From: Jason Ish <jason.ish@oisf.net>
Date: Wed, 16 Sep 2020 15:21:22 +0000 (-0600)
Subject: smb-eicar-file: check files array
X-Git-Tag: suricata-6.0.4~231
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=107e8f08df7db752858ca1513d16ceb75dca0e1f;p=thirdparty%2Fsuricata-verify.git

smb-eicar-file: check files array

Add a check for the files array to make sure it exists
and has a filename.

Only applicable to v6.0.0+.
---

diff --git a/tests/smb-eicar-file/test.yaml b/tests/smb-eicar-file/test.yaml
index 54b53cc40..ad7a26e07 100644
--- a/tests/smb-eicar-file/test.yaml
+++ b/tests/smb-eicar-file/test.yaml
@@ -13,3 +13,12 @@ checks:
       match:
         event_type: alert
         alert.signature_id: 1
+
+  # Check for something in the files array, which is an array of
+  # fileinfo objects.
+  - filter:
+      min-version: 6.0.0
+      count: 1
+      match:
+        event_type: alert
+        files[0].filename: "\\eicar"