tests/content: Validate dist/with length checks

author Jeff Lucovsky <jlucovsky@oisf.net>

Wed, 7 Dec 2022 14:57:38 +0000 (09:57 -0500)

committer Shivani Bhardwaj <shivanib134@gmail.com>

Mon, 12 Jun 2023 04:53:03 +0000 (10:23 +0530)
author Jeff Lucovsky <jlucovsky@oisf.net>
Wed, 7 Dec 2022 14:57:38 +0000 (09:57 -0500)
committer Shivani Bhardwaj <shivanib134@gmail.com>
Mon, 12 Jun 2023 04:53:03 +0000 (10:23 +0530)
diff --git a/tests/test-content-limits-1/suricata.yaml b/tests/test-content-limits-1/suricata.yaml

new file mode 100644 (file)

index 0000000..dcaae57
--- /dev/null
+++ b/tests/test-content-limits-1/suricata.yaml
@@ -0,0 +1,10 @@
+%YAML 1.1
+---
+
+logging:
+  default-log-level: info
+  outputs:
+  - file:
+      enabled: yes
+      filename: eve.json
+      type: json
diff --git a/tests/test-content-limits-1/test.rules b/tests/test-content-limits-1/test.rules

new file mode 100644 (file)

index 0000000..ed4257b
--- /dev/null
+++ b/tests/test-content-limits-1/test.rules
@@ -0,0 +1,4 @@
+drop ip :: 0 <> :: 2 (msg:"Invalid within" ;content:" ";within:1048577;dsize:4; sid:1;)
+drop ip :: 0 <> :: 2 (msg:"Invalid within" ;content:" ";within:-1048577;dsize:4; sid:2;)
+drop ip :: 0 <> :: 2 (msg:"Invalid distance" ;content:" ";distance:1048577;dsize:4; sid:3;)
+drop ip :: 0 <> :: 2 (msg:"Invalid distance" ;content:" ";distance:-1048577;dsize:4; sid:4;)
diff --git a/tests/test-content-limits-1/test.yaml b/tests/test-content-limits-1/test.yaml

new file mode 100644 (file)

index 0000000..a645919
--- /dev/null
+++ b/tests/test-content-limits-1/test.yaml
@@ -0,0 +1,50 @@
+requires:
+  min-version: 7
+
+command: |
+  ${SRCDIR}/src/suricata --set classification-file="${SRCDIR}/classification.config" --set reference-config-file="${SRCDIR}/reference.config" -l ${OUTPUT_DIR} -c ${TEST_DIR}/suricata.yaml -r ${TEST_DIR}/ -S ${TEST_DIR}/test.rules
+
+checks:
+  # check that we have the following entries in eve.json
+  # match 1 specific rule load failure reason
+  - filter:
+      count: 2
+      match:
+        event_type: engine
+        engine.module: detect-within
+
+  - filter:
+      count: 2
+      match:
+        event_type: engine
+        engine.module: detect-distance
+
+  - filter:
+      count: 1
+      match:
+        event_type: engine
+        engine.message: "invalid value for distance: 1048577"
+
+  - filter:
+      count: 1
+      match:
+        event_type: engine
+        engine.message: "invalid value for distance: -1048577"
+
+  - filter:
+      count: 1
+      match:
+        event_type: engine
+        engine.message: "invalid value for within: 1048577"
+
+  - filter:
+      count: 1
+      match:
+        event_type: engine
+        engine.message: "invalid value for within: -1048577"
+
+  - filter:
+      count: 1
+      match:
+        event_type: engine
+        engine.message: "1 rule files specified, but no rules were loaded!"
author	Jeff Lucovsky <jlucovsky@oisf.net>
	Wed, 7 Dec 2022 14:57:38 +0000 (09:57 -0500)
committer	Shivani Bhardwaj <shivanib134@gmail.com>
	Mon, 12 Jun 2023 04:53:03 +0000 (10:23 +0530)
tests/test-content-limits-1/suricata.yaml	[new file with mode: 0644]	patch \| blob
tests/test-content-limits-1/test.rules	[new file with mode: 0644]	patch \| blob
tests/test-content-limits-1/test.yaml	[new file with mode: 0644]	patch \| blob