From: Philippe Antoine <contact@catenacyber.fr>
Date: Fri, 1 Jul 2022 11:21:21 +0000 (+0200)
Subject: Adds regression test against forced filestore
X-Git-Tag: suricata-5.0.10~8
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=refs%2Fpull%2F869%2Fhead;p=thirdparty%2Fsuricata-verify.git

Adds regression test against forced filestore

Cf https://redmine.openinfosecfoundation.org/issues/5408
---

diff --git a/tests/filestore-5408/README.md b/tests/filestore-5408/README.md
new file mode 100644
index 000000000..3abd7ebb0
--- /dev/null
+++ b/tests/filestore-5408/README.md
@@ -0,0 +1,8 @@
+# Description
+
+Test against bug 5408 with forced filestore
+
+# PCAP
+
+The pcap comes from https://tcpreplay.appneta.com/wiki/captures.html#bigflows-pcap
+The bigFlows.pcap was reduced to the pair of ip addresses causing the bug
diff --git a/tests/filestore-5408/input.pcap b/tests/filestore-5408/input.pcap
new file mode 100644
index 000000000..eca84a48b
Binary files /dev/null and b/tests/filestore-5408/input.pcap differ
diff --git a/tests/filestore-5408/suricata.yaml b/tests/filestore-5408/suricata.yaml
new file mode 100644
index 000000000..c0378fa4f
--- /dev/null
+++ b/tests/filestore-5408/suricata.yaml
@@ -0,0 +1,13 @@
+%YAML 1.1
+---
+
+outputs:
+  - eve-log:
+      enabled: yes
+      types:
+        - files
+        - stats
+  - file-store:
+      version: 2
+      enabled: yes
+      force-filestore: yes
diff --git a/tests/filestore-5408/test.yaml b/tests/filestore-5408/test.yaml
new file mode 100644
index 000000000..6b45ddac2
--- /dev/null
+++ b/tests/filestore-5408/test.yaml
@@ -0,0 +1,8 @@
+requires:
+  min-version: 6
+
+checks:
+  - filter:
+      count: 5
+      match:
+        event_type: fileinfo