]> git.ipfire.org Git - thirdparty/suricata-verify.git/commitdiff
projects / thirdparty / suricata-verify.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 540b92b)
rules: adds test for pcre \X engine analysis master 3169/head 3173/head
authorPhilippe Antoine <pantoine@oisf.net>
Wed, 17 Jun 2026 16:04:45 +0000 (18:04 +0200)
committerPhilippe Antoine <pantoine@oisf.net>
Thu, 18 Jun 2026 06:38:36 +0000 (08:38 +0200)
Ticket: 8634

tests/rules/pcre-unicode-cluster/README.md [new file with mode: 0644] patch | blob
tests/rules/pcre-unicode-cluster/test.rules [new file with mode: 0644] patch | blob
tests/rules/pcre-unicode-cluster/test.yaml [new file with mode: 0644] patch | blob

diff --git a/tests/rules/pcre-unicode-cluster/README.md b/tests/rules/pcre-unicode-cluster/README.md
new file mode 100644 (file)
index 0000000..dfff477
--- /dev/null
+++ b/tests/rules/pcre-unicode-cluster/README.md
@@ -0,0 +1,5 @@
+# Test Description
+
+Test pcre with `\X` (Unicode extended grapheme cluster) rule analysis
+
+https://redmine.openinfosecfoundation.org/issues/8634
diff --git a/tests/rules/pcre-unicode-cluster/test.rules b/tests/rules/pcre-unicode-cluster/test.rules
new file mode 100644 (file)
index 0000000..66f533c
--- /dev/null
+++ b/tests/rules/pcre-unicode-cluster/test.rules
@@ -0,0 +1 @@
+alert ip any any -> any any (pcre:"/dummy_alt|\X++h/"; sid:8;)
\ No newline at end of file
diff --git a/tests/rules/pcre-unicode-cluster/test.yaml b/tests/rules/pcre-unicode-cluster/test.yaml
new file mode 100644 (file)
index 0000000..d258eb5
--- /dev/null
+++ b/tests/rules/pcre-unicode-cluster/test.yaml
@@ -0,0 +1,16 @@
+requires:
+    min-version: 9
+    pcap: false
+
+skip:
+    - feature: FUZZ
+
+args:
+    - --engine-analysis
+
+checks:
+- filter:
+    filename: rules.json
+    count: 1
+    match:
+      notes[0]: "pcre with \\X (Unicode extended grapheme cluster) may be slow"
Mirror of https://github.com/OISF/suricata-verify.git