Skip to content

Commit baa6587

Browse files
jasonishjasonish
committed
tests/requires: test failure case
Break the requires test into 2 tests. One that runs to success so we can verify the output. A second that is expected to fail due to fatal init errors. Ticket: #6710
1 parent 0c0d2f5 commit baa6587

File tree

6 files changed

+36
-2
lines changed

6 files changed

+36
-2
lines changed

tests/requires-fail/README.md

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,3 @@
1+
Similar to `../requires-ok` but does include one rule that will fail
2+
to load. This is to test that a bad rule after "skipped" rule fails
3+
out and is not recorded as skipped.

tests/requires/test.rules renamed to tests/requires-fail/test.rules

File renamed without changes.

tests/requires-fail/test.yaml

Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,12 @@
1+
requires:
2+
min-version: 7.0.3
3+
4+
pcap: ../eve-metadata/testmyids.pcap
5+
6+
args:
7+
- -v
8+
9+
# As we have a bad rule, expect exit-code 1.
10+
exit-code: 1
11+
12+
# No checks, as no stats are written on exit code 0.

tests/requires/README.md renamed to tests/requires-ok/README.md

File renamed without changes.

tests/requires-ok/test.rules

Lines changed: 15 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,15 @@
1+
# Rule for Suricata >= 7 and < 8.
2+
alert http any any -> any any (msg:"TEST Suricata >= 7 and < 8"; content:"uid=0"; requires: version >= 7 < 8; sid:7; rev:1;)
3+
4+
# Rule for Suricata >= 7.0.3 but less than 8... Or >= 8.0.1
5+
alert http any any -> any any (content:"uid=0"; requires: version >= 7.0.3 < 8 | >= 8.0.1; sid:9; rev:1;)
6+
7+
# Rule for Suricata >= 8.
8+
alert http any any -> any any (msg:"TEST Suricata >= 8"; content:"uid=0"; requires: version >= 8.0.0; sid:8; rev:1;)
9+
10+
# These rules have something invalid about them, but do follow the general rule
11+
# structure, so should be eliminated by the requires statement.
12+
alert vxlan any any -> any any (requires: version >= 10; sid:1;)
13+
alert udp any any -> any any (vxlan_vni:10; requires: version >= 10; sid:2;)
14+
alert http any any => any any (requires: version >= 10; sid:3;)
15+
alert tcp any any -> any any (frame:smtp.not_supported; requires: version >= 10; sid:4;)

tests/requires/test.yaml renamed to tests/requires-ok/test.yaml

Lines changed: 6 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -50,12 +50,16 @@ checks:
5050
count: 1
5151
match:
5252
event_type: stats
53-
stats.detect.engines[0].rules_skipped: 6
53+
stats.detect.engines[0].rules_skipped: 5
54+
stats.detect.engines[0].rules_loaded: 2
55+
stats.detect.engines[0].rules_failed: 0
5456

5557
- filter:
5658
requires:
5759
min-version: 8
5860
count: 1
5961
match:
6062
event_type: stats
61-
stats.detect.engines[0].rules_skipped: 7
63+
stats.detect.engines[0].rules_skipped: 6
64+
stats.detect.engines[0].rules_loaded: 1
65+
stats.detect.engines[0].rules_failed: 0

0 commit comments

Comments
 (0)