Project

General

Profile

Actions
Copy link

Bug #4276

closed

If inner levels of test.yaml have any field missing, s-v considers test failed

Added by Shivani Bhardwaj almost 4 years ago. Updated almost 4 years ago.

Status:
Rejected
Priority:
Normal
Assignee:
Shivani Bhardwaj
Target version:
QA
Affected Versions:
Effort:
Difficulty:
Label:

Description

Discovered while re-doing https://github.com/OISF/suricata-verify/pull/381

Sample failure: https://github.com/inashivb/suricata-verify/runs/1774430094

Related issues 1 (0 open1 closed)

Blocks Suricata - Task #3055: Add tests for: #78 uricontent matching regressionClosedShivani BhardwajActions
Actions
Copy link
 #1

Updated by Philippe Antoine almost 4 years ago

I am not sure I understand.
Which yaml are we talking about ? test.yaml ?
Can we have the example where it works and where it fails with an inner field missing ?

Actions
Copy link
 #2

Updated by Shivani Bhardwaj almost 4 years ago

  • Subject changed from If inner levels of yaml have any field missing, s-v considers test failed to If inner levels of test.yaml have any field missing, s-v considers test failed

Philippe Antoine wrote in #note-1:

I am not sure I understand.
Which yaml are we talking about ? test.yaml ?

Yes. Sorry for being unclear.

Can we have the example where it works and where it fails with an inner field missing ?

This one is passing the tests as all the fields of alert section from eve are present here: https://github.com/OISF/suricata-verify/pull/381/files#diff-efb9bb0172a43f58d20b5e5a92f7b3694e2efd1c8c3342087a7da4e937b267dbR13

This one is failing as it misses gid and category fields from the alert section: https://github.com/inashivb/suricata-verify/commit/19fbb35e1e089375b017b551306e2c6db3d5b5c8#diff-efb9bb0172a43f58d20b5e5a92f7b3694e2efd1c8c3342087a7da4e937b267dbR13

Actions
Copy link
 #3

Updated by Shivani Bhardwaj almost 4 years ago

  • Blocks Task #3055: Add tests for: #78 uricontent matching regression added
Actions
Copy link
 #4

Updated by Jason Ish almost 4 years ago

This is somewhat by design.. If you have a match block like:

alert:
  action: allowed
  severity: 3
  signature: msg escape tests
  signature_id: 100

You are looking for equality on the whole object. If you just want to look for one value, you can use:

alert.action: allowed

Actions
Copy link
 #5

Updated by Shivani Bhardwaj almost 4 years ago

Jason Ish wrote in #note-4:

This is somewhat by design.. If you have a match block like:
[...]

You are looking for equality on the whole object. If you just want to look for one value, you can use:
[...]

Oh. Thanks, Jason!

Actions
Copy link
 #6

Updated by Shivani Bhardwaj almost 4 years ago

  • Status changed from Assigned to Rejected

It is not really an issue. It is how its designed to be. See Jason's comment above for the helpful info.

Actions
Copy link

Also available in: Atom PDF