tests: add keyword check to requires test #2133
Open
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
catenacyber
reviewed
Nov 27, 2024
| @@ -14,4 +14,4 @@ alert udp any any -> any any (vxlan_vni:10; requires: version >= 10; sid:2;) | |||
| alert http any any => any any (requires: version >= 10; sid:3;) | |||
| alert tcp any any -> any any (frame:smtp.not_supported; requires: version >= 10; sid:4;) | |||
|
|
|||
| alert asdf any any -> any any (requires: version >= 6, foo bar; sid:102; rev:1;) | |||
| alert asdf any any -> any any (requires: version >= 6; foo: bar; sid:102; rev:1;) | |||
There was a problem hiding this comment.
Why do we change this existing test ?
There was a problem hiding this comment.
We want the test to fail parsing.
There was a problem hiding this comment.
More details. In master, requires: version >= 6, foo bar is considered as all requirements met. So this rule fails out as asdf is unknown. With the PR, this rule is considered without requirements met, so the asdf is never parsed. This is to test somewhat of an edge case documented in ticket https://redmine.openinfosecfoundation.org/issues/6710, which I've added to the README now as well.
jasonish
force-pushed
the
requires-keyword/v1
branch
from
f682882
to
575c0f0
Compare
jasonish
force-pushed
the
requires-keyword/v1
branch
from
575c0f0
to
1397a58
Compare
Only for 8.0 for now. requires-fail: With the change to unknown requires statements treated as not meeting requirements, update the rule to use an unknown keyword to make it fail out. This is to test an edge case from ticket #6710. Ticket: #7403
jasonish
force-pushed
the
requires-keyword/v1
branch
from
1397a58
to
35ea6c1
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Only for 8.0 for now.
requires-fail: With the change to unknown requires statements treated as
not meeting requirements, update the rule to use an unknown keyword to
make it fail out.
Ticket: #7403