dataset/rep: add tests for error conditions

tests/datasets/datarep-bad-datarep-string/datarep.rules

@@ -0,0 +1 @@
+alert dns any any -> any any (dns.query; datarep:dns_string, >, 200, load dns_string.rep, type string; sid:1;)

tests/datasets/datarep-bad-datarep-string/dns_string.rep

@@ -0,0 +1 @@
+Z29vZ2xlLm;NvbQ==,1

tests/datasets/datarep-bad-datarep-string/suricata.yaml

@@ -0,0 +1,20 @@
+%YAML 1.1
+---
+
+# Logging configuration.  This is not about logging IDS alerts/events, but
+# output about what Suricata is doing, like startup messages, errors, etc.
+logging:
+  default-log-level: notice
+  outputs:
+  - console:
+      enabled: yes
+      # type: json
+  - file:
+      enabled: yes
+      level: info
+      filename: suricata.json
+      type: json
+  - syslog:
+      enabled: no
+      facility: local5
+      format: "[%i] <%d> -- "

tests/datasets/datarep-bad-datarep-string/test.yaml

@@ -0,0 +1,22 @@
+pcap: ../../flowbit-oring/input.pcap
+
+requires:
+  features:
+    - HAVE_LIBJANSSON
+  files:
+    - src/datasets.c
+
+args:
+ - -k none
+
+exit-code: 1
+
+checks:
+  - filter:
+      min-version: 8
+      filename: suricata.json
+      count: 1
+      match:
+        log_level: "Error"
+        event_type: "engine"
+        engine.message.__find: "bad base64 encoding dns_string"

tests/datasets/datarep-bad-datarep-value/datarep.rules

@@ -0,0 +1 @@
+alert dns any any -> any any (dns.query; datarep:dns_string, >, 200, load dns_string.rep, type string; sid:1;)

tests/datasets/datarep-bad-datarep-value/dns_string.rep

@@ -0,0 +1 @@
+Z29vZ2xlLmNvbQ==,-1

tests/datasets/datarep-bad-datarep-value/suricata.yaml

@@ -0,0 +1,20 @@
+%YAML 1.1
+---
+
+# Logging configuration.  This is not about logging IDS alerts/events, but
+# output about what Suricata is doing, like startup messages, errors, etc.
+logging:
+  default-log-level: notice
+  outputs:
+  - console:
+      enabled: yes
+      # type: json
+  - file:
+      enabled: yes
+      level: info
+      filename: suricata.json
+      type: json
+  - syslog:
+      enabled: no
+      facility: local5
+      format: "[%i] <%d> -- "

tests/datasets/datarep-bad-datarep-value/test.yaml

@@ -0,0 +1,22 @@
+pcap: ../../flowbit-oring/input.pcap
+
+requires:
+  features:
+    - HAVE_LIBJANSSON
+  files:
+    - src/datasets.c
+
+args:
+ - -k none
+
+exit-code: 1
+
+checks:
+  - filter:
+      min-version: 8
+      filename: suricata.json
+      count: 1
+      match:
+        log_level: "Error"
+        event_type: "engine"
+        engine.message.__find: "invalid datarep value dns_string"

tests/datasets/datarep-datasets-mix/datasets.csv

@@ -0,0 +1,2 @@
+Y3VybC83LjQzLjA=
+YmxhaA==,1

tests/datasets/datarep-datasets-mix/suricata.yaml

@@ -0,0 +1,20 @@
+%YAML 1.1
+---
+
+# Logging configuration.  This is not about logging IDS alerts/events, but
+# output about what Suricata is doing, like startup messages, errors, etc.
+logging:
+  default-log-level: notice
+  outputs:
+  - console:
+      enabled: yes
+      # type: json
+  - file:
+      enabled: yes
+      level: info
+      filename: suricata.json
+      type: json
+  - syslog:
+      enabled: no
+      facility: local5
+      format: "[%i] <%d> -- "

tests/datasets/datarep-datasets-mix/test.rules

@@ -0,0 +1,2 @@
+alert http any any -> any any (http.user_agent; dataset:isset,ua-seen,type string,load datasets.csv; sid:1;)
+alert http any any -> any any (http.user_agent; dataset:isnotset,ua-seen,type string,load datasets.csv; sid:2;)

tests/datasets/datarep-datasets-mix/test.yaml

@@ -0,0 +1,19 @@
+pcap: ../../flowbit-oring/input.pcap
+
+requires:
+  min-version: 8
+
+args:
+ - -k none
+
+exit-code: 1
+
+checks:
+  - filter:
+      min-version: 8
+      filename: suricata.json
+      count: 1
+      match:
+        log_level: "Error"
+        event_type: "engine"
+        engine.message.__find: "Cannot mix dataset and datarep values for set ua-seen"

tests/datasets/datasets-datarep-mix/datarep.rules

@@ -0,0 +1 @@
+alert dns any any -> any any (dns.query; datarep:dns_string, >, 200, load dns_string.rep, type string; sid:1;)

tests/datasets/datasets-datarep-mix/dns_string.rep

@@ -0,0 +1,2 @@
+Z29vZ2xlLmNvbQ==,1
+YmxhaA==

tests/datasets/datasets-datarep-mix/suricata.yaml

@@ -0,0 +1,20 @@
+%YAML 1.1
+---
+
+# Logging configuration.  This is not about logging IDS alerts/events, but
+# output about what Suricata is doing, like startup messages, errors, etc.
+logging:
+  default-log-level: notice
+  outputs:
+  - console:
+      enabled: yes
+      # type: json
+  - file:
+      enabled: yes
+      level: info
+      filename: suricata.json
+      type: json
+  - syslog:
+      enabled: no
+      facility: local5
+      format: "[%i] <%d> -- "

tests/datasets/datasets-datarep-mix/test.yaml

@@ -0,0 +1,19 @@
+pcap: ../../flowbit-oring/input.pcap
+
+requires:
+  min-version: 8
+
+args:
+ - -k none
+
+exit-code: 1
+
+checks:
+  - filter:
+      min-version: 8
+      filename: suricata.json
+      count: 1
+      match:
+        log_level: "Error"
+        event_type: "engine"
+        engine.message.__find: "Cannot mix dataset and datarep values for set dns_string"