tests/class: Tests for class.config validation

These test cases exercise classification.config validation checking.

diff --git a/tests/classification-config-validate-01/classification.config b/tests/classification-config-validate-01/classification.config
new file mode 100644 (file)
index 0000000..93f5624
--- /dev/null
+++ b/tests/classification-config-validate-01/classification.config
@@ -0,0 +1 @@
+this is not correct

diff --git a/tests/classification-config-validate-01/test.rules b/tests/classification-config-validate-01/test.rules
new file mode 100644 (file)
index 0000000..91f5607
--- /dev/null
+++ b/tests/classification-config-validate-01/test.rules
@@ -0,0 +1,4 @@
+alert tcp any any -> any 25 (msg:"ET POLICY Inbound Frequent Emails - Possible Spambot Inbound"; \
+     flow:established; content:"mail from|3a|"; nocase;                                          \
+          threshold: type threshold, track by_src, count 10, seconds 60;                              \
+               reference:url,doc.emergingthreats.net/2002087; classtype:misc-activity; sid:2002087; rev:10;)

diff --git a/tests/classification-config-validate-01/test.yaml b/tests/classification-config-validate-01/test.yaml
new file mode 100644 (file)
index 0000000..e770885
--- /dev/null
+++ b/tests/classification-config-validate-01/test.yaml
@@ -0,0 +1,12 @@
+requires:
+    min-version: 7
+
+command: |
+  ${SRCDIR}/src/suricata --set classification-file="${TEST_DIR}/classification.config" -l ${OUTPUT_DIR} -c ${SRCDIR}/suricata.yaml -S ${TEST_DIR}/test.rules -T
+
+exit-code: 1
+
+checks:
+    - shell:
+        args: grep "SC_WARN_CLASSIFICATION_CONFIG" suricata.log | wc -l | xargs
+        expect: 1

diff --git a/tests/classification-config-validate-02/classification.config b/tests/classification-config-validate-02/classification.config
new file mode 100644 (file)
index 0000000..93f5624
--- /dev/null
+++ b/tests/classification-config-validate-02/classification.config
@@ -0,0 +1 @@
+this is not correct

diff --git a/tests/classification-config-validate-02/input.pcap b/tests/classification-config-validate-02/input.pcap
new file mode 100644 (file)
index 0000000..dc92bd9
Binary files /dev/null and b/tests/classification-config-validate-02/input.pcap differ

diff --git a/tests/classification-config-validate-02/test.rules b/tests/classification-config-validate-02/test.rules
new file mode 100644 (file)
index 0000000..91f5607
--- /dev/null
+++ b/tests/classification-config-validate-02/test.rules
@@ -0,0 +1,4 @@
+alert tcp any any -> any 25 (msg:"ET POLICY Inbound Frequent Emails - Possible Spambot Inbound"; \
+     flow:established; content:"mail from|3a|"; nocase;                                          \
+          threshold: type threshold, track by_src, count 10, seconds 60;                              \
+               reference:url,doc.emergingthreats.net/2002087; classtype:misc-activity; sid:2002087; rev:10;)

diff --git a/tests/classification-config-validate-02/test.yaml b/tests/classification-config-validate-02/test.yaml
new file mode 100644 (file)
index 0000000..64f1d14
--- /dev/null
+++ b/tests/classification-config-validate-02/test.yaml
@@ -0,0 +1,11 @@
+requires:
+    min-version: 7
+
+command: |
+  ${SRCDIR}/src/suricata -v --set classification-file="${TEST_DIR}/classification.config" -l ${OUTPUT_DIR} -c ${SRCDIR}/suricata.yaml -S ${TEST_DIR}/test.rules -r ${TEST_DIR}/input.pcap
+
+checks:
+
+    - shell:
+        args: grep -e "SC_WARN_CLASSIFICATION_CONFIG" suricata.log | wc -l | xargs
+        expect: 1