Project

General

Profile

Feature #2923

suricata-verify: eve2test util

Added by Victor Julien 6 months ago. Updated about 2 months ago.

Status:
Feedback
Priority:
Normal
Target version:
Effort:
Difficulty:
Label:

Description

The suricata-verify test.yaml contains a great way to create regression tests. However creating the test files is tedious. It usually involves taking a eve.json record and then manually creating a matching test.yaml.

I would like to have a small util script in python, that converts an eve.json to the test.yaml format.

Something like:

eve2test eve.json > test.yaml

History

#1

Updated by Shivani Bhardwaj 5 months ago

  • Status changed from New to Assigned
#2

Updated by Shivani Bhardwaj 5 months ago

If I understand correctly, only the verification filters are run over `eve.json` so this utility should actually create just the `filter` block and write it in a test file. Developer may then provide all other options like min-version of Suricata, requires, etc. Please let me know.

#3

Updated by Victor Julien 5 months ago

Lets start that way, yes. We can consider adding more logic later, but this is the most valuable first step I think.

#4

Updated by Shivani Bhardwaj 4 months ago

  • Status changed from Assigned to Feedback
#5

Updated by Peter Manev 4 months ago

Some very good reassembly/defrag/vlan corner cases could be found here - https://github.com/pevma/PtP/blob/master/Examples/Example with the actual pcaps and rules located here - https://github.com/pevma/PtP/blob/master/Examples/PacifyOneHttpRequest.tar.gz . I think the utility would make it much easier to add those form the respective resulting eve.jsons into the suricata-verify.

#6

Updated by Shivani Bhardwaj 3 months ago

Unmerged, open for testing: https://github.com/shivan1b/eve2test

#7

Updated by Victor Julien about 2 months ago

  • Target version changed from TBD to QA

Also available in: Atom PDF