]>
git.ipfire.org Git - thirdparty/suricata-verify.git/log
Jason Ish [Wed, 15 Nov 2023 17:21:24 +0000 (11:21 -0600)]
test: new test for dns.query.name
Jason Ish [Wed, 15 Nov 2023 17:21:12 +0000 (11:21 -0600)]
test: new test for dns.answer.name
Hadiqa Alamdar Bukhari [Wed, 13 Dec 2023 11:23:16 +0000 (16:23 +0500)]
tests: add rule type check for flowbits
Task #6309
Philippe Antoine [Thu, 23 Nov 2023 09:13:46 +0000 (10:13 +0100)]
http2: check for http_response_line exact content
Ticket: 6547
Philippe Antoine [Tue, 12 Dec 2023 07:52:25 +0000 (08:52 +0100)]
detect/transform/header_lowercase: support from 7.0.3
Juliana Fajardini [Wed, 6 Dec 2023 14:47:08 +0000 (11:47 -0300)]
tests/pgsql: test pgsql probing bug for version 7
Juliana Fajardini [Tue, 5 Dec 2023 13:53:11 +0000 (10:53 -0300)]
tests/pgsql: update password log disabled msgs
Removing the white spaces from this log output, as these can cause
issues with grepping commands querying log results, and also doesn't
show a consistent behavior among different environments.
Juliana Fajardini [Tue, 28 Nov 2023 21:19:48 +0000 (18:19 -0300)]
tests: add test for pgsql probe bug 6080
Add test for pgsql probing function bug 6080.
Crafted pcap.
Related to
Bug #6080
Philippe Antoine [Fri, 12 May 2023 10:28:05 +0000 (12:28 +0200)]
krb5: improves check for alert app-layer data
Philippe Antoine [Thu, 11 May 2023 09:21:32 +0000 (11:21 +0200)]
tftp: improves check for alert app-layer data
Philippe Antoine [Thu, 11 May 2023 09:21:11 +0000 (11:21 +0200)]
ftp: improves check for alert app-layer data
Philippe Antoine [Thu, 9 Nov 2023 09:40:02 +0000 (10:40 +0100)]
test: adds test for header_lowercase transform
Sascha Steinbiss [Wed, 11 Oct 2023 20:21:46 +0000 (22:21 +0200)]
mqtt: add test case for protocol string keyword
Ticket: OISF#6396
Victor Julien [Fri, 17 Nov 2023 11:33:45 +0000 (12:33 +0100)]
tests: fix requirements to pass on 6 and 7
Jason Ish [Thu, 16 Nov 2023 21:45:11 +0000 (15:45 -0600)]
github-ci: add main-7.0.x
Juliana Fajardini [Tue, 24 Oct 2023 19:51:13 +0000 (16:51 -0300)]
tests: add more uricontent tests
Modupe Falodun [Wed, 9 Feb 2022 12:14:09 +0000 (13:14 +0100)]
detect-uricontent: add tests
Task: 4911
Juliana Fajardini [Mon, 23 Oct 2023 20:01:37 +0000 (17:01 -0300)]
tests/tcp-hdr: actually test tcp-hdr keyword
Noticed that the tcp-hdr keyword test rule was actually using tcp.mss.
Adjusted it to use tcp.hdr instead.
jason taylor [Thu, 12 Oct 2023 13:31:12 +0000 (13:31 +0000)]
tests: add tests for tls.cert_chain_len
Ticket: #6386
Signed-off-by: jason taylor <jtfas90@gmail.com>
Shivani Bhardwaj [Wed, 8 Feb 2023 11:32:29 +0000 (17:02 +0530)]
tests: add test for smtp LF post line limit
Shivani Bhardwaj [Sat, 6 May 2023 11:43:03 +0000 (17:13 +0530)]
smtp: add test for cmd after long line w LF
Shivani Bhardwaj [Fri, 5 May 2023 08:24:15 +0000 (13:54 +0530)]
smtp: add test for long DATA post boundary
Shivani Bhardwaj [Tue, 30 May 2023 15:35:18 +0000 (21:05 +0530)]
smtp: add test for bug 6053
Philippe Antoine [Tue, 7 Nov 2023 16:22:14 +0000 (17:22 +0100)]
tests: adds a test for http2 with userinfo in uri
Ticket: #6426
Jeff Lucovsky [Sat, 11 Nov 2023 08:50:21 +0000 (03:50 -0500)]
test/transform: Tests for case changing transforms
Issue: 6439
Tests for case-changing transforms:
- to_lowercase
- to_uppercase
Philippe Antoine [Tue, 20 Jun 2023 13:56:19 +0000 (15:56 +0200)]
Adds a test about flow.pkts_toclient keyword
And the similar keywords about packets and bytes of a flow
Victor Julien [Thu, 16 Nov 2023 09:38:59 +0000 (10:38 +0100)]
tests: fix distance test for 7 and 8
Philippe Antoine [Mon, 6 Nov 2023 15:35:03 +0000 (16:35 +0100)]
tests: Add a test for http2 authority mismatch event
Ticket: #6425
Lukas Sismis [Wed, 23 Aug 2023 11:32:26 +0000 (13:32 +0200)]
tests: add a test for a bug 6278
tests include:
- non-existent user
- NULL user (empty user string)
Shivani Bhardwaj [Tue, 31 Oct 2023 08:56:48 +0000 (14:26 +0530)]
bug-4623: remove version check
Jason Ish [Fri, 27 Oct 2023 18:50:25 +0000 (12:50 -0600)]
test: test for empty dns/eve formats
Test that when dns/eve "formats" is empty, it uses the default of all.
Bug: #6420
Jeff Lucovsky [Fri, 27 Oct 2023 13:00:57 +0000 (09:00 -0400)]
detect/bytejump: Test from issue 4623
Issue: 4623
This commit uses the pcap and rules from issue 4623 to validate the
fixes.
Shivani Bhardwaj [Thu, 5 Oct 2023 07:06:56 +0000 (12:36 +0530)]
detect/bytejump: remove version check
Victor Julien [Fri, 13 Oct 2023 14:18:56 +0000 (16:18 +0200)]
tests: add bug 6402 test
Victor Julien [Thu, 12 Oct 2023 11:52:54 +0000 (13:52 +0200)]
tests: add test for issue 6397
Philippe Antoine [Wed, 27 Sep 2023 11:57:33 +0000 (13:57 +0200)]
Adds test for quic v2
Juliana Fajardini [Fri, 15 Sep 2023 01:30:48 +0000 (22:30 -0300)]
tests: add rule type check for iptops
Related to
Task #6348
Jeff Lucovsky [Fri, 8 Sep 2023 14:25:15 +0000 (10:25 -0400)]
detect/bytejump: Handle post_offset changes
Issue: 4624
Update test case and add one to reflect post_offset handling
differences. post_offset values that move before the buffer are treated
as though they move to the buffer start.
Philippe Antoine [Tue, 19 Sep 2023 08:30:03 +0000 (10:30 +0200)]
Adds test about mime when stream depth is reached
Jason Ish [Thu, 28 Sep 2023 18:11:15 +0000 (12:11 -0600)]
runner: fail test if pcap cannot be found
Will fail with an error like:
FAILED: PCAP filename does not exist: ../tls/tls-certs-alert/input.pcap
Shivani Bhardwaj [Fri, 18 Aug 2023 13:07:57 +0000 (18:37 +0530)]
tests: deduplicate pcaps, cleanup extras
Related to Redmine ticket 5908
Jeff Lucovsky [Mon, 12 Jun 2023 13:41:57 +0000 (09:41 -0400)]
detect/bytemath: Test multiplier operator
Issue: 6070
This commit adds a test for the byte-math multiplication operator. The
operator was missing from 6.0.x; however, this test applies to 6.0.x and
later once the Suricata PR is merged.
Philippe Antoine [Thu, 31 Aug 2023 09:52:15 +0000 (11:52 +0200)]
mime: add previous suricata unit tests
mime: fix tests for bug-6207
Fix manually crafted pcaps to have valid MIME headers folding
beginning with space
And removing the test for BODY_BOUND which is becoming obsolete
Philippe Antoine [Wed, 13 Sep 2023 12:21:27 +0000 (14:21 +0200)]
bug-6207: fix pcap to get right header folding
Haleema Khan [Fri, 3 Feb 2023 14:29:03 +0000 (19:29 +0500)]
mqtt: test mqtt frames for truncated messages
Haleema Khan [Fri, 13 Jan 2023 12:28:50 +0000 (17:28 +0500)]
mqtt: test mqtt frames
Lancer Cheng [Mon, 22 May 2023 09:54:14 +0000 (09:54 +0000)]
tests: add test for bug 6008 SMB_COM_WRITE_ANDX data padding issue
Bug #6008
Jeff Lucovsky [Tue, 19 Sep 2023 12:50:12 +0000 (08:50 -0400)]
test/eps: Test updates/additions for 6.0.x
This commit adds support for 6.0.x eps stream reassembly testing
- Output logging of ips drop reasons is limited to 7 and above
- Create 6.0.x specific test cases for -01, -04, -05
Issue: 6364
Jason Ish [Thu, 7 Sep 2023 18:09:41 +0000 (12:09 -0600)]
test: configuration include arrays
Test for configuration include arrays being loaded at the correct
location.
Bug: #6300
Jeff Lucovsky [Tue, 22 Aug 2023 14:57:52 +0000 (10:57 -0400)]
test/stream: Update drop reason per new reason code
Issue: 6235
Jason Ish [Wed, 23 Aug 2023 21:57:58 +0000 (15:57 -0600)]
tests: community id tests for ipv4 and ipv6
The IPv6 uses values confirmed with Zeek.
Issue: #6276
Yatin Kanetkar [Thu, 24 Aug 2023 12:11:23 +0000 (07:11 -0500)]
dhcp: Validate dhcp option 60 is being logged
Jason Ish [Sat, 19 Aug 2023 13:05:54 +0000 (07:05 -0600)]
dns/https: enable for 6.0
Issue: #4751
Cole Dishington [Mon, 31 Jul 2023 02:47:01 +0000 (14:47 +1200)]
iprep: test reputation & category file newline handling
The commit
e7c0f0ad9 src: remove multiple uses of atoi
caused a regression in parsing of ip-rep reputation
config files.
Previously, due to the use of atoi() in parsing ip-rep values,
when the line was split by SRepSplitLine the \r at following the
reputation score was ignored.
Bug: #6243
Victor Julien [Sun, 6 Aug 2023 06:13:35 +0000 (08:13 +0200)]
tests: enable filemagic tests for 6
Victor Julien [Sat, 5 Aug 2023 15:03:57 +0000 (17:03 +0200)]
tests: files update for nocase fix
Victor Julien [Fri, 4 Aug 2023 06:59:16 +0000 (08:59 +0200)]
tests: add bug 6244 RST with data tests
Lancer Cheng [Mon, 8 May 2023 10:00:44 +0000 (10:00 +0000)]
tests: add test for bug 6008 SMB_COM_WRITE_ANDX data offset issue
Bug #6008
Updated by Victor Julien to:
- Trim pcap to only relevant flow
- Add readme and improve tests
Juliana Fajardini [Fri, 28 Jul 2023 18:28:42 +0000 (15:28 -0300)]
tests/verdict: remove min check for version 7
Jeff Lucovsky [Fri, 28 Apr 2023 14:08:52 +0000 (10:08 -0400)]
iprep: Duplicate reputation check
Validate that duplicate reputation entries are handled properly and
don't cause a memory leak.
Issue: 5748
Victor Julien [Sun, 30 Jul 2023 12:05:26 +0000 (14:05 +0200)]
tests: fix exception policy tests
No need for elaborate checks for 6 and 7 for things that shouldn't
happen and can be checked in a simpler way.
Also, don't expect drops in IDS mode.
Shivani Bhardwaj [Thu, 27 Jul 2023 13:19:31 +0000 (18:49 +0530)]
createst: skip pkt_src from test.yaml
Shivani Bhardwaj [Tue, 25 Jul 2023 14:46:39 +0000 (20:16 +0530)]
dcerpc: add test for bug 6191
Juliana Fajardini [Mon, 10 Jul 2023 17:35:51 +0000 (14:35 -0300)]
exception/default: test for behavior in 6 and 7
Juliana Fajardini [Thu, 6 Jul 2023 23:22:36 +0000 (20:22 -0300)]
tests: check midstream exception policy in 6
Related to
Bug #5825
Shivani Bhardwaj [Thu, 27 Jul 2023 14:18:10 +0000 (19:48 +0530)]
filestore-alert-log: require NSS
Shivani Bhardwaj [Thu, 27 Jul 2023 10:58:05 +0000 (16:28 +0530)]
run.py: add failed logs on each failing condition
Shivani Bhardwaj [Wed, 26 Jul 2023 09:57:30 +0000 (15:27 +0530)]
run.py: don't decode already decoded str
Shivani Bhardwaj [Tue, 25 Jul 2023 15:21:05 +0000 (20:51 +0530)]
bug-6207: remove min-version check, require NSS
Eric Leblond [Wed, 19 Oct 2022 14:07:00 +0000 (16:07 +0200)]
tests: filestore alert event
Cole Dishington [Mon, 10 Jul 2023 02:09:16 +0000 (14:09 +1200)]
decode-event: Add test case for GRE packet too small
Add test for IPv4 and IPv6 packets that set proto/next-header to GRE but
have an invalid payload.
Bug: #6222
Philippe Antoine [Thu, 6 Jul 2023 09:35:02 +0000 (11:35 +0200)]
Adds test about DCE decoding
Ticket: #3637
Shivani Bhardwaj [Wed, 19 Jul 2023 12:30:21 +0000 (18:00 +0530)]
workflows: remove sphinx installation
Victor Julien [Sat, 15 Jul 2023 13:27:59 +0000 (15:27 +0200)]
tests/http2: add 6.0.x version of http2-files
Jason Ish [Thu, 1 Jun 2023 21:18:42 +0000 (15:18 -0600)]
test: issue 5868
Victor Julien [Sat, 15 Jul 2023 08:08:08 +0000 (10:08 +0200)]
tests: remove duplicate 5mb pcap; rename to fix typo
Victor Julien [Fri, 14 Jul 2023 04:42:58 +0000 (06:42 +0200)]
tests: expand http2 file test
Limit to 7.
Juliana Fajardini [Tue, 11 Jul 2023 19:25:00 +0000 (16:25 -0300)]
tests: add tests for verdict in alert and drop
Related to
Bug #5464
Shivani Bhardwaj [Tue, 11 Jul 2023 16:40:40 +0000 (22:10 +0530)]
mime: add tests for bug 6207
Jeff Lucovsky [Tue, 11 Jul 2023 12:58:09 +0000 (08:58 -0400)]
config/swf: Test for SWF deprecation warning
Issue: 6182
Jeff Lucovsky [Thu, 30 Mar 2023 13:41:44 +0000 (09:41 -0400)]
test/byte-math: Add 0 divisor test.
Issue: 5945
This commit adds a byte-math test with a zero divisor. Division by 0 is
undefined so there's no match.
Jason Ish [Fri, 17 Feb 2023 18:33:15 +0000 (12:33 -0600)]
test: issue 4759
Andreas Herz [Thu, 19 Jan 2023 09:18:49 +0000 (10:18 +0100)]
test: validate smb share match for bug #5799
Philippe Antoine [Tue, 20 Jun 2023 11:35:41 +0000 (13:35 +0200)]
Adds test about http authentication with bearer
Philippe Antoine [Tue, 20 Jun 2023 08:29:00 +0000 (10:29 +0200)]
tls: adds a test for certificate without issuer
Ticket: #5439
Jeff Lucovsky [Sun, 9 Jul 2023 14:41:11 +0000 (10:41 -0400)]
test/byte_math: Add nbyte variable name tests
Issue: 6145
Add tests related to nbyte variable name usage for byte_math
Jeff Lucovsky [Sat, 10 Jun 2023 13:28:45 +0000 (09:28 -0400)]
detect/bytejump: Test for nbyte variable name
This commit adds tests with a rules that uses an nbyte variable name.
Issue: 6105
Jeff Lucovsky [Fri, 7 Jul 2023 15:30:33 +0000 (11:30 -0400)]
test/byte_test: Add nbyte variable name tests
Issue: 6144
Add tests for new byte_test functionality that permits a variable name
to be used for nbytes.
Shivani Bhardwaj [Thu, 6 Jul 2023 13:18:37 +0000 (18:48 +0530)]
smtp: use simulate-ips and update test
This gives a better estimate of file size and hash for the given pcap.
Philippe Antoine [Tue, 20 Jun 2023 15:28:40 +0000 (17:28 +0200)]
Fix test to use http object instead of http2
Philippe Antoine [Fri, 30 Jun 2023 13:48:55 +0000 (15:48 +0200)]
Adds test for enip
Ticket: #3886
Victor Julien [Sun, 2 Jul 2023 08:12:16 +0000 (10:12 +0200)]
tests: add mixed case tls.fingerprint tests
Victor Julien [Thu, 29 Jun 2023 19:14:47 +0000 (21:14 +0200)]
tests: filename/fileext tests
Victor Julien [Thu, 29 Jun 2023 13:18:05 +0000 (15:18 +0200)]
tests: add filemagic/file.magic tests
Tests for parsing, flowbit matching as well as legacy filemagic
keyword handling.
Eric Leblond [Tue, 19 Feb 2019 21:02:19 +0000 (22:02 +0100)]
filemagic: test interaction with flowbits
Juliana Fajardini [Thu, 1 Dec 2022 15:10:10 +0000 (12:10 -0300)]
tests: add tests for exception policy master switch
Add tests for the new master switch config for the Exception policies.
Added also a check in the exception-policy test that checks the default
behavior, to ensure that things work as expected with the master switch
disabled and the exception policies not set.
Task #5219
Sascha Steinbiss [Fri, 30 Jun 2023 08:18:02 +0000 (10:18 +0200)]
rfb: add test case for logging of partial txs
Cole Dishington [Tue, 23 May 2023 02:28:13 +0000 (14:28 +1200)]
ftp: Add test for FTP bounce attack detection
Add test for false positive and true positive FTP bounce detection.
Bug: #6087
Philippe Antoine [Tue, 16 May 2023 10:07:12 +0000 (12:07 +0200)]
smtp: do not check pcap_cnt for anomalies
Philippe Antoine [Mon, 28 Nov 2022 21:18:16 +0000 (22:18 +0100)]
body_md5 : take every line into account,
also lines that are headers of sub mime parts
and do not take new line post boundary