From: Jeff Lucovsky <jlucovsky@oisf.net>
Date: Sun, 4 Sep 2022 12:23:55 +0000 (-0400)
Subject: tests/log: Verify bug 5198
X-Git-Tag: suricata-6.0.10~4
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=283c865596186ec34e126bfdb7daf6ed3a921b2a;p=thirdparty%2Fsuricata-verify.git

tests/log: Verify bug 5198

This issue requires an ASAN build -- it doesn't reproduce without ASAN.

Issue: 5198
---

diff --git a/tests/bug-5198/README.md b/tests/bug-5198/README.md
new file mode 100644
index 000000000..80543044c
--- /dev/null
+++ b/tests/bug-5198/README.md
@@ -0,0 +1,8 @@
+This test covers the conditions described in issue 5198. An ASAN-enabled build is required for verification as the problem does not present
+on a build without ASAN.
+
+The problem occurs when
+- Eve threaded logging is enabled
+- Suricata doesn't have permissions to create the eve output file
+
+An ASAN build is required to detect the condition (see the issue for the ASAN diagnostics)
diff --git a/tests/bug-5198/input.pcap b/tests/bug-5198/input.pcap
new file mode 100644
index 000000000..6cfd80f9b
Binary files /dev/null and b/tests/bug-5198/input.pcap differ
diff --git a/tests/bug-5198/test.yaml b/tests/bug-5198/test.yaml
new file mode 100644
index 000000000..3759a7152
--- /dev/null
+++ b/tests/bug-5198/test.yaml
@@ -0,0 +1,14 @@
+requires:
+  min-version: 7
+
+setup:
+  # Create a log directory without write permission
+  - script: |
+      rm -rf ./noperms
+      mkdir -p ./noperms
+      chmod 555 ./noperms
+
+args:
+    - --set outputs.1.eve-log.filename=noperms/eve.json --set outputs.1.eve-log.threaded=true
+
+exit-code: 0