]> git.ipfire.org Git - thirdparty/suricata-verify.git/commitdiff
projects / thirdparty / suricata-verify.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 499527c)
filemd5: test md5 rule triggers without filestore keyword
authorJason Ish <ish@unx.ca>
Thu, 26 Sep 2019 14:55:37 +0000 (08:55 -0600)
committerJason Ish <jason.ish@oisf.net>
Fri, 20 Mar 2020 22:11:45 +0000 (16:11 -0600)
Redmine issue:
https://redmine.openinfosecfoundation.org/issues/2490

tests/filemd5/suricata.yaml [new file with mode: 0644] patch | blob
tests/filemd5/target.md5 [new file with mode: 0644] patch | blob
tests/filemd5/target.pcap [new file with mode: 0644] patch | blob
tests/filemd5/test.rules [new file with mode: 0644] patch | blob
tests/filemd5/test.yaml [new file with mode: 0644] patch | blob

diff --git a/tests/filemd5/suricata.yaml b/tests/filemd5/suricata.yaml
new file mode 100644 (file)
index 0000000..e9ee013
--- /dev/null
+++ b/tests/filemd5/suricata.yaml
@@ -0,0 +1,10 @@
+%YAML 1.1
+---
+
+outputs:
+  - eve-log:
+      enabled: yes
+      filetype: regular
+      filename: eve.json
+      types:
+        - alert
diff --git a/tests/filemd5/target.md5 b/tests/filemd5/target.md5
new file mode 100644 (file)
index 0000000..e807c9e
--- /dev/null
+++ b/tests/filemd5/target.md5
@@ -0,0 +1 @@
+e19c1283c925b3206685ff522acfe3e6
diff --git a/tests/filemd5/target.pcap b/tests/filemd5/target.pcap
new file mode 100644 (file)
index 0000000..c7afde9
Binary files /dev/null and b/tests/filemd5/target.pcap differ
diff --git a/tests/filemd5/test.rules b/tests/filemd5/test.rules
new file mode 100644 (file)
index 0000000..c3a09ff
--- /dev/null
+++ b/tests/filemd5/test.rules
@@ -0,0 +1,4 @@
+# filemd5 rule without filestore keyword.
+alert http any any -> any any (msg:"test"; filemd5: target.md5; classtype: bad-unknown; sid:1530024;)
+
+#alert http any any -> any any (msg:"test"; filemd5: target.md5; filestore; classtype: bad-unknown; sid:1530024;)
diff --git a/tests/filemd5/test.yaml b/tests/filemd5/test.yaml
new file mode 100644 (file)
index 0000000..3c17b1b
--- /dev/null
+++ b/tests/filemd5/test.yaml
@@ -0,0 +1,9 @@
+requires:
+  features:
+    - HAVE_NSS
+
+checks:
+  - filter:
+      count: 1
+      match:
+        event_type: alert
Mirror of https://github.com/OISF/suricata-verify.git