]> git.ipfire.org Git - thirdparty/suricata-verify.git/log
thirdparty/suricata-verify.git
13 months agotests: enable 7264 test for 7.0.7 2061/head 2063/head
Victor Julien [Wed, 25 Sep 2024 04:52:20 +0000 (06:52 +0200)] 
tests: enable 7264 test for 7.0.7

13 months agotests: add test for bug 7264 2059/head
Victor Julien [Fri, 20 Sep 2024 14:04:57 +0000 (16:04 +0200)] 
tests: add test for bug 7264

13 months agopgsql: update raw-stream-trigger test for suri-7 2057/head
Juliana Fajardini [Mon, 23 Sep 2024 21:08:24 +0000 (18:08 -0300)] 
pgsql: update raw-stream-trigger test for suri-7

Related to
Bug #7001

13 months agotests: enable bug 7187 test for 7.0.x
Victor Julien [Mon, 23 Sep 2024 15:45:08 +0000 (17:45 +0200)] 
tests: enable bug 7187 test for 7.0.x

13 months agotests: Updates for 6555
Jeff Lucovsky [Thu, 15 Aug 2024 14:58:34 +0000 (10:58 -0400)] 
tests: Updates for 6555

This commit provides updates needed for issue 6555. Previously, the gap
handling was restricted to master; 6555 adds those changes to main-7.0.x

Most of the changes are to extend the version; the
eve-payload-07-http-gap tests adds version-based checks as a new output
value payload_length is not available in main-7.0.x

13 months agosip: add tests for headers sticky buffers 2053/head
Giuseppe Longo [Sun, 14 Apr 2024 12:07:10 +0000 (14:07 +0200)] 
sip: add tests for headers sticky buffers

Ticket #6374

13 months agosmtp: add tests for issue 7126
Jeff Lucovsky [Wed, 14 Aug 2024 14:11:48 +0000 (10:11 -0400)] 
smtp: add tests for issue 7126

Ensure the SMTP applayer parser doesn't generate an error message while
parsing the SMTP frames.

13 months agopgsql: update bug 6983 test 2050/head
Juliana Fajardini [Wed, 11 Sep 2024 14:12:33 +0000 (11:12 -0300)] 
pgsql: update bug 6983 test

With the tracking of transaction completion per-direction, in IPS mode,
the engine will match on the rule before it sees the response message,
so it won't log the full transaction with the alert.

Update the checks for the alert to keep it simpler and thus compatible
with both Suri-7 and Suri-8.

Related to
Bug #7113

13 months agopgsql: add tests with alert metadata
Juliana Fajardini [Mon, 10 Jun 2024 23:38:46 +0000 (20:38 -0300)] 
pgsql: add tests with alert metadata

Check for transaction metadata in PGSQL alerts.
Add `engine-analysis` tests for the used rules, as well, to better
describe them and compare with expected behavior.

Related to
Task #7000

13 months agotests: move pcaps to tests where they are used 2049/head
Philippe Antoine [Sun, 25 Aug 2024 20:28:01 +0000 (22:28 +0200)] 
tests: move pcaps to tests where they are used

Following removal of tests only used in 6, some directories
were left with only a pcap, that got used by other tests.

Found with command
for pcap in $(find . -name *.pcap); do if ! test -e "$(dirname $pcap)/test.yaml"; then echo "$(dirname $pcap)"; fi; done

13 months agotests: update ips-state-1 test
Juliana Fajardini [Wed, 10 Jul 2024 20:18:54 +0000 (17:18 -0300)] 
tests: update ips-state-1 test

This test indicated that there were FP drops for HTTP transactions,
leading the `http` events check to fail. This is no longer the case.

flow.action is still not set to drop for tls.

13 months agoREADME/help: add info on IPS mode tests creation
Juliana Fajardini [Wed, 3 Jul 2024 19:36:14 +0000 (16:36 -0300)] 
README/help: add info on IPS mode tests creation

It is possible to create a test that runs in IPS mode by just adding ips
to its name. But that is not documented. This will might not work when
using the createst script, though, as when the script runs the test for
the first time to create the `test.yaml` checks, the test-name is not
taken into consideration (therefore, the checks are valid for IDS mode).

Related to
Task #7039

13 months agoREADME: keep help text up-to-date w/ actual help
Juliana Fajardini [Fri, 5 Jul 2024 15:19:52 +0000 (12:19 -0300)] 
README: keep help text up-to-date w/ actual help

There were discrepancies between the help text shown by the createst
script and the version shown in the README file.

I've kept the bit longer explanation for some of the options where it
feels they're not so straightforward in meaning.

13 months agotests/reference; Tests for reference inclusion 2046/head
Jeff Lucovsky [Mon, 29 Apr 2024 19:00:04 +0000 (15:00 -0400)] 
tests/reference; Tests for reference inclusion

Issue: 4974

Positive and negative tests for reference inclusion in alerts.

Additionally, reference-04 tests that a scheme provided with
a reference is used in place of the key.

13 months agorules/test: add app-layer-protocol negated test 2043/head 2045/head
Juliana Fajardini [Fri, 13 Sep 2024 21:27:50 +0000 (18:27 -0300)] 
rules/test: add app-layer-protocol negated test

To complement bug-7241 tests.

13 months agotests: add test for issue 7241/7242 for 7
Victor Julien [Wed, 11 Sep 2024 07:10:37 +0000 (09:10 +0200)] 
tests: add test for issue 7241/7242 for 7

Add test that works with Suricata 7.

13 months agohttp2: test all frames types 2036/head
Philippe Antoine [Thu, 5 Sep 2024 19:03:09 +0000 (21:03 +0200)] 
http2: test all frames types

13 months agohttp/gap: fix check for payload_length
Philippe Antoine [Wed, 14 Aug 2024 20:24:58 +0000 (22:24 +0200)] 
http/gap: fix check for payload_length

Change to suricata.yaml illustrates bug 7213

There is not yet a valid http1.response frame for the second request
after the gap

13 months agohttp2: add test for frames
Philippe Antoine [Wed, 14 Aug 2024 14:25:17 +0000 (16:25 +0200)] 
http2: add test for frames

Ticket: 5743

13 months agotests: add test for 7187
Victor Julien [Wed, 31 Jul 2024 12:12:55 +0000 (14:12 +0200)] 
tests: add test for 7187

13 months agotls/ja3: backport test with duplicate handshake 2031/head 2033/head
Philippe Antoine [Tue, 10 Sep 2024 06:54:30 +0000 (08:54 +0200)] 
tls/ja3: backport test with duplicate handshake

Ticket: 6634

13 months agotests: add test for issue 7241 2030/head
Victor Julien [Fri, 6 Sep 2024 12:21:25 +0000 (14:21 +0200)] 
tests: add test for issue 7241

Test for 8+ only.

13 months agotls/ja3: adds test with duplicate handshake 2028/head
Philippe Antoine [Tue, 3 Sep 2024 14:04:09 +0000 (16:04 +0200)] 
tls/ja3: adds test with duplicate handshake

Ticket: 6634

13 months agopgsql: update bug-6983 tests 2020/head 2027/head
Juliana Fajardini [Tue, 27 Aug 2024 17:53:16 +0000 (14:53 -0300)] 
pgsql: update bug-6983 tests

Add app-layer fields to pgsql alerts.

Related to
Bug #7066

14 months agotests: remove suricata 6 specific tests 2013/head
Jason Ish [Thu, 15 Aug 2024 19:52:47 +0000 (13:52 -0600)] 
tests: remove suricata 6 specific tests

Some tests directories remain as one or more exists tests link to these
pcaps. Just leaving until we have a strategy like a hash based pcap repo
or something else.

14 months agogithub-ci: remove 6.0.x builds
Jason Ish [Tue, 13 Aug 2024 21:20:21 +0000 (15:20 -0600)] 
github-ci: remove 6.0.x builds

Suricata 6.0 is now EOL.

14 months agoldap: add tests for udp and frames 2003/head 2009/head
Giuseppe Longo [Thu, 18 Jul 2024 15:14:55 +0000 (17:14 +0200)] 
ldap: add tests for udp and frames

14 months agorfb: adds test for rules with secresult being an integer keyword
Philippe Antoine [Fri, 19 Jul 2024 09:41:18 +0000 (11:41 +0200)] 
rfb: adds test for rules with secresult being an integer keyword

Ticket: 6723

14 months agorfb: convert unit test to SV
Philippe Antoine [Wed, 17 Jul 2024 14:08:23 +0000 (16:08 +0200)] 
rfb: convert unit test to SV

Ticket: 7178

14 months agodetect: test prefilter auto mode 2001/head 2002/head
Philippe Antoine [Fri, 2 Aug 2024 09:40:21 +0000 (11:40 +0200)] 
detect: test prefilter auto mode

Ticket: 6278

14 months agodetect: adds check for decode-event with prefilter
Philippe Antoine [Fri, 26 Jul 2024 12:54:53 +0000 (14:54 +0200)] 
detect: adds check for decode-event with prefilter

Ticket: 6728

14 months agodetect: adds check for stream-event with prefilter
Philippe Antoine [Fri, 26 Jul 2024 12:52:41 +0000 (14:52 +0200)] 
detect: adds check for stream-event with prefilter

Ticket: 6728

14 months agossh: adds test for frames 1998/head
Philippe Antoine [Fri, 21 Jun 2024 06:53:30 +0000 (08:53 +0200)] 
ssh: adds test for frames

Ticket: 5734

15 months agodoh: adds test for dns over http2 with post 1980/head 1988/head
Philippe Antoine [Thu, 28 Mar 2024 15:51:03 +0000 (16:51 +0100)] 
doh: adds test for dns over http2 with post

Ticket: 5773

15 months agodns: adds test for dns over http2
Philippe Antoine [Tue, 5 Dec 2023 13:10:42 +0000 (14:10 +0100)] 
dns: adds test for dns over http2

Ticket: 5773

15 months agoldap: add tests 1982/head
Giuseppe Longo [Tue, 28 May 2024 09:57:45 +0000 (11:57 +0200)] 
ldap: add tests

15 months agosmtp: adds test for invalid replies
Philippe Antoine [Thu, 6 Jun 2024 11:38:56 +0000 (13:38 +0200)] 
smtp: adds test for invalid replies

Ticket: 1125

15 months agosmtp/ftp: test protocol detection in both directions
Philippe Antoine [Thu, 23 May 2024 11:29:06 +0000 (13:29 +0200)] 
smtp/ftp: test protocol detection in both directions

Ticket: 1125

15 months agoimap: add test for protocol detection
Mahmoud Maatuq [Thu, 13 Jun 2024 18:37:09 +0000 (22:37 +0400)] 
imap: add test for protocol detection

ticket #2886

Signed-off-by: mmmaatuq <mahmoudmatook.mm@gmail.com>
15 months agossh: deprecate ssh.softwareversion keyword 1974/head 1981/head
Philippe Antoine [Wed, 10 Jul 2024 20:52:48 +0000 (22:52 +0200)] 
ssh: deprecate ssh.softwareversion keyword

Ticket: 2377

15 months agotests: relax mqtt warning check 1978/head
Victor Julien [Wed, 10 Jul 2024 09:59:35 +0000 (11:59 +0200)] 
tests: relax mqtt warning check

To account for changing error message in Suricata.

15 months agoapplayer: add tests for ticket 7044
Shivani Bhardwaj [Sat, 22 Jun 2024 07:21:02 +0000 (12:51 +0530)] 
applayer: add tests for ticket 7044

15 months agotests: skip dns tests that fail on master 1977/head
Victor Julien [Fri, 12 Jul 2024 05:03:32 +0000 (07:03 +0200)] 
tests: skip dns tests that fail on master

15 months agotests/dns: add tests for task 7018 1976/head
Juliana Fajardini [Thu, 23 May 2024 16:47:15 +0000 (13:47 -0300)] 
tests/dns: add tests for task 7018

Also related to
Bug #7004

15 months agodns-udp-double-request-response: v2 and v3 tests 1969/head
Jason Ish [Fri, 5 Jul 2024 01:01:32 +0000 (19:01 -0600)] 
dns-udp-double-request-response: v2 and v3 tests

15 months agodns-tcp-www-google-com: v2 and v3 tests
Jason Ish [Fri, 5 Jul 2024 00:58:36 +0000 (18:58 -0600)] 
dns-tcp-www-google-com: v2 and v3 tests

15 months agodns-tcp-ts-gap: update for v2 and v3 dns logging
Jason Ish [Fri, 5 Jul 2024 00:56:28 +0000 (18:56 -0600)] 
dns-tcp-ts-gap: update for v2 and v3 dns logging

15 months agodns-tcp-multirequest-buffer: v2 and v3 tests
Jason Ish [Fri, 5 Jul 2024 00:05:50 +0000 (18:05 -0600)] 
dns-tcp-multirequest-buffer: v2 and v3 tests

15 months agodns-single-request: v2 and v3 tests
Jason Ish [Fri, 5 Jul 2024 00:02:40 +0000 (18:02 -0600)] 
dns-single-request: v2 and v3 tests

15 months agodns-incomplete: dns v2 and v3 tests
Jason Ish [Fri, 5 Jul 2024 00:00:32 +0000 (18:00 -0600)] 
dns-incomplete: dns v2 and v3 tests

15 months agobug-990: dns v2 and v3 tests
Jason Ish [Thu, 4 Jul 2024 23:56:09 +0000 (17:56 -0600)] 
bug-990: dns v2 and v3 tests

As this is a DNS test move into dns/.

15 months agobug-856: dns v2 and v3 tests
Jason Ish [Thu, 4 Jul 2024 23:53:58 +0000 (17:53 -0600)] 
bug-856: dns v2 and v3 tests

Move into dns as this is a DNS test.

15 months agobug-1158: dns v2 and v3 tests
Jason Ish [Thu, 4 Jul 2024 23:49:58 +0000 (17:49 -0600)] 
bug-1158: dns v2 and v3 tests

As this is a DNS test, also move into the dns/ folder.

15 months agodns-udp-null: v2 and v3 tests
Jason Ish [Thu, 4 Jul 2024 23:42:45 +0000 (17:42 -0600)] 
dns-udp-null: v2 and v3 tests

15 months agodns-udp-junkrequest-first: v2 and v3 tests
Jason Ish [Thu, 4 Jul 2024 23:39:40 +0000 (17:39 -0600)] 
dns-udp-junkrequest-first: v2 and v3 tests

15 months agodecode-teredo-01: update for dns v3 logging
Jason Ish [Thu, 4 Jul 2024 23:25:43 +0000 (17:25 -0600)] 
decode-teredo-01: update for dns v3 logging

15 months agoethernet-eve: update for dns v3 logging
Jason Ish [Thu, 4 Jul 2024 22:41:39 +0000 (16:41 -0600)] 
ethernet-eve: update for dns v3 logging

15 months agovxlan-decoder-03: v2 and v3 dns tests
Jason Ish [Thu, 4 Jul 2024 22:39:44 +0000 (16:39 -0600)] 
vxlan-decoder-03: v2 and v3 dns tests

15 months agodns-udp-eve-log-query-only: v2 and v3 tests
Jason Ish [Thu, 4 Jul 2024 21:45:07 +0000 (15:45 -0600)] 
dns-udp-eve-log-query-only: v2 and v3 tests

15 months agodns-udp-eve-log-answer-only: v2 and v3 tests
Jason Ish [Thu, 4 Jul 2024 21:43:29 +0000 (15:43 -0600)] 
dns-udp-eve-log-answer-only: v2 and v3 tests

15 months agodns-udp-eve-log-srv: v2 and v3 tests
Jason Ish [Thu, 4 Jul 2024 21:41:29 +0000 (15:41 -0600)] 
dns-udp-eve-log-srv: v2 and v3 tests

15 months agodns-udp-eve-log-aaaa-only: v2 and v3 tests
Jason Ish [Thu, 4 Jul 2024 21:39:05 +0000 (15:39 -0600)] 
dns-udp-eve-log-aaaa-only: v2 and v3 tests

15 months agodns-udp-eve-log-mx-only: v2 and v3 tests
Jason Ish [Thu, 4 Jul 2024 21:34:36 +0000 (15:34 -0600)] 
dns-udp-eve-log-mx-only: v2 and v3 tests

15 months agodns-udp-eve-dig: v2 and v3 tests
Jason Ish [Thu, 4 Jul 2024 21:28:59 +0000 (15:28 -0600)] 
dns-udp-eve-dig: v2 and v3 tests

15 months agodns-udp-eve-txt: v2 and v3 tests
Jason Ish [Thu, 4 Jul 2024 21:24:59 +0000 (15:24 -0600)] 
dns-udp-eve-txt: v2 and v3 tests

15 months agodns-udp-unsolicited-response: v2 and v3 tests
Jason Ish [Thu, 4 Jul 2024 21:20:43 +0000 (15:20 -0600)] 
dns-udp-unsolicited-response: v2 and v3 tests

15 months agodns-z-bit: v2 and v3 tests
Jason Ish [Thu, 4 Jul 2024 21:17:44 +0000 (15:17 -0600)] 
dns-z-bit: v2 and v3 tests

15 months agodns-invalid-opcode: v2 and v3 tests
Jason Ish [Thu, 4 Jul 2024 21:14:07 +0000 (15:14 -0600)] 
dns-invalid-opcode: v2 and v3 tests

15 months agorun.py: allow tests to specify environment variables
Jason Ish [Thu, 4 Jul 2024 21:06:57 +0000 (15:06 -0600)] 
run.py: allow tests to specify environment variables

15 months agodns-eve: v2 and v3 tests
Jason Ish [Thu, 4 Jul 2024 20:33:43 +0000 (14:33 -0600)] 
dns-eve: v2 and v3 tests

15 months agodns-eve-log-https-only: v2 and v3 tests
Jason Ish [Thu, 4 Jul 2024 20:30:54 +0000 (14:30 -0600)] 
dns-eve-log-https-only: v2 and v3 tests

15 months agotests: update dns checks for v3 format in alerts
Jason Ish [Thu, 27 Jun 2024 23:30:50 +0000 (17:30 -0600)] 
tests: update dns checks for v3 format in alerts

15 months agomqtt: add tests for MQTT log limiting
Sascha Steinbiss [Fri, 10 May 2024 21:29:40 +0000 (23:29 +0200)] 
mqtt: add tests for MQTT log limiting

15 months agotests: enable iprep isset test for 7 1966/head
Victor Julien [Mon, 1 Jul 2024 10:05:23 +0000 (12:05 +0200)] 
tests: enable iprep isset test for 7

15 months agotests: support detect bypass udp test on 7
Philippe Antoine [Thu, 4 Jul 2024 09:21:03 +0000 (11:21 +0200)] 
tests: support detect bypass udp test on 7

Ticket: 7054

15 months agobackport to 7 test filestore-dont
Philippe Antoine [Mon, 24 Jun 2024 20:08:52 +0000 (22:08 +0200)] 
backport to 7 test filestore-dont

Ticket: 6390

15 months agodatasets-memcap-01: add os and arch requirements 1962/head
Shivani Bhardwaj [Thu, 4 Jul 2024 12:59:38 +0000 (18:29 +0530)] 
datasets-memcap-01: add os and arch requirements

15 months agotests: add tcp split handshake tests
Victor Julien [Mon, 27 May 2024 14:43:37 +0000 (16:43 +0200)] 
tests: add tcp split handshake tests

15 months agoeve-validator: use default-features in Cargo.toml
Philippe Antoine [Thu, 27 Jun 2024 09:10:08 +0000 (11:10 +0200)] 
eve-validator: use default-features in Cargo.toml

warning: `default_features` is deprecated in favor of `default-features` and will not work in the 2024 edition

15 months agotests: remove tests for versions less than 6
Jason Ish [Fri, 21 Jun 2024 14:05:42 +0000 (08:05 -0600)] 
tests: remove tests for versions less than 6

15 months agomqtt: requirement on version and not file
Philippe Antoine [Tue, 18 Jun 2024 05:11:54 +0000 (07:11 +0200)] 
mqtt: requirement on version and not file

As the fle is planned to be moved to rust

15 months agodatasets: add tests for string memcap 1956/head
Shivani Bhardwaj [Mon, 10 Jun 2024 10:19:50 +0000 (15:49 +0530)] 
datasets: add tests for string memcap

Ticket 3910

15 months agorun.py: add option to check for architecture
Shivani Bhardwaj [Fri, 28 Jun 2024 06:31:40 +0000 (12:01 +0530)] 
run.py: add option to check for architecture

15 months agorun.py: add option to check for os
Shivani Bhardwaj [Tue, 11 Jun 2024 10:08:21 +0000 (15:38 +0530)] 
run.py: add option to check for os

15 months agobypass: adds a test with a UDP flow
Philippe Antoine [Thu, 30 May 2024 12:47:31 +0000 (14:47 +0200)] 
bypass: adds a test with a UDP flow

Ticket: 7053

15 months agotests: support alert pass tests on 7 1950/head
Victor Julien [Fri, 28 Jun 2024 10:51:23 +0000 (12:51 +0200)] 
tests: support alert pass tests on 7

16 months agotests: add threshold backoff tests 1939/head 1947/head
Victor Julien [Mon, 24 Jun 2024 12:18:08 +0000 (14:18 +0200)] 
tests: add threshold backoff tests

16 months agotests: add detection_filter tests for by_flow and by_src 1938/head
Victor Julien [Wed, 13 Mar 2024 10:06:02 +0000 (11:06 +0100)] 
tests: add detection_filter tests for by_flow and by_src

16 months agotests: add global by_flow thresholding tests
Victor Julien [Sat, 2 Mar 2024 07:40:42 +0000 (08:40 +0100)] 
tests: add global by_flow thresholding tests

16 months agotests: add threshold by_flow test
Victor Julien [Fri, 1 Mar 2024 13:15:27 +0000 (14:15 +0100)] 
tests: add threshold by_flow test

Ticket: #6822.

16 months agotests/transform: from_base64 test 1937/head suricata-6.0.20 suricata-7.0.6
Jeff Lucovsky [Tue, 27 Feb 2024 14:02:35 +0000 (09:02 -0500)] 
tests/transform: from_base64 test

Issue: 6487

Test cases for the from_base64 transform
- Case 01 tests RFC4648 (default) with various offsets
- Case 02 tests RFC2045 and verifies success and failure case
  (with other modes)
- Case 03 -- case 01 with fast_pattern associated with the
  post transform content.

16 months agooutput: adds checks for payload_length field
Philippe Antoine [Thu, 20 Jun 2024 14:09:37 +0000 (16:09 +0200)] 
output: adds checks for payload_length field

Ticket: 7098

16 months agodcerpc: check for app-layer metadata in alert
Philippe Antoine [Thu, 20 Jun 2024 13:08:16 +0000 (15:08 +0200)] 
dcerpc: check for app-layer metadata in alert

Ticket: 6090

16 months agoAdds a test about filestore
Philippe Antoine [Tue, 10 Oct 2023 10:04:48 +0000 (12:04 +0200)] 
Adds a test about filestore

That it does not store too many files

16 months agosmtp: backport to 7 test smtp-to-comma 1933/head
Philippe Antoine [Tue, 4 Jun 2024 13:27:07 +0000 (15:27 +0200)] 
smtp: backport to 7 test smtp-to-comma

Ticket: 7060

16 months agotests: add tls alpn tests 1927/head
Victor Julien [Fri, 31 May 2024 13:14:29 +0000 (15:14 +0200)] 
tests: add tls alpn tests

16 months agotests: add stream_size prefilter tests 1925/head
Victor Julien [Fri, 7 Jun 2024 12:44:29 +0000 (14:44 +0200)] 
tests: add stream_size prefilter tests

16 months agodetect: move http uri unit tests to SV 1919/head
Philippe Antoine [Fri, 14 Jun 2024 08:24:00 +0000 (10:24 +0200)] 
detect: move http uri unit tests to SV

Ticket: 3725

16 months agotests: iprep isset/isnotset test 1918/head
Victor Julien [Thu, 16 May 2024 13:56:57 +0000 (15:56 +0200)] 
tests: iprep isset/isnotset test

16 months agotests/ja4: Enable ja4 tests for 7.0.6 and later 1908/head
Jeff Lucovsky [Tue, 14 May 2024 12:56:14 +0000 (08:56 -0400)] 
tests/ja4: Enable ja4 tests for 7.0.6 and later

Issue: 7010

Enable the JA4 tests for Suricata 7.0.6 and later.