From 425a0130f4d0913ed1ab25dd21472d11f0afac82 Mon Sep 17 00:00:00 2001
From: Jeff Lucovsky <jeff@lucovsky.org>
Date: Sun, 28 Feb 2021 14:42:00 -0500
Subject: [PATCH] tests: Add test for threshold.config validation

This commit adds a test case to insure that "-T" stops execution when
threshold.config is not valid.
---
 tests/threshold-config-validate/test.rules       |  4 ++++
 tests/threshold-config-validate/test.yaml        | 16 ++++++++++++++++
 tests/threshold-config-validate/threshold.config |  1 +
 3 files changed, 21 insertions(+)
 create mode 100644 tests/threshold-config-validate/test.rules
 create mode 100644 tests/threshold-config-validate/test.yaml
 create mode 100644 tests/threshold-config-validate/threshold.config

diff --git a/tests/threshold-config-validate/test.rules b/tests/threshold-config-validate/test.rules
new file mode 100644
index 000000000..91f56071a
--- /dev/null
+++ b/tests/threshold-config-validate/test.rules
@@ -0,0 +1,4 @@
+alert tcp any any -> any 25 (msg:"ET POLICY Inbound Frequent Emails - Possible Spambot Inbound"; \
+     flow:established; content:"mail from|3a|"; nocase;                                          \
+          threshold: type threshold, track by_src, count 10, seconds 60;                              \
+               reference:url,doc.emergingthreats.net/2002087; classtype:misc-activity; sid:2002087; rev:10;)
diff --git a/tests/threshold-config-validate/test.yaml b/tests/threshold-config-validate/test.yaml
new file mode 100644
index 000000000..58edd8579
--- /dev/null
+++ b/tests/threshold-config-validate/test.yaml
@@ -0,0 +1,16 @@
+requires:
+    min-version: 7
+
+command: |
+  ${SRCDIR}/src/suricata --set threshold-file="${TEST_DIR}/threshold.config" -l ${OUTPUT_DIR} -c ${SRCDIR}/suricata.yaml -S ${TEST_DIR}/test.rules -T
+
+exit-code: 1
+
+checks:
+    - shell:
+        args: grep "Error loading threshold configuration" suricata.log | wc -l | xargs
+        expect: 1
+
+    - shell:
+        args: grep "SC_WARN_THRESH_CONFIG" suricata.log | wc -l | xargs
+        expect: 1
diff --git a/tests/threshold-config-validate/threshold.config b/tests/threshold-config-validate/threshold.config
new file mode 100644
index 000000000..93f562417
--- /dev/null
+++ b/tests/threshold-config-validate/threshold.config
@@ -0,0 +1 @@
+this is not correct
-- 
2.47.2