tests/requires: test failure case

Break the requires test into 2 tests.  One that runs to success so we
can verify the output.

A second that is expected to fail due to fatal init errors.

Ticket: #6710

diff --git a/tests/requires-fail/README.md b/tests/requires-fail/README.md
new file mode 100644 (file)
index 0000000..847303f
--- /dev/null
+++ b/tests/requires-fail/README.md
@@ -0,0 +1,3 @@
+Similar to `../requires-ok` but does include one rule that will fail
+to load. This is to test that a bad rule after "skipped" rule fails
+out and is not recorded as skipped.

diff --git a/tests/requires/test.rules b/tests/requires-fail/test.rules
similarity index 100%
rename from tests/requires/test.rules
rename to tests/requires-fail/test.rules

diff --git a/tests/requires-fail/test.yaml b/tests/requires-fail/test.yaml
new file mode 100644 (file)
index 0000000..e4f6da0
--- /dev/null
+++ b/tests/requires-fail/test.yaml
@@ -0,0 +1,12 @@
+requires:
+  min-version: 7.0.3
+
+pcap: ../eve-metadata/testmyids.pcap
+
+args:
+  - -v
+
+# As we have a bad rule, expect exit-code 1.
+exit-code: 1
+
+# No checks, as no stats are written on exit code 0.

diff --git a/tests/requires/README.md b/tests/requires-ok/README.md
similarity index 100%
rename from tests/requires/README.md
rename to tests/requires-ok/README.md

diff --git a/tests/requires-ok/test.rules b/tests/requires-ok/test.rules
new file mode 100644 (file)
index 0000000..eaa41a4
--- /dev/null
+++ b/tests/requires-ok/test.rules
@@ -0,0 +1,15 @@
+# Rule for Suricata >= 7 and < 8.
+alert http any any -> any any (msg:"TEST Suricata >= 7 and < 8"; content:"uid=0"; requires: version >= 7 < 8; sid:7; rev:1;)
+
+# Rule for Suricata >= 7.0.3 but less than 8... Or >= 8.0.1
+alert http any any -> any any (content:"uid=0"; requires: version >= 7.0.3 < 8 | >= 8.0.1; sid:9; rev:1;)
+
+# Rule for Suricata >= 8.
+alert http any any -> any any (msg:"TEST Suricata >= 8"; content:"uid=0"; requires: version >= 8.0.0; sid:8; rev:1;)
+
+# These rules have something invalid about them, but do follow the general rule
+# structure, so should be eliminated by the requires statement.
+alert vxlan any any -> any any (requires: version >= 10; sid:1;)
+alert udp any any -> any any (vxlan_vni:10; requires: version >= 10; sid:2;)
+alert http any any => any any (requires: version >= 10; sid:3;)
+alert tcp any any -> any any (frame:smtp.not_supported; requires: version >= 10; sid:4;)

diff --git a/tests/requires/test.yaml b/tests/requires-ok/test.yaml
similarity index 82%
rename from tests/requires/test.yaml
rename to tests/requires-ok/test.yaml
index 280e94f7c64871a45d824ff34fb4c1fec97d2d1f..3e58b91f6e5fd89b5a6885d1fba2331f8061c679 100644 (file)
--- a/tests/requires/test.yaml
+++ b/tests/requires-ok/test.yaml
@@ -50,7 +50,9 @@ checks:
       count: 1
       match:
         event_type: stats
-        stats.detect.engines[0].rules_skipped: 6
+        stats.detect.engines[0].rules_skipped: 5
+        stats.detect.engines[0].rules_loaded: 2
+        stats.detect.engines[0].rules_failed: 0
 
   - filter:
       requires:
@@ -58,4 +60,6 @@ checks:
       count: 1
       match:
         event_type: stats
-        stats.detect.engines[0].rules_skipped: 7
+        stats.detect.engines[0].rules_skipped: 6
+        stats.detect.engines[0].rules_loaded: 1
+        stats.detect.engines[0].rules_failed: 0