forked from OISF/suricata-verify
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Break the requires test into 2 tests. One that runs to success so we can verify the output. A second that is expected to fail due to fatal init errors. Ticket: #6710
- Loading branch information
Showing
6 changed files
with
36 additions
and
2 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,3 @@ | ||
| Similar to `../requires-ok` but does include one rule that will fail | ||
| to load. This is to test that a bad rule after "skipped" rule fails | ||
| out and is not recorded as skipped. |
File renamed without changes.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,12 @@ | ||
| requires: | ||
| min-version: 7.0.3 | ||
|
|
||
| pcap: ../eve-metadata/testmyids.pcap | ||
|
|
||
| args: | ||
| - -v | ||
|
|
||
| # As we have a bad rule, expect exit-code 1. | ||
| exit-code: 1 | ||
|
|
||
| # No checks, as no stats are written on exit code 0. |
File renamed without changes.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,15 @@ | ||
| # Rule for Suricata >= 7 and < 8. | ||
| alert http any any -> any any (msg:"TEST Suricata >= 7 and < 8"; content:"uid=0"; requires: version >= 7 < 8; sid:7; rev:1;) | ||
|
|
||
| # Rule for Suricata >= 7.0.3 but less than 8... Or >= 8.0.1 | ||
| alert http any any -> any any (content:"uid=0"; requires: version >= 7.0.3 < 8 | >= 8.0.1; sid:9; rev:1;) | ||
|
|
||
| # Rule for Suricata >= 8. | ||
| alert http any any -> any any (msg:"TEST Suricata >= 8"; content:"uid=0"; requires: version >= 8.0.0; sid:8; rev:1;) | ||
|
|
||
| # These rules have something invalid about them, but do follow the general rule | ||
| # structure, so should be eliminated by the requires statement. | ||
| alert vxlan any any -> any any (requires: version >= 10; sid:1;) | ||
| alert udp any any -> any any (vxlan_vni:10; requires: version >= 10; sid:2;) | ||
| alert http any any => any any (requires: version >= 10; sid:3;) | ||
| alert tcp any any -> any any (frame:smtp.not_supported; requires: version >= 10; sid:4;) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters