From ee229caca8f2cce3d23c1c42cb80e400cb7a3298 Mon Sep 17 00:00:00 2001
From: Jason Ish <jason.ish@oisf.net>
Date: Fri, 27 Oct 2023 12:50:25 -0600
Subject: [PATCH] test: test for empty dns/eve formats

Test that when dns/eve "formats" is empty, it uses the default of all.

Bug: #6420
---
 tests/dns/dns-eve-empty-format/README.md     |   5 +++++
 tests/dns/dns-eve-empty-format/input.pcap    | Bin 0 -> 876 bytes
 tests/dns/dns-eve-empty-format/suricata.yaml |  11 +++++++++++
 tests/dns/dns-eve-empty-format/test.yaml     |   7 +++++++
 4 files changed, 23 insertions(+)
 create mode 100644 tests/dns/dns-eve-empty-format/README.md
 create mode 100644 tests/dns/dns-eve-empty-format/input.pcap
 create mode 100644 tests/dns/dns-eve-empty-format/suricata.yaml
 create mode 100644 tests/dns/dns-eve-empty-format/test.yaml

diff --git a/tests/dns/dns-eve-empty-format/README.md b/tests/dns/dns-eve-empty-format/README.md
new file mode 100644
index 000000000..e82386f86
--- /dev/null
+++ b/tests/dns/dns-eve-empty-format/README.md
@@ -0,0 +1,5 @@
+Test that emtpy EVE/DNS "formats" configuration results in the default
+of both formats.
+
+https://redmine.openinfosecfoundation.org/issues/6420
+
diff --git a/tests/dns/dns-eve-empty-format/input.pcap b/tests/dns/dns-eve-empty-format/input.pcap
new file mode 100644
index 0000000000000000000000000000000000000000..5c9ee35b3925845257e32c31a4312dca5ccc1a3a
GIT binary patch
literal 876
zc-p&ic+)~A1{MYcU}0bclCF<k!g*HmF$4nHAj}{t&dc`w#_6uN3*9&vTp1Xg=X5zR
zI0&|X;Sylv24cpG>lsWL^u=;!t_JF7gqX#doRgWFSE8Go#-37?Uyzhv!JM3*3zBAZ
z16mL&%F2)kR0hHjqaoISEeMX22U&2;A7nVl5(ZPC753-qXRdB+0GU9*f&)BIMfwaZ
zCZPqQAPeKR@G$rSg?zF3$bOyz$ilWHn2!!A0)3<{mci?f@DXcLPJVJWhGp(R!|Qz+
z8A5?dLa`a{KJPFC(D0+%VTLzt0vc{CR<Q0hqXN`$My}-il+@h(yzJCU=DgGr28ahV
z1)wnlvZTU^nE@yP#u!1C76<mhF>6GS0sRnUdX(269Ar#*d;knCR<Jub8Mq-zn9>ao
z2p!Oeh9U<8i>{TMBFGJ*?d%LuK%ppXZt#gy1iK*w;Rc{rEwpc}dyR-TY#xQh7vp9I
zmW<|8=^j9vG=6d7Nr6k&fNZM21PjuKN{|$28A((M1X(ceHz&Rns08+k55g-zE9@2H
NEh9-wfx3_s2mn|@#v=d#

literal 0
Hc-jL100001

diff --git a/tests/dns/dns-eve-empty-format/suricata.yaml b/tests/dns/dns-eve-empty-format/suricata.yaml
new file mode 100644
index 000000000..47b4352ad
--- /dev/null
+++ b/tests/dns/dns-eve-empty-format/suricata.yaml
@@ -0,0 +1,11 @@
+%YAML 1.1
+---
+
+outputs:
+  - eve-log:
+      enabled: yes
+      filetype: regular
+      filename: eve.json
+      types:
+        - dns:
+            formats:
diff --git a/tests/dns/dns-eve-empty-format/test.yaml b/tests/dns/dns-eve-empty-format/test.yaml
new file mode 100644
index 000000000..0be5eb8e3
--- /dev/null
+++ b/tests/dns/dns-eve-empty-format/test.yaml
@@ -0,0 +1,7 @@
+checks:
+  - filter:
+      count: 1
+      match:
+        pcap_cnt: 8
+        dns.answers[0].rrtype: A
+        dns.grouped.A[0]: "52.85.112.21"
-- 
2.47.2