tests: add test for force-hash YAML validation.

Add test to ensure Suricata rejects invalid force-hash algorithm values
in file logging configuration. The test verifies that an invalid hash
type (e.g., 'shanani') causes Suricata to exit with an error during
configuration validation.

Issue: OISF#4330

diff --git a/tests/file-force-hash-invalid/README.md b/tests/file-force-hash-invalid/README.md
new file mode 100644 (file)
index 0000000..df5b734
--- /dev/null
+++ b/tests/file-force-hash-invalid/README.md
@@ -0,0 +1,4 @@
+Tests that Suricata properly validates the `force-hash` configuration option
+for EVE file logging and rejects invalid hash algorithm names.
+
+https://redmine.openinfosecfoundation.org/issues/4330

diff --git a/tests/file-force-hash-invalid/suricata.yaml b/tests/file-force-hash-invalid/suricata.yaml
new file mode 100644 (file)
index 0000000..0a8872f
--- /dev/null
+++ b/tests/file-force-hash-invalid/suricata.yaml
@@ -0,0 +1,10 @@
+%YAML 1.1
+---
+
+outputs:
+  - eve-log:
+      enabled: yes
+      types:
+        - files:
+            force-hash: [shanani]
+

diff --git a/tests/file-force-hash-invalid/test.yaml b/tests/file-force-hash-invalid/test.yaml
new file mode 100644 (file)
index 0000000..a7573ea
--- /dev/null
+++ b/tests/file-force-hash-invalid/test.yaml
@@ -0,0 +1,13 @@
+requires:
+  min-version: 9
+
+pcap: false
+
+args:
+  - -T
+
+exit-code: 1
+
+checks:
+  - shell:
+      args: "grep 'Invalid configuration: force-hash algorithm' stderr"