OISF · victorjulien · Dec 9, 2024 · Dec 4, 2024 · Dec 4, 2024 · Dec 6, 2024
diff --git a/tests/bug-7414-decoder-event-01/test.yaml b/tests/bug-7414-decoder-event-01/test.yaml
@@ -1,5 +1,5 @@
 requires:
-  min-version: 8
+  min-version: 7
 
 checks:
   - filter:

diff --git a/tests/bug-7414-decoder-event-02-ips/test.yaml b/tests/bug-7414-decoder-event-02-ips/test.yaml
@@ -1,7 +1,7 @@
 pcap: ../bug-7414-decoder-event-01/ip_secopt.pcap
 
 requires:
-  min-version: 8
+  min-version: 7
 
 checks:
   - filter:

diff --git a/tests/flowint-isnotset/test.yaml b/tests/flowint-isnotset/test.yaml
@@ -1,5 +1,5 @@
 requires:
-  min-version: 8
+  min-version: 7.0.8
 
 pcap: ../tls/tls-subjectaltname/input.pcap
 

diff --git a/tests/requires-7-unknown/README.md b/tests/requires-7-unknown/README.md
@@ -0,0 +1,3 @@
+Test that the new behavior in 8 for treating unknown requirements as
+unsatisfied can be disable in 7.0.8 and newer, but that this setting is not
+respected in 8.
diff --git a/tests/requires-7-unknown/test.rules b/tests/requires-7-unknown/test.rules
@@ -0,0 +1 @@
+alert http any any -> any any (content:"uid=0"; requires: foo bar; sid:9; rev:1;)
diff --git a/tests/requires-7-unknown/test.yaml b/tests/requires-7-unknown/test.yaml
@@ -0,0 +1,27 @@
+args:
+  # Suricata 8 doesn't respect this setting.
+  - --set ignore-unknown-requirements=true
+
+pcap: ../eve-metadata/testmyids.pcap
+
+checks:
+
+  - filter:
+      requires:
+        lt-version: 8
+      count: 1
+      match:
+        event_type: stats
+        stats.detect.engines[0].rules_skipped: 0
+        stats.detect.engines[0].rules_loaded: 1
+        stats.detect.engines[0].rules_failed: 0
+
+  - filter:
+      requires:
+        min-version: 8
+      count: 1
+      match:
+        event_type: stats
+        stats.detect.engines[0].rules_skipped: 1
+        stats.detect.engines[0].rules_loaded: 0
+        stats.detect.engines[0].rules_failed: 0
diff --git a/tests/requires-unknown/README.md b/tests/requires-unknown/README.md
@@ -0,0 +1,4 @@
+Test that unknown requirements are treated as unsatisfied leading to the rule
+being skipped.
+
+Simple standalone test.
diff --git a/tests/requires-unknown/test.rules b/tests/requires-unknown/test.rules
@@ -0,0 +1 @@
+alert http any any -> any any (content:"uid=0"; requires: foo bar; sid:9; rev:1;)
diff --git a/tests/requires-unknown/test.yaml b/tests/requires-unknown/test.yaml
@@ -0,0 +1,14 @@
+requires:
+  min-version: 7.0.8
+
+pcap: ../eve-metadata/testmyids.pcap
+
+checks:
+
+  - filter:
+      count: 1
+      match:
+        event_type: stats
+        stats.detect.engines[0].rules_skipped: 1
+        stats.detect.engines[0].rules_loaded: 0
+        stats.detect.engines[0].rules_failed: 0
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		alert http any any -> any any (content:"uid=0"; requires: foo bar; sid:9; rev:1;)