From: Andreas Herz Date: Wed, 11 Jun 2025 08:42:11 +0000 (+0200) Subject: tests: remove exit-code check for datasets-absolute-allowed on v8 X-Git-Tag: suricata-7.0.11~12 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=refs%2Fpull%2F2566%2Fhead;p=thirdparty%2Fsuricata-verify.git tests: remove exit-code check for datasets-absolute-allowed on v8 With the commit in Suricata to skip adding localstatedir when a full path is provided, the S-V test does not exit with 1 anymore but rather with 0 since it succeeds. This commits updates the previous test to run with Suricata prior to verison 8 and a dedicated copy of the test to work with Suricata 8 without the need to check the exit code anymore, since it's 0. The new test is split between Unix like systems and Windows by using different absolute paths for the filenames. --- diff --git a/tests/datasets/datasets-absolute-allowed-pre8/README.md b/tests/datasets/datasets-absolute-allowed-pre8/README.md new file mode 100644 index 000000000..3daacb0c2 --- /dev/null +++ b/tests/datasets/datasets-absolute-allowed-pre8/README.md @@ -0,0 +1,2 @@ +Test that the configuration option to allow absolute dataset filenames +in rules works. diff --git a/tests/datasets/datasets-absolute-allowed-pre8/suricata.yaml b/tests/datasets/datasets-absolute-allowed-pre8/suricata.yaml new file mode 100644 index 000000000..50171d9b9 --- /dev/null +++ b/tests/datasets/datasets-absolute-allowed-pre8/suricata.yaml @@ -0,0 +1,13 @@ +%YAML 1.1 +--- + +datasets: + rules: + allow-absolute-filenames: true + +logging: + outputs: + - file: + enabled: yes + filename: eve.json + type: json diff --git a/tests/datasets/datasets-absolute-allowed-pre8/test.rules b/tests/datasets/datasets-absolute-allowed-pre8/test.rules new file mode 100644 index 000000000..323fe04b7 --- /dev/null +++ b/tests/datasets/datasets-absolute-allowed-pre8/test.rules @@ -0,0 +1,3 @@ +alert dns any any -> any any (dns.query; dataset: isnotset, dns-seen, type string, state /tmp/dns-seen.txt; sid:1; rev:1;) +alert dns any any -> any any (dns.query; dataset: isnotset, dns-seen-save, type string, save /tmp/dns-seen-save.txt; sid:2; rev:1;) +alert dns any any -> any any (dns.query; dataset: isnotset, dns-seen-parent, type string, state /tmp/../tmp/dns-seen.txt; sid:3; rev:1;) diff --git a/tests/datasets/datasets-absolute-allowed-pre8/test.yaml b/tests/datasets/datasets-absolute-allowed-pre8/test.yaml new file mode 100644 index 000000000..3c1a592e3 --- /dev/null +++ b/tests/datasets/datasets-absolute-allowed-pre8/test.yaml @@ -0,0 +1,26 @@ +pcap: ../../datasets/datasets-parent-path/one-packet.pcap + +requires: + lt-version: 8 + +args: + - -vvv + +# Due to differences between user-mode and system-mode, these rules +# will actually fail. Instead we're testing to make sure we got past +# the check for absolute filenames. +exit-code: 1 + +checks: + - filter: + count: 1 + match: + engine.message: "Allowing absolute filename for dataset rule: /tmp/dns-seen.txt" + - filter: + count: 1 + match: + engine.message: "Allowing absolute filename for dataset rule: /tmp/dns-seen-save.txt" + - filter: + count: 1 + match: + engine.message: "Allowing absolute filename for dataset rule: /tmp/../tmp/dns-seen.txt" diff --git a/tests/datasets/datasets-absolute-allowed-winonly/README.md b/tests/datasets/datasets-absolute-allowed-winonly/README.md new file mode 100644 index 000000000..3daacb0c2 --- /dev/null +++ b/tests/datasets/datasets-absolute-allowed-winonly/README.md @@ -0,0 +1,2 @@ +Test that the configuration option to allow absolute dataset filenames +in rules works. diff --git a/tests/datasets/datasets-absolute-allowed-winonly/suricata.yaml b/tests/datasets/datasets-absolute-allowed-winonly/suricata.yaml new file mode 100644 index 000000000..50171d9b9 --- /dev/null +++ b/tests/datasets/datasets-absolute-allowed-winonly/suricata.yaml @@ -0,0 +1,13 @@ +%YAML 1.1 +--- + +datasets: + rules: + allow-absolute-filenames: true + +logging: + outputs: + - file: + enabled: yes + filename: eve.json + type: json diff --git a/tests/datasets/datasets-absolute-allowed-winonly/test.rules b/tests/datasets/datasets-absolute-allowed-winonly/test.rules new file mode 100644 index 000000000..00559fe93 --- /dev/null +++ b/tests/datasets/datasets-absolute-allowed-winonly/test.rules @@ -0,0 +1,3 @@ +alert dns any any -> any any (dns.query; dataset: isnotset, dns-seen, type string, state C:\Windows\Temp\dns-seen.txt; sid:1; rev:1;) +alert dns any any -> any any (dns.query; dataset: isnotset, dns-seen-save, type string, save C:\Windows\Temp\dns-seen-save.txt; sid:2; rev:1;) +alert dns any any -> any any (dns.query; dataset: isnotset, dns-seen-parent, type string, state C:\Windows\Temp\..\Temp\dns-seen2.txt; sid:3; rev:1;) diff --git a/tests/datasets/datasets-absolute-allowed-winonly/test.yaml b/tests/datasets/datasets-absolute-allowed-winonly/test.yaml new file mode 100644 index 000000000..8fc673dc4 --- /dev/null +++ b/tests/datasets/datasets-absolute-allowed-winonly/test.yaml @@ -0,0 +1,33 @@ +pcap: ../../datasets/datasets-parent-path/one-packet.pcap + +requires: + min-version: 8 + lambda: sys.platform == "win32" + +args: + - -vvv + +checks: + - filter: + filename: eve.json + count: 3 + match: + engine.message.__startswith: "Allowing absolute filename for dataset rule" + - filter: + filename: eve.json + count: 1 + match: + engine.message.__startswith: "Allowing absolute filename for dataset rule" + engine.message.__endswith: "dns-seen.txt" + - filter: + filename: eve.json + count: 1 + match: + engine.message.__startswith: "Allowing absolute filename for dataset rule" + engine.message.__endswith: "dns-seen-save.txt" + - filter: + filename: eve.json + count: 1 + match: + engine.message.__startswith: "Allowing absolute filename for dataset rule" + engine.message.__endswith: "dns-seen2.txt" diff --git a/tests/datasets/datasets-absolute-allowed/test.yaml b/tests/datasets/datasets-absolute-allowed/test.yaml index 990990721..788538014 100644 --- a/tests/datasets/datasets-absolute-allowed/test.yaml +++ b/tests/datasets/datasets-absolute-allowed/test.yaml @@ -1,13 +1,13 @@ pcap: ../../datasets/datasets-parent-path/one-packet.pcap +# this needs at least Suricata 8 and based on the absolute path will not work on Windows +requires: + min-version: 8 + lambda: sys.platform != "win32" + args: - -vvv -# Due to differences between user-mode and system-mode, these rules -# will actually fail. Instead we're testing to make sure we got past -# the check for absolute filenames. -exit-code: 1 - checks: - filter: count: 1