From: Eric Leblond <el@stamus-networks.com>
Date: Sun, 13 Oct 2024 11:40:43 +0000 (+0200)
Subject: tests: add md5 test to datajson
X-Git-Tag: suricata-7.0.11~30
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=268acf49bf6f8dca5fc7d1dd7131904fd0093472;p=thirdparty%2Fsuricata-verify.git

tests: add md5 test to datajson
---

diff --git a/tests/datajson/datajson-04-sha256/badsha.lst b/tests/datajson/datajson-04-hashes/badsha.lst
similarity index 100%
rename from tests/datajson/datajson-04-sha256/badsha.lst
rename to tests/datajson/datajson-04-hashes/badsha.lst
diff --git a/tests/datajson/datajson-04-sha256/input.pcap b/tests/datajson/datajson-04-hashes/input.pcap
similarity index 100%
rename from tests/datajson/datajson-04-sha256/input.pcap
rename to tests/datajson/datajson-04-hashes/input.pcap
diff --git a/tests/datajson/datajson-04-sha256/test.rules b/tests/datajson/datajson-04-hashes/test.rules
similarity index 50%
rename from tests/datajson/datajson-04-sha256/test.rules
rename to tests/datajson/datajson-04-hashes/test.rules
index 018173048..af67a6908 100644
--- a/tests/datajson/datajson-04-sha256/test.rules
+++ b/tests/datajson/datajson-04-hashes/test.rules
@@ -1 +1,2 @@
 alert http any any -> any any (flow:established,to_server; http.host; content: "testmyids"; to_sha256; datajson:isset,badcat,type sha256,load badsha.lst,key bad_sha; sid:1; rev:1;)
+alert http any any -> any any (flow:established,to_server; http.host; content: "testmyids"; to_md5; datajson:isset,badmd5,type md5,load badmd5.lst,key bad_md5; sid:2; rev:1;)
diff --git a/tests/datajson/datajson-04-sha256/test.yaml b/tests/datajson/datajson-04-hashes/test.yaml
similarity index 70%
rename from tests/datajson/datajson-04-sha256/test.yaml
rename to tests/datajson/datajson-04-hashes/test.yaml
index 4dad013b4..716171874 100644
--- a/tests/datajson/datajson-04-sha256/test.yaml
+++ b/tests/datajson/datajson-04-hashes/test.yaml
@@ -9,7 +9,7 @@ args:
 
 checks:
   - filter:
-      count: 1
+      count: 2
       match:
         event_type: alert
   - filter:
@@ -18,3 +18,9 @@ checks:
         event_type: alert
         alert.signature_id: 1
         alert.extra.bad_sha.year: 2005
+  - filter:
+      count: 1
+      match:
+        event_type: alert
+        alert.signature_id: 2
+        alert.extra.bad_md5.year: 2007