From: Juliana Fajardini <jufajardini@oisf.net>
Date: Wed, 29 Oct 2025 18:53:46 +0000 (-0700)
Subject: tests: improve alert-max tests
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=3b8d3aa81ba7d8d2fee59bae372d93e950320670;p=thirdparty%2Fsuricata-verify.git

tests: improve alert-max tests

As the tests for correct rule alerts appending and alert verdict  have
more rules, it's easier to understand the whole behavior if all the
rules present are accounted for, in the yaml checks.

Bug #8021
---

diff --git a/tests/alert-max/alert-max-append-higher-priority/test.yaml b/tests/alert-max/alert-max-append-higher-priority/test.yaml
index a81975ba9..764b419ac 100644
--- a/tests/alert-max/alert-max-append-higher-priority/test.yaml
+++ b/tests/alert-max/alert-max-append-higher-priority/test.yaml
@@ -58,3 +58,27 @@ checks:
     match:
       event_type: stats
       stats.detect.alert_queue_overflow: 4
+# Subtest 10
+- filter:
+    count: 0
+    match:
+      event_type: alert
+      alert.signature_id: 9
+# Subtest 11
+- filter:
+    count: 0
+    match:
+      event_type: alert
+      alert.signature_id: 10
+# Subtest 11
+- filter:
+    count: 0
+    match:
+      event_type: alert
+      alert.signature_id: 11
+# Subtest 13
+- filter:
+    count: 0
+    match:
+      event_type: alert
+      alert.signature_id: 12
diff --git a/tests/alert-max/alert-max-verdict/test.yaml b/tests/alert-max/alert-max-verdict/test.yaml
index 60abc4fa0..768bbfa72 100644
--- a/tests/alert-max/alert-max-verdict/test.yaml
+++ b/tests/alert-max/alert-max-verdict/test.yaml
@@ -30,6 +30,7 @@ checks:
     match:
       event_type: alert
       alert.signature_id: 4
+      verdict.action: alert
 # Subtest 5
 - filter:
     count: 0
@@ -42,12 +43,14 @@ checks:
     match:
       event_type: alert
       alert.signature_id: 6
+      verdict.action: alert
 # Subtest 7
 - filter:
     count: 1
     match:
       event_type: alert
       alert.signature_id: 7
+      verdict.action: alert
 # Subtest 8
 - filter:
     count: 0
@@ -60,3 +63,21 @@ checks:
     match:
       event_type: stats
       stats.detect.alert_queue_overflow: 4
+# Subtest 8
+- filter:
+    count: 0
+    match:
+      event_type: alert
+      alert.signature_id: 9
+# Subtest 8
+- filter:
+    count: 0
+    match:
+      event_type: alert
+      alert.signature_id: 11
+# Subtest 8
+- filter:
+    count: 0
+    match:
+      event_type: alert
+      alert.signature_id: 12