tests: engine-analysis pkt_stream rule type tests

author Juliana Fajardini <jufajardini@gmail.com>

Fri, 24 Jan 2025 18:27:42 +0000 (15:27 -0300)

committer Victor Julien <victor@inliniac.net>

Tue, 28 Jan 2025 08:32:49 +0000 (09:32 +0100)
author Juliana Fajardini <jufajardini@gmail.com>
Fri, 24 Jan 2025 18:27:42 +0000 (15:27 -0300)
committer Victor Julien <victor@inliniac.net>
Tue, 28 Jan 2025 08:32:49 +0000 (09:32 +0100)
diff --git a/tests/rules/rule-type-pkt-stream/test.rules b/tests/rules/rule-type-pkt-stream/test.rules

new file mode 100644 (file)

index 0000000..a185ac2
--- /dev/null
+++ b/tests/rules/rule-type-pkt-stream/test.rules
@@ -0,0 +1,3 @@
+# Packet Stream rules
+alert tcp any any -> any any (msg:"tcp, anchored content"; content:"abc"; startswith; sid:303;)
+alert http any any -> any any (msg:"http, anchored content"; content:"abc"; depth:30; sid:603;)
diff --git a/tests/rules/rule-type-pkt-stream/test.yaml b/tests/rules/rule-type-pkt-stream/test.yaml

new file mode 100644 (file)

index 0000000..26644aa
--- /dev/null
+++ b/tests/rules/rule-type-pkt-stream/test.yaml
@@ -0,0 +1,20 @@
+requires:
+    min-version: 7
+    pcap: false
+
+args:
+- --engine-analysis
+
+checks:
+    - filter:
+        filename: rules.json
+        count: 1
+        match:
+            id: 303
+            type: pkt_stream
+    - filter:
+        filename: rules.json
+        count: 1
+        match:
+            id: 603
+            type: pkt_stream
author	Juliana Fajardini <jufajardini@gmail.com>
	Fri, 24 Jan 2025 18:27:42 +0000 (15:27 -0300)
committer	Victor Julien <victor@inliniac.net>
	Tue, 28 Jan 2025 08:32:49 +0000 (09:32 +0100)
tests/rules/rule-type-pkt-stream/test.rules	[new file with mode: 0644]	patch \| blob
tests/rules/rule-type-pkt-stream/test.yaml	[new file with mode: 0644]	patch \| blob