From: Shivani Bhardwaj <shivanib134@gmail.com>
Date: Sat, 9 Mar 2024 04:19:13 +0000 (+0530)
Subject: rule-grouping: add edge case test
X-Git-Tag: suricata-6.0.17~6
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=refs%2Fpull%2F1694%2Fhead;p=thirdparty%2Fsuricata-verify.git

rule-grouping: add edge case test
---

diff --git a/tests/rule-grouping/rule-grouping-9/README.md b/tests/rule-grouping/rule-grouping-9/README.md
new file mode 100644
index 000000000..e4dbd1321
--- /dev/null
+++ b/tests/rule-grouping/rule-grouping-9/README.md
@@ -0,0 +1,12 @@
+# Test Description
+
+Test to demonstrate the port grouping and SGH distribution when a two port points
+are single as well as the endpoints for a range.
+
+## PCAP
+
+None
+
+## Related issues
+
+https://redmine.openinfosecfoundation.org/issues/6843
diff --git a/tests/rule-grouping/rule-grouping-9/suricata.yaml b/tests/rule-grouping/rule-grouping-9/suricata.yaml
new file mode 100644
index 000000000..549defa9d
--- /dev/null
+++ b/tests/rule-grouping/rule-grouping-9/suricata.yaml
@@ -0,0 +1,13 @@
+%YAML 1.1
+---
+
+engine-analysis:
+  rules-fast-pattern: yes
+  rules: yes
+
+detect:
+  profiling:
+    grouping:
+      dump-to-disk: yes
+      include-rules: yes
+      include-mpm-stats: yes
diff --git a/tests/rule-grouping/rule-grouping-9/test.rules b/tests/rule-grouping/rule-grouping-9/test.rules
new file mode 100644
index 000000000..b32eb6b65
--- /dev/null
+++ b/tests/rule-grouping/rule-grouping-9/test.rules
@@ -0,0 +1,3 @@
+alert tcp any any -> any 80 (flow:to_server; content:"abc"; sid:2;)
+alert tcp any any -> any 100 (flow:to_server; content:"abc"; sid:3;)
+alert tcp any any -> any 80:100 (flow:to_server; content:"abc"; sid:4;)
diff --git a/tests/rule-grouping/rule-grouping-9/test.yaml b/tests/rule-grouping/rule-grouping-9/test.yaml
new file mode 100644
index 000000000..d548965af
--- /dev/null
+++ b/tests/rule-grouping/rule-grouping-9/test.yaml
@@ -0,0 +1,41 @@
+requires:
+  min-version: 8
+
+pcap: false
+
+args:
+  - --engine-analysis
+
+checks:
+  - filter:
+      filename: rule_group.json
+      count: 1
+      match:
+        tcp.toserver.__len: 3
+  - filter:
+      filename: rule_group.json
+      count: 1
+      match:
+        tcp.toserver[0].port: 80
+        tcp.toserver[0].port2: 80
+        tcp.toserver[0].rulegroup.id: 0
+        tcp.toserver[0].rulegroup.rules[0].sig_id: 2
+        tcp.toserver[0].rulegroup.rules[1].sig_id: 4
+  - filter:
+      filename: rule_group.json
+      count: 1
+      match:
+        tcp.toserver[1].port: 100
+        tcp.toserver[1].port2: 100
+        tcp.toserver[1].rulegroup.id: 1
+        tcp.toserver[1].rulegroup.rules[0].sig_id: 3
+        tcp.toserver[1].rulegroup.rules[1].sig_id: 4
+  - filter:
+      filename: rule_group.json
+      count: 1
+      match:
+        tcp.toserver[2].port: 81
+        tcp.toserver[2].port2: 99
+        tcp.toserver[2].rulegroup.id: 2
+        tcp.toserver[2].rulegroup.rules[0].sig_id: 4
+