]> git.ipfire.org Git - thirdparty/suricata-verify.git/commitdiff
projects / thirdparty / suricata-verify.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: b1f947c)
some check.sh to test.yaml verifications.
authorJason Ish <ish@unx.ca>
Wed, 20 Dec 2017 23:04:59 +0000 (17:04 -0600)
committerJason Ish <ish@unx.ca>
Wed, 20 Dec 2017 23:05:36 +0000 (17:05 -0600)
tests/alert-testmyids-not-established/check.sh [deleted file] patch | blob | blame | history
tests/alert-testmyids-not-established/test.yaml [new file with mode: 0644] patch | blob
tests/alert-testmyids/check.sh [deleted file] patch | blob | blame | history
tests/alert-testmyids/test.yaml [new file with mode: 0644] patch | blob
tests/dns-lua-rules/test.yaml patch | blob | blame | history

diff --git a/tests/alert-testmyids-not-established/check.sh b/tests/alert-testmyids-not-established/check.sh
deleted file mode 100755 (executable)
index da29c93..0000000
--- a/tests/alert-testmyids-not-established/check.sh
+++ /dev/null
@@ -1,13 +0,0 @@
-#! /bin/sh
-
-. ../../util/functions.sh
-
-# Should have one fast log entry.
-n=$(cat output/fast.log | wc -l | xargs)
-assert_eq 1 "$n" "bad fast.log"
-
-# Should have one eve alert.
-n=$(jq_count output/eve.json 'select(.event_type == "alert")')
-assert_eq 1 "$n" "eve.json alerts"
-
-exit 0
diff --git a/tests/alert-testmyids-not-established/test.yaml b/tests/alert-testmyids-not-established/test.yaml
new file mode 100644 (file)
index 0000000..136b33f
--- /dev/null
+++ b/tests/alert-testmyids-not-established/test.yaml
@@ -0,0 +1,10 @@
+checks:
+
+  - shell:
+      args: cat output/fast.log | wc -l | xargs
+      expect: 1
+
+  - filter:
+      count: 1
+      match:
+        event_type: alert
diff --git a/tests/alert-testmyids/check.sh b/tests/alert-testmyids/check.sh
deleted file mode 100755 (executable)
index da29c93..0000000
--- a/tests/alert-testmyids/check.sh
+++ /dev/null
@@ -1,13 +0,0 @@
-#! /bin/sh
-
-. ../../util/functions.sh
-
-# Should have one fast log entry.
-n=$(cat output/fast.log | wc -l | xargs)
-assert_eq 1 "$n" "bad fast.log"
-
-# Should have one eve alert.
-n=$(jq_count output/eve.json 'select(.event_type == "alert")')
-assert_eq 1 "$n" "eve.json alerts"
-
-exit 0
diff --git a/tests/alert-testmyids/test.yaml b/tests/alert-testmyids/test.yaml
new file mode 100644 (file)
index 0000000..b9d5dda
--- /dev/null
+++ b/tests/alert-testmyids/test.yaml
@@ -0,0 +1,12 @@
+checks:
+
+  # Check that we only have one alert event type in eve.
+  - filter:
+      count: 1
+      match:
+        event_type: alert
+
+  # Check how many lines were logged to fast.log.
+  - shell:
+      args: cat output/fast.log | wc -l | xargs
+      expect: 1
diff --git a/tests/dns-lua-rules/test.yaml b/tests/dns-lua-rules/test.yaml
index 14a3829170308ed55caa4c8c8ccd3d71b038205c..79215f50329ccb493ec18a5ea1cd1af786827949 100644 (file)
--- a/tests/dns-lua-rules/test.yaml
+++ b/tests/dns-lua-rules/test.yaml
@@ -3,6 +3,15 @@ requires:
     - HAVE_LUA
 
 checks:
-  - signature-id: 1
-  - signature-id: 2
-  - signature-id: 3
+  - filter:
+      count: 1
+      match:
+        alert.signature_id: 1
+  - filter:
+      count: 1
+      match:
+        alert.signature_id: 2
+  - filter:
+      count: 1
+      match:
+        alert.signature_id: 3
Mirror of https://github.com/OISF/suricata-verify.git