]> git.ipfire.org Git - thirdparty/suricata-verify.git/commitdiff
projects / thirdparty / suricata-verify.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 1226dc3)
tests: update tests for smb.version keyword
authorjason taylor <jtfas90@gmail.com>
Mon, 28 Aug 2023 21:43:10 +0000 (21:43 +0000)
committerVictor Julien <victor@inliniac.net>
Fri, 19 Jan 2024 12:02:14 +0000 (13:02 +0100)
Signed-off-by: jason taylor <jtfas90@gmail.com>
tests/smb-smb_version/test.rules [deleted file] patch | blob | blame | history
tests/smb-version-keyword-invalid/README.md [new file with mode: 0644] patch | blob
tests/smb-version-keyword-invalid/test.rules [new file with mode: 0644] patch | blob
tests/smb-version-keyword-invalid/test.yaml [new file with mode: 0644] patch | blob
tests/smb-version-keyword/README.md [new file with mode: 0644] patch | blob
tests/smb-version-keyword/input.pcap [moved from tests/smb-smb_version/input.pcap with 100% similarity] patch | blob | blame | history
tests/smb-version-keyword/test.rules [new file with mode: 0644] patch | blob
tests/smb-version-keyword/test.yaml [moved from tests/smb-smb_version/test.yaml with 100% similarity] patch | blob | blame | history

diff --git a/tests/smb-smb_version/test.rules b/tests/smb-smb_version/test.rules
deleted file mode 100644 (file)
index 466ffd7..0000000
--- a/tests/smb-smb_version/test.rules
+++ /dev/null
@@ -1,3 +0,0 @@
-
-alert tcp any any -> any any (msg:"SMB1 Request"; smb.version:1;sid:1;)
-alert tcp any any -> any any (msg:"SMB2 Request"; smb.version:2;sid:2;)
diff --git a/tests/smb-version-keyword-invalid/README.md b/tests/smb-version-keyword-invalid/README.md
new file mode 100644 (file)
index 0000000..5acc653
--- /dev/null
+++ b/tests/smb-version-keyword-invalid/README.md
@@ -0,0 +1,4 @@
+TEST
+====
+
+Test invalid smb.version keyword syntax in signature
diff --git a/tests/smb-version-keyword-invalid/test.rules b/tests/smb-version-keyword-invalid/test.rules
new file mode 100644 (file)
index 0000000..3127cfb
--- /dev/null
+++ b/tests/smb-version-keyword-invalid/test.rules
@@ -0,0 +1 @@
+alert smb any any -> any any (msg:"Two smb version declarations"; flow:established; smb.version:2; smb.version:1; sid:1;)
diff --git a/tests/smb-version-keyword-invalid/test.yaml b/tests/smb-version-keyword-invalid/test.yaml
new file mode 100644 (file)
index 0000000..a59b32c
--- /dev/null
+++ b/tests/smb-version-keyword-invalid/test.yaml
@@ -0,0 +1,14 @@
+requires:
+  min-version: 7
+
+args:
+- -k none
+
+pcap: ../smb-version-keyword/input.pcap
+
+checks:
+- shell:
+    args: grep "Can't use 2 or more smb.version declarations" suricata.log | wc -l | xargs
+    expect: 1
+
+exit-code: 1
diff --git a/tests/smb-version-keyword/README.md b/tests/smb-version-keyword/README.md
new file mode 100644 (file)
index 0000000..6a0625c
--- /dev/null
+++ b/tests/smb-version-keyword/README.md
@@ -0,0 +1,14 @@
+Test
+====
+
+Test alerts with the smb.version keyword
+
+PCAP
+----
+
+The pcap is a sample of network traffic provided by the original author.
+
+Related Issues
+--------------
+
+https://redmine.openinfosecfoundation.org/issues/5075
diff --git a/tests/smb-version-keyword/test.rules b/tests/smb-version-keyword/test.rules
new file mode 100644 (file)
index 0000000..02617e9
--- /dev/null
+++ b/tests/smb-version-keyword/test.rules
@@ -0,0 +1,2 @@
+alert smb any any -> any any (msg:"SMBv1 Request"; smb.version:1; sid:1;)
+alert smb any any -> any any (msg:"SMBv2 Request"; smb.version:2; sid:2;)
Mirror of https://github.com/OISF/suricata-verify.git