From eeb43f9d62aab6a0369871f8ddc45ceb50edefea Mon Sep 17 00:00:00 2001
From: Philippe Antoine <contact@catenacyber.fr>
Date: Fri, 8 Jan 2021 15:50:19 +0100
Subject: [PATCH] framework: adds feature filtering per check

---
 README.md                      |  3 +++
 run.py                         | 13 +++++++++----
 tests/http2-bugfixes/test.yaml |  2 ++
 3 files changed, 14 insertions(+), 4 deletions(-)

diff --git a/README.md b/README.md
index 184d6bd9b..a68a289a5 100644
--- a/README.md
+++ b/README.md
@@ -101,6 +101,9 @@ checks:
   # A verification filter that is run over the eve.json. Multiple
   # filters may exist and all must pass for the test to pass.
   - filter:
+      # Additional feature needed to run this specific filter
+      feature: HTTP2_DECOMPRESSION
+
       # The number of records this filter should match.
       count: 1
 	  
diff --git a/run.py b/run.py
index 095be190d..eb6227192 100755
--- a/run.py
+++ b/run.py
@@ -314,10 +314,11 @@ class StatsCheck:
 
 class FilterCheck:
 
-    def __init__(self, config, outdir, suri_version):
+    def __init__(self, config, outdir, suricata_config):
         self.config = config
         self.outdir = outdir
-        self.suri_version = suri_version
+        self.suricata_config = suricata_config
+        self.suri_version = suricata_config.version
 
     def run(self):
         req_version = self.config.get("version")
@@ -331,7 +332,11 @@ class FilterCheck:
                         "Suricata v{} not found".format(version))
         elif req_version and min_version:
             raise TestError("Specify either min-version or version")
-
+        feature = self.config.get("feature")
+        if feature != None:
+            if not self.suricata_config.has_feature(feature):
+                raise UnsatisfiedRequirementError(
+                                                  "Suricata feature {} not present".format(feature))
         if "filename" in self.config:
             json_filename = self.config["filename"]
         else:
@@ -633,7 +638,7 @@ class TestRunner:
     @handle_exceptions
     def perform_filter_checks(self, check, count, test_num):
         count = FilterCheck(check, self.output,
-                self.suricata_config.version).run()
+                self.suricata_config).run()
         return count
 
     @handle_exceptions
diff --git a/tests/http2-bugfixes/test.yaml b/tests/http2-bugfixes/test.yaml
index 711a31942..f868748a4 100644
--- a/tests/http2-bugfixes/test.yaml
+++ b/tests/http2-bugfixes/test.yaml
@@ -16,12 +16,14 @@ checks:
         event_type: anomaly
 # check gzip decompresser
   - filter:
+      feature: HTTP2_DECOMPRESSION
       count: 1
       match:
         event_type: fileinfo
         fileinfo.size: 639
 # check brotli decompresser
   - filter:
+      feature: HTTP2_DECOMPRESSION
       count: 1
       match:
         event_type: fileinfo
-- 
2.47.2