From: Juliana Fajardini <jufajardini@oisf.net>
Date: Thu, 1 May 2025 16:21:04 +0000 (-0300)
Subject: pgsql: add test for copy in mode
X-Git-Tag: suricata-7.0.11~43
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=refs%2Fpull%2F2540%2Fhead;p=thirdparty%2Fsuricata-verify.git

pgsql: add test for copy in mode

Task #7645
---

diff --git a/tests/pgsql/pgsql-copy-data-in/README.md b/tests/pgsql/pgsql-copy-data-in/README.md
new file mode 100644
index 000000000..8d30e28d3
--- /dev/null
+++ b/tests/pgsql/pgsql-copy-data-in/README.md
@@ -0,0 +1,10 @@
+A simple test for the CopyIn sub-protocol/ mode for PGSQL
+
+Checks only for the most relevant PGSQL messages from the pcap
+
+PCAP provided by Jason Ish.
+
+Redmine ticket
+
+https://redmine.openinfosecfoundation.org/issues/7645
+
diff --git a/tests/pgsql/pgsql-copy-data-in/TLPW-Jason-copyfrom-small.pcap b/tests/pgsql/pgsql-copy-data-in/TLPW-Jason-copyfrom-small.pcap
new file mode 100644
index 000000000..984dc71bc
Binary files /dev/null and b/tests/pgsql/pgsql-copy-data-in/TLPW-Jason-copyfrom-small.pcap differ
diff --git a/tests/pgsql/pgsql-copy-data-in/suricata.yaml b/tests/pgsql/pgsql-copy-data-in/suricata.yaml
new file mode 100644
index 000000000..bade98943
--- /dev/null
+++ b/tests/pgsql/pgsql-copy-data-in/suricata.yaml
@@ -0,0 +1,18 @@
+%YAML 1.1
+---
+
+outputs:
+  - eve-log:
+      enabled: yes
+      filetype: regular
+      filename: eve.json
+      types:
+        - pgsql:
+            passwords: false
+
+app-layer:
+  protocols:
+    pgsql:
+      enabled: yes
+      stream-depth: 0
+
diff --git a/tests/pgsql/pgsql-copy-data-in/test.yaml b/tests/pgsql/pgsql-copy-data-in/test.yaml
new file mode 100644
index 000000000..742814dba
--- /dev/null
+++ b/tests/pgsql/pgsql-copy-data-in/test.yaml
@@ -0,0 +1,29 @@
+requires:
+  min-version: 8
+
+args:
+- -k none
+
+checks:
+- filter:
+    count: 6
+    match:
+      event_type: pgsql
+- filter:
+    count: 1
+    match:
+      event_type: pgsql
+      pcap_cnt: 17
+      pgsql.tx_id: 4
+      pgsql.request.simple_query: "COPY tmp FROM STDIN"
+      pgsql.response.copy_in_response.columns: 13
+- filter:
+    count: 1
+    match:
+      event_type: pgsql
+      pcap_cnt: 21
+      pgsql.tx_id: 5
+      pgsql.request.copy_data_in.msg_count: 1
+      pgsql.request.copy_data_in.data_size: 2779
+      pgsql.request.message: "copy_done"
+      pgsql.response.command_completed: "COPY 5"