From 7741d9594cd63f897598eb2a82a488718283cda3 Mon Sep 17 00:00:00 2001 From: Stefan Schantl Date: Thu, 30 Sep 2021 20:54:12 +0200 Subject: [PATCH] Add basic test for location module. Signed-off-by: Stefan Schantl --- tests/location/create-database.py | 51 ++++++++++++++++++++++++++++++ tests/location/input.pcap | 1 + tests/location/suricata.yaml | 13 ++++++++ tests/location/test.db | Bin 0 -> 24674 bytes tests/location/test.rules | 2 ++ tests/location/test.yaml | 19 +++++++++++ 6 files changed, 86 insertions(+) create mode 100644 tests/location/create-database.py create mode 120000 tests/location/input.pcap create mode 100644 tests/location/suricata.yaml create mode 100644 tests/location/test.db create mode 100644 tests/location/test.rules create mode 100644 tests/location/test.yaml diff --git a/tests/location/create-database.py b/tests/location/create-database.py new file mode 100644 index 0000000..9f2f91d --- /dev/null +++ b/tests/location/create-database.py @@ -0,0 +1,51 @@ +#!/usr/bin/python3 + +import _location as location + +# Test data. +test_data = { + '123.125.71.29/32': { + 'ccode': 'CN', + 'cname': 'China', + 'ccontinent': 'AS', + 'asnumber': 4808, + 'asname': 'China Unicom', + }, + '82.165.177.154/32': { + 'ccode': 'DE', + 'cname': 'Germany', + 'ccontinent': 'EU', + 'asnumber': 8560, + 'asname': '1&1 IONOS SE', + } + } + +db = location.Writer() + +# Set the vendor +db.vendor = "suricata-verify" + +# Set a description +db.description = "suricata-verify location test database" + +# Set a license +db.license = "CC" + +# Loop through the dict of testdata +for addr, data in test_data.items(): + # Add country and details + country = db.add_country(data["ccode"]) + country.continent_code = data["ccontinent"] + country.name = data["cname"] + + # Add AS and data + asn = db.add_as(data["asnumber"]) + asn.name = data["asname"] + + # Add a network + net = db.add_network(addr) + net.country_code = data["ccode"] + net.asn = asn.number + +# Write the database to disk +db.write("test.db") diff --git a/tests/location/input.pcap b/tests/location/input.pcap new file mode 120000 index 0000000..39fbe32 --- /dev/null +++ b/tests/location/input.pcap @@ -0,0 +1 @@ +../alert-testmyids/input.pcap \ No newline at end of file diff --git a/tests/location/suricata.yaml b/tests/location/suricata.yaml new file mode 100644 index 0000000..3e83836 --- /dev/null +++ b/tests/location/suricata.yaml @@ -0,0 +1,13 @@ +%YAML 1.1 +--- + +location-database: ./test.db + +outputs: + - eve-log: + enabled: yes + filetype: regular + filename: eve.json + types: + - alert + diff --git a/tests/location/test.db b/tests/location/test.db new file mode 100644 index 0000000000000000000000000000000000000000..098592fb9eced425715ac836412b2cd07ece3574 GIT binary patch literal 24674 zc-rmS=TcKa9ES0=Vi&PtKUlD$U_-G1ClOI3Xao@(2M7{{1e1Vb@4fea1zw1ErH8N| zp4ss`GtB$UB>T(ezmrM6WHLDoF+Wn<+B(jJ1uX@?%}9metyb@jouZGvarSMvK9lRdi0B?jh!DaAfcne$(SHN50ZSZz@2fP!m zgm=Na;VO6!ycgaF?}rb-)o=}53;S>cj=~4wI`|M=4(GM4xIPWVci+ty0D*syR9!cXM3!Z*uUt^T!MS8 z`<$5+oVM=A%w=aj183o!^?)-!Xnn=mzX}h**Q~E&{)Th*CVUINZG8vxcb&8M;QQ7O zoSBE#kFft3egZ#r&OWn#?(DySU&628*Vb=v_AUGleh+_eUh5AD49-qxkNVSb%oD#1lfe~ medG5eQ-Rl any any (msg:"China IP"; flow:established,to_server; geoip:dst,CN; sid:1; rev:1; flowbits:isnotset,china; flowbits:set,china;) +alert tcp any any -> any any (msg:"German IP"; flow:established,to_server; geoip: dst,DE; sid:2; rev:1; flowbits:isnotset,german; flowbits:set,german;) diff --git a/tests/location/test.yaml b/tests/location/test.yaml new file mode 100644 index 0000000..49b29b3 --- /dev/null +++ b/tests/location/test.yaml @@ -0,0 +1,19 @@ +requires: + features: + - HAVE_LIBJANSSON + - IPFire Location + +checks: + + # Check that we only have one alert event type in eve. + - filter: + count: 1 + match: + event_type: alert + + # Check alert is the good one + - filter: + count: 1 + match: + event_type: alert + alert.signature_id: 2 -- 2.47.3