From d6e535b42baf9ba8e756eaf724f694c195b57846 Mon Sep 17 00:00:00 2001 From: Jason Ish Date: Wed, 4 Dec 2024 11:13:08 -0600 Subject: [PATCH 1/4] test: test setting to ignore unknown requirement Test that the new behavior in 8 for treating unknown requirements as unsatisfied can be disable in 7.0.8 and newer, but that this setting is not respected in 8. --- tests/requires-7-unknown/README.md | 3 +++ tests/requires-7-unknown/test.rules | 1 + tests/requires-7-unknown/test.yaml | 27 +++++++++++++++++++++++++++ 3 files changed, 31 insertions(+) create mode 100644 tests/requires-7-unknown/README.md create mode 100644 tests/requires-7-unknown/test.rules create mode 100644 tests/requires-7-unknown/test.yaml diff --git a/tests/requires-7-unknown/README.md b/tests/requires-7-unknown/README.md new file mode 100644 index 000000000..e01299bcc --- /dev/null +++ b/tests/requires-7-unknown/README.md @@ -0,0 +1,3 @@ +Test that the new behavior in 8 for treating unknown requirements as +unsatisfied can be disable in 7.0.8 and newer, but that this setting is not +respected in 8. diff --git a/tests/requires-7-unknown/test.rules b/tests/requires-7-unknown/test.rules new file mode 100644 index 000000000..136269bc5 --- /dev/null +++ b/tests/requires-7-unknown/test.rules @@ -0,0 +1 @@ +alert http any any -> any any (content:"uid=0"; requires: foo bar; sid:9; rev:1;) diff --git a/tests/requires-7-unknown/test.yaml b/tests/requires-7-unknown/test.yaml new file mode 100644 index 000000000..8b4c1492e --- /dev/null +++ b/tests/requires-7-unknown/test.yaml @@ -0,0 +1,27 @@ +args: + # Suricata 8 doesn't respect this setting. + - --set ignore-unknown-requirements=true + +pcap: ../eve-metadata/testmyids.pcap + +checks: + + - filter: + requires: + lt-version: 8 + count: 1 + match: + event_type: stats + stats.detect.engines[0].rules_skipped: 0 + stats.detect.engines[0].rules_loaded: 1 + stats.detect.engines[0].rules_failed: 0 + + - filter: + requires: + min-version: 8 + count: 1 + match: + event_type: stats + stats.detect.engines[0].rules_skipped: 1 + stats.detect.engines[0].rules_loaded: 0 + stats.detect.engines[0].rules_failed: 0 From 61bba63475a38e762b13ce8a362dbabc163fc158 Mon Sep 17 00:00:00 2001 From: Jason Ish Date: Wed, 4 Dec 2024 11:45:38 -0600 Subject: [PATCH 2/4] test: simple test for unknown requirements --- tests/requires-unknown/README.md | 4 ++++ tests/requires-unknown/test.rules | 1 + tests/requires-unknown/test.yaml | 14 ++++++++++++++ 3 files changed, 19 insertions(+) create mode 100644 tests/requires-unknown/README.md create mode 100644 tests/requires-unknown/test.rules create mode 100644 tests/requires-unknown/test.yaml diff --git a/tests/requires-unknown/README.md b/tests/requires-unknown/README.md new file mode 100644 index 000000000..8da7368a5 --- /dev/null +++ b/tests/requires-unknown/README.md @@ -0,0 +1,4 @@ +Test that unknown requirements are treated as unsatisfied leading to the rule +being skipped. + +Simple standalone test. diff --git a/tests/requires-unknown/test.rules b/tests/requires-unknown/test.rules new file mode 100644 index 000000000..136269bc5 --- /dev/null +++ b/tests/requires-unknown/test.rules @@ -0,0 +1 @@ +alert http any any -> any any (content:"uid=0"; requires: foo bar; sid:9; rev:1;) diff --git a/tests/requires-unknown/test.yaml b/tests/requires-unknown/test.yaml new file mode 100644 index 000000000..4ac126a9d --- /dev/null +++ b/tests/requires-unknown/test.yaml @@ -0,0 +1,14 @@ +requires: + min-version: 7.0.8 + +pcap: ../eve-metadata/testmyids.pcap + +checks: + + - filter: + count: 1 + match: + event_type: stats + stats.detect.engines[0].rules_skipped: 1 + stats.detect.engines[0].rules_loaded: 0 + stats.detect.engines[0].rules_failed: 0 From 9964093543167eafd1fa91a1f96453047a077fc9 Mon Sep 17 00:00:00 2001 From: Victor Julien Date: Fri, 6 Dec 2024 06:50:31 +0100 Subject: [PATCH 3/4] tests: support bug 7414 tests for 7 --- tests/bug-7414-decoder-event-01/test.yaml | 2 +- tests/bug-7414-decoder-event-02-ips/test.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/bug-7414-decoder-event-01/test.yaml b/tests/bug-7414-decoder-event-01/test.yaml index 451079170..9ea3a75bf 100644 --- a/tests/bug-7414-decoder-event-01/test.yaml +++ b/tests/bug-7414-decoder-event-01/test.yaml @@ -1,5 +1,5 @@ requires: - min-version: 8 + min-version: 7 checks: - filter: diff --git a/tests/bug-7414-decoder-event-02-ips/test.yaml b/tests/bug-7414-decoder-event-02-ips/test.yaml index 13676210f..324312df6 100644 --- a/tests/bug-7414-decoder-event-02-ips/test.yaml +++ b/tests/bug-7414-decoder-event-02-ips/test.yaml @@ -1,7 +1,7 @@ pcap: ../bug-7414-decoder-event-01/ip_secopt.pcap requires: - min-version: 8 + min-version: 7 checks: - filter: From 189e2ef4c096cc91bc1385a29fddc7901ad84532 Mon Sep 17 00:00:00 2001 From: Juliana Fajardini Date: Fri, 6 Dec 2024 09:51:41 -0300 Subject: [PATCH 4/4] tests: enable task 7426 test to 70x Related to Task #7427 --- tests/flowint-isnotset/test.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/flowint-isnotset/test.yaml b/tests/flowint-isnotset/test.yaml index 15f2412b6..6bc36a177 100644 --- a/tests/flowint-isnotset/test.yaml +++ b/tests/flowint-isnotset/test.yaml @@ -1,5 +1,5 @@ requires: - min-version: 8 + min-version: 7.0.8 pcap: ../tls/tls-subjectaltname/input.pcap