]> git.ipfire.org Git - thirdparty/suricata-verify.git/commitdiff
projects / thirdparty / suricata-verify.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 4de0ff8)
test/from_base64: from_base64 transform test
authorJeff Lucovsky <jeff@lucovsky.org>
Wed, 13 Apr 2022 13:06:26 +0000 (09:06 -0400)
committerJason Ish <jason.ish@oisf.net>
Fri, 29 Apr 2022 17:52:34 +0000 (11:52 -0600)
Issue: 5220
This commit adds a simple test case for the from_base64 transform.

tests/detect-from_base64-01/README.md [new file with mode: 0644] patch | blob
tests/detect-from_base64-01/input.pcap [new file with mode: 0644] patch | blob
tests/detect-from_base64-01/test.rules [new file with mode: 0644] patch | blob
tests/detect-from_base64-01/test.yaml [new file with mode: 0644] patch | blob

diff --git a/tests/detect-from_base64-01/README.md b/tests/detect-from_base64-01/README.md
new file mode 100644 (file)
index 0000000..ebf338a
--- /dev/null
+++ b/tests/detect-from_base64-01/README.md
@@ -0,0 +1 @@
+Test from_base64 transform
diff --git a/tests/detect-from_base64-01/input.pcap b/tests/detect-from_base64-01/input.pcap
new file mode 100644 (file)
index 0000000..96af08e
Binary files /dev/null and b/tests/detect-from_base64-01/input.pcap differ
diff --git a/tests/detect-from_base64-01/test.rules b/tests/detect-from_base64-01/test.rules
new file mode 100644 (file)
index 0000000..dbcbe18
--- /dev/null
+++ b/tests/detect-from_base64-01/test.rules
@@ -0,0 +1 @@
+alert http any any -> any any (msg:"from_base64 transform"; flow:established,from_server; http.response_body; from_base64; content: "This is Suricata"; sid: 1;)
diff --git a/tests/detect-from_base64-01/test.yaml b/tests/detect-from_base64-01/test.yaml
new file mode 100644 (file)
index 0000000..57c5e08
--- /dev/null
+++ b/tests/detect-from_base64-01/test.yaml
@@ -0,0 +1,13 @@
+args:
+  - -k none
+
+requires:
+  files:
+    - src/detect-transform-base64.c
+
+checks:
+  - filter:
+      count: 1
+      match:
+        event_type: alert
+        alert.signature_id: 1
Mirror of https://github.com/OISF/suricata-verify.git