]> git.ipfire.org Git - thirdparty/suricata-verify.git/commitdiff
projects / thirdparty / suricata-verify.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: d637aed)
http: test no anomaly for identity Content encoding 2624/head 2626/head
authorPhilippe Antoine <pantoine@oisf.net>
Sun, 24 Aug 2025 20:02:28 +0000 (22:02 +0200)
committerPhilippe Antoine <pantoine@oisf.net>
Tue, 26 Aug 2025 08:49:14 +0000 (10:49 +0200)
Ticket: 7843

tests/http-encoding-identity/README.md [new file with mode: 0644] patch | blob
tests/http-encoding-identity/server.go [new file with mode: 0644] patch | blob
tests/http-encoding-identity/test.pcap [new file with mode: 0644] patch | blob
tests/http-encoding-identity/test.rules [new file with mode: 0644] patch | blob
tests/http-encoding-identity/test.yaml [new file with mode: 0644] patch | blob

diff --git a/tests/http-encoding-identity/README.md b/tests/http-encoding-identity/README.md
new file mode 100644 (file)
index 0000000..a9db9bc
--- /dev/null
+++ b/tests/http-encoding-identity/README.md
@@ -0,0 +1,13 @@
+# Test Description
+
+Test HTTP Content-encoding identity
+
+# Ticket
+
+https://redmine.openinfosecfoundation.org/issues/7843
+
+# Pcap
+
+Crafted with:
+- `go run server.go`
+- `curl -i -v 127.0.0.1:8080/`
diff --git a/tests/http-encoding-identity/server.go b/tests/http-encoding-identity/server.go
new file mode 100644 (file)
index 0000000..b293889
--- /dev/null
+++ b/tests/http-encoding-identity/server.go
@@ -0,0 +1,24 @@
+package main
+
+import (
+       "fmt"
+       "net/http"
+)
+
+func main() {
+       handler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+               w.Header().Set("Server", "Jetty")
+               w.Header().Set("Content-encoding", "identity")
+               content := "identity content-encoding works"
+               _, _ = w.Write([]byte(content))
+       })
+
+       server := &http.Server{
+               Addr:    "0.0.0.0:8080",
+               Handler: handler,
+       }
+
+       fmt.Printf("Listening [0.0.0.0:8080]...\n")
+       err := server.ListenAndServe()
+       fmt.Printf("lol %s", err)
+}
diff --git a/tests/http-encoding-identity/test.pcap b/tests/http-encoding-identity/test.pcap
new file mode 100644 (file)
index 0000000..d8a9fb9
Binary files /dev/null and b/tests/http-encoding-identity/test.pcap differ
diff --git a/tests/http-encoding-identity/test.rules b/tests/http-encoding-identity/test.rules
new file mode 100644 (file)
index 0000000..eeabf87
--- /dev/null
+++ b/tests/http-encoding-identity/test.rules
@@ -0,0 +1 @@
+alert http any any -> any any (msg:"identity"; file.data; content: "identity content-encoding works" ; sid:1;)
diff --git a/tests/http-encoding-identity/test.yaml b/tests/http-encoding-identity/test.yaml
new file mode 100644 (file)
index 0000000..da6cf35
--- /dev/null
+++ b/tests/http-encoding-identity/test.yaml
@@ -0,0 +1,16 @@
+args:
+  - -k none
+
+checks:
+  - filter:
+      count: 1
+      match:
+        event_type: alert
+        alert.signature_id: 1
+  - filter:
+      min-version: 8.0.1
+      count: 0
+      match:
+        event_type: anomaly
+        anomaly.event: ABNORMAL_CE_HEADER
+
Mirror of https://github.com/OISF/suricata-verify.git