tests: add tests for iprep bug 6834

diff --git a/tests/iprep-03-bug-6834/categories.txt b/tests/iprep-03-bug-6834/categories.txt
new file mode 100644 (file)
index 0000000..a85fb88
--- /dev/null
+++ b/tests/iprep-03-bug-6834/categories.txt
@@ -0,0 +1 @@
+1,test,Testing

diff --git a/tests/iprep-03-bug-6834/iprep.list b/tests/iprep-03-bug-6834/iprep.list
new file mode 100644 (file)
index 0000000..4ffac54
--- /dev/null
+++ b/tests/iprep-03-bug-6834/iprep.list
@@ -0,0 +1 @@
+192.168.0.13,1,0

diff --git a/tests/iprep-03-bug-6834/iprep.rules b/tests/iprep-03-bug-6834/iprep.rules
new file mode 100644 (file)
index 0000000..a351165
--- /dev/null
+++ b/tests/iprep-03-bug-6834/iprep.rules
@@ -0,0 +1,3 @@
+alert ip any any -> any any (itype:8; iprep:src,test,=,0; sid:1;)
+alert ip any any -> any any (itype:8; iprep:src,test,<,10; sid:2;)
+alert ip any any -> any any (itype:8; iprep:src,test,!=,1; sid:3;)

diff --git a/tests/iprep-03-bug-6834/suricata.yaml b/tests/iprep-03-bug-6834/suricata.yaml
new file mode 100644 (file)
index 0000000..5f49bdb
--- /dev/null
+++ b/tests/iprep-03-bug-6834/suricata.yaml
@@ -0,0 +1,12 @@
+%YAML 1.1
+---
+
+reputation-files:
+  - iprep.list
+
+outputs:
+  - eve-log:
+      enabled: yes
+      filetype: regular
+      types:
+        - alert

diff --git a/tests/iprep-03-bug-6834/test.yaml b/tests/iprep-03-bug-6834/test.yaml
new file mode 100644 (file)
index 0000000..7aacf40
--- /dev/null
+++ b/tests/iprep-03-bug-6834/test.yaml
@@ -0,0 +1,25 @@
+requires:
+  min-version: 8
+
+command: |
+  ${SRCDIR}/src/suricata  -l ${OUTPUT_DIR}                                              \
+      -c ${TEST_DIR}/suricata.yaml                                                      \
+      -r ../issue-4280-iprep/input.pcap -S ${TEST_DIR}/iprep.rules                      \
+      --data-dir="${OUTPUT_DIR}"                                                        \
+      --set default-reputation-path=${TEST_DIR}                                         \
+      --set reputation-categories-file=${TEST_DIR}/categories.txt                       \
+      --set reputation-files=${TEST_DIR}/iprep.list
+
+checks:
+  - filter:
+      count: 10
+      match:
+        alert.signature_id: 1
+  - filter:
+      count: 10
+      match:
+        alert.signature_id: 2
+  - filter:
+      count: 10
+      match:
+        alert.signature_id: 3

diff --git a/tests/iprep-04-bug-6834-any/categories.txt b/tests/iprep-04-bug-6834-any/categories.txt
new file mode 100644 (file)
index 0000000..a85fb88
--- /dev/null
+++ b/tests/iprep-04-bug-6834-any/categories.txt
@@ -0,0 +1 @@
+1,test,Testing

diff --git a/tests/iprep-04-bug-6834-any/iprep.list b/tests/iprep-04-bug-6834-any/iprep.list
new file mode 100644 (file)
index 0000000..4ffac54
--- /dev/null
+++ b/tests/iprep-04-bug-6834-any/iprep.list
@@ -0,0 +1 @@
+192.168.0.13,1,0

diff --git a/tests/iprep-04-bug-6834-any/iprep.rules b/tests/iprep-04-bug-6834-any/iprep.rules
new file mode 100644 (file)
index 0000000..384dbc9
--- /dev/null
+++ b/tests/iprep-04-bug-6834-any/iprep.rules
@@ -0,0 +1,3 @@
+alert ip any any -> any any (itype:8; iprep:any,test,=,0; sid:1;)
+alert ip any any -> any any (itype:8; iprep:any,test,<,10; sid:2;)
+alert ip any any -> any any (itype:8; iprep:any,test,!=,1; sid:3;)

diff --git a/tests/iprep-04-bug-6834-any/suricata.yaml b/tests/iprep-04-bug-6834-any/suricata.yaml
new file mode 100644 (file)
index 0000000..5f49bdb
--- /dev/null
+++ b/tests/iprep-04-bug-6834-any/suricata.yaml
@@ -0,0 +1,12 @@
+%YAML 1.1
+---
+
+reputation-files:
+  - iprep.list
+
+outputs:
+  - eve-log:
+      enabled: yes
+      filetype: regular
+      types:
+        - alert

diff --git a/tests/iprep-04-bug-6834-any/test.yaml b/tests/iprep-04-bug-6834-any/test.yaml
new file mode 100644 (file)
index 0000000..7aacf40
--- /dev/null
+++ b/tests/iprep-04-bug-6834-any/test.yaml
@@ -0,0 +1,25 @@
+requires:
+  min-version: 8
+
+command: |
+  ${SRCDIR}/src/suricata  -l ${OUTPUT_DIR}                                              \
+      -c ${TEST_DIR}/suricata.yaml                                                      \
+      -r ../issue-4280-iprep/input.pcap -S ${TEST_DIR}/iprep.rules                      \
+      --data-dir="${OUTPUT_DIR}"                                                        \
+      --set default-reputation-path=${TEST_DIR}                                         \
+      --set reputation-categories-file=${TEST_DIR}/categories.txt                       \
+      --set reputation-files=${TEST_DIR}/iprep.list
+
+checks:
+  - filter:
+      count: 10
+      match:
+        alert.signature_id: 1
+  - filter:
+      count: 10
+      match:
+        alert.signature_id: 2
+  - filter:
+      count: 10
+      match:
+        alert.signature_id: 3

diff --git a/tests/iprep-05-bug-6834-both/categories.txt b/tests/iprep-05-bug-6834-both/categories.txt
new file mode 100644 (file)
index 0000000..a85fb88
--- /dev/null
+++ b/tests/iprep-05-bug-6834-both/categories.txt
@@ -0,0 +1 @@
+1,test,Testing

diff --git a/tests/iprep-05-bug-6834-both/iprep.list b/tests/iprep-05-bug-6834-both/iprep.list
new file mode 100644 (file)
index 0000000..09b890c
--- /dev/null
+++ b/tests/iprep-05-bug-6834-both/iprep.list
@@ -0,0 +1,2 @@
+192.168.0.13,1,0
+8.8.8.8,1,0

diff --git a/tests/iprep-05-bug-6834-both/iprep.rules b/tests/iprep-05-bug-6834-both/iprep.rules
new file mode 100644 (file)
index 0000000..b8a829e
--- /dev/null
+++ b/tests/iprep-05-bug-6834-both/iprep.rules
@@ -0,0 +1,3 @@
+alert ip any any -> any any (itype:8; iprep:both,test,=,0; sid:1;)
+alert ip any any -> any any (itype:8; iprep:both,test,<,10; sid:2;)
+alert ip any any -> any any (itype:8; iprep:both,test,!=,1; sid:3;)

diff --git a/tests/iprep-05-bug-6834-both/suricata.yaml b/tests/iprep-05-bug-6834-both/suricata.yaml
new file mode 100644 (file)
index 0000000..5f49bdb
--- /dev/null
+++ b/tests/iprep-05-bug-6834-both/suricata.yaml
@@ -0,0 +1,12 @@
+%YAML 1.1
+---
+
+reputation-files:
+  - iprep.list
+
+outputs:
+  - eve-log:
+      enabled: yes
+      filetype: regular
+      types:
+        - alert

diff --git a/tests/iprep-05-bug-6834-both/test.yaml b/tests/iprep-05-bug-6834-both/test.yaml
new file mode 100644 (file)
index 0000000..06b4785
--- /dev/null
+++ b/tests/iprep-05-bug-6834-both/test.yaml
@@ -0,0 +1,25 @@
+requires:
+  min-version: 8
+
+command: |
+  ${SRCDIR}/src/suricata  -l ${OUTPUT_DIR}                                              \
+      -c ${TEST_DIR}/suricata.yaml                                                      \
+      -r ../issue-4280-iprep/input.pcap -S ${TEST_DIR}/iprep.rules                      \
+      --data-dir="${OUTPUT_DIR}"                                                        \
+      --set default-reputation-path=${TEST_DIR}                                         \
+      --set reputation-categories-file=${TEST_DIR}/categories.txt                       \
+      --set reputation-files=${TEST_DIR}/iprep.list
+
+checks:
+  - filter:
+      count: 5
+      match:
+        alert.signature_id: 1
+  - filter:
+      count: 5
+      match:
+        alert.signature_id: 2
+  - filter:
+      count: 5
+      match:
+        alert.signature_id: 3

diff --git a/tests/iprep-06-bug-6834-dst/categories.txt b/tests/iprep-06-bug-6834-dst/categories.txt
new file mode 100644 (file)
index 0000000..a85fb88
--- /dev/null
+++ b/tests/iprep-06-bug-6834-dst/categories.txt
@@ -0,0 +1 @@
+1,test,Testing

diff --git a/tests/iprep-06-bug-6834-dst/iprep.list b/tests/iprep-06-bug-6834-dst/iprep.list
new file mode 100644 (file)
index 0000000..b9a8f1d
--- /dev/null
+++ b/tests/iprep-06-bug-6834-dst/iprep.list
@@ -0,0 +1 @@
+4.4.4.4,1,0

diff --git a/tests/iprep-06-bug-6834-dst/iprep.rules b/tests/iprep-06-bug-6834-dst/iprep.rules
new file mode 100644 (file)
index 0000000..727d2c8
--- /dev/null
+++ b/tests/iprep-06-bug-6834-dst/iprep.rules
@@ -0,0 +1,3 @@
+alert ip any any -> any any (itype:8; iprep:dst,test,=,0; sid:1;)
+alert ip any any -> any any (itype:8; iprep:dst,test,<,10; sid:2;)
+alert ip any any -> any any (itype:8; iprep:dst,test,!=,1; sid:3;)

diff --git a/tests/iprep-06-bug-6834-dst/suricata.yaml b/tests/iprep-06-bug-6834-dst/suricata.yaml
new file mode 100644 (file)
index 0000000..5f49bdb
--- /dev/null
+++ b/tests/iprep-06-bug-6834-dst/suricata.yaml
@@ -0,0 +1,12 @@
+%YAML 1.1
+---
+
+reputation-files:
+  - iprep.list
+
+outputs:
+  - eve-log:
+      enabled: yes
+      filetype: regular
+      types:
+        - alert

diff --git a/tests/iprep-06-bug-6834-dst/test.yaml b/tests/iprep-06-bug-6834-dst/test.yaml
new file mode 100644 (file)
index 0000000..ff29055
--- /dev/null
+++ b/tests/iprep-06-bug-6834-dst/test.yaml
@@ -0,0 +1,28 @@
+requires:
+  min-version: 8
+
+command: |
+  ${SRCDIR}/src/suricata  -l ${OUTPUT_DIR}                                              \
+      -c ${TEST_DIR}/suricata.yaml                                                      \
+      -r ../issue-4280-iprep/input.pcap -S ${TEST_DIR}/iprep.rules                      \
+      --data-dir="${OUTPUT_DIR}"                                                        \
+      --set default-reputation-path=${TEST_DIR}                                         \
+      --set reputation-categories-file=${TEST_DIR}/categories.txt                       \
+      --set reputation-files=${TEST_DIR}/iprep.list
+
+checks:
+  - filter:
+      count: 5
+      match:
+        alert.signature_id: 1
+        dest_ip: "4.4.4.4"
+  - filter:
+      count: 5
+      match:
+        alert.signature_id: 2
+        dest_ip: "4.4.4.4"
+  - filter:
+      count: 5
+      match:
+        alert.signature_id: 3
+        dest_ip: "4.4.4.4"

diff --git a/tests/iprep-07-bug-6834-src-cidr/categories.txt b/tests/iprep-07-bug-6834-src-cidr/categories.txt
new file mode 100644 (file)
index 0000000..a85fb88
--- /dev/null
+++ b/tests/iprep-07-bug-6834-src-cidr/categories.txt
@@ -0,0 +1 @@
+1,test,Testing

diff --git a/tests/iprep-07-bug-6834-src-cidr/iprep.list b/tests/iprep-07-bug-6834-src-cidr/iprep.list
new file mode 100644 (file)
index 0000000..3877c49
--- /dev/null
+++ b/tests/iprep-07-bug-6834-src-cidr/iprep.list
@@ -0,0 +1 @@
+192.168.0.13/24,1,0

diff --git a/tests/iprep-07-bug-6834-src-cidr/iprep.rules b/tests/iprep-07-bug-6834-src-cidr/iprep.rules
new file mode 100644 (file)
index 0000000..a351165
--- /dev/null
+++ b/tests/iprep-07-bug-6834-src-cidr/iprep.rules
@@ -0,0 +1,3 @@
+alert ip any any -> any any (itype:8; iprep:src,test,=,0; sid:1;)
+alert ip any any -> any any (itype:8; iprep:src,test,<,10; sid:2;)
+alert ip any any -> any any (itype:8; iprep:src,test,!=,1; sid:3;)

diff --git a/tests/iprep-07-bug-6834-src-cidr/suricata.yaml b/tests/iprep-07-bug-6834-src-cidr/suricata.yaml
new file mode 100644 (file)
index 0000000..5f49bdb
--- /dev/null
+++ b/tests/iprep-07-bug-6834-src-cidr/suricata.yaml
@@ -0,0 +1,12 @@
+%YAML 1.1
+---
+
+reputation-files:
+  - iprep.list
+
+outputs:
+  - eve-log:
+      enabled: yes
+      filetype: regular
+      types:
+        - alert

diff --git a/tests/iprep-07-bug-6834-src-cidr/test.yaml b/tests/iprep-07-bug-6834-src-cidr/test.yaml
new file mode 100644 (file)
index 0000000..7aacf40
--- /dev/null
+++ b/tests/iprep-07-bug-6834-src-cidr/test.yaml
@@ -0,0 +1,25 @@
+requires:
+  min-version: 8
+
+command: |
+  ${SRCDIR}/src/suricata  -l ${OUTPUT_DIR}                                              \
+      -c ${TEST_DIR}/suricata.yaml                                                      \
+      -r ../issue-4280-iprep/input.pcap -S ${TEST_DIR}/iprep.rules                      \
+      --data-dir="${OUTPUT_DIR}"                                                        \
+      --set default-reputation-path=${TEST_DIR}                                         \
+      --set reputation-categories-file=${TEST_DIR}/categories.txt                       \
+      --set reputation-files=${TEST_DIR}/iprep.list
+
+checks:
+  - filter:
+      count: 10
+      match:
+        alert.signature_id: 1
+  - filter:
+      count: 10
+      match:
+        alert.signature_id: 2
+  - filter:
+      count: 10
+      match:
+        alert.signature_id: 3

diff --git a/tests/iprep-08-bug-6834-any-cidr/categories.txt b/tests/iprep-08-bug-6834-any-cidr/categories.txt
new file mode 100644 (file)
index 0000000..a85fb88
--- /dev/null
+++ b/tests/iprep-08-bug-6834-any-cidr/categories.txt
@@ -0,0 +1 @@
+1,test,Testing

diff --git a/tests/iprep-08-bug-6834-any-cidr/iprep.list b/tests/iprep-08-bug-6834-any-cidr/iprep.list
new file mode 100644 (file)
index 0000000..3877c49
--- /dev/null
+++ b/tests/iprep-08-bug-6834-any-cidr/iprep.list
@@ -0,0 +1 @@
+192.168.0.13/24,1,0

diff --git a/tests/iprep-08-bug-6834-any-cidr/iprep.rules b/tests/iprep-08-bug-6834-any-cidr/iprep.rules
new file mode 100644 (file)
index 0000000..384dbc9
--- /dev/null
+++ b/tests/iprep-08-bug-6834-any-cidr/iprep.rules
@@ -0,0 +1,3 @@
+alert ip any any -> any any (itype:8; iprep:any,test,=,0; sid:1;)
+alert ip any any -> any any (itype:8; iprep:any,test,<,10; sid:2;)
+alert ip any any -> any any (itype:8; iprep:any,test,!=,1; sid:3;)

diff --git a/tests/iprep-08-bug-6834-any-cidr/suricata.yaml b/tests/iprep-08-bug-6834-any-cidr/suricata.yaml
new file mode 100644 (file)
index 0000000..5f49bdb
--- /dev/null
+++ b/tests/iprep-08-bug-6834-any-cidr/suricata.yaml
@@ -0,0 +1,12 @@
+%YAML 1.1
+---
+
+reputation-files:
+  - iprep.list
+
+outputs:
+  - eve-log:
+      enabled: yes
+      filetype: regular
+      types:
+        - alert

diff --git a/tests/iprep-08-bug-6834-any-cidr/test.yaml b/tests/iprep-08-bug-6834-any-cidr/test.yaml
new file mode 100644 (file)
index 0000000..7aacf40
--- /dev/null
+++ b/tests/iprep-08-bug-6834-any-cidr/test.yaml
@@ -0,0 +1,25 @@
+requires:
+  min-version: 8
+
+command: |
+  ${SRCDIR}/src/suricata  -l ${OUTPUT_DIR}                                              \
+      -c ${TEST_DIR}/suricata.yaml                                                      \
+      -r ../issue-4280-iprep/input.pcap -S ${TEST_DIR}/iprep.rules                      \
+      --data-dir="${OUTPUT_DIR}"                                                        \
+      --set default-reputation-path=${TEST_DIR}                                         \
+      --set reputation-categories-file=${TEST_DIR}/categories.txt                       \
+      --set reputation-files=${TEST_DIR}/iprep.list
+
+checks:
+  - filter:
+      count: 10
+      match:
+        alert.signature_id: 1
+  - filter:
+      count: 10
+      match:
+        alert.signature_id: 2
+  - filter:
+      count: 10
+      match:
+        alert.signature_id: 3

diff --git a/tests/iprep-09-bug-6834-both-cidr/categories.txt b/tests/iprep-09-bug-6834-both-cidr/categories.txt
new file mode 100644 (file)
index 0000000..a85fb88
--- /dev/null
+++ b/tests/iprep-09-bug-6834-both-cidr/categories.txt
@@ -0,0 +1 @@
+1,test,Testing

diff --git a/tests/iprep-09-bug-6834-both-cidr/iprep.list b/tests/iprep-09-bug-6834-both-cidr/iprep.list
new file mode 100644 (file)
index 0000000..488cdcd
--- /dev/null
+++ b/tests/iprep-09-bug-6834-both-cidr/iprep.list
@@ -0,0 +1,2 @@
+192.168.0.13/24,1,0
+8.8.8.8/8,1,0

diff --git a/tests/iprep-09-bug-6834-both-cidr/iprep.rules b/tests/iprep-09-bug-6834-both-cidr/iprep.rules
new file mode 100644 (file)
index 0000000..b8a829e
--- /dev/null
+++ b/tests/iprep-09-bug-6834-both-cidr/iprep.rules
@@ -0,0 +1,3 @@
+alert ip any any -> any any (itype:8; iprep:both,test,=,0; sid:1;)
+alert ip any any -> any any (itype:8; iprep:both,test,<,10; sid:2;)
+alert ip any any -> any any (itype:8; iprep:both,test,!=,1; sid:3;)

diff --git a/tests/iprep-09-bug-6834-both-cidr/suricata.yaml b/tests/iprep-09-bug-6834-both-cidr/suricata.yaml
new file mode 100644 (file)
index 0000000..5f49bdb
--- /dev/null
+++ b/tests/iprep-09-bug-6834-both-cidr/suricata.yaml
@@ -0,0 +1,12 @@
+%YAML 1.1
+---
+
+reputation-files:
+  - iprep.list
+
+outputs:
+  - eve-log:
+      enabled: yes
+      filetype: regular
+      types:
+        - alert

diff --git a/tests/iprep-09-bug-6834-both-cidr/test.yaml b/tests/iprep-09-bug-6834-both-cidr/test.yaml
new file mode 100644 (file)
index 0000000..06b4785
--- /dev/null
+++ b/tests/iprep-09-bug-6834-both-cidr/test.yaml
@@ -0,0 +1,25 @@
+requires:
+  min-version: 8
+
+command: |
+  ${SRCDIR}/src/suricata  -l ${OUTPUT_DIR}                                              \
+      -c ${TEST_DIR}/suricata.yaml                                                      \
+      -r ../issue-4280-iprep/input.pcap -S ${TEST_DIR}/iprep.rules                      \
+      --data-dir="${OUTPUT_DIR}"                                                        \
+      --set default-reputation-path=${TEST_DIR}                                         \
+      --set reputation-categories-file=${TEST_DIR}/categories.txt                       \
+      --set reputation-files=${TEST_DIR}/iprep.list
+
+checks:
+  - filter:
+      count: 5
+      match:
+        alert.signature_id: 1
+  - filter:
+      count: 5
+      match:
+        alert.signature_id: 2
+  - filter:
+      count: 5
+      match:
+        alert.signature_id: 3

diff --git a/tests/iprep-10-bug-6834-dst-cidr/categories.txt b/tests/iprep-10-bug-6834-dst-cidr/categories.txt
new file mode 100644 (file)
index 0000000..a85fb88
--- /dev/null
+++ b/tests/iprep-10-bug-6834-dst-cidr/categories.txt
@@ -0,0 +1 @@
+1,test,Testing

diff --git a/tests/iprep-10-bug-6834-dst-cidr/iprep.list b/tests/iprep-10-bug-6834-dst-cidr/iprep.list
new file mode 100644 (file)
index 0000000..24fdfad
--- /dev/null
+++ b/tests/iprep-10-bug-6834-dst-cidr/iprep.list
@@ -0,0 +1 @@
+4.4.4.4/16,1,0

diff --git a/tests/iprep-10-bug-6834-dst-cidr/iprep.rules b/tests/iprep-10-bug-6834-dst-cidr/iprep.rules
new file mode 100644 (file)
index 0000000..727d2c8
--- /dev/null
+++ b/tests/iprep-10-bug-6834-dst-cidr/iprep.rules
@@ -0,0 +1,3 @@
+alert ip any any -> any any (itype:8; iprep:dst,test,=,0; sid:1;)
+alert ip any any -> any any (itype:8; iprep:dst,test,<,10; sid:2;)
+alert ip any any -> any any (itype:8; iprep:dst,test,!=,1; sid:3;)

diff --git a/tests/iprep-10-bug-6834-dst-cidr/suricata.yaml b/tests/iprep-10-bug-6834-dst-cidr/suricata.yaml
new file mode 100644 (file)
index 0000000..5f49bdb
--- /dev/null
+++ b/tests/iprep-10-bug-6834-dst-cidr/suricata.yaml
@@ -0,0 +1,12 @@
+%YAML 1.1
+---
+
+reputation-files:
+  - iprep.list
+
+outputs:
+  - eve-log:
+      enabled: yes
+      filetype: regular
+      types:
+        - alert

diff --git a/tests/iprep-10-bug-6834-dst-cidr/test.yaml b/tests/iprep-10-bug-6834-dst-cidr/test.yaml
new file mode 100644 (file)
index 0000000..ff29055
--- /dev/null
+++ b/tests/iprep-10-bug-6834-dst-cidr/test.yaml
@@ -0,0 +1,28 @@
+requires:
+  min-version: 8
+
+command: |
+  ${SRCDIR}/src/suricata  -l ${OUTPUT_DIR}                                              \
+      -c ${TEST_DIR}/suricata.yaml                                                      \
+      -r ../issue-4280-iprep/input.pcap -S ${TEST_DIR}/iprep.rules                      \
+      --data-dir="${OUTPUT_DIR}"                                                        \
+      --set default-reputation-path=${TEST_DIR}                                         \
+      --set reputation-categories-file=${TEST_DIR}/categories.txt                       \
+      --set reputation-files=${TEST_DIR}/iprep.list
+
+checks:
+  - filter:
+      count: 5
+      match:
+        alert.signature_id: 1
+        dest_ip: "4.4.4.4"
+  - filter:
+      count: 5
+      match:
+        alert.signature_id: 2
+        dest_ip: "4.4.4.4"
+  - filter:
+      count: 5
+      match:
+        alert.signature_id: 3
+        dest_ip: "4.4.4.4"