From: Juliana Fajardini <jufajardini@gmail.com>
Date: Fri, 24 Jan 2025 22:01:44 +0000 (-0300)
Subject: tests: engine-analysis for like_ip_only rule type
X-Git-Tag: suricata-7.0.9~63
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c626357e8b4140046769e496c999ca7fd0b1fa12;p=thirdparty%2Fsuricata-verify.git

tests: engine-analysis for like_ip_only rule type

Add engine-analysis tests for like_ip_only rule type, to accompany rule
types documentation.

Related to
Task #7031
---

diff --git a/tests/rules/rule-type-like-ip-only/test.rules b/tests/rules/rule-type-like-ip-only/test.rules
new file mode 100644
index 000000000..d54d69ecc
--- /dev/null
+++ b/tests/rules/rule-type-like-ip-only/test.rules
@@ -0,0 +1,3 @@
+# Like IP Only Rules (IP Only with negated addresses)
+alert tcp 192.168.0.0/16,10.0.0.0/8,172.16.0.0/12 any -> ![192.168.0.0/16,10.0.0.0/8,172.16.0.0/12] any (msg:"tcp, has negated IP address"; sid:304;)
+alert tcp [10.0.0.0/8,!10.10.10.10] any -> [10.0.0.0/8,!10.10.10.10] any (msg:"tcp, has negated IP address"; sid:305;)
diff --git a/tests/rules/rule-type-like-ip-only/test.yaml b/tests/rules/rule-type-like-ip-only/test.yaml
new file mode 100644
index 000000000..14bc00aa5
--- /dev/null
+++ b/tests/rules/rule-type-like-ip-only/test.yaml
@@ -0,0 +1,20 @@
+requires:
+  min-version: 7
+  pcap: false
+
+args:
+- --engine-analysis
+
+checks:
+  - filter:
+      filename: rules.json
+      count: 1
+      match:
+        id: 304
+        type: "like_ip_only"
+  - filter:
+      filename: rules.json
+      count: 1
+      match:
+        id: 305
+        type: "like_ip_only"