From: Philippe Antoine <pantoine@oisf.net>
Date: Wed, 17 Jun 2026 16:04:45 +0000 (+0200)
Subject: rules: adds test for pcre \X engine analysis
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;ds=inline;p=thirdparty%2Fsuricata-verify.git

rules: adds test for pcre \X engine analysis

Ticket: 8634
---

diff --git a/tests/rules/pcre-unicode-cluster/README.md b/tests/rules/pcre-unicode-cluster/README.md
new file mode 100644
index 000000000..dfff477a7
--- /dev/null
+++ b/tests/rules/pcre-unicode-cluster/README.md
@@ -0,0 +1,5 @@
+# Test Description
+
+Test pcre with `\X` (Unicode extended grapheme cluster) rule analysis
+
+https://redmine.openinfosecfoundation.org/issues/8634
diff --git a/tests/rules/pcre-unicode-cluster/test.rules b/tests/rules/pcre-unicode-cluster/test.rules
new file mode 100644
index 000000000..66f533c7f
--- /dev/null
+++ b/tests/rules/pcre-unicode-cluster/test.rules
@@ -0,0 +1 @@
+alert ip any any -> any any (pcre:"/dummy_alt|\X++h/"; sid:8;)
\ No newline at end of file
diff --git a/tests/rules/pcre-unicode-cluster/test.yaml b/tests/rules/pcre-unicode-cluster/test.yaml
new file mode 100644
index 000000000..d258eb53f
--- /dev/null
+++ b/tests/rules/pcre-unicode-cluster/test.yaml
@@ -0,0 +1,16 @@
+requires:
+    min-version: 9
+    pcap: false
+
+skip:
+    - feature: FUZZ
+
+args:
+    - --engine-analysis
+
+checks:
+- filter:
+    filename: rules.json
+    count: 1
+    match:
+      notes[0]: "pcre with \\X (Unicode extended grapheme cluster) may be slow"