From 6359b2cde303eeeec2427a07dc18fc8d7560b062 Mon Sep 17 00:00:00 2001 From: Victor Julien Date: Thu, 1 Dec 2022 20:33:26 +0100 Subject: [PATCH] output: fixups for output changes --- tests/bug-3515/test.yaml | 2 +- tests/classification-config-validate-01/test.yaml | 2 +- tests/classification-config-validate-02/test.yaml | 2 +- tests/datarep-03-bad-reputation/test.yaml | 5 ++++- tests/detect-ip_proto-01/test.yaml | 8 ++------ tests/pcre-invalid-rule-01/test.yaml | 4 ++-- tests/reference-config-validate-01/test.yaml | 2 +- tests/reference-config-validate-02/test.yaml | 4 ++-- tests/test-bad-byte-extract-rule-1/test.yaml | 7 +++++++ tests/test-bad-byte-extract-rule-2/test.yaml | 7 +++++++ tests/test-bad-content-dsize-rule-2/test.yaml | 8 ++++++++ tests/test-bad-content-dsize-rule-3/test.yaml | 7 +++++++ tests/test-bad-content-quotes-rule-1/test.yaml | 7 +++++++ tests/test-bad-depth-depth-rule-1/test.yaml | 8 ++++++++ tests/test-bad-depth-distance-rule-1/test.yaml | 8 ++++++++ tests/test-bad-depth-distance-rule-2/test.yaml | 8 ++++++++ tests/test-bad-depth-rule-1/test.yaml | 8 ++++++++ tests/test-bad-depth-within-rule-1/test.yaml | 8 ++++++++ tests/test-bad-depth-within-rule-2/test.yaml | 8 ++++++++ tests/test-bad-dsize-offset-rule-2/test.yaml | 8 ++++++++ tests/test-bad-dsize-range-offset-rule-2/test.yaml | 8 ++++++++ tests/test-bad-dsize-range-rule-2/test.yaml | 8 ++++++++ tests/test-bad-hex-rule-1/test.yaml | 8 ++++++++ tests/test-bad-hex-rule-2/test.yaml | 8 ++++++++ tests/test-bad-hex-rule-3/test.yaml | 8 ++++++++ tests/test-bad-negate-fast-pattern-rule-1/test.yaml | 8 ++++++++ tests/test-bad-offset-distance-rule-1/test.yaml | 8 ++++++++ tests/test-bad-offset-offset-rule-1/test.yaml | 8 ++++++++ tests/test-bad-offset-within-rule-1/test.yaml | 8 ++++++++ tests/test-bad-quotation-marks-rule-1/test.yaml | 8 ++++++++ .../test.yaml | 8 ++++++++ tests/test-bad-semicolon-rule-1/test.yaml | 8 ++++++++ tests/test-bad-semicolon-rule-2/test.yaml | 8 ++++++++ tests/test-bad-within-within-rule-1/test.yaml | 8 ++++++++ tests/test-unreachable-distance-1/test.yaml | 2 +- tests/threshold-config-validate-01/test.yaml | 8 +++++--- tests/threshold-config-validate-02/test.yaml | 6 +++--- 37 files changed, 227 insertions(+), 22 deletions(-) diff --git a/tests/bug-3515/test.yaml b/tests/bug-3515/test.yaml index 8def8b788..70c61a448 100644 --- a/tests/bug-3515/test.yaml +++ b/tests/bug-3515/test.yaml @@ -8,5 +8,5 @@ args: checks: - shell: - args: grep "SC_WARN_ERSPAN_CONFIG" suricata.log | wc -l | xargs + args: grep "ERSPAN Type I is no longer configurable" suricata.log | wc -l | xargs expect: 1 diff --git a/tests/classification-config-validate-01/test.yaml b/tests/classification-config-validate-01/test.yaml index e7708852d..76e2ed983 100644 --- a/tests/classification-config-validate-01/test.yaml +++ b/tests/classification-config-validate-01/test.yaml @@ -8,5 +8,5 @@ exit-code: 1 checks: - shell: - args: grep "SC_WARN_CLASSIFICATION_CONFIG" suricata.log | wc -l | xargs + args: grep "Invalid Classtype in" suricata.log | wc -l | xargs expect: 1 diff --git a/tests/classification-config-validate-02/test.yaml b/tests/classification-config-validate-02/test.yaml index 64f1d14e4..08a322993 100644 --- a/tests/classification-config-validate-02/test.yaml +++ b/tests/classification-config-validate-02/test.yaml @@ -7,5 +7,5 @@ command: | checks: - shell: - args: grep -e "SC_WARN_CLASSIFICATION_CONFIG" suricata.log | wc -l | xargs + args: grep -e "Error loading classification configuration from" suricata.log | wc -l | xargs expect: 1 diff --git a/tests/datarep-03-bad-reputation/test.yaml b/tests/datarep-03-bad-reputation/test.yaml index a9ac4b749..debe6e5f9 100644 --- a/tests/datarep-03-bad-reputation/test.yaml +++ b/tests/datarep-03-bad-reputation/test.yaml @@ -14,5 +14,8 @@ args: checks: - shell: - args: grep "SC_ERR_INVALID_NUMERIC_VALUE" suricata.log | wc -l | xargs + args: grep "is not a valid reputation value" suricata.log | wc -l | xargs + expect: 1 + - shell: + args: grep "bad rep for dataset" suricata.log | wc -l | xargs expect: 1 diff --git a/tests/detect-ip_proto-01/test.yaml b/tests/detect-ip_proto-01/test.yaml index 159a1eeb9..8716c1ed3 100644 --- a/tests/detect-ip_proto-01/test.yaml +++ b/tests/detect-ip_proto-01/test.yaml @@ -9,9 +9,5 @@ exit-code: 1 checks: - shell: - args: grep "SC_ERR_INVALID_SIGNATURE" suricata.log | wc -l | xargs - expect: 5 - - - shell: - args: grep "SC_ERR_INVALID_VALUE" suricata.log | wc -l | xargs - expect: 5 + args: grep "Error" suricata.log | wc -l | xargs + expect: 11 diff --git a/tests/pcre-invalid-rule-01/test.yaml b/tests/pcre-invalid-rule-01/test.yaml index 7fe11baf5..9b82bf28e 100644 --- a/tests/pcre-invalid-rule-01/test.yaml +++ b/tests/pcre-invalid-rule-01/test.yaml @@ -8,8 +8,8 @@ checks: expect: 1 - shell: - args: grep SC_ERR_INVALID_SIGNATURE suricata.log | wc -l | xargs - expect: 26 + args: grep Error suricata.log | wc -l | xargs + expect: 27 - shell: args: grep "Expression seen with a sticky buffer" suricata.log | wc -l | xargs diff --git a/tests/reference-config-validate-01/test.yaml b/tests/reference-config-validate-01/test.yaml index 29f0734ee..b6728cded 100644 --- a/tests/reference-config-validate-01/test.yaml +++ b/tests/reference-config-validate-01/test.yaml @@ -8,5 +8,5 @@ exit-code: 1 checks: - shell: - args: grep "SC_ERR_REFERENCE_CONFIG" suricata.log | wc -l | xargs + args: grep "Invalid Reference Config in" suricata.log | wc -l | xargs expect: 1 diff --git a/tests/reference-config-validate-02/test.yaml b/tests/reference-config-validate-02/test.yaml index df3038885..d403eec05 100644 --- a/tests/reference-config-validate-02/test.yaml +++ b/tests/reference-config-validate-02/test.yaml @@ -7,9 +7,9 @@ command: | checks: - shell: - args: grep -e "SC_ERR_REFERENCE_CONFIG" suricata.log | wc -l | xargs + args: grep -e "unknown reference key" suricata.log | wc -l | xargs expect: 1 - shell: - args: grep -e "SC_ERR_REFERENCE_UNKNOWN" suricata.log | wc -l | xargs + args: grep -e "Invalid Reference Config in" suricata.log | wc -l | xargs expect: 1 diff --git a/tests/test-bad-byte-extract-rule-1/test.yaml b/tests/test-bad-byte-extract-rule-1/test.yaml index 4a3ed8828..cf70b9e23 100644 --- a/tests/test-bad-byte-extract-rule-1/test.yaml +++ b/tests/test-bad-byte-extract-rule-1/test.yaml @@ -17,7 +17,14 @@ checks: engine.message: "unknown byte_ keyword var seen in depth - d." - filter: + lt-version: 7 count: 1 match: event_type: engine engine.error: "SC_ERR_NO_RULES_LOADED" + - filter: + min-version: 7 + count: 3 + match: + event_type: engine + engine.module: "detect" diff --git a/tests/test-bad-byte-extract-rule-2/test.yaml b/tests/test-bad-byte-extract-rule-2/test.yaml index 1b19fe979..d628702d8 100644 --- a/tests/test-bad-byte-extract-rule-2/test.yaml +++ b/tests/test-bad-byte-extract-rule-2/test.yaml @@ -17,7 +17,14 @@ checks: engine.message: "invalid value for depth: -5." - filter: + lt-version: 7 count: 1 match: event_type: engine engine.error: "SC_ERR_NO_RULES_LOADED" + - filter: + min-version: 7 + count: 3 + match: + event_type: engine + engine.module: detect diff --git a/tests/test-bad-content-dsize-rule-2/test.yaml b/tests/test-bad-content-dsize-rule-2/test.yaml index 4a4af612e..89eac509a 100644 --- a/tests/test-bad-content-dsize-rule-2/test.yaml +++ b/tests/test-bad-content-dsize-rule-2/test.yaml @@ -14,7 +14,15 @@ checks: engine.message: "signature can't match as required content length 30 exceeds dsize value 10" - filter: + lt-version: 7 count: 1 match: event_type: engine engine.error: "SC_ERR_NO_RULES_LOADED" + + - filter: + min-version: 7 + count: 3 + match: + event_type: engine + engine.module: detect diff --git a/tests/test-bad-content-dsize-rule-3/test.yaml b/tests/test-bad-content-dsize-rule-3/test.yaml index 061320393..6b2fd6f5a 100644 --- a/tests/test-bad-content-dsize-rule-3/test.yaml +++ b/tests/test-bad-content-dsize-rule-3/test.yaml @@ -14,7 +14,14 @@ checks: engine.message: "signature can't match as required content length 20 exceeds dsize value 16" - filter: + lt-version: 7 count: 1 match: event_type: engine engine.error: "SC_ERR_NO_RULES_LOADED" + - filter: + min-version: 7 + count: 3 + match: + event_type: engine + engine.module: "detect" diff --git a/tests/test-bad-content-quotes-rule-1/test.yaml b/tests/test-bad-content-quotes-rule-1/test.yaml index 472cc76f9..b0be03c66 100644 --- a/tests/test-bad-content-quotes-rule-1/test.yaml +++ b/tests/test-bad-content-quotes-rule-1/test.yaml @@ -17,7 +17,14 @@ checks: engine.message: "Invalid unescaped double quote within content section." - filter: + lt-version: 7 count: 1 match: event_type: engine engine.error: "SC_ERR_NO_RULES_LOADED" + - filter: + min-version: 7 + count: 3 + match: + event_type: engine + engine.module: detect diff --git a/tests/test-bad-depth-depth-rule-1/test.yaml b/tests/test-bad-depth-depth-rule-1/test.yaml index 72d1aa139..eb4be50ee 100644 --- a/tests/test-bad-depth-depth-rule-1/test.yaml +++ b/tests/test-bad-depth-depth-rule-1/test.yaml @@ -17,7 +17,15 @@ checks: engine.message: "can't use multiple depths for the same content." - filter: + lt-version: 7 count: 1 match: event_type: engine engine.error: "SC_ERR_NO_RULES_LOADED" + + - filter: + min-version: 7 + count: 3 + match: + event_type: engine + engine.module: detect diff --git a/tests/test-bad-depth-distance-rule-1/test.yaml b/tests/test-bad-depth-distance-rule-1/test.yaml index 60d4e0764..7aa860902 100644 --- a/tests/test-bad-depth-distance-rule-1/test.yaml +++ b/tests/test-bad-depth-distance-rule-1/test.yaml @@ -17,7 +17,15 @@ checks: engine.message: "can't use a relative keyword like within/distance with a absolute relative keyword like depth/offset for the same content." - filter: + lt-version: 7 count: 1 match: event_type: engine engine.error: "SC_ERR_NO_RULES_LOADED" + + - filter: + min-version: 7 + count: 3 + match: + event_type: engine + engine.module: detect diff --git a/tests/test-bad-depth-distance-rule-2/test.yaml b/tests/test-bad-depth-distance-rule-2/test.yaml index 60d4e0764..7aa860902 100644 --- a/tests/test-bad-depth-distance-rule-2/test.yaml +++ b/tests/test-bad-depth-distance-rule-2/test.yaml @@ -17,7 +17,15 @@ checks: engine.message: "can't use a relative keyword like within/distance with a absolute relative keyword like depth/offset for the same content." - filter: + lt-version: 7 count: 1 match: event_type: engine engine.error: "SC_ERR_NO_RULES_LOADED" + + - filter: + min-version: 7 + count: 3 + match: + event_type: engine + engine.module: detect diff --git a/tests/test-bad-depth-rule-1/test.yaml b/tests/test-bad-depth-rule-1/test.yaml index 0053b59f2..e7c67425a 100644 --- a/tests/test-bad-depth-rule-1/test.yaml +++ b/tests/test-bad-depth-rule-1/test.yaml @@ -17,7 +17,15 @@ checks: engine.message: "depth needs preceding content, uricontent option, http_client_body, http_server_body, http_header option, http_raw_header option, http_method option, http_cookie, http_raw_uri, http_stat_msg, http_stat_code, http_user_agent, http_host, http_raw_host or file_data/dce_stub_data sticky buffer options." - filter: + lt-version: 7 count: 1 match: event_type: engine engine.error: "SC_ERR_NO_RULES_LOADED" + + - filter: + min-version: 7 + count: 3 + match: + event_type: engine + engine.module: detect diff --git a/tests/test-bad-depth-within-rule-1/test.yaml b/tests/test-bad-depth-within-rule-1/test.yaml index 60d4e0764..7aa860902 100644 --- a/tests/test-bad-depth-within-rule-1/test.yaml +++ b/tests/test-bad-depth-within-rule-1/test.yaml @@ -17,7 +17,15 @@ checks: engine.message: "can't use a relative keyword like within/distance with a absolute relative keyword like depth/offset for the same content." - filter: + lt-version: 7 count: 1 match: event_type: engine engine.error: "SC_ERR_NO_RULES_LOADED" + + - filter: + min-version: 7 + count: 3 + match: + event_type: engine + engine.module: detect diff --git a/tests/test-bad-depth-within-rule-2/test.yaml b/tests/test-bad-depth-within-rule-2/test.yaml index 0053b59f2..e7c67425a 100644 --- a/tests/test-bad-depth-within-rule-2/test.yaml +++ b/tests/test-bad-depth-within-rule-2/test.yaml @@ -17,7 +17,15 @@ checks: engine.message: "depth needs preceding content, uricontent option, http_client_body, http_server_body, http_header option, http_raw_header option, http_method option, http_cookie, http_raw_uri, http_stat_msg, http_stat_code, http_user_agent, http_host, http_raw_host or file_data/dce_stub_data sticky buffer options." - filter: + lt-version: 7 count: 1 match: event_type: engine engine.error: "SC_ERR_NO_RULES_LOADED" + + - filter: + min-version: 7 + count: 3 + match: + event_type: engine + engine.module: detect diff --git a/tests/test-bad-dsize-offset-rule-2/test.yaml b/tests/test-bad-dsize-offset-rule-2/test.yaml index d3d485d00..0ff96f27e 100644 --- a/tests/test-bad-dsize-offset-rule-2/test.yaml +++ b/tests/test-bad-dsize-offset-rule-2/test.yaml @@ -14,7 +14,15 @@ checks: engine.message: "signature can't match as required content length 102 exceeds dsize value 50" - filter: + lt-version: 7 count: 1 match: event_type: engine engine.error: "SC_ERR_NO_RULES_LOADED" + + - filter: + min-version: 7 + count: 3 + match: + event_type: engine + engine.module: detect diff --git a/tests/test-bad-dsize-range-offset-rule-2/test.yaml b/tests/test-bad-dsize-range-offset-rule-2/test.yaml index 74e366c66..4d9187ba9 100644 --- a/tests/test-bad-dsize-range-offset-rule-2/test.yaml +++ b/tests/test-bad-dsize-range-offset-rule-2/test.yaml @@ -14,7 +14,15 @@ checks: engine.message: "signature can't match as required content length 12 exceeds dsize value 10" - filter: + lt-version: 7 count: 1 match: event_type: engine engine.error: "SC_ERR_NO_RULES_LOADED" + + - filter: + min-version: 7 + count: 3 + match: + event_type: engine + engine.module: detect diff --git a/tests/test-bad-dsize-range-rule-2/test.yaml b/tests/test-bad-dsize-range-rule-2/test.yaml index 073955fa6..a4c01fd37 100644 --- a/tests/test-bad-dsize-range-rule-2/test.yaml +++ b/tests/test-bad-dsize-range-rule-2/test.yaml @@ -14,7 +14,15 @@ checks: engine.message: "signature can't match as required content length 30 exceeds dsize value 10" - filter: + lt-version: 7 count: 1 match: event_type: engine engine.error: "SC_ERR_NO_RULES_LOADED" + + - filter: + min-version: 7 + count: 3 + match: + event_type: engine + engine.module: detect diff --git a/tests/test-bad-hex-rule-1/test.yaml b/tests/test-bad-hex-rule-1/test.yaml index d2bdde603..2e4a13dc3 100644 --- a/tests/test-bad-hex-rule-1/test.yaml +++ b/tests/test-bad-hex-rule-1/test.yaml @@ -14,11 +14,19 @@ checks: engine.message: "Invalid hex code in content - |l0 01 01|, hex l. Invalidating signature." - filter: + lt-version: 7 count: 1 match: event_type: engine engine.error: "SC_ERR_NO_RULES_LOADED" + - filter: + min-version: 7 + count: 4 + match: + event_type: engine + engine.module: detect + - filter: min-version: 7.0 count: 1 diff --git a/tests/test-bad-hex-rule-2/test.yaml b/tests/test-bad-hex-rule-2/test.yaml index a930f9c30..7ed14793e 100644 --- a/tests/test-bad-hex-rule-2/test.yaml +++ b/tests/test-bad-hex-rule-2/test.yaml @@ -17,7 +17,15 @@ checks: engine.message: "Invalid hex code in content - \u0001\u00101 10 0j|, hex j. Invalidating signature." - filter: + lt-version: 7 count: 1 match: event_type: engine engine.error: "SC_ERR_NO_RULES_LOADED" + + - filter: + min-version: 7 + count: 3 + match: + event_type: engine + engine.module: detect diff --git a/tests/test-bad-hex-rule-3/test.yaml b/tests/test-bad-hex-rule-3/test.yaml index 93962975c..d3377a63b 100644 --- a/tests/test-bad-hex-rule-3/test.yaml +++ b/tests/test-bad-hex-rule-3/test.yaml @@ -17,7 +17,15 @@ checks: engine.message: "Invalid hex code assembly in content - |1. Invalidating signature." - filter: + lt-version: 7 count: 1 match: event_type: engine engine.error: "SC_ERR_NO_RULES_LOADED" + + - filter: + min-version: 7 + count: 3 + match: + event_type: engine + engine.module: detect diff --git a/tests/test-bad-negate-fast-pattern-rule-1/test.yaml b/tests/test-bad-negate-fast-pattern-rule-1/test.yaml index bf222d7ec..56a539503 100644 --- a/tests/test-bad-negate-fast-pattern-rule-1/test.yaml +++ b/tests/test-bad-negate-fast-pattern-rule-1/test.yaml @@ -17,7 +17,15 @@ checks: engine.message: "can't have a relative negated keyword set along with 'fast_pattern'." - filter: + lt-version: 7 count: 1 match: event_type: engine engine.error: "SC_ERR_NO_RULES_LOADED" + + - filter: + min-version: 7 + count: 3 + match: + event_type: engine + engine.module: detect diff --git a/tests/test-bad-offset-distance-rule-1/test.yaml b/tests/test-bad-offset-distance-rule-1/test.yaml index 60d4e0764..7aa860902 100644 --- a/tests/test-bad-offset-distance-rule-1/test.yaml +++ b/tests/test-bad-offset-distance-rule-1/test.yaml @@ -17,7 +17,15 @@ checks: engine.message: "can't use a relative keyword like within/distance with a absolute relative keyword like depth/offset for the same content." - filter: + lt-version: 7 count: 1 match: event_type: engine engine.error: "SC_ERR_NO_RULES_LOADED" + + - filter: + min-version: 7 + count: 3 + match: + event_type: engine + engine.module: detect diff --git a/tests/test-bad-offset-offset-rule-1/test.yaml b/tests/test-bad-offset-offset-rule-1/test.yaml index 50fb14349..299e7bac6 100644 --- a/tests/test-bad-offset-offset-rule-1/test.yaml +++ b/tests/test-bad-offset-offset-rule-1/test.yaml @@ -17,7 +17,15 @@ checks: engine.message: "can't use multiple offsets for the same content." - filter: + lt-version: 7 count: 1 match: event_type: engine engine.error: "SC_ERR_NO_RULES_LOADED" + + - filter: + min-version: 7 + count: 3 + match: + event_type: engine + engine.module: detect diff --git a/tests/test-bad-offset-within-rule-1/test.yaml b/tests/test-bad-offset-within-rule-1/test.yaml index 60d4e0764..7aa860902 100644 --- a/tests/test-bad-offset-within-rule-1/test.yaml +++ b/tests/test-bad-offset-within-rule-1/test.yaml @@ -17,7 +17,15 @@ checks: engine.message: "can't use a relative keyword like within/distance with a absolute relative keyword like depth/offset for the same content." - filter: + lt-version: 7 count: 1 match: event_type: engine engine.error: "SC_ERR_NO_RULES_LOADED" + + - filter: + min-version: 7 + count: 3 + match: + event_type: engine + engine.module: detect diff --git a/tests/test-bad-quotation-marks-rule-1/test.yaml b/tests/test-bad-quotation-marks-rule-1/test.yaml index db0b68a8c..fad22de8b 100644 --- a/tests/test-bad-quotation-marks-rule-1/test.yaml +++ b/tests/test-bad-quotation-marks-rule-1/test.yaml @@ -17,7 +17,15 @@ checks: engine.message: "invalid formatting to content keyword: value must be double quoted 'content'" - filter: + lt-version: 7 count: 1 match: event_type: engine engine.error: "SC_ERR_NO_RULES_LOADED" + + - filter: + min-version: 7 + count: 3 + match: + event_type: engine + engine.module: detect diff --git a/tests/test-bad-relative-keyword-fast-pattern-rule-1/test.yaml b/tests/test-bad-relative-keyword-fast-pattern-rule-1/test.yaml index cafe44473..fbda1cb8f 100644 --- a/tests/test-bad-relative-keyword-fast-pattern-rule-1/test.yaml +++ b/tests/test-bad-relative-keyword-fast-pattern-rule-1/test.yaml @@ -17,7 +17,15 @@ checks: engine.message: "can't have a relative keyword set along with 'fast_pattern:only;'." - filter: + lt-version: 7 count: 1 match: event_type: engine engine.error: "SC_ERR_NO_RULES_LOADED" + + - filter: + min-version: 7 + count: 3 + match: + event_type: engine + engine.module: detect diff --git a/tests/test-bad-semicolon-rule-1/test.yaml b/tests/test-bad-semicolon-rule-1/test.yaml index 699c23d9f..b31dd4a6f 100644 --- a/tests/test-bad-semicolon-rule-1/test.yaml +++ b/tests/test-bad-semicolon-rule-1/test.yaml @@ -17,7 +17,15 @@ checks: engine.message: "bad option value formatting (possible missing semicolon) for keyword content: '\"AA\" depth:20'" - filter: + lt-version: 7 count: 1 match: event_type: engine engine.error: "SC_ERR_NO_RULES_LOADED" + + - filter: + min-version: 7 + count: 3 + match: + event_type: engine + engine.module: detect diff --git a/tests/test-bad-semicolon-rule-2/test.yaml b/tests/test-bad-semicolon-rule-2/test.yaml index 817891d7b..718ec710a 100644 --- a/tests/test-bad-semicolon-rule-2/test.yaml +++ b/tests/test-bad-semicolon-rule-2/test.yaml @@ -17,7 +17,15 @@ checks: engine.message: "unknown rule keyword ''." - filter: + lt-version: 7 count: 1 match: event_type: engine engine.error: "SC_ERR_NO_RULES_LOADED" + + - filter: + min-version: 7 + count: 3 + match: + event_type: engine + engine.module: detect diff --git a/tests/test-bad-within-within-rule-1/test.yaml b/tests/test-bad-within-within-rule-1/test.yaml index 4c97015ce..5675a6296 100644 --- a/tests/test-bad-within-within-rule-1/test.yaml +++ b/tests/test-bad-within-within-rule-1/test.yaml @@ -17,7 +17,15 @@ checks: engine.message: "can't use multiple withins for the same content." - filter: + lt-version: 7 count: 1 match: event_type: engine engine.error: "SC_ERR_NO_RULES_LOADED" + + - filter: + min-version: 7 + count: 3 + match: + event_type: engine + engine.module: detect diff --git a/tests/test-unreachable-distance-1/test.yaml b/tests/test-unreachable-distance-1/test.yaml index af39ec497..cd7813e0d 100644 --- a/tests/test-unreachable-distance-1/test.yaml +++ b/tests/test-unreachable-distance-1/test.yaml @@ -1,5 +1,5 @@ requires: - min-version: 7 + min-version: 8 # TODO checks: - shell: diff --git a/tests/threshold-config-validate-01/test.yaml b/tests/threshold-config-validate-01/test.yaml index fc09e42f7..d39d27f9c 100644 --- a/tests/threshold-config-validate-01/test.yaml +++ b/tests/threshold-config-validate-01/test.yaml @@ -11,6 +11,8 @@ checks: args: grep "Error loading threshold configuration" suricata.log | wc -l | xargs expect: 1 - - shell: - args: grep "SC_WARN_THRESH_CONFIG" suricata.log | wc -l | xargs - expect: 1 + # TODO + #- shell: + # lt-version: 7 + # args: grep "SC_WARN_THRESH_CONFIG" suricata.log | wc -l | xargs + # expect: 1 diff --git a/tests/threshold-config-validate-02/test.yaml b/tests/threshold-config-validate-02/test.yaml index 693af0102..d605840d0 100644 --- a/tests/threshold-config-validate-02/test.yaml +++ b/tests/threshold-config-validate-02/test.yaml @@ -6,9 +6,9 @@ command: | checks: - - shell: - args: grep -e "SC_ERR_PCRE_MATCH" suricata.log | wc -l | xargs - expect: 1 + #- shell: + # args: grep -e "SC_ERR_PCRE_MATCH" suricata.log | wc -l | xargs + # expect: 1 - shell: args: grep -e "Threshold config parsed.*0 rule.*found" suricata.log | wc -l | xargs -- 2.47.2