From b592bfc6bb35b0a37fca7b03b02b4d852c6cc4af Mon Sep 17 00:00:00 2001
From: Lukas Sismis <lsismis@oisf.net>
Date: Wed, 23 Aug 2023 13:32:26 +0200
Subject: [PATCH] tests: add a test for a bug 6278

tests include:
  - non-existent user
  - NULL user (empty user string)
---
 tests/bug-6278-1/README.md     |  8 ++++++++
 tests/bug-6278-1/suricata.yaml |  5 +++++
 tests/bug-6278-1/test.yaml     | 12 ++++++++++++
 tests/bug-6278-2/README.md     |  7 +++++++
 tests/bug-6278-2/suricata.yaml |  6 ++++++
 tests/bug-6278-2/test.yaml     | 17 +++++++++++++++++
 6 files changed, 55 insertions(+)
 create mode 100644 tests/bug-6278-1/README.md
 create mode 100644 tests/bug-6278-1/suricata.yaml
 create mode 100644 tests/bug-6278-1/test.yaml
 create mode 100644 tests/bug-6278-2/README.md
 create mode 100644 tests/bug-6278-2/suricata.yaml
 create mode 100644 tests/bug-6278-2/test.yaml

diff --git a/tests/bug-6278-1/README.md b/tests/bug-6278-1/README.md
new file mode 100644
index 000000000..a56244643
--- /dev/null
+++ b/tests/bug-6278-1/README.md
@@ -0,0 +1,8 @@
+# Test Description
+
+Test to make sure Suricata handles well non-existent user as an input 
+in the user field.
+
+## Related Issue
+
+https://redmine.openinfosecfoundation.org/issues/6278
diff --git a/tests/bug-6278-1/suricata.yaml b/tests/bug-6278-1/suricata.yaml
new file mode 100644
index 000000000..0ec8a4c7b
--- /dev/null
+++ b/tests/bug-6278-1/suricata.yaml
@@ -0,0 +1,5 @@
+%YAML 1.1
+---
+
+run-as:
+  user: totally-not-existing-user
diff --git a/tests/bug-6278-1/test.yaml b/tests/bug-6278-1/test.yaml
new file mode 100644
index 000000000..f65dc9452
--- /dev/null
+++ b/tests/bug-6278-1/test.yaml
@@ -0,0 +1,12 @@
+requires:
+  min-version: 6
+
+pcap: false
+exit-code: 1
+args:
+  - --engine-analysis
+
+checks:
+  - shell:
+      args: grep -c 'unable to get the user ID, check if user exist!!' stderr
+      expect: 1
diff --git a/tests/bug-6278-2/README.md b/tests/bug-6278-2/README.md
new file mode 100644
index 000000000..5c2d1f121
--- /dev/null
+++ b/tests/bug-6278-2/README.md
@@ -0,0 +1,7 @@
+# Test Description
+
+Test to make sure Suricata handles well null input in the user field.
+
+## Related Issue
+
+https://redmine.openinfosecfoundation.org/issues/6278
diff --git a/tests/bug-6278-2/suricata.yaml b/tests/bug-6278-2/suricata.yaml
new file mode 100644
index 000000000..9581e25c6
--- /dev/null
+++ b/tests/bug-6278-2/suricata.yaml
@@ -0,0 +1,6 @@
+%YAML 1.1
+---
+
+run-as:
+  user: # null user
+  group: 
diff --git a/tests/bug-6278-2/test.yaml b/tests/bug-6278-2/test.yaml
new file mode 100644
index 000000000..67dc83330
--- /dev/null
+++ b/tests/bug-6278-2/test.yaml
@@ -0,0 +1,17 @@
+requires:
+  min-version: 6
+
+pcap: false
+exit-code: 1
+args:
+  - --engine-analysis
+
+checks:
+  - shell:
+      args: grep -c 'no user name was provided - ensure it is specified either in the configuration file (run-as.user) or in command-line arguments (--user)' stderr
+      expect: 1
+      min-version: 7
+  - shell:
+      args: grep -c 'unable to get the user ID, check if user exist!!' stderr
+      expect: 1
+      version: 6