From: Daniel Olatunji <danielolatunji20@outlook.com>
Date: Wed, 31 Jan 2024 15:29:16 +0000 (+0100)
Subject: tests: add rule to check for tcp_seq
X-Git-Tag: suricata-6.0.19~18
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=refs%2Fpull%2F1751%2Fhead;p=thirdparty%2Fsuricata-verify.git

tests: add rule to check for tcp_seq

Related to
Issue: 6353
---

diff --git a/tests/rules/tcp-seq-keyword/README.md b/tests/rules/tcp-seq-keyword/README.md
new file mode 100644
index 000000000..5a8d4ad04
--- /dev/null
+++ b/tests/rules/tcp-seq-keyword/README.md
@@ -0,0 +1,2 @@
+## Description
+Rule test for tcp-seq keyword engine-analysis output; includes the test.yaml and test.rules files.
\ No newline at end of file
diff --git a/tests/rules/tcp-seq-keyword/test.rules b/tests/rules/tcp-seq-keyword/test.rules
new file mode 100644
index 000000000..2ac64f923
--- /dev/null
+++ b/tests/rules/tcp-seq-keyword/test.rules
@@ -0,0 +1,2 @@
+alert tcp any any -> any any (msg:"Testing seq"; seq:624; sid:1;)
+alert tcp any any -> any any (msg:"Testing seq"; seq:723833; sid:2;)
\ No newline at end of file
diff --git a/tests/rules/tcp-seq-keyword/test.yaml b/tests/rules/tcp-seq-keyword/test.yaml
new file mode 100644
index 000000000..d72a8a227
--- /dev/null
+++ b/tests/rules/tcp-seq-keyword/test.yaml
@@ -0,0 +1,21 @@
+requires:
+    min-version: 8.0
+    pcap: false
+
+args:
+    - --engine-analysis
+
+checks:
+- filter:
+    filename: rules.json
+    count: 1
+    match:
+      id: 1
+      lists.packet.matches[0].name: "tcp.seq"
+      lists.packet.matches[0].seq.number: 624
+- filter:
+    filename: rules.json
+    count: 1
+    match:
+        id: 2
+        lists.packet.matches[0].seq.number: 723833
\ No newline at end of file