From: Philippe Antoine Date: Thu, 16 Oct 2025 09:27:13 +0000 (+0200) Subject: rules: new engine analysis format for generic integers X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=HEAD;p=thirdparty%2Fsuricata-verify.git rules: new engine analysis format for generic integers Ticket: 7889 --- diff --git a/tests/rules/icmp_id/test.yaml b/tests/rules/icmp_id/test.yaml index b3285e46e..7b412fd39 100644 --- a/tests/rules/icmp_id/test.yaml +++ b/tests/rules/icmp_id/test.yaml @@ -7,9 +7,18 @@ args: checks: - filter: + lt-version: 9.0 filename: rules.json count: 1 match: id: 1 lists.packet.matches[0].name: "icmp_id" - lists.packet.matches[0].id.number: 2 \ No newline at end of file + lists.packet.matches[0].id.number: 2 +- filter: + min-version: 9.0 + filename: rules.json + count: 1 + match: + id: 1 + lists.packet.matches[0].name: "icmp_id" + lists.packet.matches[0].id.equal: 2 \ No newline at end of file diff --git a/tests/rules/tcp-seq-keyword/test.yaml b/tests/rules/tcp-seq-keyword/test.yaml index d72a8a227..a6423dd10 100644 --- a/tests/rules/tcp-seq-keyword/test.yaml +++ b/tests/rules/tcp-seq-keyword/test.yaml @@ -7,6 +7,7 @@ args: checks: - filter: + lt-version: 9.0 filename: rules.json count: 1 match: @@ -14,8 +15,24 @@ checks: lists.packet.matches[0].name: "tcp.seq" lists.packet.matches[0].seq.number: 624 - filter: + lt-version: 9.0 filename: rules.json count: 1 match: id: 2 - lists.packet.matches[0].seq.number: 723833 \ No newline at end of file + lists.packet.matches[0].seq.number: 723833 +- filter: + min-version: 9.0 + filename: rules.json + count: 1 + match: + id: 1 + lists.packet.matches[0].name: "tcp.seq" + lists.packet.matches[0].seq.equal: 624 +- filter: + min-version: 9.0 + filename: rules.json + count: 1 + match: + id: 2 + lists.packet.matches[0].seq.equal: 723833 \ No newline at end of file diff --git a/tests/rules/tcp_ack/test.yaml b/tests/rules/tcp_ack/test.yaml index 806629d66..4bb1178e9 100644 --- a/tests/rules/tcp_ack/test.yaml +++ b/tests/rules/tcp_ack/test.yaml @@ -7,6 +7,7 @@ args: checks: - filter: + lt-version: 9.0 filename: rules.json count: 1 match: @@ -14,15 +15,40 @@ checks: lists.packet.matches[0].name: "tcp.ack" lists.packet.matches[0].ack.number: 782 - filter: + lt-version: 9.0 filename: rules.json count: 1 match: id: 2 lists.packet.matches[0].ack.number: 15 - filter: + lt-version: 9.0 filename: rules.json count: 1 match: id: 3 lists.packet.matches[0].name: "tcp.ack" - lists.packet.matches[0].ack.number: 437528 \ No newline at end of file + lists.packet.matches[0].ack.number: 437528 +- filter: + min-version: 9.0 + filename: rules.json + count: 1 + match: + id: 1 + lists.packet.matches[0].name: "tcp.ack" + lists.packet.matches[0].ack.equal: 782 +- filter: + min-version: 9.0 + filename: rules.json + count: 1 + match: + id: 2 + lists.packet.matches[0].ack.equal: 15 +- filter: + min-version: 9.0 + filename: rules.json + count: 1 + match: + id: 3 + lists.packet.matches[0].name: "tcp.ack" + lists.packet.matches[0].ack.equal: 437528 \ No newline at end of file diff --git a/tests/rules/tcp_window/test.yaml b/tests/rules/tcp_window/test.yaml index 49cabd16a..9582d63af 100644 --- a/tests/rules/tcp_window/test.yaml +++ b/tests/rules/tcp_window/test.yaml @@ -7,6 +7,7 @@ args: checks: - filter: + lt-version: 9.0 filename: rules.json count: 1 match: @@ -14,12 +15,29 @@ checks: lists.packet.matches[0].name: "tcp.window" lists.packet.matches[0].window.size: 30336 lists.packet.matches[0].window.negated: false - - filter: + lt-version: 9.0 filename: rules.json count: 1 match: id: 2 lists.packet.matches[0].name: "tcp.window" lists.packet.matches[0].window.size: 1024 - lists.packet.matches[0].window.negated: true \ No newline at end of file + lists.packet.matches[0].window.negated: true + +- filter: + min-version: 9.0 + filename: rules.json + count: 1 + match: + id: 1 + lists.packet.matches[0].name: "tcp.window" + lists.packet.matches[0].window.equal: 30336 +- filter: + min-version: 9.0 + filename: rules.json + count: 1 + match: + id: 2 + lists.packet.matches[0].name: "tcp.window" + lists.packet.matches[0].window.diff: 1024 \ No newline at end of file