From: Juliana Fajardini <jufajardini@gmail.com>
Date: Wed, 22 Jan 2025 19:51:57 +0000 (-0300)
Subject: tests: add engine-analysis de_only rule type tests
X-Git-Tag: suricata-7.0.9~59
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=daabdbaa5e76815303a958efef54b18c9bf4ebbf;p=thirdparty%2Fsuricata-verify.git

tests: add engine-analysis de_only rule type tests

To accompany rule types documentation.

Related to
Task #7031
---

diff --git a/tests/rules/rule-type-de-only/test.rules b/tests/rules/rule-type-de-only/test.rules
new file mode 100644
index 000000000..a22b5b2a9
--- /dev/null
+++ b/tests/rules/rule-type-de-only/test.rules
@@ -0,0 +1,4 @@
+# Decoder Events Only
+alert pkthdr any any -> any any (msg:"SURICATA IPv6 duplicated Hop-By-Hop Options extension header"; decode-event:ipv6.exthdr_dupl_hh; classtype:protocol-command-decode; sid:1101;)
+drop pkthdr any any -> any any (msg:"SURICATA IPv4 invalid option length"; decode-event:ipv4.opt_invalid_len; classtype:protocol-command-decode; sid:2200005; rev:2;)
+
diff --git a/tests/rules/rule-type-de-only/test.yaml b/tests/rules/rule-type-de-only/test.yaml
new file mode 100644
index 000000000..54b1f61a8
--- /dev/null
+++ b/tests/rules/rule-type-de-only/test.yaml
@@ -0,0 +1,20 @@
+requires:
+    min-version: 7
+    pcap: false
+
+args:
+- --engine-analysis
+
+checks:
+    - filter:
+        filename: rules.json
+        count: 1
+        match:
+            id: 1101
+            type: de_only
+    - filter:
+        filename: rules.json
+        count: 1
+        match:
+            id: 2200005
+            type: de_only