From: Jason Ish <jason.ish@oisf.net>
Date: Thu, 4 Jul 2024 20:30:54 +0000 (-0600)
Subject: dns-eve-log-https-only: v2 and v3 tests
X-Git-Tag: suricata-7.0.7~72
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=2b7e5552cbe46a47a8ff7d73b1f408d6c5400864;p=thirdparty%2Fsuricata-verify.git

dns-eve-log-https-only: v2 and v3 tests
---

diff --git a/tests/dns-eve-log-https-only/README.md b/tests/dns/dns-eve-log-https-only/README.md
similarity index 100%
rename from tests/dns-eve-log-https-only/README.md
rename to tests/dns/dns-eve-log-https-only/README.md
diff --git a/tests/dns-eve-log-https-only/suricata.yaml b/tests/dns/dns-eve-log-https-only/suricata.yaml
similarity index 100%
rename from tests/dns-eve-log-https-only/suricata.yaml
rename to tests/dns/dns-eve-log-https-only/suricata.yaml
diff --git a/tests/dns-eve-log-https-only/test.pcap b/tests/dns/dns-eve-log-https-only/test.pcap
similarity index 100%
rename from tests/dns-eve-log-https-only/test.pcap
rename to tests/dns/dns-eve-log-https-only/test.pcap
diff --git a/tests/dns/dns-eve-log-https-only/test.yaml b/tests/dns/dns-eve-log-https-only/test.yaml
new file mode 100644
index 000000000..4617f0f79
--- /dev/null
+++ b/tests/dns/dns-eve-log-https-only/test.yaml
@@ -0,0 +1,10 @@
+requires:
+  min-version: 8
+
+checks:
+  # Check that we only have requests and responses for HTTPS records.
+- filter:
+    count: 1
+    match:
+      event_type: "dns"
+      dns.queries[0].rrtype: "HTTPS"
diff --git a/tests/dns/v2/dns-eve-log-https-only/README.md b/tests/dns/v2/dns-eve-log-https-only/README.md
new file mode 100644
index 000000000..1f329b0eb
--- /dev/null
+++ b/tests/dns/v2/dns-eve-log-https-only/README.md
@@ -0,0 +1,11 @@
+Description
+===========
+Test custom eve DNS logging by configuring it to log only HTTPS records, and verifying that only HTTPS records are logged.
+
+PCAP
+====
+PCAP comes from the redmine ticket [4751](https://redmine.openinfosecfoundation.org/issues/4751)
+
+Redmine ticket
+==============
+https://redmine.openinfosecfoundation.org/issues/4751
diff --git a/tests/dns/v2/dns-eve-log-https-only/suricata.yaml b/tests/dns/v2/dns-eve-log-https-only/suricata.yaml
new file mode 100644
index 000000000..1091afa3b
--- /dev/null
+++ b/tests/dns/v2/dns-eve-log-https-only/suricata.yaml
@@ -0,0 +1,12 @@
+%YAML 1.1
+---
+
+outputs:
+  - eve-log:
+      enabled: yes
+      filetype: regular
+      filename: eve.json
+      types:
+        - dns:
+            version: 2
+            types: [https]
diff --git a/tests/dns/v2/dns-eve-log-https-only/test.pcap b/tests/dns/v2/dns-eve-log-https-only/test.pcap
new file mode 100644
index 000000000..2090848cf
Binary files /dev/null and b/tests/dns/v2/dns-eve-log-https-only/test.pcap differ
diff --git a/tests/dns-eve-log-https-only/test.yaml b/tests/dns/v2/dns-eve-log-https-only/test.yaml
similarity index 100%
rename from tests/dns-eve-log-https-only/test.yaml
rename to tests/dns/v2/dns-eve-log-https-only/test.yaml