From 4b031e7e5783bf624c2500aa2f638012ea5f2fc1 Mon Sep 17 00:00:00 2001
From: Juliana Fajardini <jufajardini@gmail.com>
Date: Fri, 24 Jan 2025 15:23:16 -0300
Subject: [PATCH] tests: add engine-analysis stream rule type tests

To accompany the Rule Types documentation.

Related to
Task #7031
---
 tests/rules/rule-type-stream/test.rules |  7 ++++
 tests/rules/rule-type-stream/test.yaml  | 44 +++++++++++++++++++++++++
 2 files changed, 51 insertions(+)
 create mode 100644 tests/rules/rule-type-stream/test.rules
 create mode 100644 tests/rules/rule-type-stream/test.yaml

diff --git a/tests/rules/rule-type-stream/test.rules b/tests/rules/rule-type-stream/test.rules
new file mode 100644
index 000000000..5ea8490a5
--- /dev/null
+++ b/tests/rules/rule-type-stream/test.rules
@@ -0,0 +1,7 @@
+# Stream rules
+alert tcp-stream any any -> any any (msg:"tcp-stream, simple content"; content:"abc"; sid:102;)
+alert http any any -> any any (msg:"http, simple content"; content:"abc"; sid:602;)
+alert tcp any any -> any any (msg:"byte_extract with dce"; byte_extract:4,0,var,dce; byte_test:4,>,var,4,little; sid:901;)
+alert tcp any any -> any 443 (flow: to_server; content:"abc"; flowbits:set,tls_error; sid:1605; msg:"Allow TLS error handling (outgoing packet) with simple content - Stream rule";)
+alert tcp any any -> any 443 (flow: to_server; content:"abc"; sid:160401; msg:"Allow TLS error handling (outgoing packet) - stream rule";)
+alert tcp any any -> any 443 (content:"abc"; sid:160402; msg:"Allow TLS error handling (outgoing packet) - stream rule";)
diff --git a/tests/rules/rule-type-stream/test.yaml b/tests/rules/rule-type-stream/test.yaml
new file mode 100644
index 000000000..8c7e66849
--- /dev/null
+++ b/tests/rules/rule-type-stream/test.yaml
@@ -0,0 +1,44 @@
+requires:
+    min-version: 7
+    pcap: false
+
+args:
+- --engine-analysis
+
+checks:
+    - filter:
+        filename: rules.json
+        count: 1
+        match:
+            id: 102
+            type: stream
+    - filter:
+        filename: rules.json
+        count: 1
+        match:
+            id: 602
+            type: stream
+    - filter:
+        filename: rules.json
+        count: 1
+        match:
+            id: 901
+            type: stream
+    - filter:
+        filename: rules.json
+        count: 1
+        match:
+            id: 1605
+            type: stream
+    - filter:
+        filename: rules.json
+        count: 1
+        match:
+            id: 160401
+            type: stream
+    - filter:
+        filename: rules.json
+        count: 1
+        match:
+            id: 160402
+            type: stream
-- 
2.47.2