pgsql: add tests with alert metadata - v6 #2039
Closed
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Check for transaction metadata in PGSQL alerts.
Add engine-analysis tests for the used rules, as well, to better describe them and compare with expected behavior.
Related to
Task #7000
Suricata PR: OISF/suricata#11776
Previous PR: #2025
Updates:
pgsql-bug-6983-ips
test as one of the checks would now fail due to better transaction completion tracking (the per-direction factor means that when we log the first alert, in ips, now, we don't have the response part of the transaction available)Expectation:
pgsql-bug-6983-ips
. The other tests pass because, as far as I understand, tracking tx completion per direction results in a similar behavior to what we used to see with where we were previously triggering raw stream reassembly.Ticket
If your pull request is related to a Suricata ticket, please provide
the full URL to the ticket here so this pull request can monitor
changes to the ticket status:
Redmine ticket: