exception-policy: fix test to be more robust

author Philippe Antoine <pantoine@oisf.net>

Tue, 5 Dec 2023 08:26:39 +0000 (09:26 +0100)

committer Victor Julien <victor@inliniac.net>

Sat, 10 Feb 2024 20:10:34 +0000 (21:10 +0100)
author Philippe Antoine <pantoine@oisf.net>
Tue, 5 Dec 2023 08:26:39 +0000 (09:26 +0100)
committer Victor Julien <victor@inliniac.net>
Sat, 10 Feb 2024 20:10:34 +0000 (21:10 +0100)
diff --git a/tests/exception-policy-simulated-flow-memcap/test.rules b/tests/exception-policy-simulated-flow-memcap/test.rules

index b9d1df2fba1a9573c670d5ccc626332069b77b5f..97d3761b978bf6b88d6b5d5ad394049a2e588b2e 100644 (file)
--- a/tests/exception-policy-simulated-flow-memcap/test.rules
+++ b/tests/exception-policy-simulated-flow-memcap/test.rules
@@ -1 +1,3 @@
-alert tls any any -> any any (msg:"tls app-proto"; sid:1000001; rev:1;)
+# do not test alert for every tls, as there can be additional pseudo-packets
+# alert tls any any -> any any (msg:"tls app-proto"; sid:1000001; rev:1;)
+alert tls any any -> any any (msg:"Stamus TLS"; tls_cert_issuer; content:"O=Stamus"; sid:1; rev:1;)
diff --git a/tests/exception-policy-simulated-flow-memcap/test.yaml b/tests/exception-policy-simulated-flow-memcap/test.yaml

index 2429daf06aefc24dd7f75aabcbef9853e86c72ad..afa5f294f2c4f1e90765bda4a97c1d6fae58eecb 100644 (file)
--- a/tests/exception-policy-simulated-flow-memcap/test.yaml
+++ b/tests/exception-policy-simulated-flow-memcap/test.yaml
@@ -12,10 +12,6 @@ args:
  - --set flow.memcap-policy=drop-flow
  
  checks:
-  - filter:
-      count: 97
-      match:
-        event_type: alert
    - filter:
        count: 1
        match:
author	Philippe Antoine <pantoine@oisf.net>
	Tue, 5 Dec 2023 08:26:39 +0000 (09:26 +0100)
committer	Victor Julien <victor@inliniac.net>
	Sat, 10 Feb 2024 20:10:34 +0000 (21:10 +0100)
tests/exception-policy-simulated-flow-memcap/test.rules		patch \| blob \| blame \| history
tests/exception-policy-simulated-flow-memcap/test.yaml		patch \| blob \| blame \| history