]> git.ipfire.org Git - thirdparty/suricata-verify.git/commitdiff
projects / thirdparty / suricata-verify.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 205f584)
test-bad-hex-rule-1: add rule with incomplete hex
authorJason Ish <jason.ish@oisf.net>
Tue, 22 Mar 2022 15:53:59 +0000 (09:53 -0600)
committerJason Ish <jason.ish@oisf.net>
Mon, 25 Apr 2022 18:15:57 +0000 (12:15 -0600)
Add a rule with incomplete hex, for example "|22 2 22|" which
should result in a parse error.

Ticket #5201.

tests/test-bad-hex-rule-1/test.rules patch | blob | blame | history
tests/test-bad-hex-rule-1/test.yaml patch | blob | blame | history

diff --git a/tests/test-bad-hex-rule-1/test.rules b/tests/test-bad-hex-rule-1/test.rules
index 1c79176605ad173590592a386e17b225be83efa5..4d4f3df978cfbecc82f900b7e7a680130b00a329 100644 (file)
--- a/tests/test-bad-hex-rule-1/test.rules
+++ b/tests/test-bad-hex-rule-1/test.rules
@@ -1 +1,2 @@
 alert tcp any any -> any any (msg:"invalid hex test rule"; content:"|l0 01 01|"; sid:12345; rev:1;)
+alert tcp any any -> any any (msg:"invalid hex test rule"; content:"|22 2 22|"; sid:12346; rev:1;)
diff --git a/tests/test-bad-hex-rule-1/test.yaml b/tests/test-bad-hex-rule-1/test.yaml
index 89782784086a176abafe945aadc91f20ecd7aba5..3e9c8306da9e164ad08de6552dd61bdee21380ba 100644 (file)
--- a/tests/test-bad-hex-rule-1/test.yaml
+++ b/tests/test-bad-hex-rule-1/test.yaml
@@ -21,3 +21,9 @@ checks:
       match:
         event_type: engine
         engine.error: "SC_ERR_NO_RULES_LOADED"
+
+  - filter:
+      count: 1
+      match:
+        event_type: engine
+        engine.message: "Incomplete hex code in content - |22 2 22|. Invalidating signature."
Mirror of https://github.com/OISF/suricata-verify.git