pgsql: update bug-6983 tests

author Juliana Fajardini <jufajardini@gmail.com>

Tue, 27 Aug 2024 17:53:16 +0000 (14:53 -0300)

committer Juliana Fajardini <jufajardini@gmail.com>

Tue, 27 Aug 2024 19:28:54 +0000 (16:28 -0300)
author Juliana Fajardini <jufajardini@gmail.com>
Tue, 27 Aug 2024 17:53:16 +0000 (14:53 -0300)
committer Juliana Fajardini <jufajardini@gmail.com>
Tue, 27 Aug 2024 19:28:54 +0000 (16:28 -0300)
diff --git a/tests/pgsql/pgsql-bug-6983-ids/README.md b/tests/pgsql/pgsql-bug-6983-ids/README.md

index f626417ec4aad0428bf7a8343dfe6e0eda7b22f1..69a119f0dc344fad3a30f1ff0863f09ff5d41ddb 100644 (file)
--- a/tests/pgsql/pgsql-bug-6983-ids/README.md
+++ b/tests/pgsql/pgsql-bug-6983-ids/README.md
@@ -1,6 +1,7 @@
  # Description
  
-Tests that alerts for the pgsql app-proto will include pgsql app-proto metadata.
+Tests that alerts for the pgsql app-proto will not include pgsql app-proto metadata
+if this setting is disabled in the configuration file.
  
  ## PCAP
  
diff --git a/tests/pgsql/pgsql-bug-6983-ids/suricata.yaml b/tests/pgsql/pgsql-bug-6983-ids/suricata.yaml

index b1049819c46e0a46d77e58c9918db34d0da37abf..0103a7bd7f6841106860128441bb35951773a728 100755 (executable)
--- a/tests/pgsql/pgsql-bug-6983-ids/suricata.yaml
+++ b/tests/pgsql/pgsql-bug-6983-ids/suricata.yaml
@@ -10,7 +10,9 @@ outputs:
          - pgsql:
              enabled: yes
              passwords: yes
-        - alert
+        - alert:
+            enabled: yes
+            metadata: no
  
  app-layer:
    protocols:
diff --git a/tests/pgsql/pgsql-bug-6983-ids/test.yaml b/tests/pgsql/pgsql-bug-6983-ids/test.yaml

index f1c6c43d5ad97fb90e03796e6361bf603a0fe523..f9e8ddde05d48a3b4732e704c016416d9a737b8e 100644 (file)
--- a/tests/pgsql/pgsql-bug-6983-ids/test.yaml
+++ b/tests/pgsql/pgsql-bug-6983-ids/test.yaml
@@ -16,10 +16,5 @@ checks:
      match:
        event_type: alert
        alert.signature_id: 1
-- filter:
-    min-version: 8
-    count: 1
-    match:
-      event_type: alert
-      flow.pkts_toserver: 10
-      flow.pkts_toclient: 10
+      not-has-key: flow
+      not-has-key: pgsql
diff --git a/tests/pgsql/pgsql-bug-6983-ips/test.yaml b/tests/pgsql/pgsql-bug-6983-ips/test.yaml

index fd9277cc52bd4404d71bd1545f01db998ff537f9..e7f22f0683abc288e5dbd5a320670f1af9a09b38 100644 (file)
--- a/tests/pgsql/pgsql-bug-6983-ips/test.yaml
+++ b/tests/pgsql/pgsql-bug-6983-ips/test.yaml
@@ -13,7 +13,15 @@ checks:
      match:
        event_type: pgsql
  - filter:
+    # in ips mode, as this rule inspects the stream only (no pgsql keywords), we end up getting two alerts instead of one
      count: 2
      match:
        event_type: alert
        alert.signature_id: 1
+- filter:
+    count: 1
+    match:
+      event_type: alert
+      alert.signature_id: 1
+      pgsql.request.simple_query: "select * from rules where sid = 2021701;"
+      pgsql.response.field_count: 10
author	Juliana Fajardini <jufajardini@gmail.com>
	Tue, 27 Aug 2024 17:53:16 +0000 (14:53 -0300)
committer	Juliana Fajardini <jufajardini@gmail.com>
	Tue, 27 Aug 2024 19:28:54 +0000 (16:28 -0300)
tests/pgsql/pgsql-bug-6983-ids/README.md		patch \| blob \| blame \| history
tests/pgsql/pgsql-bug-6983-ids/suricata.yaml		patch \| blob \| blame \| history
tests/pgsql/pgsql-bug-6983-ids/test.yaml		patch \| blob \| blame \| history
tests/pgsql/pgsql-bug-6983-ips/test.yaml		patch \| blob \| blame \| history