From: Andreas Herz <andreas.herz@dcso.de>
Date: Fri, 3 May 2019 08:46:30 +0000 (+0200)
Subject: filestore: add testcases for filecontainer with http and smb
X-Git-Tag: suricata-6.0.4~456
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=refs%2Fpull%2F52%2Fhead;p=thirdparty%2Fsuricata-verify.git

filestore: add testcases for filecontainer with http and smb
---

diff --git a/tests/filestore-filecontainer-http/filecontainer-http.pcap b/tests/filestore-filecontainer-http/filecontainer-http.pcap
new file mode 100644
index 000000000..bb496f98a
Binary files /dev/null and b/tests/filestore-filecontainer-http/filecontainer-http.pcap differ
diff --git a/tests/filestore-filecontainer-http/suricata.yaml b/tests/filestore-filecontainer-http/suricata.yaml
new file mode 100644
index 000000000..08647920c
--- /dev/null
+++ b/tests/filestore-filecontainer-http/suricata.yaml
@@ -0,0 +1,14 @@
+%YAML 1.1
+---
+
+outputs:
+  - eve-log:
+      enabled: yes
+      types:
+        - files
+        - stats
+  - file-store:
+      version: 2
+      enabled: yes
+      stream-depth: 0
+      write-fileinfo: true
diff --git a/tests/filestore-filecontainer-http/test.rules b/tests/filestore-filecontainer-http/test.rules
new file mode 100644
index 000000000..c60c01bde
--- /dev/null
+++ b/tests/filestore-filecontainer-http/test.rules
@@ -0,0 +1 @@
+alert http any any -> any any (msg:"store png images"; filemagic:"PNG image data"; filestore; sid:13371338; rev:1;)
diff --git a/tests/filestore-filecontainer-http/test.yaml b/tests/filestore-filecontainer-http/test.yaml
new file mode 100644
index 000000000..f102208eb
--- /dev/null
+++ b/tests/filestore-filecontainer-http/test.yaml
@@ -0,0 +1,43 @@
+requires:
+  features:
+    - HAVE_NSS
+  files:
+    - src/output-filestore.c
+
+checks:
+
+   - shell:
+        args: test -e filestore/e0/e092858d5bd66ab33085a966ee4ac0bf0edf6eab8d8b1e66432ee600e904bb4f
+
+   - shell:
+        args: test ! -e filestore/03/031b2bbeda6fd7e877e50298d2b2ded2073ce6e15f29029b4e50dbd9e81f6be6
+
+   - shell:
+        args: test ! -e filestore/0b/0bd5dd0481a07c16d2a64fc04b3885e764e8b357dcf2071922f62bbcd8420ae3
+
+   - shell:
+        args: test ! -e filestore/14/1486f74df2d7f4d3dc04af51f7ce0d3145e0ac568a415c64c557d1d3426285a5
+
+   - shell:
+        args: test ! -e filestore/56/560904cbe632389147334ad588ced6e69f912b3fcc599de56fee7b7d44442c98
+
+   - shell:
+        args: test ! -e filestore/57/57b43ee07432cf8a8b8a17d9d712138194e4564e4b36963a34c495b576b404fe
+
+   - shell:
+        args: test ! -e filestore/66/667cb0b513b1497bee0c2bb633ffd1a6959448d5f9d58d12bb50d9394b3cf543
+ 
+   - shell:
+        args: test ! -e filestore/76/76ff7909219dfe177a89431965885e7e992e40a2562755ac929f3c8a917a7fe6
+
+   - shell:
+        args: test ! -e filestore/e5/e53c64d266a58ab714bcd350d19438017fa0503bd5a3797e7be4bf0d6913e24e
+
+   - shell:
+        args: test ! -e filestore/f7/f7200f61b3285a7deaf0c418c206c94bae135ac3b29977ab7034611407ede45f
+
+   - shell:
+        args: test ! -e filestore/fe/fe15dd2f0ed499702a2696c930831daa0298a2d3f6cad89039148d0bc12b6bb7
+
+   - stats:
+      file_store.fs_errors: 0
diff --git a/tests/filestore-filecontainer-smb/filecontainer-smb.pcap b/tests/filestore-filecontainer-smb/filecontainer-smb.pcap
new file mode 100644
index 000000000..fcb99ab80
Binary files /dev/null and b/tests/filestore-filecontainer-smb/filecontainer-smb.pcap differ
diff --git a/tests/filestore-filecontainer-smb/suricata.yaml b/tests/filestore-filecontainer-smb/suricata.yaml
new file mode 100644
index 000000000..08647920c
--- /dev/null
+++ b/tests/filestore-filecontainer-smb/suricata.yaml
@@ -0,0 +1,14 @@
+%YAML 1.1
+---
+
+outputs:
+  - eve-log:
+      enabled: yes
+      types:
+        - files
+        - stats
+  - file-store:
+      version: 2
+      enabled: yes
+      stream-depth: 0
+      write-fileinfo: true
diff --git a/tests/filestore-filecontainer-smb/test.rules b/tests/filestore-filecontainer-smb/test.rules
new file mode 100644
index 000000000..8e78350db
--- /dev/null
+++ b/tests/filestore-filecontainer-smb/test.rules
@@ -0,0 +1 @@
+alert smb any any -> any any (msg:"filestore executables"; filemagic:"for MS Windows"; filestore; sid:13371337; rev:1;)
diff --git a/tests/filestore-filecontainer-smb/test.yaml b/tests/filestore-filecontainer-smb/test.yaml
new file mode 100644
index 000000000..160346031
--- /dev/null
+++ b/tests/filestore-filecontainer-smb/test.yaml
@@ -0,0 +1,34 @@
+requires:
+  features:
+    - HAVE_NSS
+  files:
+    - src/output-filestore.c
+
+checks:
+
+  - shell:
+        args: test -e filestore/1d/1d4d787047200fc7bcbfc03a496cafda8e49075d2fbf2ff7feab90a4fdea8f89
+
+  - shell:
+        args: test -e filestore/1d/1dc15d9d3532d957656f7a16e9c3ad0c91c13b44ac2ab83f4d8fdc02648a2146
+
+  - shell:
+        args: test -e filestore/ab/ab46c7b740a7a994608c4210ae8c4d253e49cc23cc8b63e89d0400ea83b1ae77
+
+  - shell:
+        args: test ! -e filestore/23/2365c924112355ddd2d3da985fb09cfc5350f9abc73949c45199c923dab7c40a
+
+  - shell:
+        args: test ! -e filestore/4d/4d1c83f5254186d58ce235d0cecd1cc82ff9a3df9f3ed8361c6c173bc426ddd0
+
+  - shell:
+        args: test ! -e filestore/88/88aac8a3c7a955e521151ba16b4dc81d9de3e091a76abd19bb4f0e01d572dd5e
+
+  - shell:
+        args: test ! -e filestore/a7/a709c2551b8818d7849d31a65446dc2f8c4cca2dcbbc5385604286f49cfdaf1c
+
+  - shell:
+        args: test ! -e filestore/be/be41c136b2ac9e3ad69cdd80bbe54a960a436e41f612bbf184a265603b81b745
+
+  - stats:
+      file_store.fs_errors: 0