--- /dev/null
+# Test Description
+
+This test demonstrates that datasets would error out in case they're
+given a bad base64 encoded string to load.
+
+
+## Related issues
+
+https://redmine.openinfosecfoundation.org/issues/5885
--- /dev/null
+Y3VybC83Lj!QzLjA=
--- /dev/null
+%YAML 1.1
+---
+
+# Logging configuration. This is not about logging IDS alerts/events, but
+# output about what Suricata is doing, like startup messages, errors, etc.
+logging:
+ default-log-level: notice
+ outputs:
+ - console:
+ enabled: yes
+ # type: json
+ - file:
+ enabled: yes
+ level: info
+ filename: suricata.json
+ type: json
+ - syslog:
+ enabled: no
+ facility: local5
+ format: "[%i] <%d> -- "
--- /dev/null
+alert http any any -> any any (http.user_agent; dataset:isset,ua-seen,type string,load datasets.csv; sid:1;)
+alert http any any -> any any (http.user_agent; dataset:isnotset,ua-seen,type string,load datasets.csv; sid:2;)
--- /dev/null
+requires:
+ files:
+ - src/datasets.c
+
+pcap: ../datasets-02-load/input.pcap
+
+args:
+ - -k none
+
+exit-code: 1
+
+checks:
+ - filter:
+ filename: suricata.json
+ count: 1
+ match:
+ log_level: "Error"
+ event_type: "engine"
+ engine.message.__find: "bad base64 encoding ua-seen"
+ engine.module: "datasets"
projects / thirdparty / suricata-verify.git / commitdiff
