]> git.ipfire.org Git - thirdparty/suricata-verify.git/commitdiff
projects / thirdparty / suricata-verify.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 52f1889)
Adds a test about filestore
authorPhilippe Antoine <pantoine@oisf.net>
Tue, 10 Oct 2023 10:04:48 +0000 (12:04 +0200)
committerVictor Julien <victor@inliniac.net>
Sat, 22 Jun 2024 13:54:27 +0000 (15:54 +0200)
That it does not store too many files

tests/filestore-dont/README.md [new file with mode: 0644] patch | blob
tests/filestore-dont/input.pcap [new file with mode: 0644] patch | blob
tests/filestore-dont/suricata.yaml [new file with mode: 0644] patch | blob
tests/filestore-dont/test.rules [new file with mode: 0644] patch | blob
tests/filestore-dont/test.yaml [new file with mode: 0644] patch | blob

diff --git a/tests/filestore-dont/README.md b/tests/filestore-dont/README.md
new file mode 100644 (file)
index 0000000..b1dd648
--- /dev/null
+++ b/tests/filestore-dont/README.md
@@ -0,0 +1,11 @@
+# Description
+
+Test filestore does not store too much
+
+# Ticket
+
+https://redmine.openinfosecfoundation.org/issues/6390
+
+# PCAP
+
+The pcap was manually crafted to have HTTP/1 pipelining POST request  with multipart files when the first response is not over
diff --git a/tests/filestore-dont/input.pcap b/tests/filestore-dont/input.pcap
new file mode 100644 (file)
index 0000000..5e67b07
Binary files /dev/null and b/tests/filestore-dont/input.pcap differ
diff --git a/tests/filestore-dont/suricata.yaml b/tests/filestore-dont/suricata.yaml
new file mode 100644 (file)
index 0000000..f168a41
--- /dev/null
+++ b/tests/filestore-dont/suricata.yaml
@@ -0,0 +1,15 @@
+%YAML 1.1
+---
+
+outputs:
+  - eve-log:
+      enabled: yes
+      types:
+        - files
+        - alert
+        - http
+  - file-store:
+      version: 2
+      enabled: yes
+      force-filestore: no
+      stream-depth: 0
diff --git a/tests/filestore-dont/test.rules b/tests/filestore-dont/test.rules
new file mode 100644 (file)
index 0000000..cce7909
--- /dev/null
+++ b/tests/filestore-dont/test.rules
@@ -0,0 +1 @@
+alert http any any -> any any (msg:"FILE HTTP filtore"; http.uri; content: "pipeline"; filestore:both,flow; sid:2; rev:1;)
diff --git a/tests/filestore-dont/test.yaml b/tests/filestore-dont/test.yaml
new file mode 100644 (file)
index 0000000..6530ede
--- /dev/null
+++ b/tests/filestore-dont/test.yaml
@@ -0,0 +1,13 @@
+requires:
+  min-version: 8
+
+args:
+- -k none
+
+checks:
+- filter:
+    count: 1
+    match:
+      event_type: fileinfo
+      fileinfo.sha256: eb076a2ec6ced9ee2e823e098446513cf5b2bb60fbcb04e6c85dc23dedaa414a
+      fileinfo.stored: false
Mirror of https://github.com/OISF/suricata-verify.git