mysql: add suricata.yaml in tests

Task #3446
OISF · Feb 7, 2025 · d634e94 · d634e94
1 parent 903a642
commit d634e94
Show file tree

Hide file tree

Showing 8 changed files with 45 additions and 4 deletions.
diff --git a/tests/mysql-command/README.md b/tests/mysql-command/README.md
@@ -0,0 +1,2 @@
+# Description
+Test sql query statement like `select * from xxx where xxx = yyy` args contents.
diff --git a/tests/mysql-command/test.rules b/tests/mysql-command/test.rules
@@ -1 +1 @@
-alert mysql any any -> any any (msg:"test mysql";mysql.command; pcre:"/(?:[1-9]\d{5})(?:(?:1[89]\d{2}|2\d{3})(?:0[1-9]|1[012])(?:0[1-9]|[12][0-9]|3[01]))\d{2}(?:\d)(?:[0-9xX])/i""; sid:1;)
+alert mysql any any -> any any (msg:"test mysql";mysql.command; content:"33030219971120201X"; metadata: mysql command; sid:1;)
diff --git a/tests/mysql-command/test.yaml b/tests/mysql-command/test.yaml
@@ -1,11 +1,14 @@
+requires:
+  min-version: 8
+
 args:
 - -k none
 
-
 checks:
   - filter:
       count: 1
       match:
         event_type: alert
         alert.signature: "test mysql"
+        alert.metadata.mysql[0]: "command"
 
diff --git a/tests/mysql-prepare-statement/suricata.yaml b/tests/mysql-prepare-statement/suricata.yaml
@@ -0,0 +1,15 @@
+%YAML 1.1
+---
+
+outputs:
+  - eve-log:
+      enabled: yes
+      filetype: regular
+      filename: eve.json
+      types:
+        - mysql
+
+app-layer:
+  protocols:
+    mysql:
+      enabled: yes
diff --git a/tests/mysql-query/suricata.yaml b/tests/mysql-query/suricata.yaml
@@ -0,0 +1,15 @@
+%YAML 1.1
+---
+
+outputs:
+  - eve-log:
+      enabled: yes
+      filetype: regular
+      filename: eve.json
+      types:
+        - mysql
+
+app-layer:
+  protocols:
+    mysql:
+      enabled: yes
diff --git a/tests/mysql-rows/README.md b/tests/mysql-rows/README.md
@@ -0,0 +1,2 @@
+# Description
+Test sql query 's result like `id,1,2,3,4,5` content
diff --git a/tests/mysql-rows/test.rules b/tests/mysql-rows/test.rules
@@ -1 +1 @@
-alert mysql any any -> any any (msg:"test mysql";mysql.rows; pcre:"/(?:[1-9]\d{5})(?:(?:1[89]\d{2}|2\d{3})(?:0[1-9]|1[012])(?:0[1-9]|[12][0-9]|3[01]))\d{2}(?:\d)(?:[0-9xX])/i""; sid:1;)
+alert mysql any any -> any any (msg:"test mysql";mysql.rows; content:"33030219971120201X"; metadata: mysql rows; sid:1;)
diff --git a/tests/mysql-rows/test.yaml b/tests/mysql-rows/test.yaml
@@ -1,10 +1,14 @@
+requires:
+  min-version: 8
+
 args:
 - -k none
 
 checks:
   - filter:
-      count: 1
+      count: 2
       match:
         event_type: alert
         alert.signature: "test mysql"
+        alert.metadata.mysql[0]: "rows"
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,2 @@
		# Description
		Test sql query statement like `select * from xxx where xxx = yyy` args contents.
Original file line number	Diff line number	Diff line change
		@@ -1 +1 @@
		alert mysql any any -> any any (msg:"test mysql";mysql.command; pcre:"/(?:[1-9]\d{5})(?:(?:1[89]\d{2}\|2\d{3})(?:0[1-9]\|1[012])(?:0[1-9]\|[12][0-9]\|3[01]))\d{2}(?:\d)(?:[0-9xX])/i""; sid:1;)
		alert mysql any any -> any any (msg:"test mysql";mysql.command; content:"33030219971120201X"; metadata: mysql command; sid:1;)
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,2 @@
		# Description
		Test sql query 's result like `id,1,2,3,4,5` content