]> git.ipfire.org Git - thirdparty/suricata-verify.git/commitdiff
projects / thirdparty / suricata-verify.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: eb6ecfd)
test: issue 5868
authorJason Ish <jason.ish@oisf.net>
Thu, 1 Jun 2023 21:18:42 +0000 (15:18 -0600)
committerVictor Julien <victor@inliniac.net>
Sat, 15 Jul 2023 13:29:39 +0000 (15:29 +0200)
tests/filestore-issue-5868/README.md [new file with mode: 0644] patch | blob
tests/filestore-issue-5868/bidi-logo.pcap [new file with mode: 0644] patch | blob
tests/filestore-issue-5868/suricata.yaml [new file with mode: 0644] patch | blob
tests/filestore-issue-5868/test.rules [new file with mode: 0644] patch | blob
tests/filestore-issue-5868/test.yaml [new file with mode: 0644] patch | blob

diff --git a/tests/filestore-issue-5868/README.md b/tests/filestore-issue-5868/README.md
new file mode 100644 (file)
index 0000000..2cb705e
--- /dev/null
+++ b/tests/filestore-issue-5868/README.md
@@ -0,0 +1,7 @@
+Test for issue 5868.
+
+## PCAP
+
+PCAP created by hosting
+/usr/share/texlive/texmf-dist/tex/xelatex/bidi/bidi-logo.pdf from a
+Fedora 38 system on an http URL.
diff --git a/tests/filestore-issue-5868/bidi-logo.pcap b/tests/filestore-issue-5868/bidi-logo.pcap
new file mode 100644 (file)
index 0000000..467c2c8
Binary files /dev/null and b/tests/filestore-issue-5868/bidi-logo.pcap differ
diff --git a/tests/filestore-issue-5868/suricata.yaml b/tests/filestore-issue-5868/suricata.yaml
new file mode 100644 (file)
index 0000000..4450d33
--- /dev/null
+++ b/tests/filestore-issue-5868/suricata.yaml
@@ -0,0 +1,23 @@
+%YAML 1.1
+---
+
+outputs:
+  - eve-log:
+      enabled: yes
+      types:
+        - alert:
+        - http:
+        - flow:
+        - files:
+  - file-store:
+      version: 2
+      enabled: yes
+
+app-layer:
+  protocols:
+    http:
+      enabled: yes
+      libhtp:
+         default-config:
+           request-body-limit: 100kb
+           response-body-limit: 100kb
diff --git a/tests/filestore-issue-5868/test.rules b/tests/filestore-issue-5868/test.rules
new file mode 100644 (file)
index 0000000..783ced3
--- /dev/null
+++ b/tests/filestore-issue-5868/test.rules
@@ -0,0 +1 @@
+alert http any any -> any any (msg:"PDF LOGO"; flow:established,to_client; file_data; content:"PDF"; filestore; classtype:policy-violation; sid:9000000; rev:1;)
diff --git a/tests/filestore-issue-5868/test.yaml b/tests/filestore-issue-5868/test.yaml
new file mode 100644 (file)
index 0000000..7a7b7e4
--- /dev/null
+++ b/tests/filestore-issue-5868/test.yaml
@@ -0,0 +1,11 @@
+requires:
+  min-version: 7
+
+args:
+  - -k none
+
+checks:
+  - shell:
+      args: test -e filestore/c5/c59b846043b2cf6b6ac73bf67f9c5660f354a12311ce405927a8916bffc70c4f
+  - shell:
+      args: test -s filestore/c5/c59b846043b2cf6b6ac73bf67f9c5660f354a12311ce405927a8916bffc70c4f
Mirror of https://github.com/OISF/suricata-verify.git