tests: verify valid json on long message #2152
Conversation
tests/test-valid-json/test.yaml
Outdated
| requires: | ||
| min-version: 8 | ||
|
|
||
| command: | |
There was a problem hiding this comment.
can this be replaced by something like
requires:
min-version: 8
pcap: false
args:
- -T?
There was a problem hiding this comment.
There was a problem hiding this comment.
Really cleaner indeed.
There was a problem hiding this comment.
I've forced pushed but should I do another MR ?
There was a problem hiding this comment.
I think force push is fine here for a case like this.
| match: | ||
| event_type: engine | ||
| engine.module: detect | ||
|
|
There was a problem hiding this comment.
What is the valid json the name of the test refers to ?
Why does this rule fail to load ?
There was a problem hiding this comment.
The signature is so long that it triggers truncation of the log message which end up not being proper json because of that. For the signature it self, I think it is missing a semi coma but this is not critical for the test.
Ticket 7419
If your pull request is related to a Suricata ticket, please provide
the full URL to the ticket here so this pull request can monitor
changes to the ticket status:
Redmine ticket: https://redmine.openinfosecfoundation.org/issues/7419