]> git.ipfire.org Git - thirdparty/suricata-verify.git/commitdiff
projects / thirdparty / suricata-verify.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: f7299a7)
tests: Create tests for master-6.0.x branch
authorJeff Lucovsky <jlucovsky@oisf.net>
Wed, 1 Mar 2023 14:16:36 +0000 (09:16 -0500)
committerJeff Lucovsky <jlucovsky@oisf.net>
Wed, 1 Mar 2023 14:16:36 +0000 (09:16 -0500)
This commit introduces master-6.0.x specific tests that cover areas
where functionality is improved or changing for later versions.

tests/bug-5198.v6/README.md [new file with mode: 0644] patch | blob
tests/bug-5198.v6/input.pcap [new file with mode: 0644] patch | blob
tests/bug-5198.v6/test.yaml [new file with mode: 0644] patch | blob
tests/output-eve-anomaly-04.v6/input.pcap [new file with mode: 0644] patch | blob
tests/output-eve-anomaly-04.v6/suricata.yaml [new file with mode: 0644] patch | blob
tests/output-eve-anomaly-04.v6/test.yaml [new file with mode: 0644] patch | blob

diff --git a/tests/bug-5198.v6/README.md b/tests/bug-5198.v6/README.md
new file mode 100644 (file)
index 0000000..8054304
--- /dev/null
+++ b/tests/bug-5198.v6/README.md
@@ -0,0 +1,8 @@
+This test covers the conditions described in issue 5198. An ASAN-enabled build is required for verification as the problem does not present
+on a build without ASAN.
+
+The problem occurs when
+- Eve threaded logging is enabled
+- Suricata doesn't have permissions to create the eve output file
+
+An ASAN build is required to detect the condition (see the issue for the ASAN diagnostics)
diff --git a/tests/bug-5198.v6/input.pcap b/tests/bug-5198.v6/input.pcap
new file mode 100644 (file)
index 0000000..6cfd80f
Binary files /dev/null and b/tests/bug-5198.v6/input.pcap differ
diff --git a/tests/bug-5198.v6/test.yaml b/tests/bug-5198.v6/test.yaml
new file mode 100644 (file)
index 0000000..811d464
--- /dev/null
+++ b/tests/bug-5198.v6/test.yaml
@@ -0,0 +1,16 @@
+requires:
+  lt-version: 7
+  features:
+    - FIX_FOR_BUG_5836
+
+setup:
+  # Create a log directory without write permission
+  - script: |
+      rm -rf ./noperms
+      mkdir -p ./noperms
+      chmod 555 ./noperms
+
+args:
+    - --set outputs.1.eve-log.filename=noperms/eve.json --set outputs.1.eve-log.threaded=true
+
+exit-code: 0
diff --git a/tests/output-eve-anomaly-04.v6/input.pcap b/tests/output-eve-anomaly-04.v6/input.pcap
new file mode 100644 (file)
index 0000000..d50be33
Binary files /dev/null and b/tests/output-eve-anomaly-04.v6/input.pcap differ
diff --git a/tests/output-eve-anomaly-04.v6/suricata.yaml b/tests/output-eve-anomaly-04.v6/suricata.yaml
new file mode 100644 (file)
index 0000000..44deda8
--- /dev/null
+++ b/tests/output-eve-anomaly-04.v6/suricata.yaml
@@ -0,0 +1,23 @@
+%YAML 1.1
+---
+
+outputs:
+  - eve-log:
+      enabled: yes
+      filename: eve.json
+      filetype: regular
+      types:
+        - anomaly:
+            types:
+                stream: yes
+                applayer: no
+
+  - eve-log:
+      enabled: yes
+      filename: eve2.json
+      filetype: regular
+      types:
+        - anomaly:
+            types:
+                stream: yes
+                applayer: no
diff --git a/tests/output-eve-anomaly-04.v6/test.yaml b/tests/output-eve-anomaly-04.v6/test.yaml
new file mode 100644 (file)
index 0000000..49122a1
--- /dev/null
+++ b/tests/output-eve-anomaly-04.v6/test.yaml
@@ -0,0 +1,12 @@
+requires:
+  lt-version: 7
+
+args:
+  - -k none
+
+checks:
+    - shell:
+        args: grep "only one 'anomaly' logger can be enabled" stderr | wc -l | xargs
+        expect: 1
+
+exit-code: 0
Mirror of https://github.com/OISF/suricata-verify.git