From: Jason Ish Date: Tue, 13 Mar 2018 17:31:54 +0000 (-0600) Subject: require specific suricata config settings... X-Git-Tag: suricata-6.0.4~497 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=cdca182600d2a37c85f6199bc759a309c840595b;p=thirdparty%2Fsuricata-verify.git require specific suricata config settings... specific as a regex pattern on the key, for example: requires: config: outputs.\d.eve-log.types.\d.dns.version: 2 To require version 2 of the eve dns logger without needing to know exactly which list item its at. Uses --dump-config to load the config. --- diff --git a/run.py b/run.py index e9c92072f..407c6402e 100755 --- a/run.py +++ b/run.py @@ -163,7 +163,7 @@ class SuricataConfig: def __init__(self, version): self.version = version self.features = set() - + self.config = {} self.load_build_info() def load_build_info(self): @@ -172,6 +172,21 @@ class SuricataConfig: if line.decode().startswith("Features:"): self.features = set(line.decode().split()[1:]) + def load_config(self, config_filename): + output = subprocess.check_output([ + "./src/suricata", + "-c", config_filename, + "--dump-config"]) + self.config = {} + for line in output.split("\n"): + parts = [p.strip() for p in line.split("=", 1)] + if parts and parts[0]: + if len(parts) > 1: + val = parts[1] + else: + val = "" + self.config[parts[0]] = val + def has_feature(self, feature): return feature in self.features @@ -302,6 +317,8 @@ class TestRunner: # Load the test configuration. self.load_config() + self.suricata_config.load_config(self.get_suricata_yaml_path()) + def load_config(self): if os.path.exists(os.path.join(self.directory, "test.yaml")): self.config = yaml.safe_load( @@ -348,6 +365,15 @@ class TestRunner: else: requires = {} + if "config" in requires: + for key_pattern, need_val in requires["config"].items(): + for key, val in self.suricata_config.config.items(): + if re.match(key_pattern, key): + if need_val != val: + raise UnsatisfiedRequirementError( + "requires %s = %s" % ( + key, need_val)) + if "min-version" in requires: min_version = parse_suricata_version(requires["min-version"]) suri_version = self.suricata_config.version @@ -554,10 +580,7 @@ class TestRunner: if "ips" in self.name: args.append("--simulate-ips") - if os.path.exists(os.path.join(self.directory, "suricata.yaml")): - args += ["-c", os.path.join(self.directory, "suricata.yaml")] - else: - args += ["-c", os.path.join(self.cwd, "suricata.yaml")] + args += ["-c", self.get_suricata_yaml_path()] # Find pcaps. if "pcap" in self.config: @@ -581,6 +604,13 @@ class TestRunner: return args + def get_suricata_yaml_path(self): + """Return the path to the suricata.yaml that will be used for this + test.""" + if os.path.exists(os.path.join(self.directory, "suricata.yaml")): + return os.path.join(self.directory, "suricata.yaml") + return os.path.join(self.cwd, "suricata.yaml") + def start_reader(self, input, output): t = threading.Thread( target=pipe_reader, args=(input, output, self.verbose)) diff --git a/tests/dns-tcp-ts-gap/test.yaml b/tests/dns-tcp-ts-gap/test.yaml index b0b1bef18..544265bf3 100644 --- a/tests/dns-tcp-ts-gap/test.yaml +++ b/tests/dns-tcp-ts-gap/test.yaml @@ -3,3 +3,7 @@ requires: min-version: 4.0.0 features: - HAVE_LIBJANSSON + config: + # Requires eve dns version 2. + outputs.\d.eve-log.types.\d.dns.version: 2 + diff --git a/tests/dns-udp-dig-a-www-suricata-ids-org/test.yaml b/tests/dns-udp-dig-a-www-suricata-ids-org/test.yaml index 23a2d9671..43ff38d8e 100644 --- a/tests/dns-udp-dig-a-www-suricata-ids-org/test.yaml +++ b/tests/dns-udp-dig-a-www-suricata-ids-org/test.yaml @@ -1,6 +1,9 @@ requires: features: - HAVE_LIBJANSSON + config: + # Requires eve dns version 2. + outputs.\d.eve-log.types.\d.dns.version: 2 checks: diff --git a/tests/dns-udp-eve-log-txt/test.yaml b/tests/dns-udp-eve-log-txt/test.yaml index 56ea9b0d5..b491dab1c 100644 --- a/tests/dns-udp-eve-log-txt/test.yaml +++ b/tests/dns-udp-eve-log-txt/test.yaml @@ -1,3 +1,6 @@ requires: features: - HAVE_LIBJANSSON + config: + # Requires eve dns version 2. + outputs.\d.eve-log.types.\d.dns.version: 2