]>
git.ipfire.org Git - thirdparty/suricata-verify.git/log
Giuseppe Longo [Mon, 18 Mar 2024 08:27:02 +0000 (09:27 +0100)]
sdp: add test
This adds a test for SDP protocol.
Philippe Antoine [Sat, 20 Apr 2024 08:28:43 +0000 (10:28 +0200)]
http: backports for http.response_body
Ticket: 6948
Philippe Antoine [Thu, 18 Apr 2024 12:57:46 +0000 (14:57 +0200)]
tests: add rule to check for http.response_body
Ticket: 6948
Philippe Antoine [Fri, 12 Apr 2024 10:56:17 +0000 (12:56 +0200)]
http: test FP for http.response_body
Ticket: 6948
We should not match on request body
Juliana Fajardini [Wed, 17 Apr 2024 00:44:06 +0000 (21:44 -0300)]
tests: update eve config stats option term
Replaced `zero-valued-counters` for eve-log.stats counters options with
the same term used for the pre-dated similar option for stats.log
output.
Task #6962
Jeff Lucovsky [Thu, 18 Apr 2024 13:06:24 +0000 (09:06 -0400)]
detect/ipopts: Support 7.0.x
This commit resets the min-version to 7.0.5 to support the backport
(issue 6882).
Jeff Lucovsky [Thu, 21 Mar 2024 13:25:49 +0000 (09:25 -0400)]
detect/ipopts: IP option tests
Philippe Antoine [Wed, 6 Dec 2023 21:07:02 +0000 (22:07 +0100)]
Adds test for websocket
Ticket: 2695
Victor Julien [Mon, 15 Apr 2024 11:53:41 +0000 (13:53 +0200)]
tests: enable datalink/defrag tests for 7.0.x
Juliana Fajardini [Mon, 15 Apr 2024 23:19:54 +0000 (20:19 -0300)]
tests/pgsql: add checks and test for bug 6092
Ensure that pgsql metadata flags (for now, just setting whether
passwords should be logged or not) are properly processed by Suri and
logging functions.
Related to
Bug #6092
Sascha Steinbiss [Mon, 4 Mar 2024 18:22:40 +0000 (19:22 +0100)]
ja4: adjust and add tests
Sascha Steinbiss [Mon, 4 Mar 2024 18:22:16 +0000 (19:22 +0100)]
ja3: adjust and add tests
Victor Julien [Fri, 12 Apr 2024 09:09:01 +0000 (11:09 +0200)]
tests: add defrag datalink tests
Bug: 6887.
Daniel Olatunji [Mon, 13 Nov 2023 11:57:31 +0000 (11:57 +0000)]
tests: add rule to check for tcp_mss
Related to
Issue: #6355
Shivani Bhardwaj [Wed, 3 Apr 2024 07:13:40 +0000 (12:43 +0530)]
add test for base64_data w fast_pattern
Bug 6859
Jeff Lucovsky [Sun, 24 Mar 2024 12:17:31 +0000 (08:17 -0400)]
test/memcap: Validate memcap pressure values
Issue: 6398
This test validates that the memcap pressure stats are no longer in the
global namespace.
Old:
- memcap_pressure
- memcap_pressure_max
New:
- memcap.pressure
- memcap.pressure_max
Juliana Fajardini [Wed, 3 Apr 2024 23:13:18 +0000 (20:13 -0300)]
tests: add checks for hiding zero counter stats
Task #5976
Juliana Fajardini [Thu, 11 Apr 2024 20:17:11 +0000 (17:17 -0300)]
tests/exception-policy/stats: fix app-layer test
exception-policy-applayer-03 was missing the checks for exception-policy
per-appproto errors.
Juliana Fajardini [Fri, 17 Feb 2023 20:28:02 +0000 (17:28 -0300)]
tests: check exception policy stats counters
Edit the existing exception policy tests to check for the new exception
policy stats counters.
Add two more tests, to showcase behavior for exception policy stats
counters when set up to log counters for each app-proto error and
zero-valued counters are enabled (default behavior).
Ticket #5816
Daniel Olatunji [Wed, 31 Jan 2024 15:29:16 +0000 (16:29 +0100)]
tests: add rule to check for tcp_seq
Related to
Issue: 6353
Daniel Olatunji [Wed, 31 Jan 2024 15:37:54 +0000 (16:37 +0100)]
tests: add rule to check for tcp/ack
Related to
Issue: 6354
Shivani Bhardwaj [Mon, 25 Mar 2024 13:35:47 +0000 (19:05 +0530)]
rule-grouping: add boundary port tests
Shivani Bhardwaj [Thu, 21 Mar 2024 09:17:39 +0000 (14:47 +0530)]
port-grouping: add tests for bug 6881 and more
Victor Julien [Wed, 20 Mar 2024 07:17:06 +0000 (08:17 +0100)]
tests: add bug 6875 test
Victor Julien [Mon, 18 Mar 2024 16:13:56 +0000 (17:13 +0100)]
tests: update drop and ssh tests for 7
Philippe Antoine [Mon, 27 Nov 2023 16:28:47 +0000 (17:28 +0100)]
Adds test about ssh new keys
Ticket: 6578
Philippe Antoine [Mon, 29 Jan 2024 14:24:47 +0000 (15:24 +0100)]
drop: adds test with a protocol change
Ticket: 6305
Victor Julien [Fri, 24 Nov 2023 11:06:19 +0000 (12:06 +0100)]
tests: add frame gap logging tests
Victor Julien [Mon, 20 Nov 2023 12:25:24 +0000 (13:25 +0100)]
tests: add various eve payload representation tests
Overlaps and gaps.
Philippe Antoine [Wed, 13 Mar 2024 20:33:02 +0000 (21:33 +0100)]
http: adds check for request line missing protocol
This generates an anomaly
Ticket: 6856
Shivani Bhardwaj [Sat, 9 Mar 2024 04:19:13 +0000 (09:49 +0530)]
rule-grouping: add edge case test
Hadiqa Alamdar Bukhari [Tue, 26 Dec 2023 10:00:08 +0000 (15:00 +0500)]
test: add test for dns.rcode
Feature #6621
Shivani Bhardwaj [Wed, 21 Feb 2024 09:50:42 +0000 (15:20 +0530)]
detect/port: add rule grouping tests
Hadiqa Alamdar Bukhari [Fri, 2 Feb 2024 13:38:49 +0000 (18:38 +0500)]
test: add test for dns.rrtype
Feature #6666
Giuseppe Longo [Thu, 13 Apr 2023 16:59:03 +0000 (18:59 +0200)]
sip: add tests for sip over tcp
Philippe Antoine [Thu, 22 Feb 2024 20:35:06 +0000 (21:35 +0100)]
mqtt: frameswith multiple PDUs backport
Ticket: 6592
Philippe Antoine [Thu, 18 Jan 2024 12:39:47 +0000 (13:39 +0100)]
dns: adds test for sshfp
Lukas Sismis [Tue, 6 Feb 2024 10:54:03 +0000 (11:54 +0100)]
tcp: add a SYN packet test to verify correct flow output
Ticket: #6733
Philippe Antoine [Wed, 14 Feb 2024 21:16:28 +0000 (22:16 +0100)]
http: adds another test for http.request_header keyword
Ticket: 6483
Philippe Antoine [Tue, 6 Feb 2024 13:52:15 +0000 (14:52 +0100)]
ssh: do not enforce pcap_cnt
As this is an invalid tcp packet, that should not run any tx
detection on it.
Ticket: 6775
Philippe Antoine [Thu, 25 Jan 2024 15:00:02 +0000 (16:00 +0100)]
http2: adds test with continuation frames
Ticket: 5926
Philippe Antoine [Mon, 12 Feb 2024 13:02:40 +0000 (14:02 +0100)]
http: adds test with chunked as a token
Ticket: 6415
Philippe Antoine [Thu, 15 Feb 2024 08:24:30 +0000 (09:24 +0100)]
filestore: directionality fix backported to 7
Shivani Bhardwaj [Mon, 18 Dec 2023 08:16:03 +0000 (13:46 +0530)]
add test for bug 6617
Jeff Lucovsky [Wed, 24 Jan 2024 14:43:25 +0000 (09:43 -0500)]
test/mqtt: Improve multi PDU parsing
Issue: 6592
Jason Ish [Mon, 12 Feb 2024 15:54:07 +0000 (09:54 -0600)]
check-eve: open files with utf-8 encoding
Not needed in modern versions of Python, but required for older
versions like 3.6.
Philippe Antoine [Fri, 9 Feb 2024 16:30:29 +0000 (17:30 +0100)]
Adds test for http.request_header and http.response_header keywords
Ticket: 6736
Victor Julien [Wed, 9 Aug 2023 11:12:45 +0000 (13:12 +0200)]
tests: add multi-tenancy tests
Philippe Antoine [Wed, 24 Jan 2024 12:07:11 +0000 (13:07 +0100)]
http: adds test with HTTP not being 0.9
Ticket: 6643
If the request is junk, and the response is valid HTTP/1.1,
we should handle the response as HTTP/1.1, not HTTP 0.9
Philippe Antoine [Tue, 5 Dec 2023 08:26:39 +0000 (09:26 +0100)]
exception-policy: fix test to be more robust
We do not want to test number of alerts on every pseudo-packets
Ticket: 6578
Philippe Antoine [Mon, 27 Nov 2023 19:02:11 +0000 (20:02 +0100)]
tls: do not check pcap_cnt
as a tls event can come from a flush after setting no_inspection
Jason Ish [Wed, 24 Jan 2024 15:29:36 +0000 (09:29 -0600)]
tests/requires: test failure case
Break the requires test into 2 tests. One that runs to success so we
can verify the output.
A second that is expected to fail due to fatal init errors.
Ticket: #6710
Modupe Falodun [Fri, 4 Mar 2022 10:41:30 +0000 (11:41 +0100)]
detect-pcre: add assorted tests
Bring previously Suricata unit tests as suricata-verify tests.
Conversions mapping:
- detect-pcre-01: DetectPcreModifPTest04
- detect-pcre-02: DetectPcreModifPTest05
- detect-pcre-03: DetectPcreTestSig01-03
- detect-pcre-04: DetectPcreTestSig09-16
- detect-pcre-05: DetectPcreFlowvarCapture01- 03
Task #6147
Philippe Antoine [Thu, 21 Dec 2023 12:17:15 +0000 (13:17 +0100)]
Adds test that we parse http not as 0.9
Ticket: 6643
Jason Ish [Mon, 22 Jan 2024 14:33:07 +0000 (08:33 -0600)]
tests/requires: fix for suricata 8
Suricata 8 will have 7 rules skipped, Suricata 7.0.3+ will have 6 rules
skipped as there is a rule in here for Suricata >= 7.0.3 but less than
8.
Daniel Olatunji [Fri, 19 Jan 2024 07:39:19 +0000 (08:39 +0100)]
detect-engine-state: add assorted tests
Task: 6146
Add previously Suricata unittests as Suricata-verify tests.
Jason Ish [Wed, 3 Jan 2024 20:33:26 +0000 (14:33 -0600)]
check-eve: test for duplicate json keys
Add a duplicate key check to check-eve. If a duplicate key is found
in a JSON record, the test will fail with a schema error.
Jason Ish [Sat, 20 Jan 2024 17:01:12 +0000 (10:01 -0700)]
tests/requires: updates to support 7.0.3
Jeff Lucovsky [Sat, 20 Jan 2024 15:49:47 +0000 (10:49 -0500)]
tests/swf: SWF deprecation has been deprecated
Issue: 6606
Remove deprecated deprecation notice for SWF.
jason taylor [Wed, 29 Nov 2023 18:35:31 +0000 (18:35 +0000)]
tests: update smb.keyword min suri version
Signed-off-by: jason taylor <jtfas90@gmail.com>
jason taylor [Mon, 28 Aug 2023 21:43:10 +0000 (21:43 +0000)]
tests: update tests for smb.version keyword
Signed-off-by: jason taylor <jtfas90@gmail.com>
Eloy Pérez González [Tue, 1 Mar 2022 14:56:06 +0000 (15:56 +0100)]
smb-smb_version: update test to match also responses
Eloy Pérez González [Mon, 14 Feb 2022 09:58:34 +0000 (10:58 +0100)]
smb-smb_version: new test
Philippe Antoine [Tue, 16 Jan 2024 10:55:31 +0000 (11:55 +0100)]
transform: test strip-pseudo-headers from version 7
Ticket: 6614
Philippe Antoine [Tue, 12 Dec 2023 08:30:18 +0000 (09:30 +0100)]
test: adds test for strip_pseudo_headers transform
Ticket: 6546
Jason Ish [Tue, 19 Dec 2023 18:10:50 +0000 (12:10 -0600)]
requires: check stat; unknown requires keyword
Juliana Fajardini [Wed, 26 Jul 2023 15:18:58 +0000 (12:18 -0300)]
stats: add checks for drop reason counters
Leaving checks for stream reassembly aside as those were already added
by another commit.
Related to Task #6230
Task #6571
Philippe Antoine [Sun, 19 Nov 2023 20:02:17 +0000 (21:02 +0100)]
test: http2 user info now works from version 7
After backports have been merged
Jason Ish [Tue, 14 Nov 2023 17:29:45 +0000 (11:29 -0600)]
runner: fix python escaping warnings
Jason Ish [Wed, 28 Jun 2023 22:10:52 +0000 (16:10 -0600)]
readme: remove extraneous whitespace
Jason Ish [Wed, 28 Jun 2023 21:22:58 +0000 (15:22 -0600)]
runner: allow a test to be retried
Add a new parameter, retry that takes count. If the checks fail, the
test will be re-run. This could help us deal with failures in tests
that are sensitive to timing.
Jason Ish [Fri, 1 Dec 2023 21:18:31 +0000 (15:18 -0600)]
test: tests for requires keyword
Feature: #5972
Jason Ish [Fri, 1 Dec 2023 21:04:19 +0000 (15:04 -0600)]
readme: example of requiring files to exist
Philippe Antoine [Fri, 1 Dec 2023 20:56:03 +0000 (21:56 +0100)]
Add test about enip stats with _udp prefix
Ticket: 6304
Juliana Fajardini [Fri, 15 Dec 2023 18:46:28 +0000 (15:46 -0300)]
test/pgsql: update cancel request min-version test
Related to
Bug #6581
Juliana Fajardini [Fri, 8 Dec 2023 20:47:19 +0000 (17:47 -0300)]
tests: add pgsql cancel request tests
Showcase CancelRequest postgresql message output.
Related to
Task #6577
Philippe Antoine [Wed, 13 Dec 2023 19:25:41 +0000 (20:25 +0100)]
http2: http_response_line exact in main7
Ticket: 6547
Jason Ish [Wed, 15 Nov 2023 17:21:24 +0000 (11:21 -0600)]
test: new test for dns.query.name
Jason Ish [Wed, 15 Nov 2023 17:21:12 +0000 (11:21 -0600)]
test: new test for dns.answer.name
Hadiqa Alamdar Bukhari [Wed, 13 Dec 2023 11:23:16 +0000 (16:23 +0500)]
tests: add rule type check for flowbits
Task #6309
Philippe Antoine [Thu, 23 Nov 2023 09:13:46 +0000 (10:13 +0100)]
http2: check for http_response_line exact content
Ticket: 6547
Philippe Antoine [Tue, 12 Dec 2023 07:52:25 +0000 (08:52 +0100)]
detect/transform/header_lowercase: support from 7.0.3
Juliana Fajardini [Wed, 6 Dec 2023 14:47:08 +0000 (11:47 -0300)]
tests/pgsql: test pgsql probing bug for version 7
Juliana Fajardini [Tue, 5 Dec 2023 13:53:11 +0000 (10:53 -0300)]
tests/pgsql: update password log disabled msgs
Removing the white spaces from this log output, as these can cause
issues with grepping commands querying log results, and also doesn't
show a consistent behavior among different environments.
Juliana Fajardini [Tue, 28 Nov 2023 21:19:48 +0000 (18:19 -0300)]
tests: add test for pgsql probe bug 6080
Add test for pgsql probing function bug 6080.
Crafted pcap.
Related to
Bug #6080
Philippe Antoine [Fri, 12 May 2023 10:28:05 +0000 (12:28 +0200)]
krb5: improves check for alert app-layer data
Philippe Antoine [Thu, 11 May 2023 09:21:32 +0000 (11:21 +0200)]
tftp: improves check for alert app-layer data
Philippe Antoine [Thu, 11 May 2023 09:21:11 +0000 (11:21 +0200)]
ftp: improves check for alert app-layer data
Philippe Antoine [Thu, 9 Nov 2023 09:40:02 +0000 (10:40 +0100)]
test: adds test for header_lowercase transform
Sascha Steinbiss [Wed, 11 Oct 2023 20:21:46 +0000 (22:21 +0200)]
mqtt: add test case for protocol string keyword
Ticket: OISF#6396
Victor Julien [Fri, 17 Nov 2023 11:33:45 +0000 (12:33 +0100)]
tests: fix requirements to pass on 6 and 7
Jason Ish [Thu, 16 Nov 2023 21:45:11 +0000 (15:45 -0600)]
github-ci: add main-7.0.x
Juliana Fajardini [Tue, 24 Oct 2023 19:51:13 +0000 (16:51 -0300)]
tests: add more uricontent tests
Modupe Falodun [Wed, 9 Feb 2022 12:14:09 +0000 (13:14 +0100)]
detect-uricontent: add tests
Task: 4911
Juliana Fajardini [Mon, 23 Oct 2023 20:01:37 +0000 (17:01 -0300)]
tests/tcp-hdr: actually test tcp-hdr keyword
Noticed that the tcp-hdr keyword test rule was actually using tcp.mss.
Adjusted it to use tcp.hdr instead.
jason taylor [Thu, 12 Oct 2023 13:31:12 +0000 (13:31 +0000)]
tests: add tests for tls.cert_chain_len
Ticket: #6386
Signed-off-by: jason taylor <jtfas90@gmail.com>
Shivani Bhardwaj [Wed, 8 Feb 2023 11:32:29 +0000 (17:02 +0530)]
tests: add test for smtp LF post line limit
Shivani Bhardwaj [Sat, 6 May 2023 11:43:03 +0000 (17:13 +0530)]
smtp: add test for cmd after long line w LF
Shivani Bhardwaj [Fri, 5 May 2023 08:24:15 +0000 (13:54 +0530)]
smtp: add test for long DATA post boundary
Shivani Bhardwaj [Tue, 30 May 2023 15:35:18 +0000 (21:05 +0530)]
smtp: add test for bug 6053