test/transform: Tests for case changing transforms

Issue: 6439

Tests for case-changing transforms:
- to_lowercase
- to_uppercase

diff --git a/tests/detect-to_lowercase-01/input.rules b/tests/detect-to_lowercase-01/input.rules
new file mode 100644 (file)
index 0000000..9c5ef93
--- /dev/null
+++ b/tests/detect-to_lowercase-01/input.rules
@@ -0,0 +1 @@
+alert http any any -> any any (msg:"lower-case 1"; flow:established; file_data; to_lowercase; content:"at patpoopy, we have"; sid:1;)

diff --git a/tests/detect-to_lowercase-01/test.yaml b/tests/detect-to_lowercase-01/test.yaml
new file mode 100644 (file)
index 0000000..fbaae82
--- /dev/null
+++ b/tests/detect-to_lowercase-01/test.yaml
@@ -0,0 +1,14 @@
+pcap: ../bug-3616-ips/input.pcap
+
+requires:
+    min-version: 7.0.3
+    pcap: false
+
+exit-code: 0
+
+checks:
+  - filter:
+      count: 1
+      match:
+        event_type: alert
+        alert.signature_id: 1

diff --git a/tests/detect-to_lowercase-02/input.rules b/tests/detect-to_lowercase-02/input.rules
new file mode 100644 (file)
index 0000000..36b8de3
--- /dev/null
+++ b/tests/detect-to_lowercase-02/input.rules
@@ -0,0 +1 @@
+alert http any any -> any any (msg:"lower-case - fail"; flow:established; file_data; to_lowercase; content:"AT PATPOOPY, WE HAVE"; sid:1;)

diff --git a/tests/detect-to_lowercase-02/test.yaml b/tests/detect-to_lowercase-02/test.yaml
new file mode 100644 (file)
index 0000000..57806a6
--- /dev/null
+++ b/tests/detect-to_lowercase-02/test.yaml
@@ -0,0 +1,12 @@
+pcap: ../bug-3616-ips/input.pcap
+
+requires:
+    min-version: 7.0.3
+    pcap: false
+
+exit-code: 1
+
+checks:
+  - shell:
+      args: grep -c 'error parsing signature' suricata.log
+      expect: 1

diff --git a/tests/detect-to_uppercase-01/input.rules b/tests/detect-to_uppercase-01/input.rules
new file mode 100644 (file)
index 0000000..3b0900a
--- /dev/null
+++ b/tests/detect-to_uppercase-01/input.rules
@@ -0,0 +1 @@
+alert http any any -> any any (msg:"lower-case 1"; flow:established; file_data; to_uppercase; content:"AT PATPOOPY, WE HAVE"; sid:1;)

diff --git a/tests/detect-to_uppercase-01/test.yaml b/tests/detect-to_uppercase-01/test.yaml
new file mode 100644 (file)
index 0000000..fbaae82
--- /dev/null
+++ b/tests/detect-to_uppercase-01/test.yaml
@@ -0,0 +1,14 @@
+pcap: ../bug-3616-ips/input.pcap
+
+requires:
+    min-version: 7.0.3
+    pcap: false
+
+exit-code: 0
+
+checks:
+  - filter:
+      count: 1
+      match:
+        event_type: alert
+        alert.signature_id: 1

diff --git a/tests/detect-to_uppercase-02/input.rules b/tests/detect-to_uppercase-02/input.rules
new file mode 100644 (file)
index 0000000..81ff941
--- /dev/null
+++ b/tests/detect-to_uppercase-02/input.rules
@@ -0,0 +1 @@
+alert http any any -> any any (msg:"lower-case 1"; flow:established; file_data; to_uppercase; content:"at patpoopy, we have"; sid:1;)

diff --git a/tests/detect-to_uppercase-02/test.yaml b/tests/detect-to_uppercase-02/test.yaml
new file mode 100644 (file)
index 0000000..57806a6
--- /dev/null
+++ b/tests/detect-to_uppercase-02/test.yaml
@@ -0,0 +1,12 @@
+pcap: ../bug-3616-ips/input.pcap
+
+requires:
+    min-version: 7.0.3
+    pcap: false
+
+exit-code: 1
+
+checks:
+  - shell:
+      args: grep -c 'error parsing signature' suricata.log
+      expect: 1