From cabedf66aa2dbb4c68b4061e227047508919922a Mon Sep 17 00:00:00 2001 From: Philippe Antoine Date: Fri, 18 Mar 2022 11:13:56 +0100 Subject: [PATCH] xff: checks dependig on suricata version --- run.py | 3 +++ tests/http-xff-eve-forward-extra-data/test.yaml | 7 +++++++ tests/http-xff-eve-reverse-extra-data/test.yaml | 7 +++++++ 3 files changed, 17 insertions(+) diff --git a/run.py b/run.py index 6a5636d1c..1c1763d17 100755 --- a/run.py +++ b/run.py @@ -441,10 +441,13 @@ def run(self): requires = self.config.get("requires", {}) req_version = self.config.get("version") min_version = self.config.get("min-version") + lt_version = self.config.get("lt-version") if req_version is not None: requires["version"] = req_version if min_version is not None: requires["min-version"] = min_version + if lt_version is not None: + requires["lt-version"] = lt_version feature = self.config.get("feature") if feature is not None: requires["features"] = [feature] diff --git a/tests/http-xff-eve-forward-extra-data/test.yaml b/tests/http-xff-eve-forward-extra-data/test.yaml index 502519869..30d9f5f6a 100644 --- a/tests/http-xff-eve-forward-extra-data/test.yaml +++ b/tests/http-xff-eve-forward-extra-data/test.yaml @@ -3,6 +3,13 @@ args: checks: - filter: + min-version: 7 + count: 1 + match: + alert.xff: 10.2.2.2 + + - filter: + lt-version: 7 count: 1 match: xff: 10.2.2.2 diff --git a/tests/http-xff-eve-reverse-extra-data/test.yaml b/tests/http-xff-eve-reverse-extra-data/test.yaml index b686c73bf..c91ccd219 100644 --- a/tests/http-xff-eve-reverse-extra-data/test.yaml +++ b/tests/http-xff-eve-reverse-extra-data/test.yaml @@ -3,6 +3,13 @@ args: checks: - filter: + min-version: 7 + count: 1 + match: + alert.xff: 10.3.3.3 + + - filter: + lt-version: 7 count: 1 match: xff: 10.3.3.3