From: Philippe Antoine <contact@catenacyber.fr>
Date: Thu, 21 Oct 2021 20:03:34 +0000 (+0200)
Subject: Adds test with dataset and pcrexform for unique param
X-Git-Tag: suricata-6.0.4~11
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=974baab5ffe96329af1feda283efa8f7ca0f92bc;p=thirdparty%2Fsuricata-verify.git

Adds test with dataset and pcrexform for unique param
---

diff --git a/tests/datasets-pcrexform/expected/uri-param-seen.csv b/tests/datasets-pcrexform/expected/uri-param-seen.csv
new file mode 100644
index 000000000..cd54e8db7
--- /dev/null
+++ b/tests/datasets-pcrexform/expected/uri-param-seen.csv
@@ -0,0 +1,3 @@
+cGFyYW0y
+cGFyYW0z
+cGFyYW0=
diff --git a/tests/datasets-pcrexform/input.pcap b/tests/datasets-pcrexform/input.pcap
new file mode 100644
index 000000000..4d32719b4
Binary files /dev/null and b/tests/datasets-pcrexform/input.pcap differ
diff --git a/tests/datasets-pcrexform/test.rules b/tests/datasets-pcrexform/test.rules
new file mode 100644
index 000000000..f7e040bb3
--- /dev/null
+++ b/tests/datasets-pcrexform/test.rules
@@ -0,0 +1 @@
+alert http any any -> any any (msg:"HTTP unique first parameter"; http.uri; content: "?"; pcrexform:"/[^\?]+\?([^&=]+)"; dataset:set,uri-param-seen, type string, state uri-param-seen.csv; sid:8000001;)
diff --git a/tests/datasets-pcrexform/test.yaml b/tests/datasets-pcrexform/test.yaml
new file mode 100644
index 000000000..5e4560f13
--- /dev/null
+++ b/tests/datasets-pcrexform/test.yaml
@@ -0,0 +1,14 @@
+requires:
+  min-version: 6
+  features:
+    - HAVE_LIBJANSSON
+  files:
+    - src/datasets.c
+
+args:
+ - -k none --data-dir=output
+
+checks:
+  - file-compare:
+      filename: uri-param-seen.csv
+      expected: expected/uri-param-seen.csv