tests: Test for issue 3463

author Jeff Lucovsky <jeff@lucovsky.org>

Wed, 4 Mar 2020 15:21:17 +0000 (10:21 -0500)

committer Jason Ish <jason.ish@oisf.net>

Tue, 17 Mar 2020 15:36:33 +0000 (09:36 -0600)
author Jeff Lucovsky <jeff@lucovsky.org>
Wed, 4 Mar 2020 15:21:17 +0000 (10:21 -0500)
committer Jason Ish <jason.ish@oisf.net>
Tue, 17 Mar 2020 15:36:33 +0000 (09:36 -0600)
diff --git a/tests/bug-3463/test.rules b/tests/bug-3463/test.rules

new file mode 100644 (file)

index 0000000..a183e05
--- /dev/null
+++ b/tests/bug-3463/test.rules
@@ -0,0 +1 @@
+alert http any any -> any any (msg:"CURL2"; flow:established,to_server; content:"GET"; http_method;  content:"curl"; http_user_agent; threshold: type limit, track by_src, count 1 , seconds 60; content: "| 0a|";threshold: type limit, track by_src, count 1 , seconds 60; sid:2;)
diff --git a/tests/bug-3463/test.yaml b/tests/bug-3463/test.yaml

new file mode 100644 (file)

index 0000000..47c816b
--- /dev/null
+++ b/tests/bug-3463/test.yaml
@@ -0,0 +1,13 @@
+requires:
+  min-version: 6.0.0
+  pcap: false
+
+exit-code: 1
+
+args:
+    - --engine-analysis
+
+checks:
+    - shell:
+        args: grep "multiple \"threshold\" options are not allowed in the same rule" suricata.log | wc -l | xargs
+        expect: 1
author	Jeff Lucovsky <jeff@lucovsky.org>
	Wed, 4 Mar 2020 15:21:17 +0000 (10:21 -0500)
committer	Jason Ish <jason.ish@oisf.net>
	Tue, 17 Mar 2020 15:36:33 +0000 (09:36 -0600)
tests/bug-3463/test.rules	[new file with mode: 0644]	patch \| blob
tests/bug-3463/test.yaml	[new file with mode: 0644]	patch \| blob