	[new file with mode: 0644]	patch \| blob