tests: engine-analysis tests for pkt rule type

To accompany rule types documentation.

Related to
Task #7031

diff --git a/tests/rules/rule-type-pkt/test.rules b/tests/rules/rule-type-pkt/test.rules
new file mode 100644 (file)
index 0000000..4b070eb
--- /dev/null
+++ b/tests/rules/rule-type-pkt/test.rules
@@ -0,0 +1,6 @@
+# Packet rules
+alert tcp-pkt any any -> any any (msg:"tcp-pkt, anchored content"; content:"abc"; startswith; sid:203;)
+alert tcp any any -> any any (msg:"ttl"; ttl:123; sid:701;)
+alert udp any any -> any any (msg:"UDP with flow direction"; flow:to_server; sid:1001;)
+alert tcp any any -> any 443 (flow: to_server; flowbits:set,tls_error; sid:1604; msg:"Allow TLS error handling (outgoing packet) - non-stateful rule";)
+alert tcp-pkt any any -> any any (msg:"Flowbit isset"; flowbits:isset,fb6; flowbits:isset,fb7; sid:1919;)

diff --git a/tests/rules/rule-type-pkt/test.yaml b/tests/rules/rule-type-pkt/test.yaml
new file mode 100644 (file)
index 0000000..d9a9c73
--- /dev/null
+++ b/tests/rules/rule-type-pkt/test.yaml
@@ -0,0 +1,38 @@
+requires:
+    min-version: 7
+    pcap: false
+
+args:
+- --engine-analysis
+
+checks:
+    - filter:
+        filename: rules.json
+        count: 1
+        match:
+            id: 203
+            type: pkt
+    - filter:
+        filename: rules.json
+        count: 1
+        match:
+            id: 701
+            type: pkt
+    - filter:
+        filename: rules.json
+        count: 1
+        match:
+            id: 1001
+            type: pkt
+    - filter:
+        filename: rules.json
+        count: 1
+        match:
+            id: 1604
+            type: pkt
+    - filter:
+        filename: rules.json
+        count: 1
+        match:
+            id: 1919
+            type: pkt