]>
git.ipfire.org Git - thirdparty/suricata-verify.git/log
Juliana Fajardini [Tue, 24 Oct 2023 19:51:13 +0000 (16:51 -0300)]
tests: add more uricontent tests
Modupe Falodun [Wed, 9 Feb 2022 12:14:09 +0000 (13:14 +0100)]
detect-uricontent: add tests
Task: 4911
Juliana Fajardini [Mon, 23 Oct 2023 20:01:37 +0000 (17:01 -0300)]
tests/tcp-hdr: actually test tcp-hdr keyword
Noticed that the tcp-hdr keyword test rule was actually using tcp.mss.
Adjusted it to use tcp.hdr instead.
jason taylor [Thu, 12 Oct 2023 13:31:12 +0000 (13:31 +0000)]
tests: add tests for tls.cert_chain_len
Ticket: #6386
Signed-off-by: jason taylor <jtfas90@gmail.com>
Shivani Bhardwaj [Wed, 8 Feb 2023 11:32:29 +0000 (17:02 +0530)]
tests: add test for smtp LF post line limit
Shivani Bhardwaj [Sat, 6 May 2023 11:43:03 +0000 (17:13 +0530)]
smtp: add test for cmd after long line w LF
Shivani Bhardwaj [Fri, 5 May 2023 08:24:15 +0000 (13:54 +0530)]
smtp: add test for long DATA post boundary
Shivani Bhardwaj [Tue, 30 May 2023 15:35:18 +0000 (21:05 +0530)]
smtp: add test for bug 6053
Philippe Antoine [Tue, 7 Nov 2023 16:22:14 +0000 (17:22 +0100)]
tests: adds a test for http2 with userinfo in uri
Ticket: #6426
Jeff Lucovsky [Sat, 11 Nov 2023 08:50:21 +0000 (03:50 -0500)]
test/transform: Tests for case changing transforms
Issue: 6439
Tests for case-changing transforms:
- to_lowercase
- to_uppercase
Philippe Antoine [Tue, 20 Jun 2023 13:56:19 +0000 (15:56 +0200)]
Adds a test about flow.pkts_toclient keyword
And the similar keywords about packets and bytes of a flow
Victor Julien [Thu, 16 Nov 2023 09:38:59 +0000 (10:38 +0100)]
tests: fix distance test for 7 and 8
Philippe Antoine [Mon, 6 Nov 2023 15:35:03 +0000 (16:35 +0100)]
tests: Add a test for http2 authority mismatch event
Ticket: #6425
Lukas Sismis [Wed, 23 Aug 2023 11:32:26 +0000 (13:32 +0200)]
tests: add a test for a bug 6278
tests include:
- non-existent user
- NULL user (empty user string)
Shivani Bhardwaj [Tue, 31 Oct 2023 08:56:48 +0000 (14:26 +0530)]
bug-4623: remove version check
Jason Ish [Fri, 27 Oct 2023 18:50:25 +0000 (12:50 -0600)]
test: test for empty dns/eve formats
Test that when dns/eve "formats" is empty, it uses the default of all.
Bug: #6420
Jeff Lucovsky [Fri, 27 Oct 2023 13:00:57 +0000 (09:00 -0400)]
detect/bytejump: Test from issue 4623
Issue: 4623
This commit uses the pcap and rules from issue 4623 to validate the
fixes.
Shivani Bhardwaj [Thu, 5 Oct 2023 07:06:56 +0000 (12:36 +0530)]
detect/bytejump: remove version check
Victor Julien [Fri, 13 Oct 2023 14:18:56 +0000 (16:18 +0200)]
tests: add bug 6402 test
Victor Julien [Thu, 12 Oct 2023 11:52:54 +0000 (13:52 +0200)]
tests: add test for issue 6397
Philippe Antoine [Wed, 27 Sep 2023 11:57:33 +0000 (13:57 +0200)]
Adds test for quic v2
Juliana Fajardini [Fri, 15 Sep 2023 01:30:48 +0000 (22:30 -0300)]
tests: add rule type check for iptops
Related to
Task #6348
Jeff Lucovsky [Fri, 8 Sep 2023 14:25:15 +0000 (10:25 -0400)]
detect/bytejump: Handle post_offset changes
Issue: 4624
Update test case and add one to reflect post_offset handling
differences. post_offset values that move before the buffer are treated
as though they move to the buffer start.
Philippe Antoine [Tue, 19 Sep 2023 08:30:03 +0000 (10:30 +0200)]
Adds test about mime when stream depth is reached
Jason Ish [Thu, 28 Sep 2023 18:11:15 +0000 (12:11 -0600)]
runner: fail test if pcap cannot be found
Will fail with an error like:
FAILED: PCAP filename does not exist: ../tls/tls-certs-alert/input.pcap
Shivani Bhardwaj [Fri, 18 Aug 2023 13:07:57 +0000 (18:37 +0530)]
tests: deduplicate pcaps, cleanup extras
Related to Redmine ticket 5908
Jeff Lucovsky [Mon, 12 Jun 2023 13:41:57 +0000 (09:41 -0400)]
detect/bytemath: Test multiplier operator
Issue: 6070
This commit adds a test for the byte-math multiplication operator. The
operator was missing from 6.0.x; however, this test applies to 6.0.x and
later once the Suricata PR is merged.
Philippe Antoine [Thu, 31 Aug 2023 09:52:15 +0000 (11:52 +0200)]
mime: add previous suricata unit tests
mime: fix tests for bug-6207
Fix manually crafted pcaps to have valid MIME headers folding
beginning with space
And removing the test for BODY_BOUND which is becoming obsolete
Philippe Antoine [Wed, 13 Sep 2023 12:21:27 +0000 (14:21 +0200)]
bug-6207: fix pcap to get right header folding
Haleema Khan [Fri, 3 Feb 2023 14:29:03 +0000 (19:29 +0500)]
mqtt: test mqtt frames for truncated messages
Haleema Khan [Fri, 13 Jan 2023 12:28:50 +0000 (17:28 +0500)]
mqtt: test mqtt frames
Lancer Cheng [Mon, 22 May 2023 09:54:14 +0000 (09:54 +0000)]
tests: add test for bug 6008 SMB_COM_WRITE_ANDX data padding issue
Bug #6008
Jeff Lucovsky [Tue, 19 Sep 2023 12:50:12 +0000 (08:50 -0400)]
test/eps: Test updates/additions for 6.0.x
This commit adds support for 6.0.x eps stream reassembly testing
- Output logging of ips drop reasons is limited to 7 and above
- Create 6.0.x specific test cases for -01, -04, -05
Issue: 6364
Jason Ish [Thu, 7 Sep 2023 18:09:41 +0000 (12:09 -0600)]
test: configuration include arrays
Test for configuration include arrays being loaded at the correct
location.
Bug: #6300
Jeff Lucovsky [Tue, 22 Aug 2023 14:57:52 +0000 (10:57 -0400)]
test/stream: Update drop reason per new reason code
Issue: 6235
Jason Ish [Wed, 23 Aug 2023 21:57:58 +0000 (15:57 -0600)]
tests: community id tests for ipv4 and ipv6
The IPv6 uses values confirmed with Zeek.
Issue: #6276
Yatin Kanetkar [Thu, 24 Aug 2023 12:11:23 +0000 (07:11 -0500)]
dhcp: Validate dhcp option 60 is being logged
Jason Ish [Sat, 19 Aug 2023 13:05:54 +0000 (07:05 -0600)]
dns/https: enable for 6.0
Issue: #4751
Cole Dishington [Mon, 31 Jul 2023 02:47:01 +0000 (14:47 +1200)]
iprep: test reputation & category file newline handling
The commit
e7c0f0ad9 src: remove multiple uses of atoi
caused a regression in parsing of ip-rep reputation
config files.
Previously, due to the use of atoi() in parsing ip-rep values,
when the line was split by SRepSplitLine the \r at following the
reputation score was ignored.
Bug: #6243
Victor Julien [Sun, 6 Aug 2023 06:13:35 +0000 (08:13 +0200)]
tests: enable filemagic tests for 6
Victor Julien [Sat, 5 Aug 2023 15:03:57 +0000 (17:03 +0200)]
tests: files update for nocase fix
Victor Julien [Fri, 4 Aug 2023 06:59:16 +0000 (08:59 +0200)]
tests: add bug 6244 RST with data tests
Lancer Cheng [Mon, 8 May 2023 10:00:44 +0000 (10:00 +0000)]
tests: add test for bug 6008 SMB_COM_WRITE_ANDX data offset issue
Bug #6008
Updated by Victor Julien to:
- Trim pcap to only relevant flow
- Add readme and improve tests
Juliana Fajardini [Fri, 28 Jul 2023 18:28:42 +0000 (15:28 -0300)]
tests/verdict: remove min check for version 7
Jeff Lucovsky [Fri, 28 Apr 2023 14:08:52 +0000 (10:08 -0400)]
iprep: Duplicate reputation check
Validate that duplicate reputation entries are handled properly and
don't cause a memory leak.
Issue: 5748
Victor Julien [Sun, 30 Jul 2023 12:05:26 +0000 (14:05 +0200)]
tests: fix exception policy tests
No need for elaborate checks for 6 and 7 for things that shouldn't
happen and can be checked in a simpler way.
Also, don't expect drops in IDS mode.
Shivani Bhardwaj [Thu, 27 Jul 2023 13:19:31 +0000 (18:49 +0530)]
createst: skip pkt_src from test.yaml
Shivani Bhardwaj [Tue, 25 Jul 2023 14:46:39 +0000 (20:16 +0530)]
dcerpc: add test for bug 6191
Juliana Fajardini [Mon, 10 Jul 2023 17:35:51 +0000 (14:35 -0300)]
exception/default: test for behavior in 6 and 7
Juliana Fajardini [Thu, 6 Jul 2023 23:22:36 +0000 (20:22 -0300)]
tests: check midstream exception policy in 6
Related to
Bug #5825
Shivani Bhardwaj [Thu, 27 Jul 2023 14:18:10 +0000 (19:48 +0530)]
filestore-alert-log: require NSS
Shivani Bhardwaj [Thu, 27 Jul 2023 10:58:05 +0000 (16:28 +0530)]
run.py: add failed logs on each failing condition
Shivani Bhardwaj [Wed, 26 Jul 2023 09:57:30 +0000 (15:27 +0530)]
run.py: don't decode already decoded str
Shivani Bhardwaj [Tue, 25 Jul 2023 15:21:05 +0000 (20:51 +0530)]
bug-6207: remove min-version check, require NSS
Eric Leblond [Wed, 19 Oct 2022 14:07:00 +0000 (16:07 +0200)]
tests: filestore alert event
Cole Dishington [Mon, 10 Jul 2023 02:09:16 +0000 (14:09 +1200)]
decode-event: Add test case for GRE packet too small
Add test for IPv4 and IPv6 packets that set proto/next-header to GRE but
have an invalid payload.
Bug: #6222
Philippe Antoine [Thu, 6 Jul 2023 09:35:02 +0000 (11:35 +0200)]
Adds test about DCE decoding
Ticket: #3637
Shivani Bhardwaj [Wed, 19 Jul 2023 12:30:21 +0000 (18:00 +0530)]
workflows: remove sphinx installation
Victor Julien [Sat, 15 Jul 2023 13:27:59 +0000 (15:27 +0200)]
tests/http2: add 6.0.x version of http2-files
Jason Ish [Thu, 1 Jun 2023 21:18:42 +0000 (15:18 -0600)]
test: issue 5868
Victor Julien [Sat, 15 Jul 2023 08:08:08 +0000 (10:08 +0200)]
tests: remove duplicate 5mb pcap; rename to fix typo
Victor Julien [Fri, 14 Jul 2023 04:42:58 +0000 (06:42 +0200)]
tests: expand http2 file test
Limit to 7.
Juliana Fajardini [Tue, 11 Jul 2023 19:25:00 +0000 (16:25 -0300)]
tests: add tests for verdict in alert and drop
Related to
Bug #5464
Shivani Bhardwaj [Tue, 11 Jul 2023 16:40:40 +0000 (22:10 +0530)]
mime: add tests for bug 6207
Jeff Lucovsky [Tue, 11 Jul 2023 12:58:09 +0000 (08:58 -0400)]
config/swf: Test for SWF deprecation warning
Issue: 6182
Jeff Lucovsky [Thu, 30 Mar 2023 13:41:44 +0000 (09:41 -0400)]
test/byte-math: Add 0 divisor test.
Issue: 5945
This commit adds a byte-math test with a zero divisor. Division by 0 is
undefined so there's no match.
Jason Ish [Fri, 17 Feb 2023 18:33:15 +0000 (12:33 -0600)]
test: issue 4759
Andreas Herz [Thu, 19 Jan 2023 09:18:49 +0000 (10:18 +0100)]
test: validate smb share match for bug #5799
Philippe Antoine [Tue, 20 Jun 2023 11:35:41 +0000 (13:35 +0200)]
Adds test about http authentication with bearer
Philippe Antoine [Tue, 20 Jun 2023 08:29:00 +0000 (10:29 +0200)]
tls: adds a test for certificate without issuer
Ticket: #5439
Jeff Lucovsky [Sun, 9 Jul 2023 14:41:11 +0000 (10:41 -0400)]
test/byte_math: Add nbyte variable name tests
Issue: 6145
Add tests related to nbyte variable name usage for byte_math
Jeff Lucovsky [Sat, 10 Jun 2023 13:28:45 +0000 (09:28 -0400)]
detect/bytejump: Test for nbyte variable name
This commit adds tests with a rules that uses an nbyte variable name.
Issue: 6105
Jeff Lucovsky [Fri, 7 Jul 2023 15:30:33 +0000 (11:30 -0400)]
test/byte_test: Add nbyte variable name tests
Issue: 6144
Add tests for new byte_test functionality that permits a variable name
to be used for nbytes.
Shivani Bhardwaj [Thu, 6 Jul 2023 13:18:37 +0000 (18:48 +0530)]
smtp: use simulate-ips and update test
This gives a better estimate of file size and hash for the given pcap.
Philippe Antoine [Tue, 20 Jun 2023 15:28:40 +0000 (17:28 +0200)]
Fix test to use http object instead of http2
Philippe Antoine [Fri, 30 Jun 2023 13:48:55 +0000 (15:48 +0200)]
Adds test for enip
Ticket: #3886
Victor Julien [Sun, 2 Jul 2023 08:12:16 +0000 (10:12 +0200)]
tests: add mixed case tls.fingerprint tests
Victor Julien [Thu, 29 Jun 2023 19:14:47 +0000 (21:14 +0200)]
tests: filename/fileext tests
Victor Julien [Thu, 29 Jun 2023 13:18:05 +0000 (15:18 +0200)]
tests: add filemagic/file.magic tests
Tests for parsing, flowbit matching as well as legacy filemagic
keyword handling.
Eric Leblond [Tue, 19 Feb 2019 21:02:19 +0000 (22:02 +0100)]
filemagic: test interaction with flowbits
Juliana Fajardini [Thu, 1 Dec 2022 15:10:10 +0000 (12:10 -0300)]
tests: add tests for exception policy master switch
Add tests for the new master switch config for the Exception policies.
Added also a check in the exception-policy test that checks the default
behavior, to ensure that things work as expected with the master switch
disabled and the exception policies not set.
Task #5219
Sascha Steinbiss [Fri, 30 Jun 2023 08:18:02 +0000 (10:18 +0200)]
rfb: add test case for logging of partial txs
Cole Dishington [Tue, 23 May 2023 02:28:13 +0000 (14:28 +1200)]
ftp: Add test for FTP bounce attack detection
Add test for false positive and true positive FTP bounce detection.
Bug: #6087
Philippe Antoine [Tue, 16 May 2023 10:07:12 +0000 (12:07 +0200)]
smtp: do not check pcap_cnt for anomalies
Philippe Antoine [Mon, 28 Nov 2022 21:18:16 +0000 (22:18 +0100)]
body_md5 : take every line into account,
also lines that are headers of sub mime parts
and do not take new line post boundary
Philippe Antoine [Thu, 22 Jun 2023 13:13:37 +0000 (15:13 +0200)]
smtp: fix test to avoid counting eol
which is part of boundary, not the file
Ticket: #6023
Thomas Winter [Mon, 15 May 2023 00:03:08 +0000 (12:03 +1200)]
smtp: Add test to match on attachment with md5
Based on the filemd5 test but using smtp attachment instead.
The SMTP transaction contains the EICAR file as an attachment and
the expected md5 to match used is the standard md5 for the EICAR.
Jason Ish [Wed, 28 Jun 2023 17:08:22 +0000 (11:08 -0600)]
test: pcap-log with lz4 write to non-writable directory
Ticket: #5022
Victor Julien [Sat, 11 Mar 2023 06:36:47 +0000 (07:36 +0100)]
tests: add http2 multi-buf test for bug 5780
Philippe Antoine [Tue, 20 Jun 2023 10:02:57 +0000 (12:02 +0200)]
Adds test about http event on chunk extension
Philippe Antoine [Thu, 22 Jun 2023 13:34:34 +0000 (15:34 +0200)]
ci: fix windows CI
By not having links, but using pcap in test.yaml
Cole Dishington [Wed, 24 May 2023 23:25:08 +0000 (11:25 +1200)]
decode-event: Add test for too small UDP and TCP packets
Add test for IPv4 and IPv6 packets that set proto/next-header to UDP and
TCP but have no payload.
Bug: #6086.
Juliana Fajardini [Wed, 14 Jun 2023 22:56:11 +0000 (19:56 -0300)]
tests: add check for bug 6149
Related to
Bug #6149
Shivani Bhardwaj [Wed, 14 Jun 2023 12:26:57 +0000 (17:56 +0530)]
datasets: test to load invalid encoded string
Shivani Bhardwaj [Wed, 14 Jun 2023 12:27:08 +0000 (17:57 +0530)]
run.py: allow matches on substrings in yaml
Juliana Fajardini [Mon, 13 Mar 2023 15:26:25 +0000 (12:26 -0300)]
gitignore: ignore csv file generated by test
datasets-bug-5109 test always generates a csv file. Make sure we don't
mistankenly add it to git.
Juliana Fajardini [Mon, 13 Mar 2023 11:34:54 +0000 (08:34 -0300)]
tests: add test for multi-eve logging
Juliana Fajardini [Fri, 2 Jun 2023 00:42:21 +0000 (21:42 -0300)]
test: add test for bug 6109
In IDS mode, with midstream disabled, it seems that the exception policy
'reject' is applying actions that should only be taken in IPS mode. This
leads to the flow being dropped (or logged as such?) in IDS mode. This
test showcases this.
Bug #6109
Victor Julien [Tue, 23 May 2023 08:03:06 +0000 (10:03 +0200)]
tests: add rule types check
Jason Ish [Wed, 14 Jun 2023 17:50:56 +0000 (10:50 -0700)]
tests/datasets-parent-path: skip filter checks on windows
The test is still run as validating the exit code is still useful.