From: Jeff Lucovsky <jeff@lucovsky.org>
Date: Wed, 5 Jan 2022 19:57:34 +0000 (-0500)
Subject: tests/reference: Reference.config validation
X-Git-Tag: suricata-6.0.5~25
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=cd46431e3d2717e64a7f90f028f51c3d3efaf3d0;p=thirdparty%2Fsuricata-verify.git

tests/reference: Reference.config validation

This commit adds tests for reference.config file validation.

Test 1 uses Suricata's test mode with an invalid formatted file while
test 2 runs Suricata in inspect mode with the same invalid file.
---

diff --git a/tests/reference-config-validate-01/reference.config b/tests/reference-config-validate-01/reference.config
new file mode 100644
index 000000000..93f562417
--- /dev/null
+++ b/tests/reference-config-validate-01/reference.config
@@ -0,0 +1 @@
+this is not correct
diff --git a/tests/reference-config-validate-01/test.rules b/tests/reference-config-validate-01/test.rules
new file mode 100644
index 000000000..91f56071a
--- /dev/null
+++ b/tests/reference-config-validate-01/test.rules
@@ -0,0 +1,4 @@
+alert tcp any any -> any 25 (msg:"ET POLICY Inbound Frequent Emails - Possible Spambot Inbound"; \
+     flow:established; content:"mail from|3a|"; nocase;                                          \
+          threshold: type threshold, track by_src, count 10, seconds 60;                              \
+               reference:url,doc.emergingthreats.net/2002087; classtype:misc-activity; sid:2002087; rev:10;)
diff --git a/tests/reference-config-validate-01/test.yaml b/tests/reference-config-validate-01/test.yaml
new file mode 100644
index 000000000..635740ee0
--- /dev/null
+++ b/tests/reference-config-validate-01/test.yaml
@@ -0,0 +1,12 @@
+requires:
+    min-version: 7
+
+command: |
+  ${SRCDIR}/src/suricata --set reference-config-file="${TEST_DIR}/reference.config" -l ${OUTPUT_DIR} -c ${SRCDIR}/suricata.yaml -S ${TEST_DIR}/test.rules -T
+
+exit-code: 1
+
+checks:
+    - shell:
+        args: grep "SC_ERR_REFERENCE_CONFIG" suricata.log | wc -l | xargs
+        expect: 1
diff --git a/tests/reference-config-validate-02/input.pcap b/tests/reference-config-validate-02/input.pcap
new file mode 100644
index 000000000..dc92bd963
Binary files /dev/null and b/tests/reference-config-validate-02/input.pcap differ
diff --git a/tests/reference-config-validate-02/reference.config b/tests/reference-config-validate-02/reference.config
new file mode 100644
index 000000000..93f562417
--- /dev/null
+++ b/tests/reference-config-validate-02/reference.config
@@ -0,0 +1 @@
+this is not correct
diff --git a/tests/reference-config-validate-02/test.rules b/tests/reference-config-validate-02/test.rules
new file mode 100644
index 000000000..91f56071a
--- /dev/null
+++ b/tests/reference-config-validate-02/test.rules
@@ -0,0 +1,4 @@
+alert tcp any any -> any 25 (msg:"ET POLICY Inbound Frequent Emails - Possible Spambot Inbound"; \
+     flow:established; content:"mail from|3a|"; nocase;                                          \
+          threshold: type threshold, track by_src, count 10, seconds 60;                              \
+               reference:url,doc.emergingthreats.net/2002087; classtype:misc-activity; sid:2002087; rev:10;)
diff --git a/tests/reference-config-validate-02/test.yaml b/tests/reference-config-validate-02/test.yaml
new file mode 100644
index 000000000..df3038885
--- /dev/null
+++ b/tests/reference-config-validate-02/test.yaml
@@ -0,0 +1,15 @@
+requires:
+    min-version: 7
+
+command: |
+  ${SRCDIR}/src/suricata -v --set reference-config-file="${TEST_DIR}/reference.config" -l ${OUTPUT_DIR} -c ${SRCDIR}/suricata.yaml -S ${TEST_DIR}/test.rules -r ${TEST_DIR}/input.pcap
+
+checks:
+
+    - shell:
+        args: grep -e "SC_ERR_REFERENCE_CONFIG" suricata.log | wc -l | xargs
+        expect: 1
+
+    - shell:
+        args: grep -e "SC_ERR_REFERENCE_UNKNOWN" suricata.log | wc -l | xargs
+        expect: 1