From: Jason Ish Date: Tue, 13 Mar 2018 19:13:32 +0000 (-0600) Subject: add an eve dns v2 specific test X-Git-Tag: suricata-6.0.4~495 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=91a227ce0114cb4ef891b1cd442061387ab1a8ef;p=thirdparty%2Fsuricata-verify.git add an eve dns v2 specific test --- diff --git a/run.py b/run.py index 23429c4df..e038bcb53 100755 --- a/run.py +++ b/run.py @@ -361,9 +361,9 @@ class TestRunner: for pattern, need_val in skip["config"].items(): for key, val in self.suricata_config.config.items(): if re.match(pattern, key): - if need_val != val: + if str(need_val) == str(val): raise UnsatisfiedRequirementError( - "requires %s = %s" % ( + "not for %s = %s" % ( key, need_val)) def check_requires(self): @@ -418,6 +418,21 @@ class TestRunner: raise UnsatisfiedRequirementError( "requires script returned false") + elif key == "config": + for pattern, need_val in requires["config"].items(): + found = False + for key, val in self.suricata_config.config.items(): + if re.match(pattern, key): + print("%s -> %s" % (pattern, key)) + if str(need_val) != str(val): + raise UnsatisfiedRequirementError( + "requires %s = %s" % ( + key, need_val)) + print(found) + if not found: + raise UnsatisfiedRequirementError( + "requires %s = %s" % (pattern, need_val)) + elif key == "pcap": # Handle below... pass diff --git a/tests/dns-eve-v2-udp-dig-a-www-suricata-ids-org/README.md b/tests/dns-eve-v2-udp-dig-a-www-suricata-ids-org/README.md new file mode 100644 index 000000000..e6728ad77 --- /dev/null +++ b/tests/dns-eve-v2-udp-dig-a-www-suricata-ids-org/README.md @@ -0,0 +1,4 @@ +Test DNS EVE decoding/output for a basic DNS request. + +This test checks v2 of the eve/dns output. + diff --git a/tests/dns-eve-v2-udp-dig-a-www-suricata-ids-org/dig-a-www.suricata-ids.org.pcap b/tests/dns-eve-v2-udp-dig-a-www-suricata-ids-org/dig-a-www.suricata-ids.org.pcap new file mode 100644 index 000000000..663a6797f Binary files /dev/null and b/tests/dns-eve-v2-udp-dig-a-www-suricata-ids-org/dig-a-www.suricata-ids.org.pcap differ diff --git a/tests/dns-eve-v2-udp-dig-a-www-suricata-ids-org/suricata.yaml b/tests/dns-eve-v2-udp-dig-a-www-suricata-ids-org/suricata.yaml new file mode 100644 index 000000000..0bf62d28f --- /dev/null +++ b/tests/dns-eve-v2-udp-dig-a-www-suricata-ids-org/suricata.yaml @@ -0,0 +1,12 @@ +%YAML 1.1 +--- + +include: ../../etc/suricata-4.0.3.yaml + +outputs: + - eve-log: + enabled: true + types: + - dns: + enabled: true + version: 2 diff --git a/tests/dns-eve-v2-udp-dig-a-www-suricata-ids-org/test.yaml b/tests/dns-eve-v2-udp-dig-a-www-suricata-ids-org/test.yaml new file mode 100644 index 000000000..e905bdef6 --- /dev/null +++ b/tests/dns-eve-v2-udp-dig-a-www-suricata-ids-org/test.yaml @@ -0,0 +1,26 @@ +requires: + features: + - HAVE_LIBJANSSON + min-version: 4.1.0 + script: + - grep OutputAnswerV2 src/output-json-dns.c > /dev/null 2>&1 + +checks: + + - filter: + comment: request + count: 1 + match: + event_type: dns + dns.type: query + dns.rrname: www.suricata-ids.org + + - filter: + comment: response + count: 1 + match: + event_type: dns + dns.type: answer + dns.answers[0].rrtype: CNAME + dns.answers[1].rrtype: A + dns.answers[2].rrtype: A