tests/reference: Reference.config validation

This commit adds tests for reference.config file validation.

Test 1 uses Suricata's test mode with an invalid formatted file while
test 2 runs Suricata in inspect mode with the same invalid file.

diff --git a/tests/reference-config-validate-01/reference.config b/tests/reference-config-validate-01/reference.config
new file mode 100644 (file)
index 0000000..93f5624
--- /dev/null
+++ b/tests/reference-config-validate-01/reference.config
@@ -0,0 +1 @@
+this is not correct

diff --git a/tests/reference-config-validate-01/test.rules b/tests/reference-config-validate-01/test.rules
new file mode 100644 (file)
index 0000000..91f5607
--- /dev/null
+++ b/tests/reference-config-validate-01/test.rules
@@ -0,0 +1,4 @@
+alert tcp any any -> any 25 (msg:"ET POLICY Inbound Frequent Emails - Possible Spambot Inbound"; \
+     flow:established; content:"mail from|3a|"; nocase;                                          \
+          threshold: type threshold, track by_src, count 10, seconds 60;                              \
+               reference:url,doc.emergingthreats.net/2002087; classtype:misc-activity; sid:2002087; rev:10;)

diff --git a/tests/reference-config-validate-01/test.yaml b/tests/reference-config-validate-01/test.yaml
new file mode 100644 (file)
index 0000000..635740e
--- /dev/null
+++ b/tests/reference-config-validate-01/test.yaml
@@ -0,0 +1,12 @@
+requires:
+    min-version: 7
+
+command: |
+  ${SRCDIR}/src/suricata --set reference-config-file="${TEST_DIR}/reference.config" -l ${OUTPUT_DIR} -c ${SRCDIR}/suricata.yaml -S ${TEST_DIR}/test.rules -T
+
+exit-code: 1
+
+checks:
+    - shell:
+        args: grep "SC_ERR_REFERENCE_CONFIG" suricata.log | wc -l | xargs
+        expect: 1

diff --git a/tests/reference-config-validate-02/input.pcap b/tests/reference-config-validate-02/input.pcap
new file mode 100644 (file)
index 0000000..dc92bd9
Binary files /dev/null and b/tests/reference-config-validate-02/input.pcap differ

diff --git a/tests/reference-config-validate-02/reference.config b/tests/reference-config-validate-02/reference.config
new file mode 100644 (file)
index 0000000..93f5624
--- /dev/null
+++ b/tests/reference-config-validate-02/reference.config
@@ -0,0 +1 @@
+this is not correct

diff --git a/tests/reference-config-validate-02/test.rules b/tests/reference-config-validate-02/test.rules
new file mode 100644 (file)
index 0000000..91f5607
--- /dev/null
+++ b/tests/reference-config-validate-02/test.rules
@@ -0,0 +1,4 @@
+alert tcp any any -> any 25 (msg:"ET POLICY Inbound Frequent Emails - Possible Spambot Inbound"; \
+     flow:established; content:"mail from|3a|"; nocase;                                          \
+          threshold: type threshold, track by_src, count 10, seconds 60;                              \
+               reference:url,doc.emergingthreats.net/2002087; classtype:misc-activity; sid:2002087; rev:10;)

diff --git a/tests/reference-config-validate-02/test.yaml b/tests/reference-config-validate-02/test.yaml
new file mode 100644 (file)
index 0000000..df30388
--- /dev/null
+++ b/tests/reference-config-validate-02/test.yaml
@@ -0,0 +1,15 @@
+requires:
+    min-version: 7
+
+command: |
+  ${SRCDIR}/src/suricata -v --set reference-config-file="${TEST_DIR}/reference.config" -l ${OUTPUT_DIR} -c ${SRCDIR}/suricata.yaml -S ${TEST_DIR}/test.rules -r ${TEST_DIR}/input.pcap
+
+checks:
+
+    - shell:
+        args: grep -e "SC_ERR_REFERENCE_CONFIG" suricata.log | wc -l | xargs
+        expect: 1
+
+    - shell:
+        args: grep -e "SC_ERR_REFERENCE_UNKNOWN" suricata.log | wc -l | xargs
+        expect: 1