datasets: add test for bug 5109

diff --git a/tests/datasets-bug-5109/README.md b/tests/datasets-bug-5109/README.md
new file mode 100644 (file)
index 0000000..8045e40
--- /dev/null
+++ b/tests/datasets-bug-5109/README.md
@@ -0,0 +1,12 @@
+Description
+===========
+A space condition with dataset parsing was not handled which caused rules like
+```
+alert http any any -> any any (http.user_agent; dataset:set  ,ua-seen,type string,save datasets.csv; sid:1;)
+```
+Note the spaces after `dataset:set`.
+Corresponding redmine ticket: https://redmine.openinfosecfoundation.org/issues/5019
+
+PCAP
+====
+PCAP is irrelevant to the test but comes from the test [datasets-01](https://github.com/OISF/suricata-verify/blob/master/tests/datasets-01/input.pcap)

diff --git a/tests/datasets-bug-5109/input.pcap b/tests/datasets-bug-5109/input.pcap
new file mode 100644 (file)
index 0000000..8fb6832
Binary files /dev/null and b/tests/datasets-bug-5109/input.pcap differ

diff --git a/tests/datasets-bug-5109/test.rules b/tests/datasets-bug-5109/test.rules
new file mode 100644 (file)
index 0000000..e79dcaa
--- /dev/null
+++ b/tests/datasets-bug-5109/test.rules
@@ -0,0 +1 @@
+alert http any any -> any any (http.user_agent; dataset:set  ,ua-seen,type string,save datasets.csv; sid:1;)

diff --git a/tests/datasets-bug-5109/test.yaml b/tests/datasets-bug-5109/test.yaml
new file mode 100644 (file)
index 0000000..dc49ca5
--- /dev/null
+++ b/tests/datasets-bug-5109/test.yaml
@@ -0,0 +1,12 @@
+exit-code: 0
+
+command: |
+  ${SRCDIR}/src/suricata --set classification-file="${SRCDIR}/etc/classification.config"    \
+      --set reference-config-file="${SRCDIR}/etc/reference.config" -l ${OUTPUT_DIR}         \
+      --set threshold-file="${TEST_DIR}/threshold.config"                                   \
+      -c "${SRCDIR}/suricata.yaml" -r ${TEST_DIR}/input.pcap -S ${TEST_DIR}/test.rules
+
+checks:
+    - shell:
+        args: grep "dataset action \"\" is not supported" suricata.log | wc -l | xargs
+        expect: 0