From: Victor Julien <victor@inliniac.net>
Date: Mon, 26 Sep 2022 08:37:48 +0000 (+0200)
Subject: tests: flowbit bad rules handling for 6.0.7
X-Git-Tag: suricata-6.0.8~6
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=refs%2Fpull%2F952%2Fhead;p=thirdparty%2Fsuricata-verify.git

tests: flowbit bad rules handling for 6.0.7
---

diff --git a/tests/flowbit-bad-rules-6-01/empty.pcap b/tests/flowbit-bad-rules-6-01/empty.pcap
new file mode 100644
index 000000000..4f9600e90
Binary files /dev/null and b/tests/flowbit-bad-rules-6-01/empty.pcap differ
diff --git a/tests/flowbit-bad-rules-6-01/test.rules b/tests/flowbit-bad-rules-6-01/test.rules
new file mode 100644
index 000000000..7100ba2cf
--- /dev/null
+++ b/tests/flowbit-bad-rules-6-01/test.rules
@@ -0,0 +1 @@
+alert ip any any -> any any (msg:"BAD rule"; flowbits:isset,abc,noalert; sid:1;)
diff --git a/tests/flowbit-bad-rules-6-01/test.yaml b/tests/flowbit-bad-rules-6-01/test.yaml
new file mode 100644
index 000000000..512cd24ac
--- /dev/null
+++ b/tests/flowbit-bad-rules-6-01/test.yaml
@@ -0,0 +1,7 @@
+requires:
+  lt-version: 7
+
+args:
+  - --init-errors-fatal
+
+exit-code: 0
diff --git a/tests/flowbit-bad-rules-6-02/empty.pcap b/tests/flowbit-bad-rules-6-02/empty.pcap
new file mode 100644
index 000000000..4f9600e90
Binary files /dev/null and b/tests/flowbit-bad-rules-6-02/empty.pcap differ
diff --git a/tests/flowbit-bad-rules-6-02/test.rules b/tests/flowbit-bad-rules-6-02/test.rules
new file mode 100644
index 000000000..7100ba2cf
--- /dev/null
+++ b/tests/flowbit-bad-rules-6-02/test.rules
@@ -0,0 +1 @@
+alert ip any any -> any any (msg:"BAD rule"; flowbits:isset,abc,noalert; sid:1;)
diff --git a/tests/flowbit-bad-rules-6-02/test.yaml b/tests/flowbit-bad-rules-6-02/test.yaml
new file mode 100644
index 000000000..767e19315
--- /dev/null
+++ b/tests/flowbit-bad-rules-6-02/test.yaml
@@ -0,0 +1,8 @@
+requires:
+  lt-version: 7
+
+args:
+  - --init-errors-fatal
+  - --strict-rule-keywords=flowbits
+
+exit-code: 1
diff --git a/tests/flowbit-bad-rules-6-03/empty.pcap b/tests/flowbit-bad-rules-6-03/empty.pcap
new file mode 100644
index 000000000..4f9600e90
Binary files /dev/null and b/tests/flowbit-bad-rules-6-03/empty.pcap differ
diff --git a/tests/flowbit-bad-rules-6-03/test.rules b/tests/flowbit-bad-rules-6-03/test.rules
new file mode 100644
index 000000000..7100ba2cf
--- /dev/null
+++ b/tests/flowbit-bad-rules-6-03/test.rules
@@ -0,0 +1 @@
+alert ip any any -> any any (msg:"BAD rule"; flowbits:isset,abc,noalert; sid:1;)
diff --git a/tests/flowbit-bad-rules-6-03/test.yaml b/tests/flowbit-bad-rules-6-03/test.yaml
new file mode 100644
index 000000000..9805a7b8a
--- /dev/null
+++ b/tests/flowbit-bad-rules-6-03/test.yaml
@@ -0,0 +1,8 @@
+requires:
+  lt-version: 7
+
+args:
+  - --init-errors-fatal
+  - --strict-rule-keywords=all
+
+exit-code: 1