]>
git.ipfire.org Git - thirdparty/suricata-verify.git/log
Hadiqa Alamdar Bukhari [Tue, 26 Dec 2023 10:00:08 +0000 (15:00 +0500)]
test: add test for dns.rcode
Feature #6621
Shivani Bhardwaj [Wed, 21 Feb 2024 09:50:42 +0000 (15:20 +0530)]
detect/port: add rule grouping tests
Hadiqa Alamdar Bukhari [Fri, 2 Feb 2024 13:38:49 +0000 (18:38 +0500)]
test: add test for dns.rrtype
Feature #6666
Giuseppe Longo [Thu, 13 Apr 2023 16:59:03 +0000 (18:59 +0200)]
sip: add tests for sip over tcp
Philippe Antoine [Thu, 22 Feb 2024 20:35:06 +0000 (21:35 +0100)]
mqtt: frameswith multiple PDUs backport
Ticket: 6592
Philippe Antoine [Thu, 18 Jan 2024 12:39:47 +0000 (13:39 +0100)]
dns: adds test for sshfp
Lukas Sismis [Tue, 6 Feb 2024 10:54:03 +0000 (11:54 +0100)]
tcp: add a SYN packet test to verify correct flow output
Ticket: #6733
Philippe Antoine [Wed, 14 Feb 2024 21:16:28 +0000 (22:16 +0100)]
http: adds another test for http.request_header keyword
Ticket: 6483
Philippe Antoine [Tue, 6 Feb 2024 13:52:15 +0000 (14:52 +0100)]
ssh: do not enforce pcap_cnt
As this is an invalid tcp packet, that should not run any tx
detection on it.
Ticket: 6775
Philippe Antoine [Thu, 25 Jan 2024 15:00:02 +0000 (16:00 +0100)]
http2: adds test with continuation frames
Ticket: 5926
Philippe Antoine [Mon, 12 Feb 2024 13:02:40 +0000 (14:02 +0100)]
http: adds test with chunked as a token
Ticket: 6415
Philippe Antoine [Thu, 15 Feb 2024 08:24:30 +0000 (09:24 +0100)]
filestore: directionality fix backported to 7
Shivani Bhardwaj [Mon, 18 Dec 2023 08:16:03 +0000 (13:46 +0530)]
add test for bug 6617
Jeff Lucovsky [Wed, 24 Jan 2024 14:43:25 +0000 (09:43 -0500)]
test/mqtt: Improve multi PDU parsing
Issue: 6592
Jason Ish [Mon, 12 Feb 2024 15:54:07 +0000 (09:54 -0600)]
check-eve: open files with utf-8 encoding
Not needed in modern versions of Python, but required for older
versions like 3.6.
Philippe Antoine [Fri, 9 Feb 2024 16:30:29 +0000 (17:30 +0100)]
Adds test for http.request_header and http.response_header keywords
Ticket: 6736
Victor Julien [Wed, 9 Aug 2023 11:12:45 +0000 (13:12 +0200)]
tests: add multi-tenancy tests
Philippe Antoine [Wed, 24 Jan 2024 12:07:11 +0000 (13:07 +0100)]
http: adds test with HTTP not being 0.9
Ticket: 6643
If the request is junk, and the response is valid HTTP/1.1,
we should handle the response as HTTP/1.1, not HTTP 0.9
Philippe Antoine [Tue, 5 Dec 2023 08:26:39 +0000 (09:26 +0100)]
exception-policy: fix test to be more robust
We do not want to test number of alerts on every pseudo-packets
Ticket: 6578
Philippe Antoine [Mon, 27 Nov 2023 19:02:11 +0000 (20:02 +0100)]
tls: do not check pcap_cnt
as a tls event can come from a flush after setting no_inspection
Jason Ish [Wed, 24 Jan 2024 15:29:36 +0000 (09:29 -0600)]
tests/requires: test failure case
Break the requires test into 2 tests. One that runs to success so we
can verify the output.
A second that is expected to fail due to fatal init errors.
Ticket: #6710
Modupe Falodun [Fri, 4 Mar 2022 10:41:30 +0000 (11:41 +0100)]
detect-pcre: add assorted tests
Bring previously Suricata unit tests as suricata-verify tests.
Conversions mapping:
- detect-pcre-01: DetectPcreModifPTest04
- detect-pcre-02: DetectPcreModifPTest05
- detect-pcre-03: DetectPcreTestSig01-03
- detect-pcre-04: DetectPcreTestSig09-16
- detect-pcre-05: DetectPcreFlowvarCapture01- 03
Task #6147
Philippe Antoine [Thu, 21 Dec 2023 12:17:15 +0000 (13:17 +0100)]
Adds test that we parse http not as 0.9
Ticket: 6643
Jason Ish [Mon, 22 Jan 2024 14:33:07 +0000 (08:33 -0600)]
tests/requires: fix for suricata 8
Suricata 8 will have 7 rules skipped, Suricata 7.0.3+ will have 6 rules
skipped as there is a rule in here for Suricata >= 7.0.3 but less than
8.
Daniel Olatunji [Fri, 19 Jan 2024 07:39:19 +0000 (08:39 +0100)]
detect-engine-state: add assorted tests
Task: 6146
Add previously Suricata unittests as Suricata-verify tests.
Jason Ish [Wed, 3 Jan 2024 20:33:26 +0000 (14:33 -0600)]
check-eve: test for duplicate json keys
Add a duplicate key check to check-eve. If a duplicate key is found
in a JSON record, the test will fail with a schema error.
Jason Ish [Sat, 20 Jan 2024 17:01:12 +0000 (10:01 -0700)]
tests/requires: updates to support 7.0.3
Jeff Lucovsky [Sat, 20 Jan 2024 15:49:47 +0000 (10:49 -0500)]
tests/swf: SWF deprecation has been deprecated
Issue: 6606
Remove deprecated deprecation notice for SWF.
jason taylor [Wed, 29 Nov 2023 18:35:31 +0000 (18:35 +0000)]
tests: update smb.keyword min suri version
Signed-off-by: jason taylor <jtfas90@gmail.com>
jason taylor [Mon, 28 Aug 2023 21:43:10 +0000 (21:43 +0000)]
tests: update tests for smb.version keyword
Signed-off-by: jason taylor <jtfas90@gmail.com>
Eloy Pérez González [Tue, 1 Mar 2022 14:56:06 +0000 (15:56 +0100)]
smb-smb_version: update test to match also responses
Eloy Pérez González [Mon, 14 Feb 2022 09:58:34 +0000 (10:58 +0100)]
smb-smb_version: new test
Philippe Antoine [Tue, 16 Jan 2024 10:55:31 +0000 (11:55 +0100)]
transform: test strip-pseudo-headers from version 7
Ticket: 6614
Philippe Antoine [Tue, 12 Dec 2023 08:30:18 +0000 (09:30 +0100)]
test: adds test for strip_pseudo_headers transform
Ticket: 6546
Jason Ish [Tue, 19 Dec 2023 18:10:50 +0000 (12:10 -0600)]
requires: check stat; unknown requires keyword
Juliana Fajardini [Wed, 26 Jul 2023 15:18:58 +0000 (12:18 -0300)]
stats: add checks for drop reason counters
Leaving checks for stream reassembly aside as those were already added
by another commit.
Related to Task #6230
Task #6571
Philippe Antoine [Sun, 19 Nov 2023 20:02:17 +0000 (21:02 +0100)]
test: http2 user info now works from version 7
After backports have been merged
Jason Ish [Tue, 14 Nov 2023 17:29:45 +0000 (11:29 -0600)]
runner: fix python escaping warnings
Jason Ish [Wed, 28 Jun 2023 22:10:52 +0000 (16:10 -0600)]
readme: remove extraneous whitespace
Jason Ish [Wed, 28 Jun 2023 21:22:58 +0000 (15:22 -0600)]
runner: allow a test to be retried
Add a new parameter, retry that takes count. If the checks fail, the
test will be re-run. This could help us deal with failures in tests
that are sensitive to timing.
Jason Ish [Fri, 1 Dec 2023 21:18:31 +0000 (15:18 -0600)]
test: tests for requires keyword
Feature: #5972
Jason Ish [Fri, 1 Dec 2023 21:04:19 +0000 (15:04 -0600)]
readme: example of requiring files to exist
Philippe Antoine [Fri, 1 Dec 2023 20:56:03 +0000 (21:56 +0100)]
Add test about enip stats with _udp prefix
Ticket: 6304
Juliana Fajardini [Fri, 15 Dec 2023 18:46:28 +0000 (15:46 -0300)]
test/pgsql: update cancel request min-version test
Related to
Bug #6581
Juliana Fajardini [Fri, 8 Dec 2023 20:47:19 +0000 (17:47 -0300)]
tests: add pgsql cancel request tests
Showcase CancelRequest postgresql message output.
Related to
Task #6577
Philippe Antoine [Wed, 13 Dec 2023 19:25:41 +0000 (20:25 +0100)]
http2: http_response_line exact in main7
Ticket: 6547
Jason Ish [Wed, 15 Nov 2023 17:21:24 +0000 (11:21 -0600)]
test: new test for dns.query.name
Jason Ish [Wed, 15 Nov 2023 17:21:12 +0000 (11:21 -0600)]
test: new test for dns.answer.name
Hadiqa Alamdar Bukhari [Wed, 13 Dec 2023 11:23:16 +0000 (16:23 +0500)]
tests: add rule type check for flowbits
Task #6309
Philippe Antoine [Thu, 23 Nov 2023 09:13:46 +0000 (10:13 +0100)]
http2: check for http_response_line exact content
Ticket: 6547
Philippe Antoine [Tue, 12 Dec 2023 07:52:25 +0000 (08:52 +0100)]
detect/transform/header_lowercase: support from 7.0.3
Juliana Fajardini [Wed, 6 Dec 2023 14:47:08 +0000 (11:47 -0300)]
tests/pgsql: test pgsql probing bug for version 7
Juliana Fajardini [Tue, 5 Dec 2023 13:53:11 +0000 (10:53 -0300)]
tests/pgsql: update password log disabled msgs
Removing the white spaces from this log output, as these can cause
issues with grepping commands querying log results, and also doesn't
show a consistent behavior among different environments.
Juliana Fajardini [Tue, 28 Nov 2023 21:19:48 +0000 (18:19 -0300)]
tests: add test for pgsql probe bug 6080
Add test for pgsql probing function bug 6080.
Crafted pcap.
Related to
Bug #6080
Philippe Antoine [Fri, 12 May 2023 10:28:05 +0000 (12:28 +0200)]
krb5: improves check for alert app-layer data
Philippe Antoine [Thu, 11 May 2023 09:21:32 +0000 (11:21 +0200)]
tftp: improves check for alert app-layer data
Philippe Antoine [Thu, 11 May 2023 09:21:11 +0000 (11:21 +0200)]
ftp: improves check for alert app-layer data
Philippe Antoine [Thu, 9 Nov 2023 09:40:02 +0000 (10:40 +0100)]
test: adds test for header_lowercase transform
Sascha Steinbiss [Wed, 11 Oct 2023 20:21:46 +0000 (22:21 +0200)]
mqtt: add test case for protocol string keyword
Ticket: OISF#6396
Victor Julien [Fri, 17 Nov 2023 11:33:45 +0000 (12:33 +0100)]
tests: fix requirements to pass on 6 and 7
Jason Ish [Thu, 16 Nov 2023 21:45:11 +0000 (15:45 -0600)]
github-ci: add main-7.0.x
Juliana Fajardini [Tue, 24 Oct 2023 19:51:13 +0000 (16:51 -0300)]
tests: add more uricontent tests
Modupe Falodun [Wed, 9 Feb 2022 12:14:09 +0000 (13:14 +0100)]
detect-uricontent: add tests
Task: 4911
Juliana Fajardini [Mon, 23 Oct 2023 20:01:37 +0000 (17:01 -0300)]
tests/tcp-hdr: actually test tcp-hdr keyword
Noticed that the tcp-hdr keyword test rule was actually using tcp.mss.
Adjusted it to use tcp.hdr instead.
jason taylor [Thu, 12 Oct 2023 13:31:12 +0000 (13:31 +0000)]
tests: add tests for tls.cert_chain_len
Ticket: #6386
Signed-off-by: jason taylor <jtfas90@gmail.com>
Shivani Bhardwaj [Wed, 8 Feb 2023 11:32:29 +0000 (17:02 +0530)]
tests: add test for smtp LF post line limit
Shivani Bhardwaj [Sat, 6 May 2023 11:43:03 +0000 (17:13 +0530)]
smtp: add test for cmd after long line w LF
Shivani Bhardwaj [Fri, 5 May 2023 08:24:15 +0000 (13:54 +0530)]
smtp: add test for long DATA post boundary
Shivani Bhardwaj [Tue, 30 May 2023 15:35:18 +0000 (21:05 +0530)]
smtp: add test for bug 6053
Philippe Antoine [Tue, 7 Nov 2023 16:22:14 +0000 (17:22 +0100)]
tests: adds a test for http2 with userinfo in uri
Ticket: #6426
Jeff Lucovsky [Sat, 11 Nov 2023 08:50:21 +0000 (03:50 -0500)]
test/transform: Tests for case changing transforms
Issue: 6439
Tests for case-changing transforms:
- to_lowercase
- to_uppercase
Philippe Antoine [Tue, 20 Jun 2023 13:56:19 +0000 (15:56 +0200)]
Adds a test about flow.pkts_toclient keyword
And the similar keywords about packets and bytes of a flow
Victor Julien [Thu, 16 Nov 2023 09:38:59 +0000 (10:38 +0100)]
tests: fix distance test for 7 and 8
Philippe Antoine [Mon, 6 Nov 2023 15:35:03 +0000 (16:35 +0100)]
tests: Add a test for http2 authority mismatch event
Ticket: #6425
Lukas Sismis [Wed, 23 Aug 2023 11:32:26 +0000 (13:32 +0200)]
tests: add a test for a bug 6278
tests include:
- non-existent user
- NULL user (empty user string)
Shivani Bhardwaj [Tue, 31 Oct 2023 08:56:48 +0000 (14:26 +0530)]
bug-4623: remove version check
Jason Ish [Fri, 27 Oct 2023 18:50:25 +0000 (12:50 -0600)]
test: test for empty dns/eve formats
Test that when dns/eve "formats" is empty, it uses the default of all.
Bug: #6420
Jeff Lucovsky [Fri, 27 Oct 2023 13:00:57 +0000 (09:00 -0400)]
detect/bytejump: Test from issue 4623
Issue: 4623
This commit uses the pcap and rules from issue 4623 to validate the
fixes.
Shivani Bhardwaj [Thu, 5 Oct 2023 07:06:56 +0000 (12:36 +0530)]
detect/bytejump: remove version check
Victor Julien [Fri, 13 Oct 2023 14:18:56 +0000 (16:18 +0200)]
tests: add bug 6402 test
Victor Julien [Thu, 12 Oct 2023 11:52:54 +0000 (13:52 +0200)]
tests: add test for issue 6397
Philippe Antoine [Wed, 27 Sep 2023 11:57:33 +0000 (13:57 +0200)]
Adds test for quic v2
Juliana Fajardini [Fri, 15 Sep 2023 01:30:48 +0000 (22:30 -0300)]
tests: add rule type check for iptops
Related to
Task #6348
Jeff Lucovsky [Fri, 8 Sep 2023 14:25:15 +0000 (10:25 -0400)]
detect/bytejump: Handle post_offset changes
Issue: 4624
Update test case and add one to reflect post_offset handling
differences. post_offset values that move before the buffer are treated
as though they move to the buffer start.
Philippe Antoine [Tue, 19 Sep 2023 08:30:03 +0000 (10:30 +0200)]
Adds test about mime when stream depth is reached
Jason Ish [Thu, 28 Sep 2023 18:11:15 +0000 (12:11 -0600)]
runner: fail test if pcap cannot be found
Will fail with an error like:
FAILED: PCAP filename does not exist: ../tls/tls-certs-alert/input.pcap
Shivani Bhardwaj [Fri, 18 Aug 2023 13:07:57 +0000 (18:37 +0530)]
tests: deduplicate pcaps, cleanup extras
Related to Redmine ticket 5908
Jeff Lucovsky [Mon, 12 Jun 2023 13:41:57 +0000 (09:41 -0400)]
detect/bytemath: Test multiplier operator
Issue: 6070
This commit adds a test for the byte-math multiplication operator. The
operator was missing from 6.0.x; however, this test applies to 6.0.x and
later once the Suricata PR is merged.
Philippe Antoine [Thu, 31 Aug 2023 09:52:15 +0000 (11:52 +0200)]
mime: add previous suricata unit tests
mime: fix tests for bug-6207
Fix manually crafted pcaps to have valid MIME headers folding
beginning with space
And removing the test for BODY_BOUND which is becoming obsolete
Philippe Antoine [Wed, 13 Sep 2023 12:21:27 +0000 (14:21 +0200)]
bug-6207: fix pcap to get right header folding
Haleema Khan [Fri, 3 Feb 2023 14:29:03 +0000 (19:29 +0500)]
mqtt: test mqtt frames for truncated messages
Haleema Khan [Fri, 13 Jan 2023 12:28:50 +0000 (17:28 +0500)]
mqtt: test mqtt frames
Lancer Cheng [Mon, 22 May 2023 09:54:14 +0000 (09:54 +0000)]
tests: add test for bug 6008 SMB_COM_WRITE_ANDX data padding issue
Bug #6008
Jeff Lucovsky [Tue, 19 Sep 2023 12:50:12 +0000 (08:50 -0400)]
test/eps: Test updates/additions for 6.0.x
This commit adds support for 6.0.x eps stream reassembly testing
- Output logging of ips drop reasons is limited to 7 and above
- Create 6.0.x specific test cases for -01, -04, -05
Issue: 6364
Jason Ish [Thu, 7 Sep 2023 18:09:41 +0000 (12:09 -0600)]
test: configuration include arrays
Test for configuration include arrays being loaded at the correct
location.
Bug: #6300
Jeff Lucovsky [Tue, 22 Aug 2023 14:57:52 +0000 (10:57 -0400)]
test/stream: Update drop reason per new reason code
Issue: 6235
Jason Ish [Wed, 23 Aug 2023 21:57:58 +0000 (15:57 -0600)]
tests: community id tests for ipv4 and ipv6
The IPv6 uses values confirmed with Zeek.
Issue: #6276
Yatin Kanetkar [Thu, 24 Aug 2023 12:11:23 +0000 (07:11 -0500)]
dhcp: Validate dhcp option 60 is being logged
Jason Ish [Sat, 19 Aug 2023 13:05:54 +0000 (07:05 -0600)]
dns/https: enable for 6.0
Issue: #4751
Cole Dishington [Mon, 31 Jul 2023 02:47:01 +0000 (14:47 +1200)]
iprep: test reputation & category file newline handling
The commit
e7c0f0ad9 src: remove multiple uses of atoi
caused a regression in parsing of ip-rep reputation
config files.
Previously, due to the use of atoi() in parsing ip-rep values,
when the line was split by SRepSplitLine the \r at following the
reputation score was ignored.
Bug: #6243