]> git.ipfire.org Git - thirdparty/suricata-verify.git/commitdiff
projects / thirdparty / suricata-verify.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 53c425b)
http-request-line: add unittests
authorModupe Falodun <falodunmodupeola@gmail.com>
Tue, 25 Jan 2022 21:48:05 +0000 (22:48 +0100)
committerVictor Julien <victor@inliniac.net>
Sat, 29 Jan 2022 16:10:29 +0000 (17:10 +0100)
Task: 4911

tests/http-request-line/README.md [new file with mode: 0644] patch | blob
tests/http-request-line/input.pcap [new file with mode: 0644] patch | blob
tests/http-request-line/test.rules [new file with mode: 0644] patch | blob
tests/http-request-line/test.yaml [new file with mode: 0644] patch | blob
tests/http-request-line/writepcap.py [new file with mode: 0644] patch | blob

diff --git a/tests/http-request-line/README.md b/tests/http-request-line/README.md
new file mode 100644 (file)
index 0000000..bcb7392
--- /dev/null
+++ b/tests/http-request-line/README.md
@@ -0,0 +1 @@
+Test the http_request_line keyword
diff --git a/tests/http-request-line/input.pcap b/tests/http-request-line/input.pcap
new file mode 100644 (file)
index 0000000..a35f98b
Binary files /dev/null and b/tests/http-request-line/input.pcap differ
diff --git a/tests/http-request-line/test.rules b/tests/http-request-line/test.rules
new file mode 100644 (file)
index 0000000..12c4f87
--- /dev/null
+++ b/tests/http-request-line/test.rules
@@ -0,0 +1,5 @@
+alert http any any -> any any (http_request_line; bsize:>10; sid:1;)
+alert http any any -> any any (http_request_line; bsize:<100; sid:2;)
+alert http any any -> any any (http_request_line; bsize:10<>100; sid:3;)
+alert http any any -> any any (http_request_line; bsize:>100; sid:4;)
+alert http any any -> any any (http_request_line; content:"GET /index.html HTTP/1.0"; sid:5;)
diff --git a/tests/http-request-line/test.yaml b/tests/http-request-line/test.yaml
new file mode 100644 (file)
index 0000000..6fb7055
--- /dev/null
+++ b/tests/http-request-line/test.yaml
@@ -0,0 +1,37 @@
+args:
+- --set stream.midstream=true
+
+checks:
+- filter:
+    count: 1
+    match:
+      event_type: alert
+      alert.signature_id: 1
+- filter:
+    count: 1
+    match:
+      event_type: alert
+      alert.signature_id: 2
+- filter:
+    count: 1
+    match:
+      event_type: alert
+      alert.signature_id: 3
+- filter:
+    count: 0
+    match:
+      event_type: alert
+      alert.signature_id: 4
+- filter:
+    count: 1
+    match:
+      event_type: alert
+      alert.signature_id: 5
+- filter:
+    count: 1
+    match:
+      event_type: flow
+- filter:
+    count: 1
+    match:
+      event_type: stats
diff --git a/tests/http-request-line/writepcap.py b/tests/http-request-line/writepcap.py
new file mode 100644 (file)
index 0000000..a3e0b27
--- /dev/null
+++ b/tests/http-request-line/writepcap.py
@@ -0,0 +1,10 @@
+#!/usr/bin/env python
+from scapy.all import *
+
+pkts = []
+
+pkts += Ether(dst='ff:ff:ff:ff:ff:ff', src='00:01:02:03:04:05')/ \
+    Dot1Q(vlan=6)/ \
+    IP(dst='1.2.3.4', src='5.6.7.8')/TCP(sport=6666, dport=63, flags='P''A')/"GET /index.html HTTP/1.0\r\nHost: www.openinfosecfoundation.org\r\nUser-Agent: This is dummy message body\r\nContent-Type: text/html\r\n"
+
+wrpcap('input.pcap', pkts)
Mirror of https://github.com/OISF/suricata-verify.git