From: Jeff Lucovsky Date: Sun, 28 Feb 2021 19:42:00 +0000 (-0500) Subject: tests: Add test for threshold.config validation X-Git-Tag: suricata-6.0.4~94 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=425a0130f4d0913ed1ab25dd21472d11f0afac82;p=thirdparty%2Fsuricata-verify.git tests: Add test for threshold.config validation This commit adds a test case to insure that "-T" stops execution when threshold.config is not valid. --- diff --git a/tests/threshold-config-validate/test.rules b/tests/threshold-config-validate/test.rules new file mode 100644 index 000000000..91f56071a --- /dev/null +++ b/tests/threshold-config-validate/test.rules @@ -0,0 +1,4 @@ +alert tcp any any -> any 25 (msg:"ET POLICY Inbound Frequent Emails - Possible Spambot Inbound"; \ + flow:established; content:"mail from|3a|"; nocase; \ + threshold: type threshold, track by_src, count 10, seconds 60; \ + reference:url,doc.emergingthreats.net/2002087; classtype:misc-activity; sid:2002087; rev:10;) diff --git a/tests/threshold-config-validate/test.yaml b/tests/threshold-config-validate/test.yaml new file mode 100644 index 000000000..58edd8579 --- /dev/null +++ b/tests/threshold-config-validate/test.yaml @@ -0,0 +1,16 @@ +requires: + min-version: 7 + +command: | + ${SRCDIR}/src/suricata --set threshold-file="${TEST_DIR}/threshold.config" -l ${OUTPUT_DIR} -c ${SRCDIR}/suricata.yaml -S ${TEST_DIR}/test.rules -T + +exit-code: 1 + +checks: + - shell: + args: grep "Error loading threshold configuration" suricata.log | wc -l | xargs + expect: 1 + + - shell: + args: grep "SC_WARN_THRESH_CONFIG" suricata.log | wc -l | xargs + expect: 1 diff --git a/tests/threshold-config-validate/threshold.config b/tests/threshold-config-validate/threshold.config new file mode 100644 index 000000000..93f562417 --- /dev/null +++ b/tests/threshold-config-validate/threshold.config @@ -0,0 +1 @@ +this is not correct