From 04141203b9051c30cfa952c63ed77d8c101f8da5 Mon Sep 17 00:00:00 2001
From: Shivani Bhardwaj <shivanib134@gmail.com>
Date: Tue, 11 Jun 2024 15:38:21 +0530
Subject: [PATCH 1/3] run.py: add option to check for os

---
 README.md | 4 ++++
 run.py    | 5 +++++
 2 files changed, 9 insertions(+)

diff --git a/README.md b/README.md
index 9760eb9e9..20ddb609e 100644
--- a/README.md
+++ b/README.md
@@ -55,6 +55,10 @@ requires:
   # release, but 4.0.3 would only match 4.0.3.
   version: 4.0
 
+  # Test is only for the listed OS. For example, the following would make
+  # a test run only on Linux.
+  os: linux
+
   # Require the presence of specific features.
   features:
     # Restrict the test to builds with HAVE_LUA.
diff --git a/run.py b/run.py
index 6b45f10fc..b9a3f1c99 100755
--- a/run.py
+++ b/run.py
@@ -44,6 +44,7 @@
 import subprocess
 import yaml
 import traceback
+import platform
 
 VALIDATE_EVE = False
 WIN32 = sys.platform == "win32"
@@ -368,6 +369,10 @@ def check_requires(requires, suricata_config: SuricataConfig):
         elif key == "lambda":
             if not eval(requires["lambda"]):
                 raise UnsatisfiedRequirementError(requires["lambda"])
+        elif key == "os":
+            cur_platform = platform.system().lower()
+            if not cur_platform.startswith(requires["os"].lower()):
+                raise UnsatisfiedRequirementError(requires["os"])
         else:
             raise Exception("unknown requires types: %s" % (key))
 

From 3221f0e2669118605c3256087b9249a3798f8791 Mon Sep 17 00:00:00 2001
From: Shivani Bhardwaj <shivanib134@gmail.com>
Date: Fri, 28 Jun 2024 12:01:40 +0530
Subject: [PATCH 2/3] run.py: add option to check for architecture

---
 README.md | 4 ++++
 run.py    | 4 ++++
 2 files changed, 8 insertions(+)

diff --git a/README.md b/README.md
index 20ddb609e..bc10c6a8f 100644
--- a/README.md
+++ b/README.md
@@ -59,6 +59,10 @@ requires:
   # a test run only on Linux.
   os: linux
 
+  # Test is only for the liste architecture. For example, following would
+  # make a test run only on x86_64. Other values can be amd64, i386, etc.
+  arch: x86_64
+
   # Require the presence of specific features.
   features:
     # Restrict the test to builds with HAVE_LUA.
diff --git a/run.py b/run.py
index b9a3f1c99..478bcce54 100755
--- a/run.py
+++ b/run.py
@@ -373,6 +373,10 @@ def check_requires(requires, suricata_config: SuricataConfig):
             cur_platform = platform.system().lower()
             if not cur_platform.startswith(requires["os"].lower()):
                 raise UnsatisfiedRequirementError(requires["os"])
+        elif key == "arch":
+            cur_arch = platform.machine().lower()
+            if not cur_arch.startswith(requires["arch"].lower()):
+                raise UnsatisfiedRequirementError(requires["arch"])
         else:
             raise Exception("unknown requires types: %s" % (key))
 

From 43b49f8ab7eb93394cc11b8f80455abae2415df9 Mon Sep 17 00:00:00 2001
From: Shivani Bhardwaj <shivanib134@gmail.com>
Date: Mon, 10 Jun 2024 15:49:50 +0530
Subject: [PATCH 3/3] datasets: add tests for string memcap

Ticket 3910
---
 tests/datasets-memcap-01/README.md    | 14 ++++++++++++++
 tests/datasets-memcap-01/datasets.csv |  1 +
 tests/datasets-memcap-01/test.rules   |  1 +
 tests/datasets-memcap-01/test.yaml    | 18 ++++++++++++++++++
 tests/datasets-memcap-02/README.md    | 14 ++++++++++++++
 tests/datasets-memcap-02/datasets.csv |  1 +
 tests/datasets-memcap-02/test.rules   |  1 +
 tests/datasets-memcap-02/test.yaml    | 16 ++++++++++++++++
 8 files changed, 66 insertions(+)
 create mode 100644 tests/datasets-memcap-01/README.md
 create mode 100644 tests/datasets-memcap-01/datasets.csv
 create mode 100644 tests/datasets-memcap-01/test.rules
 create mode 100644 tests/datasets-memcap-01/test.yaml
 create mode 100644 tests/datasets-memcap-02/README.md
 create mode 100644 tests/datasets-memcap-02/datasets.csv
 create mode 100644 tests/datasets-memcap-02/test.rules
 create mode 100644 tests/datasets-memcap-02/test.yaml

diff --git a/tests/datasets-memcap-01/README.md b/tests/datasets-memcap-01/README.md
new file mode 100644
index 000000000..02cfd4643
--- /dev/null
+++ b/tests/datasets-memcap-01/README.md
@@ -0,0 +1,14 @@
+Test Description
+================
+
+This test demonstrates that the memcap settings DO NOT take the string length into account in 7.0.x or below.
+
+PCAP
+====
+
+Comes from existing test `flowbit-oring`.
+
+Related tickets
+===============
+
+https://redmine.openinfosecfoundation.org/issues/3910
diff --git a/tests/datasets-memcap-01/datasets.csv b/tests/datasets-memcap-01/datasets.csv
new file mode 100644
index 000000000..3961eb8ac
--- /dev/null
+++ b/tests/datasets-memcap-01/datasets.csv
@@ -0,0 +1 @@
+Y3VybC83LjQzLjA=
diff --git a/tests/datasets-memcap-01/test.rules b/tests/datasets-memcap-01/test.rules
new file mode 100644
index 000000000..6bce440ab
--- /dev/null
+++ b/tests/datasets-memcap-01/test.rules
@@ -0,0 +1 @@
+alert http any any -> any any (http.user_agent; dataset:isset,ua-seen,type string,load datasets.csv,memcap 88074,hashsize 1; sid:1;)
diff --git a/tests/datasets-memcap-01/test.yaml b/tests/datasets-memcap-01/test.yaml
new file mode 100644
index 000000000..ec09db4d2
--- /dev/null
+++ b/tests/datasets-memcap-01/test.yaml
@@ -0,0 +1,18 @@
+pcap: ../flowbit-oring/input.pcap
+
+requires:
+  lt-version: 8
+
+args:
+ - -k none
+
+checks:
+  - filter:
+      count: 1
+      match:
+        event_type: alert
+  - filter:
+      count: 1
+      match:
+        event_type: alert
+        alert.signature_id: 1
diff --git a/tests/datasets-memcap-02/README.md b/tests/datasets-memcap-02/README.md
new file mode 100644
index 000000000..3f48a8aa6
--- /dev/null
+++ b/tests/datasets-memcap-02/README.md
@@ -0,0 +1,14 @@
+Test Description
+================
+
+This test demonstrates that the memcap settings take the string length into account in 8.0.x.
+
+PCAP
+====
+
+Comes from existing test `flowbit-oring`.
+
+Related tickets
+===============
+
+https://redmine.openinfosecfoundation.org/issues/3910
diff --git a/tests/datasets-memcap-02/datasets.csv b/tests/datasets-memcap-02/datasets.csv
new file mode 100644
index 000000000..3961eb8ac
--- /dev/null
+++ b/tests/datasets-memcap-02/datasets.csv
@@ -0,0 +1 @@
+Y3VybC83LjQzLjA=
diff --git a/tests/datasets-memcap-02/test.rules b/tests/datasets-memcap-02/test.rules
new file mode 100644
index 000000000..6bce440ab
--- /dev/null
+++ b/tests/datasets-memcap-02/test.rules
@@ -0,0 +1 @@
+alert http any any -> any any (http.user_agent; dataset:isset,ua-seen,type string,load datasets.csv,memcap 88074,hashsize 1; sid:1;)
diff --git a/tests/datasets-memcap-02/test.yaml b/tests/datasets-memcap-02/test.yaml
new file mode 100644
index 000000000..98d60f3cb
--- /dev/null
+++ b/tests/datasets-memcap-02/test.yaml
@@ -0,0 +1,16 @@
+pcap: ../flowbit-oring/input.pcap
+
+requires:
+  min-version: 8
+  os: linux
+  arch: x86_64
+
+exit-code: 1
+
+args:
+ - -k none
+
+checks:
+    - shell:
+        args: grep "dataset too large for set memcap" suricata.log | wc -l
+        expect: 1