issue 3406: Add tests checking filestore config

diff --git a/tests/detect-filestore-config-01/check.sh b/tests/detect-filestore-config-01/check.sh
new file mode 100755 (executable)
index 0000000..a174e47
--- /dev/null
+++ b/tests/detect-filestore-config-01/check.sh
@@ -0,0 +1,5 @@
+#!/bin/sh
+if  grep -q "Warning: Rule requires file-store but the output file-store is not enabled." $OUTPUT_DIR/rules_analysis.txt; then
+    echo "Pattern found in rules_analysis.txt"
+    exit 1
+fi

diff --git a/tests/detect-filestore-config-01/suricata.yaml b/tests/detect-filestore-config-01/suricata.yaml
new file mode 100644 (file)
index 0000000..e00f99b
--- /dev/null
+++ b/tests/detect-filestore-config-01/suricata.yaml
@@ -0,0 +1,12 @@
+%YAML 1.1
+---
+
+outputs:
+  - eve-log:
+      enabled: yes
+  - file-store:
+      version: 2
+      enabled: yes
+
+engine-analysis:
+  rules: yes

diff --git a/tests/detect-filestore-config-01/test.rules b/tests/detect-filestore-config-01/test.rules
new file mode 100644 (file)
index 0000000..886145d
--- /dev/null
+++ b/tests/detect-filestore-config-01/test.rules
@@ -0,0 +1 @@
+alert http any any -> any any (msg:"test filestore required"; file.name; content:".exe"; filestore; sid:10; rev:1;)

diff --git a/tests/detect-filestore-config-01/test.yaml b/tests/detect-filestore-config-01/test.yaml
new file mode 100644 (file)
index 0000000..79a3aad
--- /dev/null
+++ b/tests/detect-filestore-config-01/test.yaml
@@ -0,0 +1,7 @@
+requires:
+  min-version: 5.0.1
+
+command: |
+  ${SRCDIR}/src/suricata --set classification-file="${SRCDIR}/classification.config"    \
+      --set reference-config-file="${SRCDIR}/reference.config" -l ${OUTPUT_DIR}         \
+      -c "${TEST_DIR}/suricata.yaml" -S ${TEST_DIR}/test.rules --engine-analysis

diff --git a/tests/detect-filestore-config-02/check.sh b/tests/detect-filestore-config-02/check.sh
new file mode 100755 (executable)
index 0000000..d72cab9
--- /dev/null
+++ b/tests/detect-filestore-config-02/check.sh
@@ -0,0 +1,6 @@
+#!/bin/sh
+if ! grep -q "Warning: Rule requires file-store but the output file-store is not enabled." $OUTPUT_DIR/rules_analysis.txt; then
+    echo "Pattern not found"
+    exit 1
+fi
+exit 0

diff --git a/tests/detect-filestore-config-02/suricata.yaml b/tests/detect-filestore-config-02/suricata.yaml
new file mode 100644 (file)
index 0000000..77db9ab
--- /dev/null
+++ b/tests/detect-filestore-config-02/suricata.yaml
@@ -0,0 +1,9 @@
+%YAML 1.1
+---
+
+outputs:
+  - file-store:
+      enabled: no
+
+engine-analysis:
+  rules: yes

diff --git a/tests/detect-filestore-config-02/test.rules b/tests/detect-filestore-config-02/test.rules
new file mode 100644 (file)
index 0000000..886145d
--- /dev/null
+++ b/tests/detect-filestore-config-02/test.rules
@@ -0,0 +1 @@
+alert http any any -> any any (msg:"test filestore required"; file.name; content:".exe"; filestore; sid:10; rev:1;)

diff --git a/tests/detect-filestore-config-02/test.yaml b/tests/detect-filestore-config-02/test.yaml
new file mode 100644 (file)
index 0000000..79a3aad
--- /dev/null
+++ b/tests/detect-filestore-config-02/test.yaml
@@ -0,0 +1,7 @@
+requires:
+  min-version: 5.0.1
+
+command: |
+  ${SRCDIR}/src/suricata --set classification-file="${SRCDIR}/classification.config"    \
+      --set reference-config-file="${SRCDIR}/reference.config" -l ${OUTPUT_DIR}         \
+      -c "${TEST_DIR}/suricata.yaml" -S ${TEST_DIR}/test.rules --engine-analysis

diff --git a/tests/detect-filestore-config-03/3103.pcap b/tests/detect-filestore-config-03/3103.pcap
new file mode 100644 (file)
index 0000000..78cc432
Binary files /dev/null and b/tests/detect-filestore-config-03/3103.pcap differ

diff --git a/tests/detect-filestore-config-03/check.sh b/tests/detect-filestore-config-03/check.sh
new file mode 100755 (executable)
index 0000000..6feafbc
--- /dev/null
+++ b/tests/detect-filestore-config-03/check.sh
@@ -0,0 +1,5 @@
+#!/bin/sh
+if grep  '\[ERRCODE: SC_WARN_ALERT_CONFIG(324)\] - One or more rule(s) depends on the file-store output log which is not enabled. Enable the output "file-store"' $OUTPUT_DIR/stdout; then
+    echo "pattern found in stdout"
+    exit 1
+fi

diff --git a/tests/detect-filestore-config-03/suricata.yaml b/tests/detect-filestore-config-03/suricata.yaml
new file mode 100644 (file)
index 0000000..d297907
--- /dev/null
+++ b/tests/detect-filestore-config-03/suricata.yaml
@@ -0,0 +1,9 @@
+%YAML 1.1
+---
+
+outputs:
+  - eve-log:
+      enabled: yes
+  - file-store:
+      version: 2
+      enabled: yes

diff --git a/tests/detect-filestore-config-03/test.rules b/tests/detect-filestore-config-03/test.rules
new file mode 100644 (file)
index 0000000..886145d
--- /dev/null
+++ b/tests/detect-filestore-config-03/test.rules
@@ -0,0 +1 @@
+alert http any any -> any any (msg:"test filestore required"; file.name; content:".exe"; filestore; sid:10; rev:1;)

diff --git a/tests/detect-filestore-config-03/test.yaml b/tests/detect-filestore-config-03/test.yaml
new file mode 100644 (file)
index 0000000..dd82cd1
--- /dev/null
+++ b/tests/detect-filestore-config-03/test.yaml
@@ -0,0 +1,2 @@
+requires:
+  min-version: 5.0.1

diff --git a/tests/detect-filestore-config-04/check.sh b/tests/detect-filestore-config-04/check.sh
new file mode 100755 (executable)
index 0000000..375298b
--- /dev/null
+++ b/tests/detect-filestore-config-04/check.sh
@@ -0,0 +1,6 @@
+#!/bin/sh
+if ! grep  -q 'One or more rule(s) depends on the file-store output log which is not enabled. Enable the output "file-store"' $OUTPUT_DIR/stdout; then
+    echo "pattern not found"
+    exit 1
+fi
+exit 0

diff --git a/tests/detect-filestore-config-04/suricata.yaml b/tests/detect-filestore-config-04/suricata.yaml
new file mode 100644 (file)
index 0000000..dacc33f
--- /dev/null
+++ b/tests/detect-filestore-config-04/suricata.yaml
@@ -0,0 +1,7 @@
+%YAML 1.1
+---
+
+outputs:
+  - file-store:
+      version: 2
+      enabled: no

diff --git a/tests/detect-filestore-config-04/test.pcap b/tests/detect-filestore-config-04/test.pcap
new file mode 100644 (file)
index 0000000..78cc432
Binary files /dev/null and b/tests/detect-filestore-config-04/test.pcap differ

diff --git a/tests/detect-filestore-config-04/test.rules b/tests/detect-filestore-config-04/test.rules
new file mode 100644 (file)
index 0000000..886145d
--- /dev/null
+++ b/tests/detect-filestore-config-04/test.rules
@@ -0,0 +1 @@
+alert http any any -> any any (msg:"test filestore required"; file.name; content:".exe"; filestore; sid:10; rev:1;)

diff --git a/tests/detect-filestore-config-04/test.yaml b/tests/detect-filestore-config-04/test.yaml
new file mode 100644 (file)
index 0000000..dd82cd1
--- /dev/null
+++ b/tests/detect-filestore-config-04/test.yaml
@@ -0,0 +1,2 @@
+requires:
+  min-version: 5.0.1