From: Victor Julien <victor@inliniac.net>
Date: Mon, 27 Mar 2023 10:21:09 +0000 (+0200)
Subject: tests: add stream_size parsing test
X-Git-Tag: suricata-6.0.12~13
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a3d651e6d614ee799625a738387f164bd459ca7e;p=thirdparty%2Fsuricata-verify.git

tests: add stream_size parsing test
---

diff --git a/tests/rules/stream_size/test.rules b/tests/rules/stream_size/test.rules
new file mode 100644
index 000000000..21e2a1400
--- /dev/null
+++ b/tests/rules/stream_size/test.rules
@@ -0,0 +1 @@
+alert tcp 1.2.3.4 5678 -> 8.7.6.5 4321 (flow:established,to_server; stream_size:server,<,1111; content: "EICAR"; sid:1;)
diff --git a/tests/rules/stream_size/test.yaml b/tests/rules/stream_size/test.yaml
new file mode 100644
index 000000000..d4a1fc629
--- /dev/null
+++ b/tests/rules/stream_size/test.yaml
@@ -0,0 +1,19 @@
+requires:
+    min-version: 7.0.0
+    pcap: false
+
+args:
+    - --engine-analysis
+
+checks:
+- filter:
+    filename: rules.json
+    count: 1
+    match:
+      id: 1
+      mpm.buffer: "payload"
+      mpm.pattern: "EICAR"
+      flags[0]: "need_packet"
+      flags[1]: "need_stream"
+      pkt_engines[0].name: "payload"
+      pkt_engines[1].name: "packet"