From: Juliana Fajardini <jufajardini@gmail.com>
Date: Fri, 24 Jan 2025 20:20:15 +0000 (-0300)
Subject: tests: engine-analysis tests for ip_only rule type
X-Git-Tag: suricata-7.0.9~61
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a2c5a6fa8ad82108268b84efe11d91bf90d351d4;p=thirdparty%2Fsuricata-verify.git

tests: engine-analysis tests for ip_only rule type

To accompany rule types documentation.

Related to
Task #7031
---

diff --git a/tests/rules/rule-type-ip-only/test.rules b/tests/rules/rule-type-ip-only/test.rules
new file mode 100644
index 000000000..c327c4297
--- /dev/null
+++ b/tests/rules/rule-type-ip-only/test.rules
@@ -0,0 +1,4 @@
+# IP Only Rules
+alert tcp-stream any any -> any any (msg:"tcp-stream, no content"; sid:101;)
+alert tcp-pkt [192.168.0.0/16,10.0.0.0/8,172.16.0.0/12] any -> any any (msg:"tcp-pkt, no content"; sid:201;)
+alert ip any any -> any any (hostbits:set,myflow2; sid:1505;)
diff --git a/tests/rules/rule-type-ip-only/test.yaml b/tests/rules/rule-type-ip-only/test.yaml
new file mode 100644
index 000000000..5e82fd8de
--- /dev/null
+++ b/tests/rules/rule-type-ip-only/test.yaml
@@ -0,0 +1,26 @@
+requires:
+  min-version: 7
+  pcap: false
+
+args:
+- --engine-analysis
+
+checks:
+    - filter:
+        filename: rules.json
+        count: 1
+        match:
+            id: 101
+            type: ip_only
+    - filter:
+        filename: rules.json
+        count: 1
+        match:
+            id: 201
+            type: ip_only
+    - filter:
+        filename: rules.json
+        count: 1
+        match:
+            id: 1505
+            type: ip_only