From: Jeff Lucovsky <jeff@lucovsky.org>
Date: Sun, 14 Jun 2020 15:13:33 +0000 (-0400)
Subject: tests/ftp-data Test case for event type ftp_data
X-Git-Tag: suricata-6.0.4~276
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=refs%2Fpull%2F275%2Fhead;p=thirdparty%2Fsuricata-verify.git

tests/ftp-data Test case for event type ftp_data

This commit adds a test case to insure that `ftp_data` events are being
generated.
---

diff --git a/tests/output-eve-ftp-data/input.pcap b/tests/output-eve-ftp-data/input.pcap
new file mode 100644
index 000000000..473377a5e
Binary files /dev/null and b/tests/output-eve-ftp-data/input.pcap differ
diff --git a/tests/output-eve-ftp-data/test.yaml b/tests/output-eve-ftp-data/test.yaml
new file mode 100644
index 000000000..8323e0d40
--- /dev/null
+++ b/tests/output-eve-ftp-data/test.yaml
@@ -0,0 +1,18 @@
+requires:
+  min-version: 5
+
+args:
+  - --runmode=single
+
+checks:
+  - filter:
+      count: 1
+      match:
+        event_type: ftp_data
+
+  - filter:
+      count: 1
+      match:
+        event_type: ftp_data
+        ftp_data.filename: temp.txt
+        ftp_data.command: RETR