]>
git.ipfire.org Git - thirdparty/suricata-verify.git/log
Juliana Fajardini [Mon, 22 Aug 2022 18:29:03 +0000 (15:29 -0300)]
tests: test flow droped but applayer event logged
It seems that Suricata will log an applayer event for a dropped flow,
for the second packet of the flow. This test demonstrates such behavior,
so we can investigate it.
Related to
Task #5510
Alice Akaki [Tue, 1 Nov 2022 05:05:00 +0000 (01:05 -0400)]
run.py: Add dir in the output
These changes were based on Blithe Brandon's PR #344
Task: #3144
Victor Julien [Wed, 24 May 2023 07:51:17 +0000 (09:51 +0200)]
tests: fix smtp long data line test on 6.0.x
Alice Akaki [Mon, 31 Oct 2022 23:52:05 +0000 (19:52 -0400)]
detect-icmp-id: add tests
Task: #5622
Juliana Fajardini [Mon, 20 Mar 2023 17:14:30 +0000 (14:14 -0300)]
tests: add test for flow.memcap exception policy
Philippe Antoine [Wed, 17 May 2023 14:16:07 +0000 (16:16 +0200)]
ssh: do not check for useless tx_id always 0
Philippe Antoine [Mon, 3 Apr 2023 12:33:39 +0000 (14:33 +0200)]
http2: adds more signature keywords test
Ticket: #4067
Jason Ish [Wed, 17 May 2023 13:35:17 +0000 (15:35 +0200)]
github-ci: fix almalinux version
AlmaLinux:latest is now 9, and this job is for AlmaLinux 8.
Shivani Bhardwaj [Fri, 21 Apr 2023 11:21:53 +0000 (16:51 +0530)]
smtp: add test for long DATA line
Shivani Bhardwaj [Thu, 9 Feb 2023 17:15:09 +0000 (22:45 +0530)]
tests: add test for bug 2917
Jeff Lucovsky [Mon, 27 Mar 2023 13:04:31 +0000 (09:04 -0400)]
detect/content: Add negated endswith tests
Issue: 5541
This commit adds test cases for the issue discovered in 5541 so that
negated endswith are handled properly.
3 tests
- Negated endswith content that *should* match
- Negated endswith content that *shouldn't* match
- Negated endswith content that *should* match with a content match
following it
For versions greater than 6.0.11
Jeff Lucovsky [Wed, 19 Apr 2023 12:43:36 +0000 (08:43 -0400)]
test/run: Support `gt-version` verb
This commit adds support for the `gt-version` verb. This verb is used
when the current version is X but the test(s) is(are) only supported in
versions greater than X.
Haleema Khan [Thu, 22 Dec 2022 09:01:45 +0000 (14:01 +0500)]
rfb: test rfb frames
Eloy Pérez González [Fri, 22 Oct 2021 10:44:03 +0000 (12:44 +0200)]
Adds test for krb5_msg_type keyword
Philippe Antoine [Thu, 4 May 2023 07:11:46 +0000 (09:11 +0200)]
smb: update pcap for test about ntlmssp
Turning off a ntlmssp bitflag, so that we are sure we pick the
right bit which is set for version parsing.
Philippe Antoine [Thu, 27 Apr 2023 09:52:07 +0000 (11:52 +0200)]
detect: adds test with bsize:0
Philippe Antoine [Wed, 29 Mar 2023 17:06:12 +0000 (19:06 +0200)]
Adds test about http.connection with to client
Ticket: #5746
Philippe Antoine [Mon, 30 Jan 2023 08:41:03 +0000 (09:41 +0100)]
Adds test about http mime with truncated file
due to request.body_limit configuration value
Juliana Fajardini [Thu, 16 Mar 2023 21:48:21 +0000 (18:48 -0300)]
tests: add test for bug 5867 FP drop log events
Bug #5867
Victor Julien [Tue, 18 Apr 2023 07:12:05 +0000 (09:12 +0200)]
tests: fix smb bug 5770 pcap
Victor Julien [Tue, 28 Feb 2023 11:00:31 +0000 (12:00 +0100)]
tests: add test for bug 5881 stream overlap issue
Victor Julien [Mon, 27 Feb 2023 20:42:17 +0000 (21:42 +0100)]
tests: add tcp fast open tests
Philippe Antoine [Thu, 2 Feb 2023 15:07:24 +0000 (16:07 +0100)]
Adds test about smb2 for bug 5786
Philippe Antoine [Tue, 27 Dec 2022 21:50:19 +0000 (22:50 +0100)]
Adds smb test for ticket 5770
Juliana Fajardini [Thu, 24 Feb 2022 18:48:53 +0000 (18:48 +0000)]
tests: add tests for unseen http midstream traffic
In a pcap where just `http` midstream traffic is seen, Suri is
unable to see the packtes as `http` traffic (Wireshark tags them
correctly).
This also seems to result in Suri sometimes not adding the packet
payload to the associated alert event in the eve-log.
`bug-5437-01` has the pcap where http packets are not seen `bug-5437-02`
has a more complete pcap, and the same packets are properly
identified by Suri.
Related to
Bug #5437
Philippe Antoine [Mon, 20 Mar 2023 12:15:20 +0000 (13:15 +0100)]
Adds test with multiple HTTP 100 responses
Juliana Fajardini [Thu, 23 Mar 2023 21:09:33 +0000 (18:09 -0300)]
tests: test defrag exception policy with drop-flow
Defrag memcap and flow memcap do not support flow action for the
exception policies, as there is no flow when the exception condition is
hit. In such cases, the exception policy must be considered as
`drop-packet`. This commit changes the defrag exception policy test to
check if this behavior is working.
Philippe Antoine [Wed, 28 Dec 2022 14:53:35 +0000 (15:53 +0100)]
Adds test about ftp port when memcap is reached
Ticket: #5701
Philippe Antoine [Mon, 3 Apr 2023 07:04:27 +0000 (09:04 +0200)]
smb: fix test for master6
Difference with 7 is missing feature file deletion
Addition since 6.0.0 is async response cf smb2.aid wireshark filter
Ticket: #5820
Victor Julien [Mon, 27 Mar 2023 10:21:41 +0000 (12:21 +0200)]
tests: add http_uri parsing test
Victor Julien [Mon, 27 Mar 2023 10:21:09 +0000 (12:21 +0200)]
tests: add stream_size parsing test
Victor Julien [Fri, 17 Mar 2023 08:21:07 +0000 (09:21 +0100)]
tests: add rules testing with engine analysis
Tests check engine-analysis representation of rules.
Victor Julien [Fri, 17 Mar 2023 17:16:12 +0000 (18:16 +0100)]
tests: ET open rule parsing test: update rules
Victor Julien [Thu, 23 Mar 2023 11:21:44 +0000 (12:21 +0100)]
tests: add 5929 test for http2
Victor Julien [Thu, 23 Mar 2023 08:36:55 +0000 (09:36 +0100)]
tests: add ticket 5929 test
Shivani Bhardwaj [Thu, 9 Mar 2023 07:34:35 +0000 (13:04 +0530)]
base64_data: add tests for bug 5885
Jason Ish [Wed, 8 Mar 2023 22:10:01 +0000 (16:10 -0600)]
tests/quic-ietf: fix test
Suricata was matching on the wrong ja3.
Jason Ish [Sun, 19 Feb 2023 01:00:50 +0000 (19:00 -0600)]
mqtt-events-unintroduced: fix test
On inspection of the pcap, the signature
2226005 should only alert
once.
Issue: 5799
Jason Ish [Sun, 19 Feb 2023 00:58:13 +0000 (18:58 -0600)]
mqtt-events-missing-connect: fix test
On inspection of the pcap, the signature
2226000 should only alert once.
Issue: 5799
Jason Ish [Fri, 17 Feb 2023 18:34:36 +0000 (12:34 -0600)]
mqtt-events-invalid-qos: fix test
On inspection of the pcap, the signature
2226006 should only alert once.
Issue: 5799
Jason Ish [Fri, 17 Feb 2023 18:33:15 +0000 (12:33 -0600)]
test: issue 4759
Victor Julien [Tue, 28 Mar 2023 15:35:31 +0000 (17:35 +0200)]
tests: fix exception test pcap paths
Shivani Bhardwaj [Fri, 10 Mar 2023 05:38:09 +0000 (11:08 +0530)]
smtp-eve: fix filesize and version check
Earlier, the CRLFs that were a part of the file were also stripped off
as a part of finding and stripping the delimiters in the MIME handler.
This was fixed as a part of
https://redmine.openinfosecfoundation.org/issues/5725.
This patch fixes the test too to reflect the fix.
Ticket: 5821
Haleema Khan [Tue, 14 Feb 2023 13:27:10 +0000 (18:27 +0500)]
file: Add tests for file_data prefilter keyword
Tests the `prefilter` keyword for `file_data` and `file.data`
Ticket #5801
Shivani Bhardwaj [Mon, 20 Feb 2023 05:26:03 +0000 (10:56 +0530)]
createst: update the default README
Alice Akaki [Thu, 24 Nov 2022 18:00:12 +0000 (14:00 -0400)]
createst: Create a default README with every test
Feature: #5210
Haleema Khan [Tue, 24 Jan 2023 19:50:09 +0000 (00:50 +0500)]
tls: add test for tls.subject keyword
Adds tests for `tls.subject` legacy keyword and `tls.cert_subject` new keyword.
Ticket #5544
Haleema Khan [Tue, 24 Jan 2023 13:59:31 +0000 (18:59 +0500)]
tls: add test for tls.issuerdn keyword
Adds tests for `tls.issuerdn` legacy keyword and `tls.cert_issuer` new keyword.
Ticket #5544
Haleema Khan [Mon, 13 Feb 2023 09:42:16 +0000 (14:42 +0500)]
tls: organize tls tests into folders
Haleema Khan [Fri, 3 Feb 2023 18:49:27 +0000 (23:49 +0500)]
ttl: add tests for prefilter keyword for ipv6 packets
Ticket #5800
Juliana Fajardini [Wed, 1 Feb 2023 20:19:10 +0000 (17:19 -0300)]
readme: remove mention to pcapng file type
Since we're not accepting this format for now, better not to be
misleading.
Jeff Lucovsky [Wed, 1 Mar 2023 14:17:51 +0000 (09:17 -0500)]
test: Pin minimum version on eve output/smb2 tests
This PR sets the minimum version for tests changed to reflect new or
modified behavior in versions past mater-6.0.x
Jeff Lucovsky [Wed, 1 Mar 2023 14:16:36 +0000 (09:16 -0500)]
tests: Create tests for master-6.0.x branch
This commit introduces master-6.0.x specific tests that cover areas
where functionality is improved or changing for later versions.
Lancer Cheng [Wed, 1 Feb 2023 10:45:33 +0000 (10:45 +0000)]
tests: add test for bug 5783
Jeff Lucovsky [Sat, 4 Feb 2023 15:02:12 +0000 (10:02 -0500)]
log: Updates due to 5836
This commit is needed to accommodate Suricata's changed behavior that
exits if a log file can't be opened at startup time.
Victor Julien [Thu, 9 Feb 2023 16:39:01 +0000 (17:39 +0100)]
tests: disable bug 5198
Needs Suricata fix tracked in 5836.
Victor Julien [Thu, 9 Feb 2023 15:41:17 +0000 (16:41 +0100)]
tests: add test for bug 3286
Victor Julien [Tue, 7 Feb 2023 21:44:40 +0000 (22:44 +0100)]
tests: fix smb test for 6.0.x
Philippe Antoine [Thu, 2 Feb 2023 15:57:01 +0000 (16:57 +0100)]
framework: explicit utf-8 encoding for reading json
As the default encoding is platform dependent
Victor Julien [Sun, 22 Jan 2023 09:37:35 +0000 (10:37 +0100)]
tests: smb2 file sha logging test
Jason Ish [Tue, 31 Jan 2023 22:02:49 +0000 (16:02 -0600)]
github-ci: only run suricata-verify once on Ubuntu
On Ubuntu verify was being run once with the output dir in tree, and
another time elsewhere. Instead, on Ubuntu just run once with --outdir,
and run on Alma without --outdir to cover both cases and save some time.
Jason Ish [Tue, 31 Jan 2023 22:00:55 +0000 (16:00 -0600)]
github-ci: update checkout action to v3
Jeff Lucovsky [Sun, 4 Sep 2022 12:23:55 +0000 (08:23 -0400)]
tests/log: Verify bug 5198
This issue requires an ASAN build -- it doesn't reproduce without ASAN.
Issue: 5198
Jeff Lucovsky [Mon, 18 May 2020 14:08:50 +0000 (10:08 -0400)]
tests/bsize Add test cases for bsize
This commit adds several test cases for the `bsize` keyword.
These tests apply to Suricata 7.0.x and newer.
Juliana Fajardini [Thu, 19 Jan 2023 14:58:10 +0000 (11:58 -0300)]
tests: test midstream w midstream exception policy
Related to
Bug #5765
Jason Ish [Fri, 27 Jan 2023 04:57:50 +0000 (22:57 -0600)]
test: test logging TLS dates less than 1970
Issue: 5817
Haleema Khan [Fri, 27 Jan 2023 01:36:32 +0000 (06:36 +0500)]
ttl: add tests for prefilter keyword
Ticket #5800
Jason Ish [Thu, 26 Jan 2023 16:24:57 +0000 (10:24 -0600)]
test: configuration file includes
Test configuration file includes that also include the new fully
qualified name overrides.
Pay attention to our "_" to "-" translation which should not happen for
variables.
Jason Ish [Fri, 20 Jan 2023 22:26:04 +0000 (16:26 -0600)]
tests/ftp: add checks for too long alerts
Related issue: 5235
Juliana Fajardini [Mon, 12 Dec 2022 22:38:29 +0000 (19:38 -0300)]
tests: fix bad http host rule tests
The test.yaml files were missing the command set to compare eve.json
output and to run without a pcap file, therefore being simply skipped
for lack of a pcap file.
Also took the opportunity to make these compatible with new error
message formats for Suricata 7.
Test 1 also had a typo in the expected message to be checked, making it
fail.
Jeff Lucovsky [Fri, 16 Dec 2022 14:31:34 +0000 (09:31 -0500)]
decode: Tests for unknown/arp counters
Issue: 5761
This commit adds tests for decode counters which are new
- decode.arp
- decode.unknown_ethertype
Jason Ish [Wed, 30 Nov 2022 16:15:11 +0000 (10:15 -0600)]
test: opcode logging and alert
Victor Julien [Mon, 30 Jan 2023 17:04:19 +0000 (18:04 +0100)]
tests: update exception policy for new IPS default
Victor Julien [Mon, 30 Jan 2023 13:17:55 +0000 (14:17 +0100)]
udp: improve strict/non-strict checks for 6
Shivani Bhardwaj [Mon, 30 Jan 2023 12:24:20 +0000 (17:54 +0530)]
run.py: fix version comparison checks
If no minor or patch version was provided, it was set to 0 hence passing
the check for "not None". Fix that by setting the defaults to None
instead for 0 for the equal to check.
Shivani Bhardwaj [Fri, 20 Jan 2023 07:48:43 +0000 (13:18 +0530)]
tcp: add test for bug 5379
Shivani Bhardwaj [Wed, 4 Jan 2023 07:20:24 +0000 (12:50 +0530)]
udp: add tests for bug 5379
Shivani Bhardwaj [Sat, 12 Nov 2022 08:34:14 +0000 (14:04 +0530)]
pcre-invalid-01: update shell check min-version
Shivani Bhardwaj [Wed, 2 Nov 2022 19:51:53 +0000 (01:21 +0530)]
run.py: allow version tests in shell checks
Victor Julien [Fri, 27 Jan 2023 15:55:00 +0000 (16:55 +0100)]
tests: add frame ips test
Victor Julien [Fri, 27 Jan 2023 13:38:30 +0000 (14:38 +0100)]
tests: improve frame gap tests
Add detection.
Victor Julien [Fri, 27 Jan 2023 12:38:34 +0000 (13:38 +0100)]
frames: sip test update
Jason Ish [Wed, 18 Jan 2023 18:23:12 +0000 (12:23 -0600)]
pcap-log: fix tests for issue 5374
Suricata 7.0-dev will now use the time of the start packet for pcap
logging when reading from a file like 6.0 did.
Issue: 5374
Philippe Antoine [Tue, 6 Dec 2022 13:28:48 +0000 (14:28 +0100)]
Adds test about smb ntlmssp arbitrary order
Ticket: #5258
Philippe Antoine [Thu, 15 Sep 2022 18:58:39 +0000 (20:58 +0200)]
test: update warning about bad hex
To reflect the full content string
Victor Julien [Sun, 8 Jan 2023 06:43:59 +0000 (07:43 +0100)]
tests: update frames for stream frames
Victor Julien [Sun, 8 Jan 2023 06:38:33 +0000 (07:38 +0100)]
tests: fix tcp tests being too strict on tcp objects
Victor Julien [Thu, 22 Dec 2022 18:17:47 +0000 (19:17 +0100)]
tests: add rules for flow drops
Victor Julien [Thu, 29 Sep 2022 08:50:25 +0000 (10:50 +0200)]
tests: tls nom7 updates
Victor Julien [Mon, 26 Sep 2022 17:12:22 +0000 (19:12 +0200)]
tests: tls updates for 6 backports
Victor Julien [Thu, 1 Dec 2022 19:33:26 +0000 (20:33 +0100)]
output: fixups for output changes
Victor Julien [Thu, 15 Dec 2022 10:03:20 +0000 (11:03 +0100)]
tests: limit rfb community id check to 7
Victor Julien [Sat, 10 Dec 2022 19:01:30 +0000 (20:01 +0100)]
tests: fix grep for openbsd
Victor Julien [Sat, 10 Dec 2022 14:59:52 +0000 (15:59 +0100)]
tests: fix pcap for openbsd
Victor Julien [Sat, 10 Dec 2022 11:01:47 +0000 (12:01 +0100)]
tests: fix bug 4376 for openbsd
Jason Ish [Wed, 7 Dec 2022 21:34:46 +0000 (15:34 -0600)]
createst: rename add-version to simply version
This is a more consistent mapping to the documented name in test.yaml.
Also add --cfg to the README which was missing.
Jason Ish [Wed, 7 Dec 2022 21:10:10 +0000 (15:10 -0600)]
createst: document --features
Haleema Khan [Fri, 21 Oct 2022 01:46:46 +0000 (06:46 +0500)]
createst: Commandline param to specify required features
Feature: #4061
Haleema Khan [Mon, 24 Oct 2022 15:05:32 +0000 (20:05 +0500)]
detect-bytemath: add tests
Ticket: #5589
Jason Ish [Thu, 17 Nov 2022 22:01:50 +0000 (16:01 -0600)]
template tests: update for removal of C templates
In 7, the rust based template parser is simply template.