test/analyzer: Add test for dsize info

Add a test that checks for dsize value information.

diff --git a/tests/rules/dsize-8.0.0/README.md b/tests/rules/dsize-8.0.0/README.md
new file mode 100644 (file)
index 0000000..c3a35d8
--- /dev/null
+++ b/tests/rules/dsize-8.0.0/README.md
@@ -0,0 +1,11 @@
+# Test Description
+
+Engine analysis output for dsize drop rule.
+
+## PCAP
+
+Unneeded
+
+## Related tickets
+
+https://redmine.openinfosecfoundation.org/issues/6357

diff --git a/tests/rules/dsize-8.0.0/test.rules b/tests/rules/dsize-8.0.0/test.rules
new file mode 100644 (file)
index 0000000..c4a93b5
--- /dev/null
+++ b/tests/rules/dsize-8.0.0/test.rules
@@ -0,0 +1,8 @@
+drop http any any -> any any (dsize:0; sid:1;)
+drop http any any -> any any (dsize: > 0; sid:2;)
+drop http any any -> any any (dsize: >= 4096; sid:3;)
+drop http any any -> any any (dsize: 0-159; sid:4;)
+drop http any any -> any any (dsize: !0-159; sid:5;)
+drop http any any -> any any (dsize: < 100; sid:6;)
+drop http any any -> any any (dsize: <= 100; sid:7;)
+drop http any any -> any any (dsize:!0; sid:8;)

diff --git a/tests/rules/dsize-8.0.0/test.yaml b/tests/rules/dsize-8.0.0/test.yaml
new file mode 100644 (file)
index 0000000..2df65ce
--- /dev/null
+++ b/tests/rules/dsize-8.0.0/test.yaml
@@ -0,0 +1,115 @@
+requires:
+    min-version: 8.0.0
+    pcap: false
+
+args:
+    - --engine-analysis
+
+checks:
+- filter:
+    filename: rules.json
+    count: 1
+    match:
+      id: 1
+      app_proto: "http_any"
+      requirements[0]: "no_payload"
+      requirements[1]: "flow"
+      pkt_engines[0].name: "packet"
+      pkt_engines[0].is_mpm: false
+      type: "pkt"
+      lists.packet.matches[0].name: "dsize"
+      lists.packet.matches[0].dsize.equal: 0
+- filter:
+    filename: rules.json
+    count: 1
+    match:
+      id: 2
+      app_proto: "http_any"
+      requirements[0]: "payload"
+      requirements[1]: "flow"
+      pkt_engines[0].name: "packet"
+      pkt_engines[0].is_mpm: false
+      type: "pkt"
+      lists.packet.matches[0].name: "dsize"
+      lists.packet.matches[0].dsize.gt: 0
+- filter:
+    filename: rules.json
+    count: 1
+    match:
+      id: 3
+      app_proto: "http_any"
+      requirements[0]: "payload"
+      requirements[1]: "flow"
+      pkt_engines[0].name: "packet"
+      pkt_engines[0].is_mpm: false
+      type: "pkt"
+      lists.packet.matches[0].name: "dsize"
+      lists.packet.matches[0].dsize.gte: 4096
+- filter:
+    filename: rules.json
+    count: 1
+    match:
+      id: 4
+      app_proto: "http_any"
+      requirements[0]: "payload"
+      requirements[1]: "flow"
+      pkt_engines[0].name: "packet"
+      pkt_engines[0].is_mpm: false
+      type: "pkt"
+      lists.packet.matches[0].name: "dsize"
+      lists.packet.matches[0].dsize.range.min: 0
+      lists.packet.matches[0].dsize.range.max: 159
+- filter:
+    filename: rules.json
+    count: 1
+    match:
+      id: 5
+      app_proto: "http_any"
+      requirements[0]: "flow"
+      requirements[1]: "real_pkt"
+      pkt_engines[0].name: "packet"
+      pkt_engines[0].is_mpm: false
+      type: "pkt"
+      lists.packet.matches[0].name: "dsize"
+      lists.packet.matches[0].dsize.negated_range.min: 0
+      lists.packet.matches[0].dsize.negated_range.max: 159
+- filter:
+    filename: rules.json
+    count: 1
+    match:
+      id: 6
+      app_proto: "http_any"
+      requirements[0]: "flow"
+      requirements[1]: "real_pkt"
+      pkt_engines[0].name: "packet"
+      pkt_engines[0].is_mpm: false
+      type: "pkt"
+      lists.packet.matches[0].name: "dsize"
+      lists.packet.matches[0].dsize.lt: 100
+- filter:
+    filename: rules.json
+    count: 1
+    match:
+      id: 7
+      app_proto: "http_any"
+      requirements[0]: "flow"
+      requirements[1]: "real_pkt"
+      pkt_engines[0].name: "packet"
+      pkt_engines[0].is_mpm: false
+      type: "pkt"
+      lists.packet.matches[0].name: "dsize"
+      lists.packet.matches[0].dsize.lte: 100
+- filter:
+    filename: rules.json
+    count: 1
+    match:
+      id: 8
+      app_proto: "http_any"
+      requirements[0]: "payload"
+      requirements[1]: "flow"
+      requirements[2]: "real_pkt"
+      pkt_engines[0].name: "packet"
+      pkt_engines[0].is_mpm: false
+      type: "pkt"
+      lists.packet.matches[0].name: "dsize"
+      lists.packet.matches[0].dsize.diff: 0