tests: suricata hint missing runmode v1 #1434
Conversation
Ticket: #5711
| @@ -0,0 +1,14 @@ | |||
| # Suricata Missing Runmode Issue | |||
|
|
|||
| This repository contains test files and documentation for addressing the "Missing runmode" issue 5711 in Suricata. | |||
There was a problem hiding this comment.
nit: replace repository with directory :P
|
|
||
| checks: | ||
| - shell: | ||
| args: suricata |
There was a problem hiding this comment.
Can we run Suricata using something closer to what is used in the issue description? Maybe at least adding -S /dev/null as args (also see the other comment for info on how to pass arguments to Suricata when running it via Suricata verify ;)
| ## Test Files | ||
|
|
||
| - `test.yaml`: This file defines a verification test that checks for the "Missing runmode" error. | ||
| - `runmode_test`: A directory where you can place any necessary configuration files or rules for the test. | ||
|
|
||
|
|
There was a problem hiding this comment.
It's a great practice to have a README file, but these explanations are very generic, so we can keep these out. :)
| checks: | ||
| - shell: | ||
| args: suricata |
There was a problem hiding this comment.
Since the Suricata verify suite will run Suricata, you don't have to invoke shell to run it.
Instead, the suricata-verify way would be to have a line before the checks where you would pass the args for Suricata to run with. Check for instance https://github.com/OISF/suricata-verify/blob/master/tests/config-includes-array/test.yaml#L6-L7, these means that Suricata-verify will run Suricata as
suricata --dump-config -c suricata.yaml.
The -c suricata.yaml part is added by suricata-verify, which will use a suricata.yaml file present in the added test directory, if you provide one.
There was a problem hiding this comment.
Okay, thank you for the feedback
| checks: | ||
| - shell: | ||
| args: suricata | ||
| expect: 1 # Expect an exit code of 1, indicating an error |
There was a problem hiding this comment.
When you want to indicate that a test expects Suricata to exit with error code 1, you should add an exit-code: 1 line, outside the checks. See:
https://github.com/OISF/suricata-verify/blob/master/tests/detect-strip_whitespace-01/test.yaml#L5C1-L5C1
| expect-output: "ERROR: Missing runmode" # Verify that the error message is present | ||
|
|
There was a problem hiding this comment.
We don't have a check option like that in Surica-verify, you could have a look at https://github.com/OISF/suricata-verify/pull/1431/files to see how to check for log output error messages in SV tests :)
Ticket: 5711
Test for missing suricata capture runmode hint
Suricata PR: OISF/suricata#9674
Redmine ticket: https://redmine.openinfosecfoundation.org/issues/5711