From: Alex Savage <exlavasage@gmail.com>
Date: Mon, 24 Mar 2025 23:42:25 +0000 (+0000)
Subject: tests/pop3 add eve output checks
X-Git-Tag: suricata-7.0.11~101
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=01c9a00085113bec9e135f13f2d806bca06a65aa;p=thirdparty%2Fsuricata-verify.git

tests/pop3 add eve output checks
Ticket: 3243
---

diff --git a/tests/pop3/test.yaml b/tests/pop3/test.yaml
index 34a811b0c..d406ca5c0 100644
--- a/tests/pop3/test.yaml
+++ b/tests/pop3/test.yaml
@@ -2,8 +2,63 @@ requires:
   min-version: 8
 
 checks:
-  - filter:
-      count: 1
-      match:
-        event_type: flow
-        app_proto: pop3
+- filter:
+    count: 5
+    # count: 56
+    match:
+      event_type: pop3
+
+- filter:
+    count: 1
+    match:
+      dest_ip: 74.208.5.11
+      pop3.response.success: true
+      pop3.response.status: "OK"
+      pop3.response.header: "POP server ready H mieueus020 1Mw7UO-1j88qA02mS-00sOH0"
+
+- filter:
+    count: 1
+    match:
+      dest_ip: 74.208.5.11
+      pop3.request.command: "USER"
+      pop3.request.args[0]: "moises.nunez@ingenierianumar.com"
+      pop3.response.success: true
+      pop3.response.status: "OK"
+      pop3.response.header: "password required for user \"moises.nunez@ingenierianumar.com\""
+
+- filter:
+    count: 1
+    match:
+      pop3.request.command: "PASS"
+      pop3.response.success: true
+
+- filter:
+    count: 1
+    match:
+      pop3.request.command: "STAT"
+      pop3.response.success: true
+
+- filter:
+    count: 1
+    match:
+      pop3.request.command: "LIST"
+      pop3.response.success: true
+
+# Bug with sawp_pop3 causing early exit
+# - filter:
+#     count: 1
+#     match:
+#       pop3.request.command: "RSET"
+#       pop3.response.success: true
+
+# - filter:
+#     count: 1
+#     match:
+#       pop3.request.command: "UIDL"
+#       pop3.response.success: true
+
+# - filter:
+#     count: 49
+#     match:
+#       pop3.request.command: "TOP"
+#       pop3.response.success: true