From: Jason Ish Date: Wed, 24 Jan 2024 15:29:36 +0000 (-0600) Subject: tests/requires: test failure case X-Git-Tag: suricata-6.0.16^0 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=refs%2Fpull%2F1610%2Fhead;p=thirdparty%2Fsuricata-verify.git tests/requires: test failure case Break the requires test into 2 tests. One that runs to success so we can verify the output. A second that is expected to fail due to fatal init errors. Ticket: #6710 --- diff --git a/tests/requires-fail/README.md b/tests/requires-fail/README.md new file mode 100644 index 000000000..847303f8c --- /dev/null +++ b/tests/requires-fail/README.md @@ -0,0 +1,3 @@ +Similar to `../requires-ok` but does include one rule that will fail +to load. This is to test that a bad rule after "skipped" rule fails +out and is not recorded as skipped. diff --git a/tests/requires/test.rules b/tests/requires-fail/test.rules similarity index 100% rename from tests/requires/test.rules rename to tests/requires-fail/test.rules diff --git a/tests/requires-fail/test.yaml b/tests/requires-fail/test.yaml new file mode 100644 index 000000000..e4f6da0d0 --- /dev/null +++ b/tests/requires-fail/test.yaml @@ -0,0 +1,12 @@ +requires: + min-version: 7.0.3 + +pcap: ../eve-metadata/testmyids.pcap + +args: + - -v + +# As we have a bad rule, expect exit-code 1. +exit-code: 1 + +# No checks, as no stats are written on exit code 0. diff --git a/tests/requires/README.md b/tests/requires-ok/README.md similarity index 100% rename from tests/requires/README.md rename to tests/requires-ok/README.md diff --git a/tests/requires-ok/test.rules b/tests/requires-ok/test.rules new file mode 100644 index 000000000..eaa41a412 --- /dev/null +++ b/tests/requires-ok/test.rules @@ -0,0 +1,15 @@ +# Rule for Suricata >= 7 and < 8. +alert http any any -> any any (msg:"TEST Suricata >= 7 and < 8"; content:"uid=0"; requires: version >= 7 < 8; sid:7; rev:1;) + +# Rule for Suricata >= 7.0.3 but less than 8... Or >= 8.0.1 +alert http any any -> any any (content:"uid=0"; requires: version >= 7.0.3 < 8 | >= 8.0.1; sid:9; rev:1;) + +# Rule for Suricata >= 8. +alert http any any -> any any (msg:"TEST Suricata >= 8"; content:"uid=0"; requires: version >= 8.0.0; sid:8; rev:1;) + +# These rules have something invalid about them, but do follow the general rule +# structure, so should be eliminated by the requires statement. +alert vxlan any any -> any any (requires: version >= 10; sid:1;) +alert udp any any -> any any (vxlan_vni:10; requires: version >= 10; sid:2;) +alert http any any => any any (requires: version >= 10; sid:3;) +alert tcp any any -> any any (frame:smtp.not_supported; requires: version >= 10; sid:4;) diff --git a/tests/requires/test.yaml b/tests/requires-ok/test.yaml similarity index 82% rename from tests/requires/test.yaml rename to tests/requires-ok/test.yaml index 280e94f7c..3e58b91f6 100644 --- a/tests/requires/test.yaml +++ b/tests/requires-ok/test.yaml @@ -50,7 +50,9 @@ checks: count: 1 match: event_type: stats - stats.detect.engines[0].rules_skipped: 6 + stats.detect.engines[0].rules_skipped: 5 + stats.detect.engines[0].rules_loaded: 2 + stats.detect.engines[0].rules_failed: 0 - filter: requires: @@ -58,4 +60,6 @@ checks: count: 1 match: event_type: stats - stats.detect.engines[0].rules_skipped: 7 + stats.detect.engines[0].rules_skipped: 6 + stats.detect.engines[0].rules_loaded: 1 + stats.detect.engines[0].rules_failed: 0