From 268acf49bf6f8dca5fc7d1dd7131904fd0093472 Mon Sep 17 00:00:00 2001
From: Eric Leblond <el@stamus-networks.com>
Date: Sun, 13 Oct 2024 13:40:43 +0200
Subject: [PATCH] tests: add md5 test to datajson

---
 .../badsha.lst                                      |   0
 .../input.pcap                                      | Bin
 .../test.rules                                      |   1 +
 .../test.yaml                                       |   8 +++++++-
 4 files changed, 8 insertions(+), 1 deletion(-)
 rename tests/datajson/{datajson-04-sha256 => datajson-04-hashes}/badsha.lst (100%)
 rename tests/datajson/{datajson-04-sha256 => datajson-04-hashes}/input.pcap (100%)
 rename tests/datajson/{datajson-04-sha256 => datajson-04-hashes}/test.rules (50%)
 rename tests/datajson/{datajson-04-sha256 => datajson-04-hashes}/test.yaml (70%)

diff --git a/tests/datajson/datajson-04-sha256/badsha.lst b/tests/datajson/datajson-04-hashes/badsha.lst
similarity index 100%
rename from tests/datajson/datajson-04-sha256/badsha.lst
rename to tests/datajson/datajson-04-hashes/badsha.lst
diff --git a/tests/datajson/datajson-04-sha256/input.pcap b/tests/datajson/datajson-04-hashes/input.pcap
similarity index 100%
rename from tests/datajson/datajson-04-sha256/input.pcap
rename to tests/datajson/datajson-04-hashes/input.pcap
diff --git a/tests/datajson/datajson-04-sha256/test.rules b/tests/datajson/datajson-04-hashes/test.rules
similarity index 50%
rename from tests/datajson/datajson-04-sha256/test.rules
rename to tests/datajson/datajson-04-hashes/test.rules
index 018173048..af67a6908 100644
--- a/tests/datajson/datajson-04-sha256/test.rules
+++ b/tests/datajson/datajson-04-hashes/test.rules
@@ -1 +1,2 @@
 alert http any any -> any any (flow:established,to_server; http.host; content: "testmyids"; to_sha256; datajson:isset,badcat,type sha256,load badsha.lst,key bad_sha; sid:1; rev:1;)
+alert http any any -> any any (flow:established,to_server; http.host; content: "testmyids"; to_md5; datajson:isset,badmd5,type md5,load badmd5.lst,key bad_md5; sid:2; rev:1;)
diff --git a/tests/datajson/datajson-04-sha256/test.yaml b/tests/datajson/datajson-04-hashes/test.yaml
similarity index 70%
rename from tests/datajson/datajson-04-sha256/test.yaml
rename to tests/datajson/datajson-04-hashes/test.yaml
index 4dad013b4..716171874 100644
--- a/tests/datajson/datajson-04-sha256/test.yaml
+++ b/tests/datajson/datajson-04-hashes/test.yaml
@@ -9,7 +9,7 @@ args:
 
 checks:
   - filter:
-      count: 1
+      count: 2
       match:
         event_type: alert
   - filter:
@@ -18,3 +18,9 @@ checks:
         event_type: alert
         alert.signature_id: 1
         alert.extra.bad_sha.year: 2005
+  - filter:
+      count: 1
+      match:
+        event_type: alert
+        alert.signature_id: 2
+        alert.extra.bad_md5.year: 2007
-- 
2.47.3