From: Jeff Lucovsky Date: Sun, 22 Dec 2019 19:48:26 +0000 (-0500) Subject: issue 3406: Add tests checking filestore config X-Git-Tag: suricata-6.0.4~339 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d001db3ec532f10111b6aaa85155100cec6dcaa2;p=thirdparty%2Fsuricata-verify.git issue 3406: Add tests checking filestore config --- diff --git a/tests/detect-filestore-config-01/check.sh b/tests/detect-filestore-config-01/check.sh new file mode 100755 index 000000000..a174e470e --- /dev/null +++ b/tests/detect-filestore-config-01/check.sh @@ -0,0 +1,5 @@ +#!/bin/sh +if grep -q "Warning: Rule requires file-store but the output file-store is not enabled." $OUTPUT_DIR/rules_analysis.txt; then + echo "Pattern found in rules_analysis.txt" + exit 1 +fi diff --git a/tests/detect-filestore-config-01/suricata.yaml b/tests/detect-filestore-config-01/suricata.yaml new file mode 100644 index 000000000..e00f99b84 --- /dev/null +++ b/tests/detect-filestore-config-01/suricata.yaml @@ -0,0 +1,12 @@ +%YAML 1.1 +--- + +outputs: + - eve-log: + enabled: yes + - file-store: + version: 2 + enabled: yes + +engine-analysis: + rules: yes diff --git a/tests/detect-filestore-config-01/test.rules b/tests/detect-filestore-config-01/test.rules new file mode 100644 index 000000000..886145d5c --- /dev/null +++ b/tests/detect-filestore-config-01/test.rules @@ -0,0 +1 @@ +alert http any any -> any any (msg:"test filestore required"; file.name; content:".exe"; filestore; sid:10; rev:1;) diff --git a/tests/detect-filestore-config-01/test.yaml b/tests/detect-filestore-config-01/test.yaml new file mode 100644 index 000000000..79a3aad18 --- /dev/null +++ b/tests/detect-filestore-config-01/test.yaml @@ -0,0 +1,7 @@ +requires: + min-version: 5.0.1 + +command: | + ${SRCDIR}/src/suricata --set classification-file="${SRCDIR}/classification.config" \ + --set reference-config-file="${SRCDIR}/reference.config" -l ${OUTPUT_DIR} \ + -c "${TEST_DIR}/suricata.yaml" -S ${TEST_DIR}/test.rules --engine-analysis diff --git a/tests/detect-filestore-config-02/check.sh b/tests/detect-filestore-config-02/check.sh new file mode 100755 index 000000000..d72cab938 --- /dev/null +++ b/tests/detect-filestore-config-02/check.sh @@ -0,0 +1,6 @@ +#!/bin/sh +if ! grep -q "Warning: Rule requires file-store but the output file-store is not enabled." $OUTPUT_DIR/rules_analysis.txt; then + echo "Pattern not found" + exit 1 +fi +exit 0 diff --git a/tests/detect-filestore-config-02/suricata.yaml b/tests/detect-filestore-config-02/suricata.yaml new file mode 100644 index 000000000..77db9ab12 --- /dev/null +++ b/tests/detect-filestore-config-02/suricata.yaml @@ -0,0 +1,9 @@ +%YAML 1.1 +--- + +outputs: + - file-store: + enabled: no + +engine-analysis: + rules: yes diff --git a/tests/detect-filestore-config-02/test.rules b/tests/detect-filestore-config-02/test.rules new file mode 100644 index 000000000..886145d5c --- /dev/null +++ b/tests/detect-filestore-config-02/test.rules @@ -0,0 +1 @@ +alert http any any -> any any (msg:"test filestore required"; file.name; content:".exe"; filestore; sid:10; rev:1;) diff --git a/tests/detect-filestore-config-02/test.yaml b/tests/detect-filestore-config-02/test.yaml new file mode 100644 index 000000000..79a3aad18 --- /dev/null +++ b/tests/detect-filestore-config-02/test.yaml @@ -0,0 +1,7 @@ +requires: + min-version: 5.0.1 + +command: | + ${SRCDIR}/src/suricata --set classification-file="${SRCDIR}/classification.config" \ + --set reference-config-file="${SRCDIR}/reference.config" -l ${OUTPUT_DIR} \ + -c "${TEST_DIR}/suricata.yaml" -S ${TEST_DIR}/test.rules --engine-analysis diff --git a/tests/detect-filestore-config-03/3103.pcap b/tests/detect-filestore-config-03/3103.pcap new file mode 100644 index 000000000..78cc432c2 Binary files /dev/null and b/tests/detect-filestore-config-03/3103.pcap differ diff --git a/tests/detect-filestore-config-03/check.sh b/tests/detect-filestore-config-03/check.sh new file mode 100755 index 000000000..6feafbc6a --- /dev/null +++ b/tests/detect-filestore-config-03/check.sh @@ -0,0 +1,5 @@ +#!/bin/sh +if grep '\[ERRCODE: SC_WARN_ALERT_CONFIG(324)\] - One or more rule(s) depends on the file-store output log which is not enabled. Enable the output "file-store"' $OUTPUT_DIR/stdout; then + echo "pattern found in stdout" + exit 1 +fi diff --git a/tests/detect-filestore-config-03/suricata.yaml b/tests/detect-filestore-config-03/suricata.yaml new file mode 100644 index 000000000..d2979079b --- /dev/null +++ b/tests/detect-filestore-config-03/suricata.yaml @@ -0,0 +1,9 @@ +%YAML 1.1 +--- + +outputs: + - eve-log: + enabled: yes + - file-store: + version: 2 + enabled: yes diff --git a/tests/detect-filestore-config-03/test.rules b/tests/detect-filestore-config-03/test.rules new file mode 100644 index 000000000..886145d5c --- /dev/null +++ b/tests/detect-filestore-config-03/test.rules @@ -0,0 +1 @@ +alert http any any -> any any (msg:"test filestore required"; file.name; content:".exe"; filestore; sid:10; rev:1;) diff --git a/tests/detect-filestore-config-03/test.yaml b/tests/detect-filestore-config-03/test.yaml new file mode 100644 index 000000000..dd82cd1eb --- /dev/null +++ b/tests/detect-filestore-config-03/test.yaml @@ -0,0 +1,2 @@ +requires: + min-version: 5.0.1 diff --git a/tests/detect-filestore-config-04/check.sh b/tests/detect-filestore-config-04/check.sh new file mode 100755 index 000000000..375298b4a --- /dev/null +++ b/tests/detect-filestore-config-04/check.sh @@ -0,0 +1,6 @@ +#!/bin/sh +if ! grep -q 'One or more rule(s) depends on the file-store output log which is not enabled. Enable the output "file-store"' $OUTPUT_DIR/stdout; then + echo "pattern not found" + exit 1 +fi +exit 0 diff --git a/tests/detect-filestore-config-04/suricata.yaml b/tests/detect-filestore-config-04/suricata.yaml new file mode 100644 index 000000000..dacc33f35 --- /dev/null +++ b/tests/detect-filestore-config-04/suricata.yaml @@ -0,0 +1,7 @@ +%YAML 1.1 +--- + +outputs: + - file-store: + version: 2 + enabled: no diff --git a/tests/detect-filestore-config-04/test.pcap b/tests/detect-filestore-config-04/test.pcap new file mode 100644 index 000000000..78cc432c2 Binary files /dev/null and b/tests/detect-filestore-config-04/test.pcap differ diff --git a/tests/detect-filestore-config-04/test.rules b/tests/detect-filestore-config-04/test.rules new file mode 100644 index 000000000..886145d5c --- /dev/null +++ b/tests/detect-filestore-config-04/test.rules @@ -0,0 +1 @@ +alert http any any -> any any (msg:"test filestore required"; file.name; content:".exe"; filestore; sid:10; rev:1;) diff --git a/tests/detect-filestore-config-04/test.yaml b/tests/detect-filestore-config-04/test.yaml new file mode 100644 index 000000000..dd82cd1eb --- /dev/null +++ b/tests/detect-filestore-config-04/test.yaml @@ -0,0 +1,2 @@ +requires: + min-version: 5.0.1