From: Jeff Lucovsky <jeff@lucovsky.org>
Date: Wed, 4 Mar 2020 15:21:17 +0000 (-0500)
Subject: tests: Test for issue 3463
X-Git-Tag: suricata-6.0.4~349
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f611e95011a5ddb536deb13a48ea75ef09d0b391;p=thirdparty%2Fsuricata-verify.git

tests: Test for issue 3463

Add a test for bug 3463 -- duplicate threshold options not detected.
---

diff --git a/tests/bug-3463/test.rules b/tests/bug-3463/test.rules
new file mode 100644
index 000000000..a183e0514
--- /dev/null
+++ b/tests/bug-3463/test.rules
@@ -0,0 +1 @@
+alert http any any -> any any (msg:"CURL2"; flow:established,to_server; content:"GET"; http_method;  content:"curl"; http_user_agent; threshold: type limit, track by_src, count 1 , seconds 60; content: "| 0a|";threshold: type limit, track by_src, count 1 , seconds 60; sid:2;)
diff --git a/tests/bug-3463/test.yaml b/tests/bug-3463/test.yaml
new file mode 100644
index 000000000..47c816b9e
--- /dev/null
+++ b/tests/bug-3463/test.yaml
@@ -0,0 +1,13 @@
+requires:
+  min-version: 6.0.0
+  pcap: false
+
+exit-code: 1
+
+args:
+    - --engine-analysis
+
+checks:
+    - shell:
+        args: grep "multiple \"threshold\" options are not allowed in the same rule" suricata.log | wc -l | xargs
+        expect: 1