From: Jason Ish <ish@unx.ca>
Date: Wed, 20 Dec 2017 23:04:59 +0000 (-0600)
Subject: some check.sh to test.yaml verifications.
X-Git-Tag: suricata-6.0.4~556
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=53468de6690506095a2fae11255b7e73e31dd9d2;p=thirdparty%2Fsuricata-verify.git

some check.sh to test.yaml verifications.
---

diff --git a/tests/alert-testmyids-not-established/check.sh b/tests/alert-testmyids-not-established/check.sh
deleted file mode 100755
index da29c9396..000000000
--- a/tests/alert-testmyids-not-established/check.sh
+++ /dev/null
@@ -1,13 +0,0 @@
-#! /bin/sh
-
-. ../../util/functions.sh
-
-# Should have one fast log entry.
-n=$(cat output/fast.log | wc -l | xargs)
-assert_eq 1 "$n" "bad fast.log"
-
-# Should have one eve alert.
-n=$(jq_count output/eve.json 'select(.event_type == "alert")')
-assert_eq 1 "$n" "eve.json alerts"
-
-exit 0
diff --git a/tests/alert-testmyids-not-established/test.yaml b/tests/alert-testmyids-not-established/test.yaml
new file mode 100644
index 000000000..136b33f52
--- /dev/null
+++ b/tests/alert-testmyids-not-established/test.yaml
@@ -0,0 +1,10 @@
+checks:
+
+  - shell:
+      args: cat output/fast.log | wc -l | xargs
+      expect: 1
+
+  - filter:
+      count: 1
+      match:
+        event_type: alert
diff --git a/tests/alert-testmyids/check.sh b/tests/alert-testmyids/check.sh
deleted file mode 100755
index da29c9396..000000000
--- a/tests/alert-testmyids/check.sh
+++ /dev/null
@@ -1,13 +0,0 @@
-#! /bin/sh
-
-. ../../util/functions.sh
-
-# Should have one fast log entry.
-n=$(cat output/fast.log | wc -l | xargs)
-assert_eq 1 "$n" "bad fast.log"
-
-# Should have one eve alert.
-n=$(jq_count output/eve.json 'select(.event_type == "alert")')
-assert_eq 1 "$n" "eve.json alerts"
-
-exit 0
diff --git a/tests/alert-testmyids/test.yaml b/tests/alert-testmyids/test.yaml
new file mode 100644
index 000000000..b9d5dda84
--- /dev/null
+++ b/tests/alert-testmyids/test.yaml
@@ -0,0 +1,12 @@
+checks:
+
+  # Check that we only have one alert event type in eve.
+  - filter:
+      count: 1
+      match:
+        event_type: alert
+
+  # Check how many lines were logged to fast.log.
+  - shell:
+      args: cat output/fast.log | wc -l | xargs
+      expect: 1
diff --git a/tests/dns-lua-rules/test.yaml b/tests/dns-lua-rules/test.yaml
index 14a382917..79215f503 100644
--- a/tests/dns-lua-rules/test.yaml
+++ b/tests/dns-lua-rules/test.yaml
@@ -3,6 +3,15 @@ requires:
     - HAVE_LUA
 
 checks:
-  - signature-id: 1
-  - signature-id: 2
-  - signature-id: 3
+  - filter:
+      count: 1
+      match:
+        alert.signature_id: 1
+  - filter:
+      count: 1
+      match:
+        alert.signature_id: 2
+  - filter:
+      count: 1
+      match:
+        alert.signature_id: 3