tests: Invalid threshold.config w/out -T

author Jeff Lucovsky <jeff@lucovsky.org>

Sun, 28 Feb 2021 20:06:04 +0000 (15:06 -0500)

committer Jason Ish <jason.ish@oisf.net>

Fri, 30 Apr 2021 18:09:17 +0000 (12:09 -0600)
author Jeff Lucovsky <jeff@lucovsky.org>
Sun, 28 Feb 2021 20:06:04 +0000 (15:06 -0500)
committer Jason Ish <jason.ish@oisf.net>
Fri, 30 Apr 2021 18:09:17 +0000 (12:09 -0600)
diff --git a/tests/threshold-config-validate/test.rules b/tests/threshold-config-validate-01/test.rules

similarity index 100%

rename from tests/threshold-config-validate/test.rules

rename to tests/threshold-config-validate-01/test.rules
diff --git a/tests/threshold-config-validate/test.yaml b/tests/threshold-config-validate-01/test.yaml

similarity index 100%

rename from tests/threshold-config-validate/test.yaml

rename to tests/threshold-config-validate-01/test.yaml
diff --git a/tests/threshold-config-validate/threshold.config b/tests/threshold-config-validate-01/threshold.config

similarity index 100%

rename from tests/threshold-config-validate/threshold.config

rename to tests/threshold-config-validate-01/threshold.config
diff --git a/tests/threshold-config-validate-02/input.pcap b/tests/threshold-config-validate-02/input.pcap

new file mode 100644 (file)

index 0000000..dc92bd9

Binary files /dev/null and b/tests/threshold-config-validate-02/input.pcap differ
diff --git a/tests/threshold-config-validate-02/test.rules b/tests/threshold-config-validate-02/test.rules

new file mode 100644 (file)

index 0000000..91f5607
--- /dev/null
+++ b/tests/threshold-config-validate-02/test.rules
@@ -0,0 +1,4 @@
+alert tcp any any -> any 25 (msg:"ET POLICY Inbound Frequent Emails - Possible Spambot Inbound"; \
+     flow:established; content:"mail from|3a|"; nocase;                                          \
+          threshold: type threshold, track by_src, count 10, seconds 60;                              \
+               reference:url,doc.emergingthreats.net/2002087; classtype:misc-activity; sid:2002087; rev:10;)
diff --git a/tests/threshold-config-validate-02/test.yaml b/tests/threshold-config-validate-02/test.yaml

new file mode 100644 (file)

index 0000000..2aeb0d2
--- /dev/null
+++ b/tests/threshold-config-validate-02/test.yaml
@@ -0,0 +1,15 @@
+requires:
+    min-version: 7
+
+command: |
+  ${SRCDIR}/src/suricata -v --set threshold-file="${TEST_DIR}/threshold.config" -l ${OUTPUT_DIR} -c ${SRCDIR}/suricata.yaml -S ${TEST_DIR}/test.rules -r ${TEST_DIR}/input.pcap
+
+checks:
+
+    - shell:
+        args: grep -e "pcre_exec parse error, ret -1, string this is not correct" suricata.log | wc -l | xargs
+        expect: 1
+
+    - shell:
+        args: grep -e "Threshold config parsed.*0 rule.*found" suricata.log | wc -l | xargs
+        expect: 1
diff --git a/tests/threshold-config-validate-02/threshold.config b/tests/threshold-config-validate-02/threshold.config

new file mode 100644 (file)

index 0000000..93f5624
--- /dev/null
+++ b/tests/threshold-config-validate-02/threshold.config
@@ -0,0 +1 @@
+this is not correct
author	Jeff Lucovsky <jeff@lucovsky.org>
	Sun, 28 Feb 2021 20:06:04 +0000 (15:06 -0500)
committer	Jason Ish <jason.ish@oisf.net>
	Fri, 30 Apr 2021 18:09:17 +0000 (12:09 -0600)
tests/threshold-config-validate-01/test.rules	[moved from tests/threshold-config-validate/test.rules with 100% similarity]	patch \| blob \| blame \| history
tests/threshold-config-validate-01/test.yaml	[moved from tests/threshold-config-validate/test.yaml with 100% similarity]	patch \| blob \| blame \| history
tests/threshold-config-validate-01/threshold.config	[moved from tests/threshold-config-validate/threshold.config with 100% similarity]	patch \| blob \| blame \| history
tests/threshold-config-validate-02/input.pcap	[new file with mode: 0644]	patch \| blob
tests/threshold-config-validate-02/test.rules	[new file with mode: 0644]	patch \| blob
tests/threshold-config-validate-02/test.yaml	[new file with mode: 0644]	patch \| blob
tests/threshold-config-validate-02/threshold.config	[new file with mode: 0644]	patch \| blob