From: Victor Julien Date: Mon, 18 Jan 2021 09:45:21 +0000 (+0100) Subject: tests: add bug 2736 tests X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=ed0632e8834cc861f77c8e9ef211414617dc3400;p=people%2Fstevee%2Fsuricata-verify.git tests: add bug 2736 tests --- diff --git a/tests/bug-2736-01/23_6594.pcap b/tests/bug-2736-01/23_6594.pcap new file mode 100644 index 0000000..693cb85 Binary files /dev/null and b/tests/bug-2736-01/23_6594.pcap differ diff --git a/tests/bug-2736-01/test.rules b/tests/bug-2736-01/test.rules new file mode 100644 index 0000000..1af4b79 --- /dev/null +++ b/tests/bug-2736-01/test.rules @@ -0,0 +1,6 @@ +alert dns any any -> any 53 ( \ +msg:"DNS - Transaction ID problem, DDNS"; \ +content:"|04|ddns|03|net|00|"; \ +classtype:trojan-activity; \ +sid:1; rev:1;) + diff --git a/tests/bug-2736-01/test.yaml b/tests/bug-2736-01/test.yaml new file mode 100644 index 0000000..63f19ae --- /dev/null +++ b/tests/bug-2736-01/test.yaml @@ -0,0 +1,10 @@ +requires: + features: + - HAVE_LIBJANSSON + +checks: + - filter: + count: 1 + match: + event_type: alert + alert.signature_id: 1 diff --git a/tests/bug-2736-02/suricata.0400.pcap b/tests/bug-2736-02/suricata.0400.pcap new file mode 100644 index 0000000..57bafe2 Binary files /dev/null and b/tests/bug-2736-02/suricata.0400.pcap differ diff --git a/tests/bug-2736-02/test.rules b/tests/bug-2736-02/test.rules new file mode 100644 index 0000000..b47f3ad --- /dev/null +++ b/tests/bug-2736-02/test.rules @@ -0,0 +1,5 @@ +alert dns any any -> any 53 ( \ +msg:"DNS - Transaction ID problem, suricata"; \ +content:"suricata"; \ +classtype:trojan-activity; \ +sid:2; rev:1;) diff --git a/tests/bug-2736-02/test.yaml b/tests/bug-2736-02/test.yaml new file mode 100644 index 0000000..eb2358d --- /dev/null +++ b/tests/bug-2736-02/test.yaml @@ -0,0 +1,10 @@ +requires: + features: + - HAVE_LIBJANSSON + +checks: + - filter: + count: 1 + match: + event_type: alert + alert.signature_id: 2