tests: engine-analysis pkt_stream rule type tests

To accompany Rule Types documentation. Related to Task #7031
jufajardini · Jan 24, 2025 · cf44ab5 · cf44ab5
1 parent 8a499da
commit cf44ab5
Show file tree

Hide file tree

Showing 2 changed files with 22 additions and 0 deletions.
diff --git a/tests/rules/rule-type-pkt-stream/test.rules b/tests/rules/rule-type-pkt-stream/test.rules
@@ -0,0 +1,2 @@
+alert tcp any any -> any any (msg:"tcp, anchored content"; content:"abc"; startswith; sid:303;)
+alert http any any -> any any (msg:"http, anchored content"; content:"abc"; depth:30; sid:603;)
diff --git a/tests/rules/rule-type-pkt-stream/test.yaml b/tests/rules/rule-type-pkt-stream/test.yaml
@@ -0,0 +1,20 @@
+requires:
+    min-version: 7
+    pcap: false
+
+args:
+- --engine-analysis
+
+checks:
+    - filter:
+        filename: rules.json
+        count: 1
+        match:
+            id: 303
+            type: pkt_stream
+    - filter:
+        filename: rules.json
+        count: 1
+        match:
+            id: 603
+            type: pkt_stream
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,2 @@
		alert tcp any any -> any any (msg:"tcp, anchored content"; content:"abc"; startswith; sid:303;)
		alert http any any -> any any (msg:"http, anchored content"; content:"abc"; depth:30; sid:603;)