From: Eric Leblond <el@stamus-networks.com>
Date: Sun, 8 Jun 2025 07:02:09 +0000 (+0200)
Subject: tests: datajson uses context_key
X-Git-Tag: suricata-7.0.11~14
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=09e2fd7bf9b5507d5f36e4450e7b1af2e3b684e7;p=thirdparty%2Fsuricata-verify.git

tests: datajson uses context_key

Rename the enrichment_key to context_key in the signatures.
---

diff --git a/tests/datajson/datajson-01-ip/test.rules b/tests/datajson/datajson-01-ip/test.rules
index ce880a2ff..bcbdc2e11 100644
--- a/tests/datajson/datajson-01-ip/test.rules
+++ b/tests/datajson/datajson-01-ip/test.rules
@@ -1 +1 @@
-alert http any any -> any any (flow:established,to_server; http.host; content:"testmyids.com"; ip.src; dataset:isset,src_ip,type ip,load src.lst,format json, enrichment_key src_ip, value_key ip; sid:1;)
+alert http any any -> any any (flow:established,to_server; http.host; content:"testmyids.com"; ip.src; dataset:isset,src_ip,type ip,load src.lst,format json, context_key src_ip, value_key ip; sid:1;)
diff --git a/tests/datajson/datajson-02-multiple/test.rules b/tests/datajson/datajson-02-multiple/test.rules
index 592636c0c..ad3b154e4 100644
--- a/tests/datajson/datajson-02-multiple/test.rules
+++ b/tests/datajson/datajson-02-multiple/test.rules
@@ -1 +1 @@
-alert http any any -> any any (flow:established,to_server; http.host; dataset:isset,badhost,type string,load host.lst,format json,enrichment_key bad_host,value_key host; ip.src; dataset:isset,src_ip,type ip,load src.lst,format json,enrichment_key src_ip,value_key ip; sid:1;)
+alert http any any -> any any (flow:established,to_server; http.host; dataset:isset,badhost,type string,load host.lst,format json,context_key bad_host,value_key host; ip.src; dataset:isset,src_ip,type ip,load src.lst,format json,context_key src_ip,value_key ip; sid:1;)
diff --git a/tests/datajson/datajson-03-jsonline/test.rules b/tests/datajson/datajson-03-jsonline/test.rules
index 106d2c884..4bf8a7ece 100644
--- a/tests/datajson/datajson-03-jsonline/test.rules
+++ b/tests/datajson/datajson-03-jsonline/test.rules
@@ -1 +1 @@
-alert http any any -> any any (flow:established,to_server; http.host; dataset:isset,badhost,type string,load host.lst,format ndjson,enrichment_key bad_host,value_key host; ip.src; dataset:isset,src_ip,type ip,load src.lst,format ndjson,enrichment_key src_ip,value_key ip; sid:1;)
+alert http any any -> any any (flow:established,to_server; http.host; dataset:isset,badhost,type string,load host.lst,format ndjson,context_key bad_host,value_key host; ip.src; dataset:isset,src_ip,type ip,load src.lst,format ndjson,context_key src_ip,value_key ip; sid:1;)
diff --git a/tests/datajson/datajson-04-hashes/test.rules b/tests/datajson/datajson-04-hashes/test.rules
index 900bdbba3..d81b5b493 100644
--- a/tests/datajson/datajson-04-hashes/test.rules
+++ b/tests/datajson/datajson-04-hashes/test.rules
@@ -1,2 +1,2 @@
-alert http any any -> any any (flow:established,to_server; http.host; content: "testmyids"; to_sha256; dataset:isset,badcat,type sha256,load badsha.lst,format json,enrichment_key bad_sha,value_key hash; sid:1; rev:1;)
-alert http any any -> any any (flow:established,to_server; http.host; content: "testmyids"; to_md5; dataset:isset,badmd5,type md5,load badmd5.lst,format json,enrichment_key bad_md5,value_key hash; sid:2; rev:1;)
+alert http any any -> any any (flow:established,to_server; http.host; content: "testmyids"; to_sha256; dataset:isset,badcat,type sha256,load badsha.lst,format json,context_key bad_sha,value_key hash; sid:1; rev:1;)
+alert http any any -> any any (flow:established,to_server; http.host; content: "testmyids"; to_md5; dataset:isset,badmd5,type md5,load badmd5.lst,format json,context_key bad_md5,value_key hash; sid:2; rev:1;)
diff --git a/tests/datajson/datajson-05-duplicate/test.rules b/tests/datajson/datajson-05-duplicate/test.rules
index 592636c0c..ad3b154e4 100644
--- a/tests/datajson/datajson-05-duplicate/test.rules
+++ b/tests/datajson/datajson-05-duplicate/test.rules
@@ -1 +1 @@
-alert http any any -> any any (flow:established,to_server; http.host; dataset:isset,badhost,type string,load host.lst,format json,enrichment_key bad_host,value_key host; ip.src; dataset:isset,src_ip,type ip,load src.lst,format json,enrichment_key src_ip,value_key ip; sid:1;)
+alert http any any -> any any (flow:established,to_server; http.host; dataset:isset,badhost,type string,load host.lst,format json,context_key bad_host,value_key host; ip.src; dataset:isset,src_ip,type ip,load src.lst,format json,context_key src_ip,value_key ip; sid:1;)
diff --git a/tests/datajson/datajson-06-remove-key/test.rules b/tests/datajson/datajson-06-remove-key/test.rules
index 329e7ccd3..545ffc769 100644
--- a/tests/datajson/datajson-06-remove-key/test.rules
+++ b/tests/datajson/datajson-06-remove-key/test.rules
@@ -1 +1 @@
-alert http any any -> any any (flow:established,to_server; http.host; dataset:isset,badhost,type string,load host.lst,format ndjson,enrichment_key bad_host,remove_key, value_key host; ip.src; dataset:isset,src_ip,type ip,load src.lst,format ndjson,enrichment_key src_ip,value_key ip, remove_key; sid:1;)
+alert http any any -> any any (flow:established,to_server; http.host; dataset:isset,badhost,type string,load host.lst,format ndjson,context_key bad_host,remove_key, value_key host; ip.src; dataset:isset,src_ip,type ip,load src.lst,format ndjson,context_key src_ip,value_key ip, remove_key; sid:1;)
diff --git a/tests/datajson/datajson-07-dataset/test.rules b/tests/datajson/datajson-07-dataset/test.rules
index 95a825895..127664adb 100644
--- a/tests/datajson/datajson-07-dataset/test.rules
+++ b/tests/datajson/datajson-07-dataset/test.rules
@@ -1,2 +1,2 @@
 alert http any any -> any any (flow:established,to_server; ip.src; dataset:isset,bip,type ipv6,load ip.lst,key ip; sid:1;)
-alert http any any -> any any (flow:established,to_server; http.host; dataset:isset,badhost,type string,load host.lst,enrichment_key bad_host; sid:2;)
+alert http any any -> any any (flow:established,to_server; http.host; dataset:isset,badhost,type string,load host.lst,context_key bad_host; sid:2;)
diff --git a/tests/datajson/datajson-08-invalid-json/test.rules b/tests/datajson/datajson-08-invalid-json/test.rules
index 71aa789ba..660f8dfa6 100644
--- a/tests/datajson/datajson-08-invalid-json/test.rules
+++ b/tests/datajson/datajson-08-invalid-json/test.rules
@@ -1 +1 @@
-alert http any any -> any any (flow:established,to_server; ip.src; dataset:isset,bip,type ipv6,load ip.lst,format json, enrichment_key ip, value_key ip; sid:1;)
+alert http any any -> any any (flow:established,to_server; ip.src; dataset:isset,bip,type ipv6,load ip.lst,format json, context_key ip, value_key ip; sid:1;)
diff --git a/tests/datajson/datajson-09-jsonformat/test.rules b/tests/datajson/datajson-09-jsonformat/test.rules
index a55f95554..d229c5a5c 100644
--- a/tests/datajson/datajson-09-jsonformat/test.rules
+++ b/tests/datajson/datajson-09-jsonformat/test.rules
@@ -1,7 +1,7 @@
-alert http any any -> any any (flow:established,to_server; http.host; dataset:isset,badhost,type string,load hosts.json,format json, enrichment_key bad_host,value_key host, array_key threat; ip.src; dataset:isset,src_ip,type ip,load src.json,format json, enrichment_key src_ip,value_key ip; sid:1;)
+alert http any any -> any any (flow:established,to_server; http.host; dataset:isset,badhost,type string,load hosts.json,format json, context_key bad_host,value_key host, array_key threat; ip.src; dataset:isset,src_ip,type ip,load src.json,format json, context_key src_ip,value_key ip; sid:1;)
 
-alert http any any -> any any (flow:established,to_server; http.host; dataset:isset,dbadhost,type string,load hosts-direct.json,format json,enrichment_key dbad_host,value_key host; ip.src; dataset:isset,src_ip,type ip,load src.json,format json, enrichment_key src_ip,value_key ip; sid:2;)
+alert http any any -> any any (flow:established,to_server; http.host; dataset:isset,dbadhost,type string,load hosts-direct.json,format json,context_key dbad_host,value_key host; ip.src; dataset:isset,src_ip,type ip,load src.json,format json, context_key src_ip,value_key ip; sid:2;)
 
-alert http any any -> any any (flow:established,to_server; http.host; dataset:isset,nbadhost,type string,load hosts-nested.json,format json, enrichment_key nbad_host,value_key host, array_key info.threat; ip.src; dataset:isset,src_ip,type ip,load src.json,format json, enrichment_key src_ip,value_key ip; sid:3;)
+alert http any any -> any any (flow:established,to_server; http.host; dataset:isset,nbadhost,type string,load hosts-nested.json,format json, context_key nbad_host,value_key host, array_key info.threat; ip.src; dataset:isset,src_ip,type ip,load src.json,format json, context_key src_ip,value_key ip; sid:3;)
 
-alert http any any -> any any (flow:established,to_server; http.host; dataset:isset,nkbadhost,type string,load hosts-nested-key.json,format json, enrichment_key nkbad_host,value_key host.fqdn, array_key info.threat; ip.src; dataset:isset,src_ip,type ip,load src.json,format json, enrichment_key src_ip,value_key ip; sid:4;)
+alert http any any -> any any (flow:established,to_server; http.host; dataset:isset,nkbadhost,type string,load hosts-nested-key.json,format json, context_key nkbad_host,value_key host.fqdn, array_key info.threat; ip.src; dataset:isset,src_ip,type ip,load src.json,format json, context_key src_ip,value_key ip; sid:4;)
diff --git a/tests/datajson/datajson-10-remove-nested-key/test.rules b/tests/datajson/datajson-10-remove-nested-key/test.rules
index 3810aa448..f5ce1bf37 100644
--- a/tests/datajson/datajson-10-remove-nested-key/test.rules
+++ b/tests/datajson/datajson-10-remove-nested-key/test.rules
@@ -1 +1 @@
-alert http any any -> any any (flow:established,to_server; http.host; dataset:isset,badhost,type string,load host.lst,format ndjson,enrichment_key bad_host,value_key ioc.host,remove_key; ip.src; dataset:isset,src_ip,type ip,load src.lst,format ndjson,enrichment_key src_ip,value_key ip; sid:1;)
+alert http any any -> any any (flow:established,to_server; http.host; dataset:isset,badhost,type string,load host.lst,format ndjson,context_key bad_host,value_key ioc.host,remove_key; ip.src; dataset:isset,src_ip,type ip,load src.lst,format ndjson,context_key src_ip,value_key ip; sid:1;)