From: Victor Julien <victor@inliniac.net>
Date: Tue, 4 Jul 2023 09:39:28 +0000 (+0200)
Subject: tests: add bug 5578 parsing test
X-Git-Tag: suricata-6.0.20~70
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=8886caea1cb3a361a428cf0b0802375074e067b4;p=thirdparty%2Fsuricata-verify.git

tests: add bug 5578 parsing test
---

diff --git a/tests/rules/dsize/README.md b/tests/rules/dsize/README.md
new file mode 100644
index 000000000..6788aa13b
--- /dev/null
+++ b/tests/rules/dsize/README.md
@@ -0,0 +1,11 @@
+# Test Description
+
+Engine analysis output for dsize drop rule.
+
+## PCAP
+
+Unneeded
+
+## Related tickets
+
+https://redmine.openinfosecfoundation.org/issues/5578
diff --git a/tests/rules/dsize/test.rules b/tests/rules/dsize/test.rules
new file mode 100644
index 000000000..b5a9c0fce
--- /dev/null
+++ b/tests/rules/dsize/test.rules
@@ -0,0 +1 @@
+drop http any any -> any any (dsize:0; sid:1;)
diff --git a/tests/rules/dsize/test.yaml b/tests/rules/dsize/test.yaml
new file mode 100644
index 000000000..6901a5a3b
--- /dev/null
+++ b/tests/rules/dsize/test.yaml
@@ -0,0 +1,20 @@
+requires:
+    min-version: 7.0.0
+    pcap: false
+
+args:
+    - --engine-analysis
+
+checks:
+- filter:
+    filename: rules.json
+    count: 1
+    match:
+      id: 1
+      app_proto: "http_any"
+      requirements[0]: "no_payload"
+      requirements[1]: "flow"
+      pkt_engines[0].name: "packet"
+      pkt_engines[0].is_mpm: false
+      type: "pkt"
+      lists.packet.matches[0].name: "dsize"