From 3450a0af517e677e1250686f8de0348b74f54c42 Mon Sep 17 00:00:00 2001
From: Jason Ish <jason.ish@oisf.net>
Date: Wed, 28 Jun 2023 11:08:22 -0600
Subject: [PATCH] test: pcap-log with lz4 write to non-writable directory

Ticket: #5022
---
 tests/pcap-log-lz4-write/README.md     |  6 ++++++
 tests/pcap-log-lz4-write/suricata.yaml | 21 +++++++++++++++++++++
 tests/pcap-log-lz4-write/test.yaml     | 22 ++++++++++++++++++++++
 3 files changed, 49 insertions(+)
 create mode 100644 tests/pcap-log-lz4-write/README.md
 create mode 100644 tests/pcap-log-lz4-write/suricata.yaml
 create mode 100644 tests/pcap-log-lz4-write/test.yaml

diff --git a/tests/pcap-log-lz4-write/README.md b/tests/pcap-log-lz4-write/README.md
new file mode 100644
index 000000000..cd7ad83f6
--- /dev/null
+++ b/tests/pcap-log-lz4-write/README.md
@@ -0,0 +1,6 @@
+Test that Suricata will not crash if pcap-log is enabled with LZ4
+compression and a non-writable pcap-log directory.
+
+## Issue
+
+https://redmine.openinfosecfoundation.org/issues/5022
diff --git a/tests/pcap-log-lz4-write/suricata.yaml b/tests/pcap-log-lz4-write/suricata.yaml
new file mode 100644
index 000000000..0a0204483
--- /dev/null
+++ b/tests/pcap-log-lz4-write/suricata.yaml
@@ -0,0 +1,21 @@
+%YAML 1.1
+---
+
+outputs:
+  - pcap-log:
+      enabled: yes
+      filename: log.pcap
+      compression: lz4
+      mode: normal
+      dir: pcap-log
+
+# Enable enging logging to JSON so we can verify it.
+logging:
+  outputs:
+    - console:
+        enabled: yes
+    - file:
+        enabled: yes
+        level: info
+        filename: eve.json
+        type: json
diff --git a/tests/pcap-log-lz4-write/test.yaml b/tests/pcap-log-lz4-write/test.yaml
new file mode 100644
index 000000000..086223301
--- /dev/null
+++ b/tests/pcap-log-lz4-write/test.yaml
@@ -0,0 +1,22 @@
+requires:
+  features:
+    - liblz4
+
+skip:
+  - uid: 0
+    msg: "Test requires non-root user"
+
+setup:
+  # Create a pcap-log directory without write permission
+  - script: |
+      rm -rf pcap-log
+      mkdir pcap-log
+      chmod 555 pcap-log
+      
+pcap: ../alert-testmyids/input.pcap
+
+checks:
+  - filter:
+      count: 1
+      match:
+        engine.message: "Error opening file for compressed output: Permission denied"
-- 
2.47.2