From: Juliana Fajardini Date: Wed, 22 Jan 2025 19:40:18 +0000 (-0300) Subject: tests: engine-analysis tests for pkt rule type X-Git-Tag: suricata-7.0.9~60 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=de14d791c94ad89fe8b832230d6978dff6d728a7;p=thirdparty%2Fsuricata-verify.git tests: engine-analysis tests for pkt rule type To accompany rule types documentation. Related to Task #7031 --- diff --git a/tests/rules/rule-type-pkt/test.rules b/tests/rules/rule-type-pkt/test.rules new file mode 100644 index 000000000..4b070eb8d --- /dev/null +++ b/tests/rules/rule-type-pkt/test.rules @@ -0,0 +1,6 @@ +# Packet rules +alert tcp-pkt any any -> any any (msg:"tcp-pkt, anchored content"; content:"abc"; startswith; sid:203;) +alert tcp any any -> any any (msg:"ttl"; ttl:123; sid:701;) +alert udp any any -> any any (msg:"UDP with flow direction"; flow:to_server; sid:1001;) +alert tcp any any -> any 443 (flow: to_server; flowbits:set,tls_error; sid:1604; msg:"Allow TLS error handling (outgoing packet) - non-stateful rule";) +alert tcp-pkt any any -> any any (msg:"Flowbit isset"; flowbits:isset,fb6; flowbits:isset,fb7; sid:1919;) diff --git a/tests/rules/rule-type-pkt/test.yaml b/tests/rules/rule-type-pkt/test.yaml new file mode 100644 index 000000000..d9a9c738e --- /dev/null +++ b/tests/rules/rule-type-pkt/test.yaml @@ -0,0 +1,38 @@ +requires: + min-version: 7 + pcap: false + +args: +- --engine-analysis + +checks: + - filter: + filename: rules.json + count: 1 + match: + id: 203 + type: pkt + - filter: + filename: rules.json + count: 1 + match: + id: 701 + type: pkt + - filter: + filename: rules.json + count: 1 + match: + id: 1001 + type: pkt + - filter: + filename: rules.json + count: 1 + match: + id: 1604 + type: pkt + - filter: + filename: rules.json + count: 1 + match: + id: 1919 + type: pkt