tests: add stream_size parsing test

author Victor Julien <victor@inliniac.net>

Mon, 27 Mar 2023 10:21:09 +0000 (12:21 +0200)

committer Victor Julien <victor@inliniac.net>

Mon, 17 Apr 2023 07:52:25 +0000 (09:52 +0200)
author Victor Julien <victor@inliniac.net>
Mon, 27 Mar 2023 10:21:09 +0000 (12:21 +0200)
committer Victor Julien <victor@inliniac.net>
Mon, 17 Apr 2023 07:52:25 +0000 (09:52 +0200)
diff --git a/tests/rules/stream_size/test.rules b/tests/rules/stream_size/test.rules

new file mode 100644 (file)

index 0000000..21e2a14
--- /dev/null
+++ b/tests/rules/stream_size/test.rules
@@ -0,0 +1 @@
+alert tcp 1.2.3.4 5678 -> 8.7.6.5 4321 (flow:established,to_server; stream_size:server,<,1111; content: "EICAR"; sid:1;)
diff --git a/tests/rules/stream_size/test.yaml b/tests/rules/stream_size/test.yaml

new file mode 100644 (file)

index 0000000..d4a1fc6
--- /dev/null
+++ b/tests/rules/stream_size/test.yaml
@@ -0,0 +1,19 @@
+requires:
+    min-version: 7.0.0
+    pcap: false
+
+args:
+    - --engine-analysis
+
+checks:
+- filter:
+    filename: rules.json
+    count: 1
+    match:
+      id: 1
+      mpm.buffer: "payload"
+      mpm.pattern: "EICAR"
+      flags[0]: "need_packet"
+      flags[1]: "need_stream"
+      pkt_engines[0].name: "payload"
+      pkt_engines[1].name: "packet"
author	Victor Julien <victor@inliniac.net>
	Mon, 27 Mar 2023 10:21:09 +0000 (12:21 +0200)
committer	Victor Julien <victor@inliniac.net>
	Mon, 17 Apr 2023 07:52:25 +0000 (09:52 +0200)
tests/rules/stream_size/test.rules	[new file with mode: 0644]	patch \| blob
tests/rules/stream_size/test.yaml	[new file with mode: 0644]	patch \| blob