From: Shivani Bhardwaj <shivanib134@gmail.com>
Date: Mon, 18 Dec 2023 08:16:03 +0000 (+0530)
Subject: add test for bug 6617
X-Git-Tag: suricata-6.0.17~19
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=refs%2Fpull%2F1649%2Fhead;p=thirdparty%2Fsuricata-verify.git

add test for bug 6617
---

diff --git a/tests/bug-6617/README.md b/tests/bug-6617/README.md
new file mode 100644
index 000000000..1a9631cc8
--- /dev/null
+++ b/tests/bug-6617/README.md
@@ -0,0 +1,13 @@
+# Test Description
+
+If the file transfer is happening in one direction, it should only
+be stored/logged in that direction when `filestore:flow, to_server`
+type of syntax defines the direction.
+
+## PCAP
+
+Comes from the test `filestore-v2.1-forced`.
+
+## Related issues
+
+https://redmine.openinfosecfoundation.org/issues/6617
diff --git a/tests/bug-6617/suricata.yaml b/tests/bug-6617/suricata.yaml
new file mode 100644
index 000000000..d8c979c76
--- /dev/null
+++ b/tests/bug-6617/suricata.yaml
@@ -0,0 +1,14 @@
+%YAML 1.1
+---
+
+outputs:
+  - eve-log:
+      enabled: yes
+      types:
+        - files
+        - alert
+        - http
+  - file-store:
+      version: 2
+      enabled: yes
+      stream-depth: 0
diff --git a/tests/bug-6617/test.rules b/tests/bug-6617/test.rules
new file mode 100644
index 000000000..2a837c186
--- /dev/null
+++ b/tests/bug-6617/test.rules
@@ -0,0 +1 @@
+alert http any any -> any any (msg:"Filestore toserver"; filestore:to_server,flow; sid:1; rev:1;)
diff --git a/tests/bug-6617/test.yaml b/tests/bug-6617/test.yaml
new file mode 100644
index 000000000..2aa9a47ce
--- /dev/null
+++ b/tests/bug-6617/test.yaml
@@ -0,0 +1,15 @@
+pcap: ../filestore-v2.1-forced/suricata-update-pdf.pcap
+
+requires:
+  min-version: 8
+
+args:
+- -k none
+
+checks:
+- filter:
+   count: 1
+   match:
+     event_type: fileinfo
+     fileinfo.sha256: 291389dc5926982448d90e551689ef857650c0ad4fa656841e687d984609ec02
+     fileinfo.stored: false